rkhunter to the rescue
There is a tool that I highly recommend running on any Linux box to help detect problems and root kits, rkhunter.
It is available via http://www.rootkit.nl/
What makes it a must have is that you can automate the running and updating of the package, and have it send you daily reports of what it finds.
to get started, get the package and install
download:
# wget http://downloads.rootkit.nl/rkhunter-
Note: It doesn’t matter where you save the tarball
extract:
# tar zxf rkhunter-
installation:
# cd rkhunter
# ./installer.sh
some useful commands line options are
–update this will get the latest package defs to go with it.
-c to run a check all of the system
–cronjob will let it run as a cron job
To get it running every day try
You can create a cronjob script like this:
=========== /etc/cron.daily/rkhunter ====================
#!/bin/sh
(
/usr/local/bin/rkhunter –versioncheck
/usr/local/bin/rkhunter –update
/usr/local/bin/rkhunter –cronjob –report-warnings-only
) | /bin/mail -s ‘rkhunter Daily Run’ root
=========================================================
Or add a line in your /etc/crontab file directly.
Posted: July 18th, 2006 under Linux, Firewalls and Security.
Comments: none
Write a comment