Product Name: RKHunter
Homepage: http://www.rootkit.nl
Description: rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing MD5 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.
Install
cd /usr/local/src wget wget http://dfn.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.8.tar.gz tar -zxvf rkhunter-1.3.6.tar.gz cd rkhunter-1.3.6 ./installer.sh --layout default --install /usr/local/bin/rkhunter --update /usr/local/bin/rkhunter --propupd rm -Rf /usr/local/src/rkhunter*
Add daily cron job
Create run-file
nano -w /etc/cron.daily/rkhunter.sh
Add this text to rkhunter.sh
#!/bin/sh ( /usr/local/bin/rkhunter --versioncheck /usr/local/bin/rkhunter --update /usr/local/bin/rkhunter --cronjob --report-warnings-only ) | /bin/mail -s 'rkhunter Daily Run (PutYourServerNameHere)' your@email.here
REMEMBER TO CHANGE (PutYourServerNameHere) AND your@email.here
Chmod rkhunter.sh to root only
chmod 700 /etc/cron.daily/rkhunter.sh