Install rkhunter on CentOS 6.x & 7.x
Install rkhunter on CentOS 6.x & 7.x
A “rootkit” is basically a malicious computer program that is running on your server in “stealth mode”. The rootkit allows the attacker to gain root access to your server without you noticing it.
In order to detect rootkit on a cPanel server, you will need to install a rootkit scanner such as the Rootkit Hunter:
a) Log on to your server through SSH as a regular user and then become root:
# su - root
cd /usr/local/src/ wget http://www.adminbirds.com/download/rkhunter-1.4.4.tar.gz tar -zxvf /usr/local/src/rkhunter-1.4.4.tar.gz cd rkhunter-1.4.4 ./installer.sh --layout /usr/local --install /usr/local/bin/rkhunter -c --sk
Script to update, scan and send the report as email ( /root/rkhunter-weekly.sh)
#!/bin/bash echo "Updating RkHunter" > /tmp/rkhunter /usr/local/bin/rkhunter --update --sk --no-color >> /tmp/rkhunter echo " " >> /tmp/rkhunter echo "Scanning the system with RkHunter" >> /tmp/rkhunter /usr/local/bin/rkhunter -c --sk --no-color >> /tmp/rkhunter cat /tmp/rkhunter | mail -s "Rkhunter scan report on `hostname`" <email address>
Use cron to scan on each sunday at 15:00
0 15 * * 0 /root/rkhunter-weekly.sh