Install rkhunter
1. Extract rkhunter
tar zxf rkhunter-1.4.2.tar.gz
2. Install rkhunter in usr-directory
cd rkhunter-1.4.2/
./installer.sh –layout /usr –install
3. rkhunter update
rkhunter –update && rkhunter –propupd
4. Create cronjob in /etc/cron.daily
#!/bin/sh
RKHUNTER=/usr/bin/rkhunter
test -x $RKHUNTER || exit 0
# source our config
. /etc/default/rkhunter
if [ -z „$NICE“ ]; then
NICE=0
fi
case „$CRON_DAILY_RUN“ in
[Yy]*)
if [ ! -x /usr/bin/wget ] && [ ! -x /usr/bin/curl ] && [ ! -x /usr/bin/links ] && \
[ ! -x /usr/bin/elinks ] && [ ! -x /usr/bin/lynx ]; then
echo „No tool with which to download rkhunter updates was found on your system. Please install wget, curl, (e)links or lynx“
exit 1
fi
(
echo „Subject: [rkhunter] $(hostname -f) – database update“
echo „To: $REPORT_EMAIL“
echo „“
$RKHUNTER –versioncheck –nolog –nocolors
$RKHUNTER –update –nolog –nocolors
) | /usr/sbin/sendmail $REPORT_EMAIL
OUTFILE=`mktemp` || exit 1
/usr/bin/nice -n $NICE $RKHUNTER –cronjob –report-warnings-only –appendlog > $OUTFILE
if [ -s „$OUTFILE“ ]; then
(
echo „Subject: [rkhunter] $(hostname -f) – Daily report“
echo „To: $REPORT_EMAIL“
echo „“
cat $OUTFILE
) | /usr/sbin/sendmail $REPORT_EMAIL
fi
rm -f $OUTFILE
;;
*)
exit 0
;;
esac
5. Create rkhunter config in /etc/default
# Defaults for rkhunter cron jobs
# sourced by /etc/cron.*/rkhunter
#
# This is a POSIX shell fragment
#
# Set this to the email address where reports and run output should be sent
REPORT_EMAIL=“root“
# Set this to yes to enable rkhunter weekly database updates
CRON_DB_UPDATE=“yes“
# Set this to yes to enable reports of weekly database updates
DB_UPDATE_EMAIL=“yes“
# Set this to yes to enable rkhunter daily runs
CRON_DAILY_RUN=“yes“
# Nicenesses range from -20 (most favorable scheduling) to 19 (least favorable).
NICE=“0″
6. Edit rkhunter Config /etc/rkhunter
ALLOWHIDDENDIR
SCRIPTWHITELIST
ALLOWDEVFILE
APP_WHITELIST
7. Update rkhunter (Hash of config file)
rkhunter –propupd
Posted: Juni 23rd, 2014 under Debian.