Step by Step Guide to Install Rkhunter (Rootkit Hunter) Scanning Tool on Ubuntu 20.04 LTS

shivani singh
September 6, 2021

Step by Step Guide to Install Rkhunter (Rootkit Hunter) Scanning Tool on Ubuntu 20.04 LTS

Rkhunter is a free & open source scanning tool. It is Unix-based shell script. We can scan local system for rootkits and possible local exploits. It also scans hidden files, & we can send scan report to recipient mail address.

There are few steps to install rkhunter (rootkit hunter) on ubuntu:

Step 1: Update the system.

apt-get update

Step 2: Install Rkhunter on system.

apt-get install rkhunter

Configure Postfix.
Click on Internet site.

Provide the system mail name.
Click on Ok.

Check the Rkhunter version.

rkhunter --version

Here is the command output.

Step 3: Configure the Rkhunter.

vim /etc/rkhunter.conf

Change the following values:
Set the UPDATE_MIRRORS=1, because mirror files are also checked for updates when checking for rkhunter updated date files with the update option.

UPDATE_MIRRORS=1

MIRRORS_MODE=0

Set WEB_CMD=”” is Null.

WEB_CMD=""

Here is the command output.

To enable daily scan and updates with cron.

vim /etc/default/rkhunter

Set the following values:

CRON_DAILY_RUN="true" CRON_DB_UPDATE="true" APT_AUTOGEN="true"

Here is the command output.

Step 4: Verify the Rkhunter.

rkhunter -C or rkhunter --config-check

Update the Rkhunter text data files.

rkhunter --update

Here is the command output.

Check the Rkhunter version.

rkhunter --versioncheck

Here is the command output.

Step 5: Run the following command to scan the system.

rkhunter --check

Here is the command output.

Check files.

Press Enter,checking for rootkits.

Press Enter,checking the nertwork & Local host.

Press Enter,System check summary.

Ask Press Enter each time for checks. If we want to skip press enter each time so run the following command.

rkhunter --check --sk

To run the following command to check warning messages.

rkhunter --check --rwo

Here is the command output.

The path of log is:

/var/log/rkhunter.log

Step 6: To send the scan report to mail address. Open the configuration file.

vim /etc/rkhunter.conf

Uncomment & Provide the following values:

[email protected] MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"

Here is the command output.

Leave a Reply Cancel reply

You must be logged in to post a comment.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others