Tag Archives: Add new tag

rkhunter installation/upgradation

rkhunter installation/upgradation

You might have recieved warnigs like the one shown below regarding rkhunter in your server,  the warning “This operating system is not fully supported” demands an upgradation of rkhunter.

/etc/cron.daily/rkhunter:

No logfile given: using default.
Determining OS… Warning: This operating system is not fully supported!
Checking for allowed root login… Watch out Root login possible. Possible risk!
Checking for allowed protocols…   [ Warning (SSH v1 allowed) ]

I’ve given below the steps you need to take for getting rkhunter updated.well, the steps are same for new installation of rkhunter.

you can check the current rkhunter version using the following command

#/usr/local/bin/rkhunter –versioncheck [installaion path may differ, in my case,its /usr/local/bin/rkhunter]

once you run versioncheck it tells you the current version installed in your server as well as the latest update available, the latest as of now, is version 1.3.2.

-bash-3.00# /usr/local/bin/rkhunter –versioncheck
[ Rootkit Hunter version 1.3.0 ]

Checking rkhunter version…
This version  : 1.3.0
Latest version: 1.3.2
Update available

Well, lets try installing it.

Go to an installation directory, preferebly /usr/src

cd /usr/local/src

get the latest version of rkhunter from sourceforge.net,untar it and get in to the installation folder.

wget http://ovh.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.0.tar.gz
cd rkhunter-1.3.0

You can pass the needed options while running the installation script ./installer.sh

./installer.sh  –help
Rootkit Hunter installer 1.2.6
Usage: ./installer.sh <parameters>

Ordered valid parameters:
–help (-h)      : Show this help.
–examples       : Show layout examples.
–layout <value> : Choose installation template (mandatory switch).
The templates are:
- default: (FHS compliant),
- /usr,
- /usr/local,
- oldschool: previous version file locations,
- custom: supply your own prefix,
- RPM: for building RPM’s. Requires $RPM_BUILD_ROOT.
–striproot      : Strip path from custom layout (for package maintainers).
–install        : Install according to chosen layout.
–show           : Show chosen layout.
–remove         : Uninstall according to chosen layout.
–version        : Show the installer version.

not to make things complex, lets issue the following command

./installer.sh –layout default –install

rkhunter will get installed in its default location.

Inorder to get rkhunter  updated to latest verson, issue the following command

usr/local/bin/rkhunter –update

hurray, your done. Go with your first scan using the following command

/usr/local/bin/rkhunter -c –createlogfile

So,at a sigle shot, these are the steps you’ve taken.

cd /usr/src
wget http://nchc.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.2.tar.gz
tar -zxvf rkhunter-1.3.2.tar.gz
cd rkhunter-1.3.2
./installer.sh –layout default –install
/usr/local/bin/rkhunter –update

==============================================

The complete process is given below.

-bash-3.00# /usr/local/bin/rkhunter –versioncheck
[ Rootkit Hunter version 1.3.0 ]

Checking rkhunter version…
This version  : 1.3.0
Latest version: 1.3.2
Update available

-bash-3.00# cd /usr/src
-bash-3.00# wget http://downloads.sourceforge.net/rkhunter/rkhunter-1.3.2.tar.gz?modtime=1204134588&big_mirror=0
[1] 31845
-bash-3.00# –07:51:44–  http://downloads.sourceforge.net/rkhunter/rkhunter-1.3.2.tar.gz?modtime=1204134588
=> `rkhunter-1.3.2.tar.gz?modtime=1204134588′
Resolving downloads.sourceforge.net… 216.34.181.60
Connecting to downloads.sourceforge.net|216.34.181.60|:80… connected.
HTTP request sent, awaiting response… 302 Found
Location: http://superb-east.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.2.tar.gz [following]
–07:51:46–  http://superb-east.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.2.tar.gz
=> `rkhunter-1.3.2.tar.gz’
Resolving superb-east.dl.sourceforge.net… 209.160.66.130
Connecting to superb-east.dl.sourceforge.net|209.160.66.130|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 269,563 (263K) [application/x-gzip]

100%[==============================================================================================>] 269,563        1.18M/s

07:52:09 (1.18 MB/s) – `rkhunter-1.3.2.tar.gz’ saved [269563/269563]

