Rkhunter is a special tool that has the ability to scan backdoors and rootites as well as other Linux security issues. This is done by checking your files and comparing hashes with known values ​​from trusted software and malware

Installing Rkhunter

In order to install Rkhunter, you must enter the following:

$ sudo apt install rkhunter -y

Setting up Rkhunter

Rkhunter uses data files to store information about all possible threats. An important point to note is that the default Debian configuration does not have the ability to update these files. The following will show you how to fix this:

1. Edit the /etc/rkhunter.conf file with nano

$ sudo nano /etc/rkhunter.conf

2. Enter CTRL + W to search for WEB_CMD = “/ bin / false“. Add a # comment at the beginning of the line to disable the statement.

# WEB_CMD="/bin/false"

3. Enter CTRL + W to search for UPDATE_MIRRORS.

Set the UPDATE_MIRRORS value to 1.

UPDATE_MIRRORS=1

4. Enter CTRL + W to search for MIRRORS_MODE.

5. Set the MIRRORS_MODE value to 0.

MIRRORS_MODE=0

6. (Optional) Turn on email notifications.

Enter CTRL + W to find the ALERT MAIL.
Remove the # comment at the beginning of the line and assign an email address.

MAIL-ON-WARNING=admin@example.com

7. Save and exit the file.

Confirm config file

Make sure your config file is valid with the following command:

$ sudo rkhunter -C

Update data files

$ sudo rkhunter --update

Check the local system

$ sudo rkhunter --check

Check /var/log/rkhunter.log for warnings and warnings when done.