Rootkits and backdoors are often the worst type of compromise possible. To protect your server against rootkits, backdoors and other security problems it is recommended to install and use Rkhunter on your Linux VPS. Rkhunter (Rootkit Hunter) is a very useful open source software utility that makes various checks on the local system and scans for known rootkits, local exploits, malware and backdoors. Rkhunter checks to see whether the binary files or system startup files have been modified, and performs various checks on the network interfaces, including checks for listening services and applications. Rkhunter runs on most Linux and UNIX systems. It can be run from the command line, but it can also be scheduled to execute on a daily basis as a cron job.
To install the latest version of Rkhunter on your server, execute the following commands:
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz tar xzfv rkhunter-1.4.0.tar.gz cd rkhunter-1.4.0 ./installer.sh --install --layout default rkhunter --update rkhunter --propupd
Use the following command to perform a test scan on the local system:
Set up a daily cron job on your Linux:
#!/bin/sh ( rkhunter --versioncheck rkhunter --update rkhunter -c --cronjob ) | mail -s 'rkhunter Daily Check' firstname.lastname@example.org
Do not forget to replace ‘email@example.com’ with your email address.
Execute the following command to make the script executable:
chmod +x /etc/cron.daily/rkhunter-cron.sh
That’s it! An email with the results of Rkhunter scan will be sent on your email address on a daily basis.
PS. If you liked this post please share it with your friends on the social networks or simply leave a reply below. Thanks.