Download Your Free eBooks NOW - 10 Free Linux eBooks for Administrators
Guys, if you are a regular reader of tecmint.com you will notice that
this is our third article on security tools. In our previous both
articles we have given you all the guidance in how to secure Apache and Linux Systems from Malware, DOS and DDOS attacks using mod_security and mod_evasive and LMD (Linux Malware Detect). Again we are here to introduce a new security tool called Rkhunter. This article will guide you a way to install and configure RKH (RootKit Hunter) in RHEL 6.3/6.2/6.1/6/5.8, CentOS 6.3/6.2/6.1/6/5.8 and Fedora 12,13,14,15,16,17 systems using source code.
What Is Rkhunter?
Rkhunter (Rootkit Hunter) is an open source Unix/Linux based scanner tool for Linux systems released under GPL that scans backdoors, rootkits and local exploits on your systems. It scans hidden files, wrong permissions set on binaries, suspicious strings in kernel etc. To know more about Rkhunter and its features visit http://www.rootkit.nl/.
Install Linux Rkhunter (Rootkit Hunter) in RHEL 6.3/6.2/6.1/6/5.8, CentOS 6.3/6.2/6.1/6/5.8 and Fedora 12,13,14,15,16,17
Installing Rkhunter (Rootkit Hunter) in RHEL, CentOS and Fedora
Step 1: Downloading Rkhunter
First download the latest stable version of Rkhunter tool by going to http://www.rootkit.nl/projects/rootkit_hunter.html or use below Wget command to download it on your systems.# cd /tmp # wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
Step 2: Installing Rkhunter
Once you have downloaded the latest version, run the following commands as a root user to install it.# tar -xvf rkhunter-1.4.0.tar.gz # cd rkhunter-1.4.0 # ./installer.sh --layout default --install
Step 3: Updating Rkhunter
Run the RKH updater to fill the database properties by running the following command.# /usr/local/bin/rkhunter --update # /usr/local/bin/rkhunter --propupd
Step 4: Setting Cronjob and Email Alerts
Create a file called rkhunter.sh under /etc/cron.daily/, which then scans your file system every day and sends email notifications to your email id. Create following file with the help of your favourite editor.# vi /etc/cron.daily/rkhunter.shAdd the following lines of code to it and replace “YourServerNameHere” with your “Server Name” and “your@email.com” with your “Email Id“.
#!/bin/sh ( /usr/local/bin/rkhunter --versioncheck /usr/local/bin/rkhunter --update /usr/local/bin/rkhunter --cronjob --report-warnings-only ) | /bin/mail -s 'rkhunter Daily Run (PutYourServerNameHere)' your@email.comSet execute permission on the file.
# chmod 755 /etc/cron.daily/rkhunter.sh
Step 5: Manual Scan and Usage
To scan the entire file system, run the Rkhunter as a root user.# rkhunter --checkThe above command generates log file under /var/log/rkhunter.log with the checks results made by Rkhunter. For more information and options please run the following command.
# rkhunter --helpIf you liked this article, then sharing is the right way to say thanks.
Sumber
0 comments:
Post a Comment