Install and Configure Rootkit Hunter on Server

April 12, 2011 / Virtual Server

Rookit hunter which is also termed as the “RKHunter” is considered to be one of the very useful apps. for your Virtual Private Server (VPS).

What is a rootkit ?

The rootkit is similar to any other software, but has a different intention. Once installed, it can allow access to the computing machine without the knowledge of the admins of that machine.

Ideally, such softwares are used by individuals with evil intentions for example hackers, attackers etc. They would somehow find a way to install a rootkit on your machine as soon as they get an access to the root of your server. Once done, it enables the attacker with masking the ongoing intrusion and maintaining the access to the machine by bypassing normal authentication and authorization structure. There are unimaginable destruction’s that can be caused using rootkit, but the most well known is its use as malware that carries out the job of stealing passwords without letting the administrators nor the users know about it. Their major targets are firmware, a hypervisor, the kernel, or most commonly user-mode applications.

The detection of Rootkit is difficult as has the capability of subverting the anti-virus or anti-malware application that intends to detect it. The methods of detection include using an alternate, trusted operating system, methods based on the behavior, scanning the signatures, difference scanning and memory dump analysis. Usually, removing such a breach is next to impossible particularly if the rootkit is such that it is in the kernel. The only possible method to get rid of it is to Format the hard-drive partition and reinstall the OS.

Rootkit hunter is capable of notifying users for any rootkits are found present in the system, then you can take the necessary measures to get rid of it. It is simple to install the RKHunter.

How to Install Rootkit Hunter (RKHunter) on Virtual Private Server (VPS) ?

The following are primary steps to instal the RKHunter on your server :

Step A : Login to your server as root and run the below command to download rkhunter :


Step B : Unzip the downloaded file using the below command

tar -xzf rkhunter-1.3.2.tar.gz

Step C : Use the following command to alter the folder location, and install it on your web hosting uk server

cd rkhunter-1.3.2


How to configure RKHunter (Rootkit Hunter) on a Cheap VPS Hosting server ?

Upon successful installation of RKHunter on your server, you can set the schedule for scanning the server. Also, you can set the schedule for upgrading it on its own.

The below method can be followed to schedule the scans on a daily basis :

Note : You must be logged in as root to run the following commands

i. vi /etc/cron.daily/ (To edit the file, you need to hit ‘shift + I’ )
ii. (/usr/local/bin/rkhunter –update && /usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s “RKhunter Scan Details” [email protected]) – (change the [email protected] to your own email address)
iii. Hit ‘esc’ and enter ‘:wq’, to save the file
iv. chmod 700 /etc/cron.daily/

This concludes the steps for configuring the RKHunter to daily scan mode.

Spread the love