Ubuntu

How to Install and Use Rkhunter for Security on Ubuntu 22.04

2 years ago
by Prateek Jangid
Rkhunter, also known as Rootkit Hunter, scans for the rootkits of the system. It is an open-source tool that is especially designed for Linux-based operating systems. You can use the tool to ensure your system’s security, privacy, and protection against third-party attacks. This tool scans hidden files, suspicious strings, and binaries’ wrong permissions.

Rkhunter compares SHA-1 hashes from the local directories with the online database and checks the system to identify the rootkits. This tool is written in Bash to offer higher portability, making it idle for all UNIX-based systems. If you also want to install and use Rkhunter for security on Ubuntu, this guide is just for you.

How to Install and Use Rkhunter for Security on Ubuntu 22.04

The first step is to update the system as per the latest updates available:

sudo apt update

Now, execute the following command to install Rkhunter from the official repository of Ubuntu:

sudo apt install rkhunter

The system redirects you to the package configuration window.

Press the “Tab” button. Then, click “OK” and press the “Enter” button to move to the next page. Here, select the mail configuration type:

Finally, type the mail name. Then, press the “Enter” button to finalize the installation process:

Configuration of Rkhunter
Once you install Rkhunter, it is now time to configure it. Run the following command to open the config file:

sudo nano /etc/rkhunter.conf

Scroll down to the UPDATE_MIRRORS section and change it from 0 to 1. Similarly, change the MIRRORS_MODE to 0:

After making the previous changes, scroll down until you reach the WEB_CMD. Here, remove the /bin/false to make it Null:

Save the file to successfully finalize the changes. You can also check any unexpected configuration through the following commands:

rkhunter -C
or
rkhunter --config-check

If the command returns 1 as the output, it means that there is an issue with the configuration.

Finally, run the following command to update the Rkhunter database to check the rootkits and all the other threats:

sudo rkhunter –update

How to Use Rkhunter for Security
After setting up the Rkhunter, you can now run the following command to start the Rkhunter scan:

sudo rkhunter –check

If Rkhunter finds security threats, it gives you instructions on how to resolve them.

If you want to check the scan results, you can access the log file of Rkhunter using the following command:

sudo nano /var/log/rkhunter.log

Conclusion

Rkhunter is a threat detection tool which is especially designed for rootkits, exploits, and backdoors. We recommend that you run the Rkhunter scan regularly to ensure the system’s security and protection from potential threats. Rkhunter can also manage the listening programs, startup files, network interfaces, and local system commands. In this guide, we explained the simple ways to install and use Rkhunter on Ubuntu 22.04.

About the author

Prateek Jangid

A passionate Linux user for personal and professional reasons, always exploring what is new in the world of Linux and sharing with my readers.

View all posts