webcp.hostinghacks.net/slackware | rkhunter
rkhunter - It is an easy-to-use tool which checks machines running UNIX (clones) for the presence of rootkits and other unwanted tools.
cd /usr/src wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz tar -zxf rkhunter-1.2.7.tar.gz cd /usr/src/rkhunter chmod 750 installer.sh ./installer.sh mkdir -p /usr/local/rkhunter/db mkdir -p /usr/local/rkhunter/tmp mkdir -p /usr/local/rkhunter/scripts cd /usr/src/rkhunter/files cp \ check_modules.pl \ check_port.pl \ check_update.sh \ filehashmd5.pl \ filehashsha1.pl \ /usr/local/rkhunter/scripts/ cd /usr/local/rkhunter/scripts/ chmod 750 \ check_modules.pl \ check_port.pl \ check_update.sh \ filehashmd5.pl \ filehashsha1.pl cd /usr/src/rkhunter/files cp *.dat /usr/local/rkhunter/db chmod 750 /usr/local/bin/rkhunter chmod 750 /usr/local/rkhunter/db/* chmod 750 /usr/local/rkhunter/scripts/*
cat > /usr/local/etc/rkhunter.conf << "EOF" LATESTVERSION=/rkhunter_latest.dat UPDATEFILEINFO=/rkhunter_fileinfo.dat MAIL-ON-WARNING=servadmin@localhost INSTALLDIR=/usr/local TMPDIR=/usr/local/rkhunter/tmp DBDIR=/usr/local/rkhunter/db #MD5WHITELIST=/bin/ps:9bd8bf260adc81d3a43a086fce6b430a #MD5WHITELIST=/bin/ps:404583a6b166c2f7ac1287445a9de6b3 ALLOW_SSH_ROOT_USER=1 #ALLOWHIDDENDIR=/etc/.java #ALLOWHIDDENFILE=/etc/.java EOF
rkhunter -h will list all the command line switches you can now run rkhunter from the command line for the first time rkhunter --checkall
if a vulnerability is found by rkhunter, it sends an email to the server admin
cat > /etc/cron.daily/rkhunter.check << "EOF" /usr/local/bin/rkhunter --checkall --createlogfile --configfile /usr/local/etc/rkhunter.conf --cronjob EOF chmod +x /etc/cron.daily/rkhunter.check /etc/cron.daily/rkhunter.check cat > /etc/cron.daily/watch.rkhunter << "EOF" cat /var/log/rkhunter.log | mail -s "rkhunter log" servadmin@localhost EOF chmod +x /etc/cron.daily/watch.rkhunter /etc/cron.daily/watch.rkhunter