Install RKHunter – Rootkit Hunter
RKHunter (rootkit hunter) is a great little tool for linux servers to see if your server is clean from common rootkits, exploits and backdoors. It can be run from the shell, and can be scheduled as a daily cron job with the output emailed to you.
How to install RKHunter, login via SSH as root:
cd /usr/local/src/
wget http://garr.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.4.tar.gz
tar -zxvf rkhunter-1.3.4.tar.gz
cd rkhunter-1.3.4
./installer.sh –layout default –install
Now to run rkhunter from the shell:
rkhunter -c
Optionally, you might like to setup a daily cron job for rkhunter and have the output emailed to you:
pico -w /etc/cron.daily/rkhunter.sh
and paste the following into the file, make sure to edit the email address to your own:
#!/bin/bash
(/usr/local/bin/rkhunter –update && /usr/local/bin/rkhunter -c –nocolors –skip-keypress –summary 2>&1 | mail -s “RKhunter Scan Details” username@yourdomain.com)
ctrl+o to save the file, then ctrl+x to exit pico. Finally, give our new cron file permissions:
chmod +x /etc/cron.daily/rkhunter.sh
You can update rkhunter at any time using:
rkhunter –update
RKHunter project page on sourceforge: http://sourceforge.net/projects/rkhunter/