How to add rkhunter to a cronjob
we know that automation and email notification make an administrator’s life a lot easier, so now we can add rkhunter to a cronjob.
This is straight from the rkhunter website: You need to create a short shell script as follows:
#!/bin/sh
( /usr/bin/rkhunter –versioncheck
/usr/bin/rkhunter –update
/usr/bin/rkhunter –cronjob –report-warnings-only
) | /usr/bin/mail -s “rkhunter output” admin@yourdomain.com
Save the file and call it something like ‘rkhunterscript’. Make the file executable:
and place it in your local bin folder or in a public bin folder. Now set a root cronjob as follows:
cronjob looks like this:
10 3 * * * /home/demo/bin/rkhunterscript
This will run the script at 3.10am each day
Scanning for rootkits with rkhunter
The first thing we want to do after installation is to update the signatures and files rkhunter uses to detect anomalies:
sudo /usr/local/bin/rkhunter –update
Interactive mode
sudo /usr/local/bin/rkhunter -c
That command starts rkhunter in an interactive mode.
When it gets to the end of a particular scan, you need to press ‘enter’ to continue.
If you want to skip the interactive prompts, add the -sk option at the end:
sudo /usr/local/bin/rkhunter -c -sk
How to do rpm test install to check potential conflicts.
–test Do not install the package, simply check for and report potential conflicts.
–test Don’t really uninstall anything, just go through the motions. Useful in conjunction with the -vv option for debugging.
How can I backup a currently installed RPM
–repackage Re-package the files before erasing.
The previously installed package will be named according to the macro %_repackage_name_fmt and will be created in the directory named by the macro %_repackage_dir (default value is /var/spool/repackage).
–replacefiles
Install the packages even if they replace files from other, already installed, packages.
–replacepkgs
Install the packages even if some of them are already installed on this system.
Once the package has been downloaded, install it with the –repackage option.
This will create an RPM from the existing package and install the new one.
rpm -Fvh –repackage rpm-file-name.rpm
How do I install or upgrade an RPM package?
In order to install an RPM package you must first have the RPM you are trying to install on your system. Many people will download RPMs from a website and of course, Red Hat Network (RHN) provides all the RPM packages included in the distributions. There are two main flags that are used to install or upgrade RPM packages:
-i is used to install a new package. Always use this for kernel installations and upgrades.
-U is used to upgrade an RPM package but will also install a package if it does not exist in the RPM database.
Usage and additional options can be found in the RPM man page. Type man rpm from the command line.
Here is some information about the -i and -U flags:
INSTALL AND UPGRADE OPTIONS
The general form of an rpm install command is
rpm {-i|–install} [install-options] PACKAGE_FILE …
This installs a new package.
The general form of an rpm upgrade command is
rpm {-U|–upgrade} [install-options] PACKAGE_FILE …
