Difference between revisions of "Rkhunter"

Introduction to Rkhunter

rkhunter is a security monitoring and analyzing tool.

Project Homepage: http://rkhunter.sourceforge.net/index.html

Dependencies

Required

• wget

Recommended

• fcron

Optional

• NetTools

Non-Multilib or Multilib

Note

You must apply the fhscomply patch to use the installer script flags.

Apply the patch that allows user-defined installation paths and provides OS support for CLFS:

patch -Np1 -i ../rkhunter-1.2.9-fhscomply-1.patch &&
patch -Np1 -i ../rkhunter-1.2.9-CLFSSupport-1.patch

Run the install script as a privileged user to install rkhunter.

./installer.sh --installdir /usr --sysconfdir /etc

Configuring

Update the supported OS database and then add the CLFS-1.0.0 support for checking system tools.

rkhunter --update &&
echo "991:Cross Linux from Scratch 1.0.0 (x86_64):/usr/bin/md5sum:/bin:" >> /etc/rkhunter/db/os.dat &&
echo "992:Cross Linux from Scratch 1.0.0 (i386):/usr/bin/md5sum:/bin:" >> /etc/rkhunter/db/os.dat

Runtime options are defined in the rkhunter configuration file. Edit this file to change the behavior of rkhunter.

Add entries to your (f)crontab to periodically run rkhunter.

# Run rkhunter update every Friday at 2:00 am.
& 00 02 * * fri /usr/bin/rkhunter --update
# Run rkhunter as a cronjob every Friday at 3:00 am.
& 00 03 * * fri /usr/bin/rkhunter --cronjob

Contents

Short Descriptions