Sep 25th, 2009
Rkhunter Installation
Rkhunter Installation
Download from
http://kent.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.4/rkhunter-1.3.4.tar.gz
Rootkit Hunter (RKH) is an easy-to-use tool which checks computers running UNIX (clones) for the presence of rootkits and other unwanted tools.
What are rootkits? Most times they are self-hiding toolkits used by blackhats, crackers and scriptkiddies, to avoid the eye of the sysadmin.
Unpacking the tar file should produce a single directory called ‘rkhunter-’. Where ” is the version number of rkhunter being installed. For example, the rkhunter-1.3.0.tar.gz tar file will produce the ‘rkhunter-1.3.0′ directory when unpacked. Within this directory is the installation script called ‘installer.sh’.
To perform a default installation of RKH simply unpack the tarball and, as root, run the installation script:
cd rkhunter-
./installer.sh –layout default –install
RKH installation supports custom layouts. To show some examples run:
As an another example, to install all files beneath /opt, run:
The default installation process will install a configuration file, called ‘rkhunter.conf’, into the ‘/etc’ directory.
To run RKH, as root, simply enter the following command:
By default, the log file ‘/var/log/rkhunter.log’ will be created. It will contain the results of the checks made by RKH.
To see what other options can be used with rkhunter, enter: