====== Systems - Media Server - Secure the Server - Install rkhunter ======
**rkhunter** is a rootkit detection tool.
----
===== Install rkhunter =====
sudo apt install rkhunter
**NOTE:** For mail configuration, select **Leave as is**.
* Choose a different option, depending on your needs.
----
===== Configure RKHunter =====
Edit the /etc/default/rkhunter file.
# if set [yes], daily cron job will be run
CRON_DAILY_RUN=""
# set email address to receive report
REPORT_EMAIL="root"
----
Edit the /etc/rkhunter.conf file.
# line 107 : change
UPDATE_MIRRORS=1
# line 122 : change
MIRRORS_MODE=0
# line 1190 : change to blank
WEB_CMD=""
----
===== Update database =====
sudo rkhunter --update
returns:
[ Rootkit Hunter version 1.4.6 ]
Checking rkhunter data files...
Checking file mirrors.dat [ Updated ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ Skipped ]
Checking file i18n/de [ Skipped ]
Checking file i18n/en [ No update ]
Checking file i18n/tr [ Skipped ]
Checking file i18n/tr.utf8 [ Skipped ]
Checking file i18n/zh [ Skipped ]
Checking file i18n/zh.utf8 [ Skipped ]
Checking file i18n/ja [ Skipped ]
----
===== Update system file properties =====
sudo rkhunter --propupd
returns:
[ Rootkit Hunter version 1.4.6 ]
File updated: searched for 179 files, found 141
----
===== Run checking =====
sudo rkhunter --check --sk
returns:
[ Rootkit Hunter version 1.4.6 ]
Checking system commands...
Performing 'strings' command checks
Checking 'strings' command [ OK ]
Performing 'shared libraries' checks
Checking for preloading variables [ None found ]
Checking for preloaded libraries [ None found ]
Checking LD_LIBRARY_PATH variable [ Not found ]
Performing file properties checks
Checking for prerequisites [ OK ]
/usr/sbin/adduser [ OK ]
/usr/sbin/chroot [ OK ]
/usr/sbin/cron [ OK ]
/usr/sbin/depmod [ OK ]
/usr/sbin/fsck [ OK ]
/usr/sbin/groupadd [ OK ]
/usr/sbin/groupdel [ OK ]
/usr/sbin/groupmod [ OK ]
/usr/sbin/grpck [ OK ]
/usr/sbin/ifconfig [ OK ]
/usr/sbin/init [ OK ]
/usr/sbin/insmod [ OK ]
/usr/sbin/ip [ OK ]
/usr/sbin/lsmod [ OK ]
/usr/sbin/modinfo [ OK ]
/usr/sbin/modprobe [ OK ]
/usr/sbin/nologin [ OK ]
/usr/sbin/pwck [ OK ]
...
...
System checks summary
=====================
File properties checks...
Files checked: 141
Suspect files: 0
Rootkit checks...
Rootkits checked : 498
Possible rootkits: 0
Applications checks...
All checks skipped
The system checks took: 1 minute and 31 seconds
All results have been written to the log file: /var/log/rkhunter.log
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)