Rootkits are exceedingly nasty pieces of malware that can definitely ruin your day. They can listen for commands from their masters, steal sensitive data and send it to their masters, or provide an easy-access back door for their masters. They’re designed to be stealthy, with the ability to hide themselves from plain view

Install Rootkit Hunter

For Ubuntu, Rootkit Hunter is in the normal repository. Use the following commands to install Rootkit Hunter in your system.

#apt install rkhunter

The next thing you’ll need to do is update the rootkit signatures using the — update option:

#rkhunter –update

Scanning for rootkits

To run your scan, use the -c option. (That’s -c for check.) Be patient, because it will take a while:

#rkhunter -c

When you run the scan in this manner, Rootkit Hunter will periodically stop and ask you to hit the Enter key to continue. When the scan completes, you’ll find a rkhunter.log file in the /var/log directory.

Set Rootkit Hunter to run automatically

To have Rootkit Hunter automatically run as a cron job, you’ll want to use the –cronjob option, which will cause the program to run all the way through without prompting you to keep hitting the Enter key. You might also want to use the –rwo option, which will cause the program to only report warnings, instead of also reporting on everything that’s good. From the command line, the command would look like this

#rkhunter -c --cronjob –rwo

To create a cron job that will automatically run Rootkit Hunter on a nightly basis, open the crontab editor for the root user:

#crontab -e -u root

Let’s say that you want to run Rootkit Hunter every night at 20 minutes past 10. Enter this into the crontab editor:

20 22 * * * /usr/bin/rkhunter -c --cronjob --rwo

Since cron only works with 24-hour clock time, you’ll have to express 10:00 P.M. as 22. The three asterisks mean that the job will run every day of the month, every month of the year, and every day of the week, respectively. You’ll need to list the entire path for the command; otherwise, cron won’t be able to find it.

 

The following two tabs change content below.
Ruwantha Nissanka is a Professional Cyber Security Engineer from Sri lanka with having a demonstrated history of providing cyber security services for multiple organizations in Sri Lanka. He is a positive person who wants to believe the best in others and he likes to help, encourage people and make them feel good.