How To Install rkhunter on Debian 10
The Rootkit Hunter (Rkhunter) is an open-source Linux/Unix scanning tool for the Linux platform offered under the GPL for the detection of backdoors, rootkits, and local exploits on your system. It scans for hidden files, mispermitted binaries, and potentially malicious strings in the kernel.
We will walk you through the installation and configuration of Rkhunter on debian 10.
Step 1: Configure VPSie cloud server
- Sign in to your system or register a newly created one by logging in to your VPSie account.
- Connect by SSH using the credentials we emailed you.
- Once you have logged into your Debian instance, run these commands to update your system.
apt-get update && apt-get upgrade -y
Step 2: Installing Rkhunter
Installing Rkhunter requires the following,
sudo apt install rkhunter -y
Step 3: Installing Rkhunter
To keep track of all possible threats, Rkhunter stores information in data files. You should be aware that the default Debian configuration is not capable of updating files. Follow these steps to resolve this issue,
- Using nano, edit the /etc/rkhunter.conf file.
sudo nano /etc/rkhunter.conf
- To search, press CTRL + W and type WEB_CMD = “/ bin / false“. You can disable the statement by adding a # at the beginning of the line.
- Use CTRL + W to locate UPDATE_MIRROR.
Update the UPDATE_MIRRORS value to 1.
- To search for MIRRORS_MODE, press CTRL + W.
- In MIRRORS_MODE, set the value to 0.
- When done, save the document and close it.
Step 4: Verify the configuration file
sudo rkhunter -C
Step 5: Update the data files and perform a local system check
Update data files,
sudo rkhunter --update
Check the local system,
sudo rkhunter --check
That’s it, Thanks for reading! I hope it was informative for you!