Install Rkhunter (Rootkit Hunter) in RHEL, CentOS

Install Rkhunter (Rootkit Hunter) in RHEL, CentOS


Rkhunter is rootkit scanner for Linux systems.
This tool scans for rootkits, backdoors and local exploits by running tests like:

– MD5 hash compare
– Look for default files used by rootkits
– Wrong file permissions for binaries
– Look for suspected strings in LKM and KLD modules
– Look for hidden files
– Optional scan within plaintext and binary files

Installing Rkhunter

First download the latest version of Rkhunter from or use wget to download from


Run the following commands as a root user:

tar xvfz rkhunter-1.4.2.tar.gz
cd rkhunter-1.4.2
./ --layout default --install


Update Rkhunter:
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --propupd


Setting Email Alerts and Cron

Create cron file /etc/cron.daily/

Create a file called under /etc/cron.daily/, which then scans file system every day and sends email notifications to your email.
Insert this shell script to the  file we have just created.

/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (PutYourServerNameHere)' [email protected]

change: (PutYourServerNameHere) AND [email protected] to a valid server name / e-mail address

Set execute permission on the file
# chmod 755 /etc/cron.daily/


Manual Scan

To scan the entire file system, run the Rkhunter as a root user.

rkhunter --check


Rkhunter generates log file under /var/log/rkhunter.log with the checks results

rkhunter help
rkhunter --help



Leave a Reply