Rootkit Hunter

🐧 Linux Command Line
Ansible Playbook

Install Rootkit Hunter

dnf install -y rkhunter
# update rkunter database
rkhunter --update
# update file properties database
rkhunter --propupd

Configure Email Address for Warnings

/etc/rkhunter.conf
MAIL-ON-WARNING=<your-email-address>

Run an Update and Check

rkhunter --update --check --skip-keypress

Cron Job

Run crontab -e

0 2 * * * /usr/bin/rkhunter --update --check --skip-keypress --cronjob --nocolors

Optionally, you can use taskset and nice to run the cron job with low priority.

0 2 * * * taskset -c 0 nice -n 19 ionice -c3 /usr/bin/--update --check --skip-keypress --cronjob --nocolors

View Logs

tail -f /var/log/rkhunter/rkhunter.log

rkhunter.yml
- name: Install and Configure RKHunter
  hosts: all
  remote_user: root

  tasks:
    - name: Install RKHunter
      dnf:
        name: rkhunter
        state: present

    - name: Update RKHunter
      command: "rkhunter --update"
      register: update_rkhunter
      changed_when: update_rkhunter.rc != 0

    - name: Update RKHunter file properties database
      command: "rkhunter --propupd"
      register: propupd_rkhunter
      changed_when: propupd_rkhunter.rc != 0

    - name: Ensure MAIL-ON-WARNING is set
      lineinfile:
        path: /etc/rkhunter.conf
        regexp: "^MAIL-ON-WARNING="
        line: "MAIL-ON-WARNING=admin@rectitude.dev"
        create: true
        mode: "0644"

    - name: Configure RKHunter check cron job
      cron:
        name: "RKHunter Check"
        minute: "0"
        hour: "2"
        job: "0 2 * * * taskset -c 0 nice -n 19 ionice -c3 /usr/bin/--update --check --skip-keypress --cronjob --nocolors"

Install Rootkit Hunter​

Configure Email Address for Warnings​

Run an Update and Check​

Cron Job​

View Logs​

Install Rootkit Hunter

Configure Email Address for Warnings

Run an Update and Check

Cron Job

View Logs