How to install Rkhunter on cPanel

Rkhunter (aka Rootkit Hunter) is a security auditing tool for Unix & Linux severs. It can help you to detect rootkits, backdoors & exploits running on your servers, it uses MD5 hashes to identify possible modifications on important system files & directories, also inspects file permissions , hidden files and directories, suspicious directory and file names and kernel modules, among many many things. It’s a very essential tool for all those who want to audit their systems.

Install Rkhunter on cPanel servers

cd /usr
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz
tar -zxvf rkhunter-1.4.2.tar.gz
cd rkhunter-1.4.2
./installer.sh --layout default --install

Update Rkhunter Database

/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --propupd

Run rkhunter for the first time

rkhunter -c

I fyou want to add a cronjob to execute Rkhunter on a daily basis just create this file:

nano -w /etc/cron.daily/rkhunter.sh

Paste this text inside:

#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (Nombre del server)' [email protected]

Set file permissions:

chmod 700 /etc/cron.daily/rkhunter.sh

Conclusion

Rkhunter is a very powerful tool for security audits, however many times it will show false positives, that’s why it’s not the only security tool you should use, in order to keep your servers secure, you must investigate and use other useful tools like OSSEC, Lynis, Tripwire, Nmap and many others.

Further reading: Rkhunter Website

About the Author: Martin Keler

Leave a Reply

Your email address will not be published. Required fields are marked *