How to Install and Use Rkhunter on Ubuntu 22.04 & 20.04

Rkhunter, short for Rootkit Hunter, is an open-source security tool that scans Linux and Unix systems for rootkits, backdoors, and other possible security threats. It is an essential addition to any security-conscious user’s toolkit. This article will provide a step-by-step guide on how to install and use Rkhunter on Ubuntu 22.04 and Ubuntu 20.04 LTS Linux systems.

Prerequisites

To follow this guide, ensure that you have the following:

• A system running Ubuntu 22.04 or Ubuntu 20.04.
• A user with sudo privileges.

Step 1: Update Your System

Before installing any new software, it is crucial to update your system. Run the following commands to update your package list and upgrade the installed packages:

sudo apt update 
sudo apt upgrade 

Step 2: Install Rkhunter

Rkhunter packages is available in the official Ubuntu repositories. You can quickly Install it using the following command:

sudo apt install rkhunter 

Step 3: Update Rkhunter Data Files

To get the latest malware definitions and improve the accuracy of Rkhunter scans, update the data files using the following command:

sudo rkhunter --update 

Step 4: Configure Rkhunter

To configure Rkhunter, edit its configuration file located at /etc/rkhunter.conf. You can use any text editor, such as nano or vim, to edit the file:

sudo nano /etc/rkhunter.conf 

Here are some recommended configurations:

• Enable automatic updates by uncommenting and setting UPDATE_MIRRORS to 1:
  
  UPDATE_MIRRORS=1

  1	UPDATE_MIRRORS=1

• Configure the download mirrors by uncommenting and setting MIRRORS_MODE to 0:
  
  MIRRORS_MODE=0

  1	MIRRORS_MODE=0

• Enable email notifications by uncommenting and setting MAIL-ON-WARNING with your email address:
  
  MAIL-ON-WARNING="youremail@example.com"

  1	MAIL-ON-WARNING="youremail@example.com"

Save and close the file once you have made the necessary changes.

Step 5: Run a System Scan

To run an initial system scan, execute the following command:

sudo rkhunter --check --skip-keypress 

This command will run Rkhunter with a check option, scanning your system for potential threats. The --skip-keypress flag avoids the need for pressing a key after every test.

Once the scan is complete, you can view the results in the log file at /var/log/rkhunter.log.

Step 6: Schedule Regular Scans

To automate regular scans, you can create a cron job. Edit the crontab with the following command:

sudo crontab -e 

Add the following line to schedule a daily scan at 3:00 AM:

Save and close the file.

Conclusion

By following this guide, you have successfully installed and configured Rkhunter on your Ubuntu 22.04 system. Regularly updating and scanning your system with Rkhunter will help you detect and address potential security threats. While Rkhunter is a powerful tool, it is essential to remember that no security solution is foolproof. Always maintain good security practices and stay informed about new threats and vulnerabilities.