December 1, 2020 / Eternal Team
Rkhunter is a common tool for scanning your system for finding general vulnerabilities.
Step 1: Installing dependencies
$apt-get install binutils libreadline5 libruby ruby ruby ssl-cert unhide.rb mailutils
Step 2: Installing rkhunter
$wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz
Untar the download
$tar xzvf rkhunter*
Go to the rkhunter directory
$cd rkhunter* Install rkhunter: ./installer.sh --layout /usr --install
If the proper installation is done, you will get output like this
Checking system for: Rootkit Hunter installer files: found A web file download command: wget found Starting installation: Checking installation directory "/usr": it exists and is writable. Checking installation directories: Directory /usr/share/doc/rkhunter-1.4.2: creating: OK Directory /usr/share/man/man8: exists and is writable. Directory /etc: exists and is writable. Directory /usr/bin: exists and is writable. Directory /usr/lib: exists and is writable. Directory /var/lib: exists and is writable. Directory /usr/lib/rkhunter/scripts: creating: OK Directory /var/lib/rkhunter/db: creating: OK Directory /var/lib/rkhunter/tmp: creating: OK Directory /var/lib/rkhunter/db/i18n: creating: OK Directory /var/lib/rkhunter/db/signatures: creating: OK Installing check_modules.pl: OK Installing filehashsha.pl: OK Installing stat.pl: OK Installing readlink.sh: OK Installing backdoorports.dat: OK Installing mirrors.dat: OK Installing programs_bad.dat: OK Installing suspscan.dat: OK Installing rkhunter.8: OK Installing ACKNOWLEDGMENTS: OK Installing CHANGELOG: OK Installing FAQ: OK Installing LICENSE: OK Installing README: OK Installing language support files: OK Installing ClamAV signatures: OK Installing rkhunter: OK Installing rkhunter.conf: OK Installation complete
Step 3: Check the rkhunter version
$rkhunter --update [ Rootkit Hunter version 1.4.2 ] Checking rkhunter data files... Checking file mirrors.dat [ No update ] Checking file programs_bad.dat [ Updated ] Checking file backdoorports.dat [ No update ] Checking file suspscan.dat [ No update ] Checking file i18n/cn [ No update ] Checking file i18n/de [ No update ] Checking file i18n/en [ No update ] Checking file i18n/tr [ No update ] Checking file i18n/tr.utf8 [ No update ] Checking file i18n/zh [ No update ] Checking file i18n/zh.utf8 [ No update ]
We are now ready to perform our first test. After the test, we can see errors and warnings.
cat /var/log/rkhunter.log
Step 4: Enabling email notification
vi /etc/rkhunter.conf
You can check your configuration file
rkhunter -C
Conclusion
We learned how to install and use rkhunter for discovering common vulnerabilities in Ubuntu.