Install rkhunter

Discussion in 'General' started by dicko, Feb 2, 2011.

  1. dicko

    Joined:
    Oct 24, 2008
    Messages:
    4,099
    Likes Received:
    0
    A follow up (perhaps a follow behind) of a recent post in these fora, of a poor bastartd who was possibly penetrated, and for those who take security seriously, we surely all need a "root Kit" detector, how many of us have one?

    So, I suggest rkhunter, in reality this needs to be installed BEFORE most anything or all bets are off or the MD5sums might already be compromised.

    Make sure you have the epel repo installed in /etc/yum.repos.d


    Code:
    [epel]
    name=Extra Packages for Enterprise Linux 5 - $basearch
    #baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch
    mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
    failovermethod=priority
    enabled=0
    gpgcheck=1
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
    
    [epel-debuginfo]
    name=Extra Packages for Enterprise Linux 5 - $basearch - Debug
    #baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch/debug
    mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch
    failovermethod=priority
    enabled=0
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
    gpgcheck=1
    
    [epel-source]
    name=Extra Packages for Enterprise Linux 5 - $basearch - Source
    #baseurl=http://download.fedoraproject.org/pub/epel/5/SRPMS
    mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch
    failovermethod=priority
    enabled=0
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
    gpgcheck=1
    
    yum install --enablerepo=epel* rkhunter

    edit the email address in the enclosed /etc/rkhunter.conf file which is of course the rkhunter.txt file enclosed (brain-dead stupid effing software :) and move it there appropriately )


    then

    rkhunter --propupd

    you should be good to go.

    these settings should make your notifications from rkhunter relatively quiet, and only tell you when there is a real problem.

    http://forum.elastix.org/old_files/rkhunter.txt
     

Share This Page