To install the Rkhunter tool using the package manager on the Ubuntu system, run the following command.
sudo apt-get install rkhunter
After installation, you need to update the file properties database. To update the file properties database, run the following command.
sudo rkhunter –propupd
This above command lets the Rkhunter scanner to know the current state of individual files to avoid any false alarms during the scanning. After updating the file properties, run the following command to start the scanning.
sudo rkhunter –checkall
This scanner runs through some system commands, network settings, localhost settings, and files to check for actual rootkits and malware. Then, it records the findings to a log file. You can get the condensed look at the scan log using the below command. After checking the logs, you can implement a different process to improve your server security.
sudo cat /var/log/rkhunter.log | grep -i warning
If you want to scan Ubuntu Server every day at a particular time (suppose 4 am night) and send the report to your email address, add the following cron entry.
0 4 * * * /usr/sbin/rkhunter -c 2>&1 | mail -s “Rkhunter Report of the Server” you@domain.com
This above cron job runs at 4 am night every day and sends a report to your email address with the subject “Rkhunter Report of the Server”.
