rkhunter (or Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and local exploits. It does this by comparing MD5 hash of important files with known good ones in an online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules. It should run on almost every Unix clone.
Download the gzipped tarball, extract it and run the installation script.
# wget http://downloads.rootkit.nl/rkhunter-Or you can create an RPM file with the integrated rkhunter.spec file and install your own package.
.tar.gz # tar -xvzf rkhunter- .tar.gz # cd rkhunter # ./installer.sh
# rpmbuild -ta rkhunter-
If you are lazy you can install the prebuilt 1.2.8-1 rpm version via:
# rpm -Uvh http://linuxweblog.com/downloads/packages/rkhunter/rkhunter-1.2.8-1.noarch.rpmTest the installation with:
# rkhunter -cUpdate the daily cron in "/etc/cron.daily/01-rkhunter" file to check for version and database updates:
#!/bin/sh ( /usr/bin/rkhunter --versioncheck /usr/bin/rkhunter --update /usr/bin/rkhunter --cronjob ) | /bin/mail -s 'rkhunter Daily Run' rootYou can customize the default configurations by editing "/etc/rkhunter.conf".