Rkhunter: Difference between revisions

Latest revision as of 22:27, 25 February 2018

sudo apt install mailutils

download source form site

tar zxf rkhunter-1.4.4.tar.gz

cd rkhunter-1.4.4/

sudo ./installer.sh --install

By default, the log file '/var/log/rkhunter.log' will be created. It will contain the results of the checks made by RKH.

to edit the config file and get rid of warnings:

sudo nano /etc/rkhunter.conf

to whitelist stuff in the config file add lines like:

SCRIPTWHITELIST=/usr/bin/lwp-request

run this after making changes to the config file

check if the config file is valid:

sudo rkhunter -C

update so you dont get a warning the the config file was changed:

sudo rkhunter --propupd

run manually from command prompt without all the annoying pauses

sudo rkhunter -c --rwo

#run rkhunter at 1am
00 01 * * * rkhunter --cronjob --update --quiet

@@ Line 1: / Line 1: @@
+ sudo apt install mailutils
 download source form site
@@ Line 7: / Line 9: @@
   cd rkhunter-1.4.4/
   sudo ./installer.sh --install
 By default, the log file '/var/log/rkhunter.log' will be created. It
 will contain the results of the checks made by RKH.
+to edit the config file and get rid of warnings:
+ sudo nano /etc/rkhunter.conf
+to whitelist stuff in the config file add lines like:
+ SCRIPTWHITELIST=/usr/bin/lwp-request
 run this after making changes to the config file
@@ Line 23: / Line 27: @@
 update so you dont get a warning the the config file was changed:
-  rkhunter --propupd
+  sudo rkhunter --propupd
+run manually from command prompt without all the annoying pauses
+ sudo rkhunter -c --rwo
+references:
+https://www.digitalocean.com/community/tutorials/how-to-use-rkhunter-to-guard-against-rootkits-on-an-ubuntu-vps
 the cronjob
   #run rkhunter at 1am
-01 * * * /usr/bin/rkhunter --cronjob --update --quiet
+01 * * * rkhunter --cronjob --update --quiet