Notes

Intro to Rootkit Hunter

Edit on GitHub

System Administration
2 minutes

RKHunter downloads a list of known exploits and then checks your system against the database. It also alerts you if it detects unsafe settings in some common applications.

 1#!/bin/bash
 2
 3apt update && apt upgrade -y
 4
 5# Rootkit Hunter - Scan for Rootkits, backdoors and exploits
 6
 7EMAIL='' # email for sending logs
 8SERVER='' # server name
 9
10rkhunter() {
11	wget https://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.4/rkhunter-1.4.4.tar.gz
12	tar xf rkhunter-1.4.4.tar.gz
13	sudo rkhunter-1.4.4/installer.sh --install # by default it installs in /usr/local/bin (which is in $PATH)
14
15	# confirm install by checking version
16	sudo rkhunter --versioncheck
17
18	# Pre-run Updates
19	sudo rkhunter --update # update database
20	sudo rkhunter --propupd # Before running RKH, fill the file properties database (set baseline file properties so that rkhunter can alert us if any of the essential configuration files it tracks are altered)
21
22	# Scan
23	sudo rkhunter --check # scan the entire file system
24
25
26	# Cron
27	touch /etc/cron.daily/rkhunter.sh
28	echo -e "#!/bin/sh
29(
30/usr/local/bin/rkhunter --versioncheck
31/usr/local/bin/rkhunter --update
32/usr/local/bin/rkhunter --cronjob --report-warnings-only
33) | /bin/mail -s 'rkhunter Daily Run (${SERVER})' ${EMAIL}
34}" > /etc/cron.daily/rkhunter.sh
35	chmod 755 /etc/cron.daily/rkhunter.sh