Install rkhunter On Ubuntu

Install rkhunter On Ubuntu

December 1, 2020 / Eternal Team

Rkhunter is a common tool for scanning your system for finding general vulnerabilities.

Step 1: Installing dependencies

$apt-get install binutils libreadline5 libruby ruby ruby ssl-cert unhide.rb mailutils

Step 2: Installing rkhunter

$wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz	

Untar the download

$tar xzvf rkhunter*

Go to the rkhunter directory

$cd rkhunter*

Install rkhunter:
./installer.sh --layout /usr --install

If the proper installation is done, you will get output like this

Checking system for:
 Rootkit Hunter installer files: found
 A web file download command: wget found
Starting installation:
 Checking installation directory "/usr": it exists and is writable.
 Checking installation directories:
  Directory /usr/share/doc/rkhunter-1.4.2: creating: OK
  Directory /usr/share/man/man8: exists and is writable.
  Directory /etc: exists and is writable.
  Directory /usr/bin: exists and is writable.
  Directory /usr/lib: exists and is writable.
  Directory /var/lib: exists and is writable.
  Directory /usr/lib/rkhunter/scripts: creating: OK
  Directory /var/lib/rkhunter/db: creating: OK
  Directory /var/lib/rkhunter/tmp: creating: OK
  Directory /var/lib/rkhunter/db/i18n: creating: OK
  Directory /var/lib/rkhunter/db/signatures: creating: OK
 Installing check_modules.pl: OK
 Installing filehashsha.pl: OK
 Installing stat.pl: OK
 Installing readlink.sh: OK
 Installing backdoorports.dat: OK
 Installing mirrors.dat: OK
 Installing programs_bad.dat: OK
 Installing suspscan.dat: OK
 Installing rkhunter.8: OK
 Installing ACKNOWLEDGMENTS: OK
 Installing CHANGELOG: OK
 Installing FAQ: OK
 Installing LICENSE: OK
 Installing README: OK
 Installing language support files: OK
 Installing ClamAV signatures: OK
 Installing rkhunter: OK
 Installing rkhunter.conf: OK
Installation complete

Step 3: Check the rkhunter version

$rkhunter --update

[ Rootkit Hunter version 1.4.2 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ No update ]
  Checking file programs_bad.dat                             [ Updated ]
  Checking file backdoorports.dat                            [ No update ]
  Checking file suspscan.dat                                 [ No update ]
  Checking file i18n/cn                                      [ No update ]
  Checking file i18n/de                                      [ No update ]
  Checking file i18n/en                                      [ No update ]
  Checking file i18n/tr                                      [ No update ]
  Checking file i18n/tr.utf8                                 [ No update ]
  Checking file i18n/zh                                      [ No update ]
  Checking file i18n/zh.utf8                                 [ No update ]

We are now ready to perform our first test. After the test, we can see errors and warnings.

cat /var/log/rkhunter.log

Step 4: Enabling email notification

vi /etc/rkhunter.conf

You can check your configuration file

rkhunter -C

Conclusion

We learned how to install and use rkhunter for discovering common vulnerabilities in Ubuntu.