Rootkit Hunter aka rkhunter can safely be considered a must-have tool on public servers offering shared access. As a matter of fact it is a free tool, scanning for known rootkits aka malware.
Installation
Installation is straightforward. If you do do not have the epel-repository, we need to install it first and then install rkhunter. This is easy, since the epel-repository-entry-package is part of CentOS extra (enabled by default on CentOS7). And rkhunter is maintained and updated via the epel-repository:
# yum install epel-release
# yum install rkhunter
That is it – epel repository and rkhunter are now installed.
RKhunter Configuration
The configuration of rkhunter is also quite easy and straigthforward. Change the options as listed to sane values for your server:
# vi /etc/rkhunter.conf
LOGFILE=/var/log/rkhunter/rkhunter.log
ALLOW_SSH_ROOT_USER=no
ALLOW_SSH_PROT_V1=0
Now we check rkhunter and prepare it:
# vi /etc/sysconfig/rkhunter
MAILTO=root
DIAG_SCAN=yes
# rkhunter –update
# rkhunter –propupd
Starting…
Time for the first rkhunter check and verify that all is in order. We simply start the daily script, so that we also receive our first email from rkhunter.
# /etc/cron.daily/rkhunter
That is it – rkhunter up and running. Got questions? Need more info? Write it in comments or drop us a message.
Leave A Comment