CentOS 5 RPMs for Rootkit Hunter and Lynis
Rootkit Hunter and Lynis are two useful security tools provided by Michael Boelen at www.rootkit.nl. They perform local checks on your system looking for possible installed rootkits and compromised files and binaries.
Here you find the RPMs i made, they’ve been built on CentOS 5 but i don’t exclude you could be able to install them on any RPM capable distribution.
rkhunter-1.3.2-1.noarch.rpm – Binary RPM, platform independent
http://www.greci.cc/wp-content/uploads/2008/03/rkhunter-1.3.2-1.noarch.rpm
rkhunter-1.3.2-1.src.rpm – Source code RPM
http://www.greci.cc/wp-content/uploads/2008/03/rkhunter-1.3.2-1.src.rpm
lynis-1.0.8-1.noarch.rpm – Binary RPM, platform independent
http://www.greci.cc/wp-content/uploads/2008/03/lynis-1.0.8-1.noarch.rpm
lynis-1.0.8-1.src.rpm – Source code RPM
http://www.greci.cc/wp-content/uploads/2008/03/lynis-1.0.8-1.src.rpm
As usual they must be installed with rpm -i or (which i prefer) rpm -Uvh .
Once done test your installation with rkhunter -c and have a look at /var/log/rkhunter.log to see your results.
Do almost the same for Lynis, test it with lynis -c and inspect the log at /var/log/lynis.log .
You can edit configuration defaults (such as email alerts) by editing /etc/rkhunter.conf and /etc/lynis/default.prf .
To get the best out of these programs it’s recommended to run them on a regular basis. Assuming you want to run them once every day edit your crontab as follows:
(the RPM automatically creates its own cron entry in /etc/cron.daily/0logwatch, therefore you don’t need to add any)
10 0 * * * lynis -c
Which will run the checks every day respectively at midnight and ten minutes past midnight.
Unfortunately Lynis doesn’t provide a --cronjob flag to suppress console output, most *nix systems are set to send cron’s output via sendmail which could result annoying for some people. To suppress the output you can always use the well known > /dev/null 2>&1 , therefore your Lynis crontab entry will look like:
10 0 * * * lynis -c > /dev/null 2>&1
A deeper look at the help (shame on me) revealed you can use -Q flag to suppress output, therefore your Lynis crontab entry will look like:
10 0 * * * lynis -c -Q
Wish you a good scan and a clean system.
-
If you are serving a high traffic web/DNS server, and recently having PING loss to the server and not all HTTP request were successful to i...
-
tar tar in AIX by default does not support compression. You will need to incorporate with gzip command to have it tar and compress at the...
-
How to show my NIC MTU value, and how do I change it to use Jumbo Frame? list current value $ lsattr -E -l en0 -a mtu ...
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment