RKHunter upgrade

Today we have rolled out a new version of the rkhunter package – RKHunter 1.4.0  – to all of our managed hosts.

Its a relatively simple process on the Debian hosts:

  1. Downlaod the rkhunter 1.4.0  (at this time it is 1.4.0-2)  Debain package from your local Debian project mirror.
  2. Verify package hashes and signatures (There are many ways of doing that. If needed I will post an article about this… )
  3. Installtion on all chosen servers (next lot of steps is scripted):
    1. scp the package to each of the target hosts
    2. install package using dpkg, choosing the necessary options for your system when asked if you want to keep current configuration or use the package manitainer provided one.
    3. run rkhunter properties update to prevent false-positive warnings (running  sudo rkhunter  –propupd  does the trick )
  4. Verify that you have a cron.daily job to run rkhunter

This new version of rkhunter introduces a wider root-kit detection library and fisex several bugs which led to false-positive reports in the past.

Leave a Reply

Your email address will not be published.