rkhunter-manage

Rootkit Hunter management script

Context

Based on this article I wanted to make something useful for everyone not matter the linux distro they are using.

As I did something pretty similar for the Vuls project named vuls-manage, why not doing same for Rootkit Hunter?

Here is how rkhunter-manage is born.

Installation

# Get the latest version of the script
wget https://raw.githubusercontent.com/Jiab77/rkhunter-manage/main/rkhunter-manage.sh -O rkhunter-manage.sh

# Make the script executable
chmod -v +x rkhunter-manage.sh

# Install globally (optional)
sudo mv -v rkhunter-manage.sh /usr/local/bin/rkhunter-manage

When installed globally, the .sh extension is removed for convenience. You can then call the script simply by typing rkhunter-manage.

Usage

$ rkhunter-manage

Rootkit Hunter management script / Jiab77 - 2021

Usage: rkhunter-manage <action>
  configure         - Configure existing Rootkit Hunter installation
  restore           - Restore RootKit Hunter configuration from backup file
  update            - Download and update Rootkit Hunter database files
  scan              - Run Rootkit Hunter scan
  scan-from-cron    - Run Rootkit Hunter scan from CRON
  show-log          - Show log from last scan
  help              - Show help

The scan option will enable tests that are disabled by default for some reasons. This will make the scan more longer than usual but it's an expected behavior.

Initialization

Before running the initial scan, you must configure rkhunter and download latest database files.

Here is how to do it:

1. rkhunter-manage configure
2. rkhunter-manage update
3. rkhunter-manage scan

If you want to restore the original rkhunter config, simply run rkhunter-manage restore.

Credit

• @Jiab77