Rkhunter Installation

Rkhunter Installation

Download from

http://kent.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.4/rkhunter-1.3.4.tar.gz

Rootkit Hunter (RKH) is an easy-to-use tool which checks computers running UNIX (clones) for the presence of rootkits and other unwanted tools.

What are rootkits? Most times they are self-hiding toolkits used by blackhats, crackers and scriptkiddies, to avoid the eye of the sysadmin.

Unpacking the tar file should produce a single directory called ‘rkhunter-’. Where ” is the version number of rkhunter being installed. For example, the rkhunter-1.3.0.tar.gz tar file will produce the ‘rkhunter-1.3.0′ directory when unpacked. Within this directory is the installation script called ‘installer.sh’.

To perform a default installation of RKH simply unpack the tarball and, as root, run the installation script:

tar zxf rkhunter-.tar.gz
cd rkhunter-
./installer.sh –layout default –install

RKH installation supports custom layouts. To show some examples run:

./installer.sh –examples

As an another example, to install all files beneath /opt, run:

./installer.sh –layout custom /opt –install

The default installation process will install a configuration file, called ‘rkhunter.conf’, into the ‘/etc’ directory.

To run RKH, as root, simply enter the following command:

rkhunter –check

By default, the log file ‘/var/log/rkhunter.log’ will be created. It will contain the results of the checks made by RKH.

To see what other options can be used with rkhunter, enter:

rkhunter –help

Tags: ,

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.