Rkhunter is an open-source Unix/Linux-based scanner tool for Linux systems. This tool released under GPL that scans backdoors, rootkits, and local exploits on your systems. Rkhunter also scans hidden files, wrong permissions set on binaries, suspicious strings in the kernel. In this article, we are going to teach you How to Install Rkhunter on Ubuntu 20.04. It should note that you can visit the packages available in Eldernode if you wish to purchase an Ubuntu VPS server.
Table of Contents
Tutorial Install Rkhunter on Ubuntu 20.04 step by step
Install Rkhunter on Ubuntu 20.04 | Ubuntu 18.04
In this section, we will discuss how to install Rkhunter on Ubuntu 20.04. Since Rkhunter packages are available in standard Ubuntu repositories, you can install them using the following command:
apt install rkhunter -y
How to Configure Rkhunter on Ubuntu 20.04
After you have successfully installed Rkhunter on your system, you must now configure Rkhunter to be able to use it to scan your system. To do this you need to open the /etc/Rkhunter.conf configuration file with your favorite editor. Then make the changes as follows:
vim /etc/rkhunter.conf
You should now set the value of UPDATE_MIRRORS to 1 in the configuration file. Doing so will cause the mirror files are also checked for updates when checking for Rkhunter updated date files with the –update option.
UPDATE_MIRRORS=1
In the next step, you need to set the value MIRRORS_MODE to 0. This option tells Rkhunter which mirrors to use when selecting the -update or -version command-line options. Note that there are three values for MIRRORS_MODE:
0 – Use any mirror
1 – Use only local mirrors
2 – Use only remote mirrors
MIRRORS_MODE=0
You should now set the WEB_CMD value to null, ” “. Note that this option must set to a command that Rkhunter uses when downloading files from the Internet.
WEB_CMD=""
How to Enable regular scan and updates with Cron
One thing you should know is that the Rkhunter script is installed in the Cron.d Daily directory for regular scanning and updating. So the script is executing by Cron every day. Therefore, you need to edit the /etc/default/rkhunter.conf file and apply the following changes. You can enable Rkhunter scan checks by setting CRON_DAILY_RUN to “true” to run daily:
CRON_DAILY_RUN="true"
Now, you can also set CRON_DB_UPDATE to true again to enable weekly updates to the Rkhunter database:
CRON_DB_UPDATE="true"
You can also set the value of APT_AUTOGEN to true if you want to enable automatic database updates:
APT_AUTOGEN="true"
Note: After making all the said changes, save the configuration file and exit it.
You can run the command below to check for any unrecognized configuration options. It should note that If any configuration problems are found, then they will display and the return code will set to 1.
rkhunter -C
or
rkhunter --config-check
Update Rkhunter text data files
After completing the previous steps, you can now run the following command to update Rkhunter text data files. It should note that these are files that Rkhunter uses to detect suspicious activity on the system. So they have to be kept up to date:
rkhunter --update
Note: As it may not be a good idea to run Rkhunter with –update in terms of security risks, you should allow your package manager to take care of updating it.
You can also get the Rkhunter version by running the following command:
rkhunter --versioncheck
How to Use Rkhunter and Perform System Check
After you have completed all the steps mentioned to configure Rkhunter correctly, you should now run the following command to perform a scan test against your system:
rkhunter --check
Interestingly, to prevent pressing ENTER each time you check, you can skip the –sk or –skip-keypress option using the following command:
rkhunter --check --sk
You can also use the –rwo or –report-warnings-only option to display warning messages only:
rkhunter --check --rwo
You should know that the Rkhunter login file is as follows:
/var/log/rkhunter.log
Conclusion
Rkhunter is a Unix-based shell script that can scan the local system for rootkits, backdoors, and possible local exploits. In this article, we first tried to teach you How to Install Rkhunter on Ubuntu 20.04. Then we looked at how to configure and use Rkhunter. It should be noted that Rkhunter can also control local system commands, startup files, network interfaces for any changes, as well as listening applications.