Rootkit Hunter management script
Based on this article I wanted to make something useful for everyone not matter the linux distro they are using.
As I did something pretty similar for the Vuls project named vuls-manage, why not doing same for Rootkit Hunter?
Here is how rkhunter-manage is born.
# Get the latest version of the script
wget https://raw.githubusercontent.com/Jiab77/rkhunter-manage/main/rkhunter-manage.sh -O rkhunter-manage.sh
# Make the script executable
chmod -v +x rkhunter-manage.sh
# Install globally (optional)
sudo mv -v rkhunter-manage.sh /usr/local/bin/rkhunter-manage
When installed globally, the
.sh
extension is removed for convenience. You can then call the script simply by typingrkhunter-manage
.
$ rkhunter-manage
Rootkit Hunter management script / Jiab77 - 2021
Usage: rkhunter-manage <action>
configure - Configure existing Rootkit Hunter installation
restore - Restore RootKit Hunter configuration from backup file
update - Download and update Rootkit Hunter database files
scan - Run Rootkit Hunter scan
scan-from-cron - Run Rootkit Hunter scan from CRON
show-log - Show log from last scan
help - Show help
The
scan
option will enable tests that are disabled by default for some reasons. This will make the scan more longer than usual but it's an expected behavior.
Before running the initial scan, you must configure rkhunter
and download latest database files.
Here is how to do it:
rkhunter-manage
configurerkhunter-manage
updaterkhunter-manage
scan
If you want to restore the original
rkhunter
config, simply runrkhunter-manage
restore.