Active Oldest Votes. If you want the latest rkhunter Download the tar. Latest download is 1. In commands after you downloaded it After this you can check the version and update the resource file with: sudo rkhunter --versioncheck sudo rkhunter --update --propupd sudo rkhunter --checkall Regarding the error: see rkhunter.
Improve this answer. Rinzwind Rinzwind k 38 38 gold badges silver badges bronze badges. Is this something which I should just ignore, or do I need to do something to fix this error? And now I can't run the --checkall option because I just get the same error. Well, this time I decided to just install prelink because I couldn't be bothered with the config file!
I don't see why rkhunter can't be updated via the ordinary Linux package management system. OK, for some reason it can't, but then I don't see why the authors couldn't include the update instructions in its man page and the output of the rkhunter --versioncheck command. TeemuLeisti because that is not how Ubuntu works. The virus database update is done by the owners or rkhunter, not by Canonical. Show 1 more comment. Dale Carter Dale Carter 1. Ok, please provide more information, such as which lines you commented out to be more helpful.
Otherwise how are others supposed to know? Sign up or log in Sign up using Google. This article covers a version of Ubuntu that is no longer supported. If you are currently operate a server running Ubuntu Reason: Ubuntu This guide is no longer maintained.
See Instead: This guide might still be useful as a reference, but may not work on other Ubuntu releases. If available, we strongly recommend using a guide written for the version of Ubuntu you are using. You can use the search functionality at the top of the page to find a more recent version.
Exposing any computer to the internet is in some ways risky. There are many ways that your server can be compromised or attacked by remote systems and malicious software, and it is an ongoing and proactive process to defend yourself against potential threats.
One potential concern is rootkits. Rootkits are software secretly installed by a malicious intruder to allow that user continued access to the server once security is breached. This is an extremely dangerous problem, because even after the entry vector that the user originally used to gain access is fixed, they can continue to enter the server using the rootkit they installed.
One tool that can help you protect your system from these kinds of problems is rkhunter. This software checks your system against a database of known rootkits.
Additionally, it can check other system files to make sure they are in line with expected properties and values. Because the Ubuntu repositories have an outdated version of rkhunter which contains an unpatched bug, we will be installing from source so that our program will behave properly.
Change to your home directory and download the files. As of this writing, 1. We will use this to install our program. Now, we have rkhunter installed, but we still need some utilities to use all of its functionality. We can get these from the Ubuntu repositories:. You will be asked some questions about the mail server setup. If you are installing locally, you can name the system mail anything.
Otherwise, make sure to use a fully qualified domain name. Before we begin configuration, we will do a few test runs with the default settings to get an idea of how the software operates and set a baseline against which to guide our modifications.
The first thing we should do is ensure that our rkhunter version is up-to-date. Next, we need to perform a similar option to update our data files. These files contain information that rkhunter checks against to determine if a file or behavior is suspicious or not. Keeping these files current is essential for accurately assessing your system:. With our database files refreshed, we can set our baseline file properties so that rkhunter can alert us if any of the essential configuration files it tracks are altered.
We need to tell rkhunter to check the current values and store them as known-good values:. Finally, we are ready to perform our initial run. This will produce some warnings. This is expected behavior, because rkhunter is configured to be generic and Ubuntu diverges from the expected defaults in some places. We will tell rkhunter about these afterwards:.
It will run one section of tests and then ask you to press enter to continue. You can review the warnings that were produced as you go, but there will be more detailed information in the log afterwards. Press enter until all of the tests are run. You will see a number of different warnings that are caused by different aspects of our filesystem.
We will configure rkhunter to ignore the ones we know are harmless in the next section. Some of the changes, like changes to the passwd file, are only showing up because they have been changed by the helper utilities we downloaded with apt.
The timestamps on these files are more recent than the rkhunter database files. They will disappear on the next run. Another alternative to checking the log is to have rkhunter print out only warnings to the screen, instead of all checks:. You can then copy and paste this information somewhere so we can implement the changes in our configuration file. Now that we have some info on how rkhunter is viewing our system, we can tell it which files and applications to ignore or handle differently in order to avoid false-positives.
In order to plant a rootkit an attacker has to have already gained administrative privileges on a system. It can affect any operating system. Both types can be a real problem. If you suspect that a computer has been infected with a rootkit, you will need to run a rootkit checker on the system to perform rootkit malware scanner and ensure that the filesystem has not been compromised.
It also performs checks to see if commands have been modified, if the system startup files have been modified, and various checks on the network interfaces, including checks for listening applications. Before we start it is a good idea to update the rootkit signatures to detect the latest identified malware from your Linux host.
Now since our signatures are up to date the next task would be to scan all the rootkit malware and affected files so we will perform rootkit malware scanner using rkhunter:. Next you can go ahead and decide if this was a false alarm or if anything requires a fix or immediate attention. So, let me know your suggestions and feedback using the comment section.
If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation. For any other feedbacks or questions you can either use the comments section or contact me form.
0コメント