Installing Rkhunter (Rootkit Hunter) in RHEL, CentOS and Fedora

Rkhunter (Rootkit Hunter) is an open source Unix/Linux based scanner tool for Linux systems released under GPL that scans backdoors, rootkits and local exploits on your systems. It scans hidden files, wrong permissions set on binaries, suspicious strings in kernel etc. To know more about Rkhunter and its features visit


Step 1: Downloading Rkhunter

First download the latest stable version of Rkhunter tool by going to or use below Wget command to download it on your systems.

# cd /tmp
# wget

Step 2: Installing Rkhunter

Once you have downloaded the latest version, run the following commands as a root user to install it.

# tar -xvf rkhunter-1.4.0.tar.gz
# cd rkhunter-1.4.0
# ./ --layout default --install

Step 3: Updating Rkhunter

Run the RKH updater to fill the database properties by running the following command.

# /usr/local/bin/rkhunter --update
# /usr/local/bin/rkhunter --propupd

Step 4: Setting Cronjob and Email Alerts

Create a file called under /etc/cron.daily/, which then scans your file system every day and sends email notifications to your email id. Create following file with the help of your favourite editor.

# vi /etc/cron.daily/

Add the following lines of code to it and replace “YourServerNameHere” with your “Server Name” and “” with your “Email Id“.

/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (PutYourServerNameHere)'

Set execute permission on the file.

# chmod 755 /etc/cron.daily/

Step 5: Manual Scan and Usage

To scan the entire file system, run the Rkhunter as a root user.

# rkhunter --check

The above command generates log file under /var/log/rkhunter.log with the checks results made by Rkhunter. For more information and options please run the following command.

# rkhunter --help 

Was this answer helpful?

 Print this Article

Also Read

what is eXploit Scanner (cxs)

eXploit Scanner (cxs) is a new tool from Configserver that performs active scanning of files as...

Preventing DDOS aplification open resolver attack

DDOS Attack  by open DNS resolver: Open dns resolver provides name resolution to any network...

How to prevent DDoS attack with csf?

First make sure DDOS attack is not from open recursive DNS settings. To check and fix that issue...

Secure system using "mod_security".

Follow the below steps to install “mod_security”. ModSecurity supplies an array of...

WHM/cPanel Server Hardening And Security Basics

1. Introduction A step by step paper how to secure linux server with cPanel/WHM andApache...