Step by Step Guide to Install Rkhunter (Rootkit Hunter) Scanning Tool on Ubuntu 20.04 LTS

Rkhunter is a free & open source scanning tool. It is Unix-based shell script. We can scan local system for rootkits and possible local exploits. It also scans hidden files, & we can send scan report to recipient mail address.

There are few steps to install rkhunter (rootkit hunter) on ubuntu:

Step 1: Update the system.

apt-get update

Step 2: Install Rkhunter on system.

apt-get install rkhunter

  • Configure Postfix.
  • Click on Internet site.

  • Provide the system mail name.
  • Click on Ok.

  • Check the Rkhunter version.

rkhunter --version

  • Here is the command output.

Step 3: Configure the Rkhunter.

vim /etc/rkhunter.conf

  • Change the following values:
  • Set the UPDATE_MIRRORS=1, because mirror files are also checked for updates when checking for rkhunter updated date files with the update option.

UPDATE_MIRRORS=1

    • Set the MIRRORS_MODE=0 because rkhunter which mirrors to use when selecting the -update or -version command line options.

MIRRORS_MODE=0

  • Set WEB_CMD=”” is Null.

WEB_CMD=""

  • Here is the command output.

  • To enable daily scan and updates with cron.

vim /etc/default/rkhunter

  • Set the following values:

CRON_DAILY_RUN="true"
CRON_DB_UPDATE="true"
APT_AUTOGEN="true"

  • Here is the command output.

Step 4: Verify the Rkhunter.

rkhunter -C
or
rkhunter --config-check

  • Update the Rkhunter text data files.

rkhunter --update

  • Here is the command output.

  • Check the Rkhunter version.

rkhunter --versioncheck

  • Here is the command output.

Step 5: Run the following command to scan the system.

rkhunter --check

  • Here is the command output.

  • Check files.

  • Press Enter,checking for rootkits.

  • Press Enter,checking the nertwork & Local host.

  • Press Enter,System check summary.

  • Ask Press Enter each time for checks. If we want to skip press enter each time so run the following command.

rkhunter --check --sk

  • To run the following command to check warning messages.

rkhunter --check --rwo

  • Here is the command output.

  • The path of log is:

/var/log/rkhunter.log

Step 6: To send the scan report to mail address. Open the configuration file.

vim /etc/rkhunter.conf

  • Uncomment & Provide the following values:

[email protected]
MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"

  • Here is the command output.

Leave a Reply

Your email address will not be published.