How To Install RKHunter
RKHunter - (RootKit Hunter) Is a security scanning tool which
will scan for rootkits, backdoors, and local exploits. RKHunter
will ensure you about 99.9% that your dedicated web server is
secure.
1. Login to your server via SSH as root. Then Type: cd
/usr/local/src/
2. Download RKHunter Version 1.1.4 Type: wget
http://downloads.rootkit.nl/rkhunter-1.1.4.tar.gz
3. Extract files Type: tar -xzvf rkhunter-1.1.4.tar.gz
4. Type: cd rkhunter
5. Type: ./installer.sh
6. Lets setup RKHunter to e-mail you you daily scan reports.
Type: pico -w /etc/cron.daily/rkhunter.sh Add The Following:
#!/bin/bash (/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s
"RKhunter Scan Details" replace-this@with-your-email.com)
Replace the e-mail above with your e-mail!! It is best to send
the e-mail to an e-mail off-site so that if the box IS
compromised the hacker can't erase the scan report unless he
hacks another server too. Type: chmod +x
/etc/cron.daily/rkhunter.sh
RKHunter let me know there was something wrong with my dedicated
server, What do I do?
1. If your system is infected with an rootkit, it's almost
impossible to clean it up (lets say with a full warranty it's
clean). Never trust a machine which has been infected with a
rootkit, because hiding is the root kit's main purpose. (So a
fresh installation of the operating system is NEEDED)
2. If only one check fails it is possible that you have a "false
positive". This sometimes occurs due to custom configurations or
changed binaries. If this happens you can validate the 'false
positive' by checking for untrusted paths, knowing if oyu
recently updated the binary, and rkhunter just is out of date,
and you can also compare your binaries with other trusted
binaries to ensure they are in fact 'safe' from a root kit.
RKHunter Faq Can Be Found Here www.rootkit.nl
Original:
http://www.ukwebmasterforums.com/t4923-how-to-install-rkhunter.ht
ml
Web Hosting UK
(http://www.session9.co.uk/ )
Webmaster
Forums ( http://www.ukwebmasterforums.com/ )
Web
Hosting Affiliate (
http://www.session9.co.uk/web-hosting-affiliate/ )
Domain Reseller (
http://www.domainvendor.co.uk/ )