How to Install rkhunter on Ubuntu 16.04
Posted on January 1, 2020 • 4 min read • 658 wordsIn this tutorial, we'll learn how to install rkhunter on ubuntu 16.04. rkhunter (Rootkit Hunter) is an open-source rootkit scanner released under GNU GPL version 2.
In this tutorial, we’ll learn how to install rkhunter on ubuntu 16.04. rkhunter (Rootkit Hunter) is an open-source rootkit scanner released under GNU GPL version 2.
Before we go further to install an application that will clean rootkit from our Linux systems, let’s learn what is a rootkit?
According to Techtarget search security
A rootkit is a program or, more often, a collection of software tools that gives a threat actor remote access to and control over a computer or other system.
Comodo as :
In simple language, ‘rootkit’ is basically a software kit used to get to the root of the computer. In other words, a software kit used to gain admin access to the computer and thereby control it.
While McAffee define rookit as:
A rootkit is a kind of software that conceals malware from standard detection methods.
Having a rootkit scanner installed and periodically scan our system for potential rookit will improve our system security.
Update apt metadata using command below
sudo apt-get update
Install rkhunter using command below. We use --no-install-recommends
option so it will not install Postfix mail server on our systems.
To send scan report we can just directly send our email to email provider that we use or use mail relay like msmtp or ssmtp.
sudo apt-get -y --no-install-recommends install rkhunter
Let’s check version of rkhunter installed on our system. I leave out some output from this command.
rkhunter --version
Rootkit Hunter 1.4.2
...
<a href="https://www.howtodojo.com/wp-content/uploads/2020/01/rkhunter-versioncheck.png"><img class="aligncenter size-full wp-image-1073" src="https://www.howtodojo.com/wp-content/uploads/2020/01/rkhunter-versioncheck.png" alt="rkhunter --version" width="389" height="115"/></a>
Before we run scan, let’s update rkhunter data
sudo rkhunter --update
Now let’s update file properties database by running the following command
sudo rkhunter --propupd
<a href="https://www.howtodojo.com/wp-content/uploads/2020/01/rkhunter-propupd.png"><img class="aligncenter size-full wp-image-1072" src="https://www.howtodojo.com/wp-content/uploads/2020/01/rkhunter-propupd.png" alt="" width="354" height="52"/></a>
To scan our systems from rootkit we can pass option -c
to rkhunter.
sudo rkhunter -c
It will take some time to finish the scan, we will need to press enter
several times for the scan to continue and finish.
Now let’s configure rkhunter email settings for warning found in scan.
Find line
#MAIL-ON-WARNING=root
Uncomment the line and put the email address that you want to receive warning.
MAIL-ON-WARNING=[email protected]
You can put multiple emails separated by comma. I suggest putting group email instead of individual email so warning notification will be seen by multiple person.
Using group email also ensure warning email not missed when a person leave the team.
Open /etc/default/rkhunter
. Find line
CRON_DAILY_RUN=""
replace with
CRON_DAILY_RUN="true"
Open /etc/default/rkhunter
. Find line
CRON_DB_UPDATE=""
Replace it with
CRON_DB_UPDATE="true"
Open /etc/default/rkhunter
. Find line
APT_AUTOGEN="false"
Change the value to true
APT_AUTOGEN="true"
At the time of this writing, the latest version of rkhunter is version 1.4.6. The one shipped with ubuntu 16.04 is version 1.4.2. In this section we’ll learn how to install latest version of rkhunter alongside with the one we already install from Ubuntu repository.
We can download the latest version of rkhunter from sourceforge.
Download rkhunter 1.4.6 using wget
wget -c https://sourceforge.net/projects/rkhunter/files/rkhunter/1.4.6/rkhunter-1.4.6.tar.gz
After download finshed we will have rkhunter-1.4.6.tar.gz
file. Let’s extract the file using command below
tar xzf rkhunter-1.4.6.tar.gz
Go to the directory and run install
cd rkhunter-1.4.6
sudo ./installer.sh --install
By default it will install rkhunter on /usr/local
.
To see more detailed options of the installer you can run
sudo ./installer.sh --help
Now let’s check rkhunter version installed on our system
sudo rkhunter --versioncheck
<a href="https://www.howtodojo.com/wp-content/uploads/2020/01/rkhunter-versioncheck-after-update.png"><img class="aligncenter size-full wp-image-1074" src="https://www.howtodojo.com/wp-content/uploads/2020/01/rkhunter-versioncheck-after-update.png" alt="rkhunter --versioncheck" width="488" height="101"/></a>
Now we have the latest stable version of rkhunter installed.
In this tutorial, we learned how to install rkhunter on Ubuntu 16.04. We use both rkhunter
from Ubuntu repository and from rkhunter
website.
We learn how to configure and run security scan using rkhunter. I hope this tutorial will be useful to make your systems more secure.