tar -zxvf rkhunter-1.3.2.tar.gz
rkhunter-1.3.2/
rkhunter-1.3.2/files/
rkhunter-1.3.2/files/stat.pl
rkhunter-1.3.2/files/WISHLIST
rkhunter-1.3.2/files/check_port.pl
rkhunter-1.3.2/files/testing/
rkhunter-1.3.2/files/testing/stringscanner.sh
rkhunter-1.3.2/files/testing/rootkitinfo.txt
rkhunter-1.3.2/files/testing/rkhunter.conf
rkhunter-1.3.2/files/LICENSE
rkhunter-1.3.2/files/development/
rkhunter-1.3.2/files/development/createhashes.sh
rkhunter-1.3.2/files/development/createfilehashes.pl
rkhunter-1.3.2/files/development/search_dead_sysmlinks.sh
rkhunter-1.3.2/files/development/osinformation.sh
rkhunter-1.3.2/files/development/rpmprelinkhashes.sh
rkhunter-1.3.2/files/development/i18nchk
rkhunter-1.3.2/files/development/createhashesall.sh
rkhunter-1.3.2/files/development/rpmhashes.sh
rkhunter-1.3.2/files/filehashmd5.pl
rkhunter-1.3.2/files/i18n/
rkhunter-1.3.2/files/i18n/zh.utf8
rkhunter-1.3.2/files/i18n/cn
rkhunter-1.3.2/files/i18n/zh
rkhunter-1.3.2/files/i18n/en
rkhunter-1.3.2/files/mirrors.dat
rkhunter-1.3.2/files/filehashsha1.pl
rkhunter-1.3.2/files/backdoorports.dat
rkhunter-1.3.2/files/md5blacklist.dat
rkhunter-1.3.2/files/tools/
rkhunter-1.3.2/files/tools/update_server.sh
rkhunter-1.3.2/files/tools/update_client.sh
rkhunter-1.3.2/files/tools/README
rkhunter-1.3.2/files/suspscan.dat
rkhunter-1.3.2/files/ACKNOWLEDGMENTS
rkhunter-1.3.2/files/CHANGELOG
rkhunter-1.3.2/files/os.dat
rkhunter-1.3.2/files/check_update.sh
rkhunter-1.3.2/files/rkhunter
rkhunter-1.3.2/files/rkhunter.conf
rkhunter-1.3.2/files/rkhunter.8
rkhunter-1.3.2/files/rkhunter.spec
rkhunter-1.3.2/files/README
rkhunter-1.3.2/files/readlink.sh
rkhunter-1.3.2/files/programs_bad.dat
rkhunter-1.3.2/files/programs_good.dat
rkhunter-1.3.2/files/defaulthashes.dat
rkhunter-1.3.2/files/showfiles.pl
rkhunter-1.3.2/files/FAQ
rkhunter-1.3.2/files/check_modules.pl
rkhunter-1.3.2/files/contrib/
rkhunter-1.3.2/files/contrib/rkhunter_remote_howto.txt
rkhunter-1.3.2/files/contrib/run_rkhunter.sh
rkhunter-1.3.2/files/contrib/README.txt
rkhunter-1.3.2/installer.sh
[1]+  Done                    wget http://downloads.sourceforge.net/rkhunter/rkhunter-1.3.2.tar.gz?modtime=1204134588
-bash-3.00# cd rkhunter-1.3.2
-bash-3.00#  ./installer.sh –layout default –install
Checking system for:
Rootkit Hunter installer files: found. OK
Available file retrieval tools:
wget: found. OK
Starting installation/update

Checking PREFIX /usr/local: exists, and is writable. OK
Checking installation directories:
Directory /usr/local/share/doc/rkhunter-1.3.2: creating: OK.
Directory /usr/local/share/man/man8: exists, and is writable. OK
Directory /etc: exists, and is writable. OK
Directory /usr/local/bin: exists, and is writable. OK
Directory /usr/local/lib: exists, and is writable. OK
Directory /var/lib: exists, and is writable. OK
Directory /usr/local/lib/rkhunter/scripts: exists, and is writable. OK
Directory /var/lib/rkhunter/db: exists, and is writable. OK
Directory /var/lib/rkhunter/tmp: exists, and is writable. OK
Directory /var/lib/rkhunter/db/i18n: exists, and is writable. OK
Installing check_modules.pl: OK.
Installing check_update.sh: OK.
Installing check_port.pl: OK.
Installing filehashmd5.pl: OK.
Installing filehashsha1.pl: OK.
Installing showfiles.pl: OK.
Installing stat.pl: OK.
Installing readlink.sh: OK.
Installing backdoorports.dat: OK.
Installing mirrors.dat: OK.
Installing os.dat: OK.
Installing programs_bad.dat: OK.
Installing programs_good.dat: OK.
Installing defaulthashes.dat: OK.
Installing md5blacklist.dat: OK.
Installing suspscan.dat: OK.
Installing rkhunter.8: OK.
Installing ACKNOWLEDGMENTS: OK.
Installing CHANGELOG: OK.
Installing FAQ: OK.
Installing LICENSE: OK.
Installing README: OK.
Installing WISHLIST: OK.
Installing language support files: OK.
Installing rkhunter: OK.
Installing rkhunter.conf in no-clobber mode: OK.
>>>
>>> PLEASE NOTE: inspect for update changes in /etc/rkhunter.conf.20095
>>> and apply to /etc/rkhunter.conf before running Rootkit Hunter.
>>>
Installation finished.
-bash-3.00#  /usr/local/bin/rkhunter –update
[ Rootkit Hunter version 1.3.2 ]

Checking rkhunter data files…
Checking file mirrors.dat                                  [ No update ]
Checking file programs_bad.dat                             [ No update ]
Checking file backdoorports.dat                            [ No update ]
Checking file suspscan.dat                                 [ No update ]
Checking file i18n/cn                                      [ Updated ]
Checking file i18n/en                                      [ No update ]
Checking file i18n/zh                                      [ No update ]
Checking file i18n/zh.utf8                                 [ No update ]
-bash-3.00# /usr/local/bin/rkhunter –versioncheck
[ Rootkit Hunter version 1.3.2 ]

Checking rkhunter version…
This version  : 1.3.2
Latest version: 1.3.2