RKHunter downloads a list of known exploits and then checks your system against the database. It also alerts you if it detects unsafe settings in some common applications.
1#!/bin/bash
2
3apt update && apt upgrade -y
4
5# Rootkit Hunter - Scan for Rootkits, backdoors and exploits
6
7EMAIL='' # email for sending logs
8SERVER='' # server name
9
10rkhunter() {
11 wget https://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.4/rkhunter-1.4.4.tar.gz
12 tar xf rkhunter-1.4.4.tar.gz
13 sudo rkhunter-1.4.4/installer.sh --install # by default it installs in /usr/local/bin (which is in $PATH)
14
15 # confirm install by checking version
16 sudo rkhunter --versioncheck
17
18 # Pre-run Updates
19 sudo rkhunter --update # update database
20 sudo rkhunter --propupd # Before running RKH, fill the file properties database (set baseline file properties so that rkhunter can alert us if any of the essential configuration files it tracks are altered)
21
22 # Scan
23 sudo rkhunter --check # scan the entire file system
24
25
26 # Cron
27 touch /etc/cron.daily/rkhunter.sh
28 echo -e "#!/bin/sh
29(
30/usr/local/bin/rkhunter --versioncheck
31/usr/local/bin/rkhunter --update
32/usr/local/bin/rkhunter --cronjob --report-warnings-only
33) | /bin/mail -s 'rkhunter Daily Run (${SERVER})' ${EMAIL}
34}" > /etc/cron.daily/rkhunter.sh
35 chmod 755 /etc/cron.daily/rkhunter.sh