Rkhunter on CentOS 7

Rkhunter is a common options for scanning your system for rootkits and general vulnerabilities. It can be easily installed from the package manager on CentOS using the following command:

sudo yum install rkhunter

Once installed and before scanning you’ll need to update the file properties database with:

sudo rkhunter --propupd

This lets the scanner to know the current state of certain files to prevent some false alarms. After the update, simply run the scanner with the following:

sudo rkhunter --checkall

The scanner goes through some system commands, checks for actual rootkits and some malware, network and local host settings, and then gives you the summary as well as recording the findings to a log file.

Afterwards you can get a condensed look at the scan log with this command:

sudo cat /var/log/rkhunter/rkhunter.log | grep -i warning

Go through the output to get some tips on what you could do to improve your system security.