Difference between revisions of "Rkhunter"

From ArchWiki
Jump to navigation Jump to search
(Added Installation section)
(Added Configuration section)
Line 15: Line 15:
 
== Installation ==
 
== Installation ==
 
[[Install]] the {{Pkg|rkhunter}} package.
 
[[Install]] the {{Pkg|rkhunter}} package.
 +
 +
== Configuration ==
 +
 +
=== Initial setup ===
 +
Prior to running RKH for the first time, You will need to update the ''file properties database'':
 +
 +
$ sudo rkhunter --propupd
 +
 +
=== Important files ===
 +
The main configuration file is located at: {{ic|/etc/rkhunter.conf}}
 +
 +
By default, RKH places logs at: {{ic|/var/log/rkhunter.log}}

Revision as of 19:57, 8 April 2019


rkhunter (Rootkit Hunter) is a security monitoring tool for POSIX compliant systems. It scans for rootkits, and other possible vulnerabilities. It does so by searching for the default directories (of rootkits), misconfigured permissions, hidden files, kernel modules containing suspicious strings, and comparing hashes of important files with known good ones.

It is written in Bash, to allow for portability, and can run on most UNIX-based systems.

Installation

Install the rkhunter package.

Configuration

Initial setup

Prior to running RKH for the first time, You will need to update the file properties database:

$ sudo rkhunter --propupd

Important files

The main configuration file is located at: /etc/rkhunter.conf

By default, RKH places logs at: /var/log/rkhunter.log