rkhunter Linux security checker

by
Share this Article: Facebook0Google+0Twitter0LinkedIn0Reddit0StumbleUpon0

Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

– MD5 hash compare
– Look for default files used by rootkits
– Wrong file permissions for binaries
– Look for suspected strings in LKM and KLD modules
– Look for hidden files
– Optional scan within plaintext and binary files

The futures of the last version 1.3.4

  • Added IntoXonia-NG rootkit check.

  • Added Phalanx2 rootkit check.

  • Added support for TCB shadow files.

  • The ‘–propupd’ option can now take an optional file, directory or package name after it.

  • Revised file properties inode check.

  • Tests against the SSH configuration file now accept the key/value pair.

  • Improved the O/S name detection.

  • The Linux ‘os_specific’ test has now been split into two separate tests.

  • Improved ALLOWPROCDELFILE configuration option.

  • Improved hidden files and directories check.

  • The DBDIR directory can now be read-only, after installation.

  • Improved debug file option.

  • The system startup file and directory tests have now been merged.

Download , extract


Install using the command ( see also screenshot bellow)

[root@test1 rkhunter-1.3.4]# ./installer.sh  --layout oldschool --install


Start the scan

[root@test1 rkhunter-1.3.4]# rkhunter   -c

All results have been written to the logfile (/var/log/rkhunter.log)

One or more warnings have been found while checking the system.

Please check the log file (/var/log/rkhunter.log)


Finally your  can add rkhunter to your cronjobs  that  can  send daily   rapport to your email

#vi /etc/cron-daily.rkhunter.sh

add

#!/bin/bash 
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "todayRkhunter Scan Report"Your_email@example.com)

Then

chmod +x /etc/cron.daily/rkhunter.sh

 

For any question please report its in the Forum


Links:

  • http://www.webhostgear.com

  • http://rkhunter.sourceforge.net

For questions please refer to our Q/A forum at : http://ask.unixmen.com/

Share this Article: Facebook0Google+0Twitter0LinkedIn0Reddit0StumbleUpon0