Rkhunter is a rootkit scanning tool for Linux/Unix type environments. If you are running a Linux based webserver, it is a good idea to install and configure this to run perhaps nightly.
0. Login as root or su (whatever floats your boat)
1. Install the RPMForge repo if not already installed.
This example is for a 32 bit system, there is a different rpm for 64 bit.
rpm -Uhv rpmforge-release-0.3.6-1.el5.rf.i386.rpm
2. Install rkhunter
yum install rkhunter -y
3. Perform Initial scan
Now it is recommended to execute this daily, especially for a high traffic server. Shell Script!
4. Create shell script
chmod +x rkhunter.sh
rkhunter –checkall –cronjob –skip-keypress
cat /var/log/rkhunter.log | mail -s “Daily rkhunter scan report” firstname.lastname@example.org
5. Add script to crontab
add line like:
#This will be executed at 1:00 am daily.
00 1 * * * root /bin/sh /your/script/directory/rkhunter.sh