Rootkit Hunter Wiki

Brought to you by: dogsbody, dogsbodymark

install

Labels: install (1) layout (1)

FYI -- I show my local user name. I suggest you keep the tarball unpack on your media as it makes it easier if you need to use the remove or delete command later.

Clean Install

Please do a clean install of your operating system as RKH and other scanning tools work best on a clean install.

The propupd command can only be trusted on a clean install. However, a scan on an existing install will still reveal root kits.

Prior to doing a clean install, you will need a RKH tarball on a media and
<optional> the downloads of skdet and unhide.</optional>

Optional installs prior to RKH

After doing a clean install, suggest you install the tools

skdet
unhide

These tools are optional, so if not found, additional tests using these tools are skipped.

Jump to skdet Page
Jump to unhide C version Page

skdet offer jump link to unhide as well. All those pages offer link back to this page.

Install RKH executable

" $ su -     
#  cd /media/gordon/lexar (your pathway to tarball)
# tar zxvf rkh*.gz
# cd rkh*
# sh installer.sh --layout default --install

During the install if you lack a component the installer should report an error.
Note it is not testing for any extra components installed such as unhide.

For more options try

# ./install --help

For example

" # ./installer.sh --show --layout default

Install into: /usr/local
Application: /usr/local/bin
Configuration file: /etc
Documents: /usr/local/share/doc/rkhunter-1.4.2 (Directory will be created)
Man page: /usr/local/share/man/man8
Scripts: /usr/local/lib64/rkhunter/scripts (Directory will be created)
Databases: /var/lib/rkhunter/db (Directory will be created)
Signatures: /var/lib/rkhunter/db/signatures (Directory will be created)
Temporary files: /var/lib/rkhunter/tmp (Directory will be created)

For 64 bit OS please read the README -OR- you could try

" # sh installer.sh --layout custom /opt --install

Checking system for:
Rootkit Hunter installer files: found
A web file download command: wget found
Starting installation:
Checking installation Directory "/opt": it exists and is writable.
Checking installation Directories:
Directory /opt/share/doc/rkhunter-1.4.2: creating: OK
Directory /opt/share/man/man8: creating: OK
Directory /opt/etc: creating: OK
Directory /opt/bin: creating: OK
Directory /opt/lib64: creating: OK
Directory /opt/var/lib: creating: OK
Directory /opt/lib64/rkhunter/scripts: creating: OK
Directory /opt/var/lib/rkhunter/db: creating: OK
Directory /opt/var/lib/rkhunter/tmp: creating: OK
Directory /opt/var/lib/rkhunter/db/i18n: creating: OK
Directory /opt/var/lib/rkhunter/db/signatures: creating: OK
Installing check_modules.pl: OK
Installing filehashsha.pl: OK
Installing stat.pl: OK
Installing readlink.sh: OK
Installing backdoorports.dat: OK
Installing mirrors.dat: OK
Installing programs_bad.dat: OK
Installing suspscan.dat: OK
Installing rkhunter.8: OK
Installing ACKNOWLEDGMENTS: OK
Installing CHANGELOG: OK
Installing FAQ: OK
Installing LICENSE: OK
Installing README: OK
Installing language support files: OK
Installing ClamAV signatures: OK
Installing rkhunter: OK
Installing rkhunter.conf: OK
Installation complete

Your config is under /opt/etc and the tail of my config shows

INSTALLDIR=/opt
DBDIR=/opt/var/lib/rkhunter/db
SCRIPTDIR=/opt/lib64/rkhunter/scripts
TMPDIR=/opt/var/lib/rkhunter/tmp
USER_FILEPROP_FILES_DIRS=/opt/etc/rkhunter.conf

Suggest you also sym link your opt manpage

" # ln -s /opt/share/man/man8/rkhunter.8 /usr/share/man/man8

Opt was not in my bin pathway so here is one way to change it.

" # PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin"
# export PATH

Log out and back in then run

" $ su -
# echo $PATH

should now show /opt/bin pathway

" # rkhunter -c -sk (example command only)

Next Page
Home Page