Knowledgebase

How to Install Rkhunter on Debian 10 Print

  • 0

Rkhunter is a tool that scans for rootkits, backdoors, and other security issues on Linux systems. It does this by examining your files and comparing the hashes against known values of trusted software and malware. In this tutorial, we will install and set up rkhunter on a Debian 10 Rcs instance.

Prerequisites

1. Install Rkhunter

Install rkhunter with apt.

$ sudo apt install rkhunter -y

2. Configure Rkhunter

Rkhunter uses data files to store information on possible threats. Unfortunately, the default configuration of Debian does not allow us to update these files. We will adjust the settings to correct this issue.

  1. Edit the /etc/rkhunter.conf file with nano.

     $ sudo nano /etc/rkhunter.conf

    Type Ctrl+W to search for WEB_CMD="/bin/false".
    Add a # comment at the beginning of the line to disable the statement.

     # WEB_CMD="/bin/false"
  2. Type Ctrl+W to search for UPDATE_MIRRORS.

  3. Set UPDATE_MIRRORS value to 1.

     UPDATE_MIRRORS=1
  4. Type Ctrl+W to search for MIRRORS_MODE.

  5. Set MIRRORS_MODE value to 0.

     MIRRORS_MODE=0
  6. (Optional) Enable email notifications.

    Type Ctrl+W to search for MAIL-ON-WARNING.
    Remove the # comment at the beginning of the line and assign an email address.

     MAIL-ON-WARNING=admin@example.com
  7. Save and exit the file.

3. Confirm Configuration File

Make sure your configuration file is valid with the following command:

$ sudo rkhunter -C

If there is no output, your configuration file is valid.

4. Update the Data Files

Update the rkhunter data files.

$ sudo rkhunter --update

5. Check the Local System

To check the local system, use the check parameter.

$ sudo rkhunter --check

When finished, inspect /var/log/rkhunter.log for warnings and alerts.

Rkhunter is a tool that scans for rootkits, backdoors, and other security issues on Linux systems. It does this by examining your files and comparing the hashes against known values of trusted software and malware. In this tutorial, we will install and set up rkhunter on a Debian 10 Rcs instance. Prerequisites Follow our best practices guide to update your Debian system. Create a non-root sudo user. 1. Install Rkhunter Install rkhunter with apt. $ sudo apt install rkhunter -y 2. Configure Rkhunter Rkhunter uses data files to store information on possible threats. Unfortunately, the default configuration of Debian does not allow us to update these files. We will adjust the settings to correct this issue. Edit the /etc/rkhunter.conf file with nano. $ sudo nano /etc/rkhunter.conf Type CTRL+W to search for WEB_CMD="/bin/false". Add a # comment at the beginning of the line to disable the statement. # WEB_CMD="/bin/false" Type CTRL+W to search for UPDATE_MIRRORS. Set UPDATE_MIRRORS value to 1. UPDATE_MIRRORS=1 Type CTRL+W to search for MIRRORS_MODE. Set MIRRORS_MODE value to 0. MIRRORS_MODE=0 (Optional) Enable email notifications. Type CTRL+W to search for MAIL-ON-WARNING. Remove the # comment at the beginning of the line and assign an email address. MAIL-ON-WARNING=admin@example.com Save and exit the file. 3. Confirm Configuration File Make sure your configuration file is valid with the following command: $ sudo rkhunter -C If there is no output, your configuration file is valid. 4. Update the Data Files Update the rkhunter data files. $ sudo rkhunter --update 5. Check the Local System To check the local system, use the check parameter. $ sudo rkhunter --check When finished, inspect /var/log/rkhunter.log for warnings and alerts.

Was this answer helpful?
Back

Powered by WHMCompleteSolution