Install and configure Chkrootkit and Rkhunter

Install Chkrootkit

cd /usr/local/src
tar xvzf chkrootkit.tar.gz
cd chkrootkit*
make sense

Create cron entries

touch /etc/cron.daily/
chmod 700 /etc/cron.daily/

Add the below to /etc/cron.daily/

) | /bin/mail -s "CHROOTKIT Daily Run (server_name)" email_address

Installing Rkhunter

cd /usr/local/src

Download :


Install :

tar -xvf rkhunter-1.4.0.tar.gz
cd rkhunter-1.4.0
./ --layout default --install

Updating :

/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --propupd

Create a script to send the scan result :

touch /etc/cron.daily/

chmod 500 /etc/cron.daily/

Add the below contents:

/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (server_name)' email_address

To scan :

rkhunter --check

Enjoy 🙂

ps :
I wanted to change the from address for a user, 
Created a file
/scripts/result_rkhunter and changed the script as below :
cat /dev/null > /scripts/result_rkhunter
SUBJECT="rkhunter_result : $Machine_name"
/usr/bin/rkhunter --versioncheck --nocolors >> /scripts/result_rkhunter
/usr/bin/rkhunter --update --nocolors >> /scripts/result_rkhunter
/usr/bin/rkhunter --cronjob --report-warnings-only --nocolors >> /scripts/result_rkhunter
Result_From_RKH=$(cat "$EMAILMESSAGE")
/usr/sbin/sendmail to_email_address  <<EOF


2 thoughts on “Install and configure Chkrootkit and Rkhunter

  1. server_name, you can mention whatever you need and it will be the subject of the daily scan update that send to the email address following. So if you mention server name as Nickserver and email address as, you will get daily scan update to the email address with the email subject :
    “CHROOTKIT Daily Run Nickserver”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s