Rootkits are exceedingly nasty pieces of malware that can definitely ruin your day. They can listen for commands from their masters, steal sensitive data and send it to their masters, or provide an easy-access back door for their masters. They’re designed to be stealthy, with the ability to hide themselves from plain view
Install Rootkit Hunter
For Ubuntu, Rootkit Hunter is in the normal repository. Use the following commands to install Rootkit Hunter in your system.
#apt install rkhunter
The next thing you’ll need to do is update the rootkit signatures using the — update option:
Scanning for rootkits
To run your scan, use the -c option. (That’s -c for check.) Be patient, because it will take a while:
When you run the scan in this manner, Rootkit Hunter will periodically stop and ask you to hit the Enter key to continue. When the scan completes, you’ll find a rkhunter.log file in the /var/log directory.
Set Rootkit Hunter to run automatically
To have Rootkit Hunter automatically run as a cron job, you’ll want to use the –cronjob option, which will cause the program to run all the way through without prompting you to keep hitting the Enter key. You might also want to use the –rwo option, which will cause the program to only report warnings, instead of also reporting on everything that’s good. From the command line, the command would look like this
#rkhunter -c --cronjob –rwo
To create a cron job that will automatically run Rootkit Hunter on a nightly basis, open the crontab editor for the root user:
#crontab -e -u root
Let’s say that you want to run Rootkit Hunter every night at 20 minutes past 10. Enter this into the crontab editor:
20 22 * * * /usr/bin/rkhunter -c --cronjob --rwo
Since cron only works with 24-hour clock time, you’ll have to express 10:00 P.M. as 22. The three asterisks mean that the job will run every day of the month, every month of the year, and every day of the week, respectively. You’ll need to list the entire path for the command; otherwise, cron won’t be able to find it.
Latest posts by Ruwantha Nissanka (see all)
- 4 commands you should know to compress files in linux - December 3, 2020
- A beginner’s guide to using hard links in linux - December 3, 2020
- What are inodes in linux? - December 3, 2020
- A guide to Setting advanced file permissions in linux - December 3, 2020
- How to set standard file permissions in linux - December 3, 2020