How to install Rootkit Hunter to Raspberry Pi 4? 

Raspberry Pi
2021.03.11
Reading Time: 2 minutes



I installed Rootkit Hunter which is app for detecting rootkit!

Antivirus is not enough for secure server, is it?

Is there any other security apps?

I will show you one of them which is rootkit detecting tool.

What is rootkit?

You can see Wikipedia for detail, to say simply,
Programs to malfunction in target computer.

The difference from virus is,

Virus (Computer virus)
  Infects to user file and occurs problem.
Rootkit
  Itself occurs problem.



I installed Rootkit Hunter which is famous for rootkit detecting tool.

How to install/use Rootkit Hunter



It can be installed by command.

sudo apt install rkhunter



At this moment it does not work due to configuration(intensionally?).
Let’s correct them.

sudo nvim /etc/rkhunter.conf

#UPDATE_MIRRORS=0
UPDATE_MIRRORS=1

#MIRRORS_MODE=1
MIRRORS_MODE=0

#WEB_CMD="/bin/false"
WEB_CMD=curl



I tried to update rootkit rule.
It seems to be done successfully.

sudo rkhunter --update
  [ Rootkit Hunter version 1.4.6 ]
  Checking rkhunter data files…
    Checking file mirrors.dat                                  [ Updated ]
    Checking file programs_bad.dat                             [ No update ]
    Checking file backdoorports.dat                            [ No update ]
    Checking file suspscan.dat                                 [ No update ]
    Checking file i18n/cn                                      [ Skipped ]
    Checking file i18n/de                                      [ Skipped ]
    Checking file i18n/en                                      [ No update ]
    Checking file i18n/tr                                      [ Skipped ]
    Checking file i18n/tr.utf8                                 [ Skipped ]
    Checking file i18n/zh                                      [ Skipped ]
    Checking file i18n/zh.utf8                                 [ Skipped ]
    Checking file i18n/ja                                      [ Skipped ]



I tried scanning by using “–skip-keypress” option to avoid interaction.

sudo rkhunter --check --skip-keypress



No problem are detected.

sudo rkhunter --check --skip-keypress
 [ Rootkit Hunter version 1.4.6 ]
 (snip)
 System checks summary
  File properties checks…
      Files checked: 142
      Suspect files: 3
  Rootkit checks…
      Rootkits checked : 496
      Possible rootkits: 0
  Applications checks…
      All checks skipped
  The system checks took: 3 minutes and 52 seconds
  All results have been written to the log file: /var/log/rkhunter.log
  One or more warnings have been found while checking the system.
  Please check the log file (/var/log/rkhunter.log)



I setup cron to scan everyday.
Basically you can refer this page for complete contents.

#!/bin/sh
/usr/bin/rkhunter –-versioncheck
/usr/bin/rkhunter –-update
/usr/bin/rkhunter –-cronjob –-report-warnings-only | /usr/bin/mail -s “rkhunter output” admin@yourdomain.com


I added exec rights and moved cron.daily directory.

sudo chmod 755 rkhunter
sudo chown root:root rkhunter
sudo mv rkhunter /etc/cron.daily/



The next day I found new mail from Rootkit Hunter.
– I temporarily removed “–report-warnings-only” for testing.

Contents are empty, I guess no warnings are found.

Everyday scanning looks working fine, so it’s good!

Conclusion

 How was it?

 It’s easy, so no reason for you to consider!

Security topics are organized in this article, let’s see!

 Let's setup your own cloud storage with nextcloud on Raspberry Pi 4!
Let's have your own cloud storage with nextcloud!That can be installed on Raspberry Pi 4 easily! I want to own my cloud ...
linuxfun.org
2021.02.24

Comments

Copied title and URL