Today we have rolled out a new version of the rkhunter package – RKHunter 1.4.0 – to all of our managed hosts.
Its a relatively simple process on the Debian hosts:
- Downlaod the rkhunter 1.4.0 (at this time it is 1.4.0-2) Debain package from your local Debian project mirror.
- Verify package hashes and signatures (There are many ways of doing that. If needed I will post an article about this… )
- Installtion on all chosen servers (next lot of steps is scripted):
- scp the package to each of the target hosts
- install package using dpkg, choosing the necessary options for your system when asked if you want to keep current configuration or use the package manitainer provided one.
- run rkhunter properties update to prevent false-positive warnings (running sudo rkhunter –propupd does the trick )
- Verify that you have a cron.daily job to run rkhunter
This new version of rkhunter introduces a wider root-kit detection library and fisex several bugs which led to false-positive reports in the past.