Rootkit Hunter aka rkhunter can safely be considered a must-have tool on public servers offering shared access. As a matter of fact it is a free tool, scanning for known rootkits aka malware.


Installation is straightforward. If you do do not have the epel-repository, we need to install it first and then install rkhunter. This is easy, since the epel-repository-entry-package is part of CentOS extra (enabled by default on CentOS7). And rkhunter is maintained and updated via the epel-repository:

# yum install epel-release

# yum install rkhunter

That is it – epel repository and rkhunter are now installed.

RKhunter Configuration

The configuration of rkhunter is also quite easy and straigthforward. Change the options as listed to sane values for your server:

# vi /etc/rkhunter.conf


Now we check rkhunter and prepare it:

# vi /etc/sysconfig/rkhunter


# rkhunter –update

# rkhunter –propupd


Time for the first rkhunter check and verify that all is in order. We simply start the daily script, so that we also receive our first email from rkhunter.

# /etc/cron.daily/rkhunter

That is it – rkhunter up and running. Got questions? Need more info? Write it in comments or drop us a message.