Friday, February 10, 2012

RootKit on CentOS 6.0 (rkhunter)


1. Install Rkhunter
yum install -y rkhunter file

2. Update Rkhunter
rkhunter --update

3. Run a Test Scan (help to prevent false positives):
rkhunter -c

4. Setup a daily scan report:
vi /etc/cron.daily/rkhunter
-----------------//--------------
#!/bin/bash
(
/usr/bin/rkhunter --versioncheck --nocolors
/usr/bin/rkhunter --update --nocolors
/usr/bin/rkhunter --checkall --nocolors --skip-keypress
) | /bin/mail -s 'rkhunter Daily Run (www.bigip.co.kr)' admin@bigip.co.kr
exit 0
-----------------//--------------

5. Change premissions:
chmod 700 /etc/cron.daily/rkhunter