Rkhunter: Difference between revisions

Latest revision as of 22:27, 25 February 2018

sudo apt install mailutils

download source form site

tar zxf rkhunter-1.4.4.tar.gz

cd rkhunter-1.4.4/

sudo ./installer.sh --install

By default, the log file '/var/log/rkhunter.log' will be created. It will contain the results of the checks made by RKH.

to edit the config file and get rid of warnings:

sudo nano /etc/rkhunter.conf

to whitelist stuff in the config file add lines like:

SCRIPTWHITELIST=/usr/bin/lwp-request

run this after making changes to the config file

check if the config file is valid:

sudo rkhunter -C

update so you dont get a warning the the config file was changed:

sudo rkhunter --propupd

run manually from command prompt without all the annoying pauses

sudo rkhunter -c --rwo

#run rkhunter at 1am
00 01 * * * rkhunter --cronjob --update --quiet

@@ Line 1: / Line 1: @@
+ sudo apt install mailutils
 download source form site
@@ Line 7: / Line 9: @@
   cd rkhunter-1.4.4/
   sudo ./installer.sh --install
+By default, the log file '/var/log/rkhunter.log' will be created. It
+will contain the results of the checks made by RKH.
+to edit the config file and get rid of warnings:
+ sudo nano /etc/rkhunter.conf
+to whitelist stuff in the config file add lines like:
+ SCRIPTWHITELIST=/usr/bin/lwp-request
+run this after making changes to the config file
-By default, the log file '/var/log/rkhunter.log' will be created. It
+check if the config file is valid:
-will contain the results of the checks made by RKH.
+ sudo rkhunter -C
+update so you dont get a warning the the config file was changed:
+ sudo rkhunter --propupd
+run manually from command prompt without all the annoying pauses
+ sudo rkhunter -c --rwo
-run this after making changes to the config file
+references:
+https://www.digitalocean.com/community/tutorials/how-to-use-rkhunter-to-guard-against-rootkits-on-an-ubuntu-vps
+the cronjob
-  rkhunter --propupd
+  #run rkhunter at 1am
+01 * * * rkhunter --cronjob --update --quiet