Thursday, September 2, 2010

Installing Rkhunter on CentOS 5.x

Rkhunter is a rootkit scanning tool for Linux/Unix type environments. If you are running a Linux based webserver, it is a good idea to install and configure this to run perhaps nightly.


0. Login as root or su (whatever floats your boat)

1. Install the RPMForge repo if not already installed.


This example is for a 32 bit system, there is a different rpm for 64 bit.
cd /temp
wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -Uhv rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rm rpmforge-release-0.3.6-1.el5.rf.i386.rpm


2. Install rkhunter
yum install rkhunter -y

3. Perform Initial scan
rkhunter --propupd
rkhunter -c


Now it is recommended to execute this daily, especially for a high traffic server. Shell Script!

4. Create shell script
cd /your/script/directory
touch rkhunter.sh
chmod +x rkhunter.sh
nano rkhunter.sh


add lines

rkhunter --update
sleep 60
rkhunter --checkall --cronjob --skip-keypress

cat /var/log/rkhunter.log | mail -s "Daily rkhunter scan report" youremail@yourdomain.com

5. Add script to crontab
nano /etc/crontab
add line like:
#This will be executed at 1:00 am daily.

00 1 * * * root /bin/sh /your/script/directory/rkhunter.sh


done!

-n