Friday, December 22, 2017

some notes on rkhunter

A security tool to prevent rootkits, rkhunter - some notes, made for a server I help to administer -

1. I will now change the rkhunter configuration file so that the emails will come to me instead of coming to you. vim /etc/sysconfig/rkhunter

2. the hidden file warning message is about  /etc/.brand which just says hostgator - it is just a branding file from hostgator. Totally harmless.

3. I will prevent ssh login without keys. That is, password-based ssh login using terminal will be disabled. This is a good security feature, since the ssh is routinely hit with brute force attacks. 

4. It looks like rkhunter does not play nice with user-compiled or modified files. I will set up rkhunter to ignore all the currently available files, and only give warnings for new files. Basically by editing the whitelist, and running
sudo rkhunter --update
sudo rkhunter --propupd

https://www.linuxquestions.org/questions/linux-security-4/rkhunter-package-manager-fail-warnings-on-centos-5-running-whm-11-a-871791/

https://www.digitalocean.com/community/tutorials/how-to-use-rkhunter-to-guard-against-rootkits-on-an-ubuntu-vps

No comments:

Post a Comment