Scribd
Upload
14 views

Hands-on Lab Malware Scan Using Rkhunter

This document outlines a hands-on lab for installing and using rkhunter, a Linux utility for detecting rootkits and malware. It provides step-by-step instructions for installation, running scans, and reviewing scan logs. The lab aims to equip users with the skills to identify potential security threats on their systems.

Uploaded by

rachid4habibi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views

Hands-on Lab Malware Scan Using Rkhunter

This document outlines a hands-on lab for installing and using rkhunter, a Linux utility for detecting rootkits and malware. It provides step-by-step instructions for installation, running scans, and reviewing scan logs. The lab aims to equip users with the skills to identify potential security threats on their systems.

Uploaded by

rachid4habibi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

25/03/2025 01:00 about:blank

Hands-on Lab: Run Malware Scans Using rkhunter


Estimated time needed: 20 minutes

In this project, you will install rootkit hunter (rkhunter) in Linux and run a malware scan.

Objectives
After completing this lab, you will be able to:

Install rkhunter on a Linux system


Run a malware scan to check for rootkits and malware

Prerequisites
This lab requires Docker.

Install Rkhunter
Rkhunter, short for rootkit hunter, is a Linux/Unix-based utility that detects rootkits, backdoors, and potential local exploits. In addition to running on-demand scans,
it can alert administrators to any unusual activity within the server's file system. Let's see how to install rkhunter.

1. Open a new terminal.

2. In the new terminal, run the following command.

sudo apt-get update

This will take a few seconds to complete the installation.

about:blank 1/3
25/03/2025 01:00 about:blank
3. Run the following command to install rkhunter.

sudo apt-get install rkhunter

1. While installing, when prompted with the confirmation query “Do you want to continue? [Y/n],”choose option “y” and press enter.

2. Subsequently, you will encounter a prompt to choose the preferred mail server configuration type. The options include:
1.No configuration
2.Internet Site
3.Internet with smarthost
4.Satellite system
5.Local only
For the general mail configuration type, select option 1 and press enter.

4. Once installed, you will need to update the file properties database. This action informs the scanner about the state of system files to prevent false alarms. The
–propupd command generates a clean rkhunter.dat file that is used from this point forward as a baseline for further checks. Run the following command to
update the database.
sudo rkhunter --propupd

Run rkhunter scan


1. Run the following command to start the scan. The first scan will be to check the system commands. As the scan runs, you will see the progress on the screen.
sudo rkhunter --checkall

2. Once the system command scan is complete, select Enter to start the scan, which will look for rootkits. As the scan progresses, you will see that the scanner is
looking for registry keys, log files, and directories associated with known threats.

3. Once the rootkit scan is complete, select Enter. Rkhunter will now perform additional rootkit, malware, and Linux-specific checks.

4. Once the additional checks are complete, select Enter to perform network and local host checks.

5. Once the network and local host checks are complete, select Enter to see a scan summary.

Review scan log


1. To see a full view of all scan results, run the following command.
sudo cat /var/log/rkhunter.log

2. To see a condensed view of all scans that result in a warning, run the following command.
sudo cat /var/log/rkhunter.log | grep -i warning

about:blank 2/3
25/03/2025 01:00 about:blank
Note that many of the warnings you see in this lab are a result of the controlled environment and would look different in a live setting. However, you can see how the
provided warnings could serve as a starting point for better securing your system.

Conclusion
Congratulations! In this lab, you learned to run a scan using rkhunter and review the resulting log file.

Author(s)
Dee Dee Collette

© IBM Corporation 2024. All rights reserved.

about:blank 3/3

You might also like