Last active
October 21, 2022 03:10
-
-
Save amekusa/1b28d1695f67320342e84aef7d5c11b6 to your computer and use it in GitHub Desktop.
Rkhunter Setup
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # dir: /etc/pacman.d/hooks/ | |
| [Trigger] | |
| Operation = Upgrade | |
| Type = Package | |
| Target = * | |
| [Action] | |
| Description = rkhunter --propupd | |
| When = PostTransaction | |
| Exec = /usr/bin/rkhunter --propupd --report-warnings-only | |
| Depends = rkhunter |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # dir: /etc/pacman.d/hooks/ | |
| [Trigger] | |
| Operation = Upgrade | |
| Type = Package | |
| Target = * | |
| [Action] | |
| Description = rkhunter.service status check | |
| When = PreTransaction | |
| Exec = /usr/bin/sh -c "! /usr/bin/systemctl is-failed rkhunter.service" | |
| Depends = rkhunter | |
| AbortOnFail = yes |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Rootkit Hunter Custom Settings | |
| ## Allow some hidden directories/files | |
| ALLOWHIDDENDIR=/etc/.git | |
| ALLOWHIDDENFILE=/etc/.etckeeper | |
| ALLOWHIDDENFILE=/etc/.gitignore | |
| ALLOWHIDDENFILE=/etc/.updated | |
| ALLOWHIDDENFILE=/usr/share/man/man5/.k5identity.5.gz | |
| ALLOWHIDDENFILE=/usr/share/man/man5/.k5login.5.gz | |
| ## Ignore the warnings: 'The command ... has been replaced by ...' | |
| SCRIPTWHITELIST=/usr/bin/egrep | |
| SCRIPTWHITELIST=/usr/bin/fgrep | |
| SCRIPTWHITELIST=/usr/bin/ldd | |
| ## False Positive: WP-CLI | |
| RTKT_FILE_WHITELIST=/usr/bin/wp |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Rootkit Scan | |
| [Service] | |
| Type=oneshot | |
| ExecStartPre=/usr/bin/rkhunter --update --report-warnings-only | |
| ExecStart=/usr/bin/rkhunter --cronjob --report-warnings-only | |
| ExecStartPost=/usr/bin/rkhunter --propupd --report-warnings-only |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Daily Rootkit Scan | |
| [Timer] | |
| OnCalendar=05:00:00 | |
| Persistent=true | |
| [Install] | |
| WantedBy=timers.target |
Author
Author
UPDATE @ 2021-11-03: rkhunter.service
Author
UPDATE @ 2021-11-09
Added rkhunter-propupd.hook
Author
I made a setup script for Arch Linux that can entirely automate this rkhunter setup:
https://github.com/amekusa/arch-setup/
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Rkhunter Custom Settings
Place
rkhunter.conf.localon/etcScan Automatically at 5:00 AM Everyday
rkhunter.service,rkhunter.timeron/etc/systemd/systemrkhunter.timerviasystemctl$ sudo systemctl enable rkhunter.timer $ sudo systemctl start rkhunter.timer