Madhav Kobal's Blog

This blog will be dedicated to Linux, Open Source and Technology news, affairs, how-tos and virtually EVERYTHING in these domains.

rkhunter – Linux Security Checker

Posted by madhavkobal on 02/10/2009

Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like: – MD5 hash compare – Look for default files used by rootkits – Wrong file permissions for binaries – Look for suspected strings in LKM and KLD modules – Look for hidden files – Optional scan within plaintext and binary files

The futures of the last version 1.3.4

  • Added IntoXonia-NG rootkit check.
  • Added Phalanx2 rootkit check.
  • Added support for TCB shadow files.
  • The ‘–propupd’ option can now take an optional file, directory or package name after it.
  • Revised file properties inode check.
  • Tests against the SSH configuration file now accept the key/value pair.
  • Improved the O/S name detection.
  • The Linux ‘os_specific’ test has now been split into two separate tests.
  • Improved ALLOWPROCDELFILE configuration option.
  • Improved hidden files and directories check.
  • The DBDIR directory can now be read-only, after installation.
  • Improved debug file option.
  • The system startup file and directory tests have now been merged.

Download , extract


Install using the command ( see also screenshot bellow)

[root@test1 rkhunter-1.3.4]# ./installer.sh  --layout oldschool --install


Start the scan

[root@test1 rkhunter-1.3.4]# rkhunter   -c

All results have been written to the logfile (/var/log/rkhunter.log)

One or more warnings have been found while checking the system.

Please check the log file (/var/log/rkhunter.log)


Finally your  can add rkhunter to your cronjobs  that  can  send daily   rapport to your email

#vi /etc/cron-daily.rkhunter.sh

add

#!/bin/bash
 (/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "todayRkhunter Scan Report"Your_
 email@example.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it
 )

Then

chmod +x /etc/cron.daily/rkhunter.sh

Original Author  : pirat9
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: