Linux Commands and Scripts

How to Install Rootkit Hunter in Linux

In this article, we’ll explain how to install Rootkit Hunter in Linux (rkhunter).

Rootkit Hunter is an open-source Unix/Linux based security monitoring and analyzing tool. It is a shell script which carries out various checks on the local system to try and detect known rootkits and malware. It also performs checks to see if commands have been modified, if the system startup files have been modified, and various checks on the network interfaces, including checks for listening applications.

This guide will help you with the installation and configuration process.

Install Rootkit Hunter in Linux

Let’s get started.

1. Download Rkhunter

Use following command to download Rkhunter from sourceforge.net.

# cd /tmp

# wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.6/rkhunter-1.4.6.tar.gz

For latest version visit https://sourceforge.net/projects/rkhunter/files/rkhunter/

2. Extract and install Rkhunter

After we download Rkhunter, extract it and run the installation script like shown below:

# tar -xvf rkhunter-1.4.6.tar.gz
# cd rkhunter-1.4.6

# ./installer.sh --install

Above script will perform default installation of Rkhunter.

install Rkhunter on Linux

Note: If some form of file permission error is shown, then check that the 'installer.sh' script is executable.

The installer also has a help option:

# ./installer.sh --help

The default installation process will install a configuration file, called 'rkhunter.conf', into the '/etc' directory or where you chose using the '--layout' switch. You can either edit the main configuration file itself, or create a 'local' configuration file for your own settings. This file, which must be called 'rkhunter.conf.local', must reside in the same directory as the main configuration file.

Alternatively, or in addition if wished, you can create a directory, named 'rkhunter.d', in the same directory as the main configuration file. Within 'rkhunter.d' you can then create further configuration files. The only restriction is that the file names end in '.conf'.

You should edit the configuration file(s) according to your own system requirements.

3. Update Rkhunter

# rkhunter --update

Before running RKH we will need to fill the file properties database by running the following command:

# rkhunter --propupd

4. Run Rkhunter

To scan the entire file system, run following command as a root user:

# rkhunter -c

The above command generates a log file under /var/log/rkhunter.log with the check results made by Rkhunter.

# cat /var/log/rkhunter.log

Check only warnings using following command:

# grep Warning /var/log/rkhunter.log

Check man page.

# man rkhunter

That’s we have covered basic installation and configuration of Rkhunter.

In this article, we’ve seen how to install Rootkit Hunter in Linux (rkhunter).

Check out our high performance dedicated servers and KVM VPS.

Related Articles