To install rkhunter on Linux servers I am usually using the following procedure:
# mkdir -pv /root/install # cd /root/install/ # wget -O rkhunter-1.tar.gz http://sourceforge.net/projects/rkhunter/files/latest/download?source=files # tar xzf rkhunter*.tar.gz # cd rkhunter* # sh installer.sh --layout default --install
To find out where it is installed I am use command:
# whereis rkhunter
rkhunter: /usr/bin/rkhunter /etc/rkhunter.conf /usr/share/man/man8/rkhunter.8
To update rkhunter databases run:
# /usr/bin/rkhunter --update
[ Rootkit Hunter version 1.4.0 ]
Checking rkhunter data files…
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]
#
Also, I have created bash script:
# more /root/bin/update_and_check_rkhunter.sh
#!/bin/bash date /usr/bin/rkhunter --configfile /etc/rkhunter.conf --versioncheck /usr/bin/rkhunter --configfile /etc/rkhunter.conf --update /usr/bin/rkhunter -c --configfile /etc/rkhunter.conf --cronjob --propupd --createlogfile date
#
… to check rkhunter version, update databases and run system check and added it to cron:
# crontab -l
1 2 * * 1 /root/bin/update_and_check_rkhunter.sh >/root/reports/update_and_check_rkhunter.log 2>&1
