{"id":2981,"date":"2020-08-30T15:29:27","date_gmt":"2020-08-30T19:29:27","guid":{"rendered":"https:\/\/easy-admin.ca\/?p=2981"},"modified":"2020-08-30T17:27:15","modified_gmt":"2020-08-30T21:27:15","slug":"install-rkhunter-1-4-6-on-centos-7","status":"publish","type":"post","link":"https:\/\/easy-admin.ca\/index.php\/2020\/08\/30\/install-rkhunter-1-4-6-on-centos-7\/","title":{"rendered":"Install rkhunter on CentOS 7"},"content":{"rendered":"<p><strong>Installing rkhunter 1.4.6 on CentOS 7<\/strong><\/p>\n<p>I think that rkhunter is a valuable tool no matter the distribution that is used.<\/p>\n<p>In CentOS 7 rkhunter 1.4.6 is found in the EPEL repository, we must make sure that this is available to use first:<\/p>\n<pre class=\"wp-block-preformatted\">$ sudo yum install -y epel-release<\/pre>\n<p>The install then is straight forward using yum.<\/p>\n<pre class=\"wp-block-preformatted\">$ sudo yum install rkhunter\r\n$ sudo rkhunter --update\r\n$ sudo rkhunter --propupd<\/pre>\n<p>We may also want to manually copy the \/etc\/passwd and \/etc\/group file to \/var\/lib\/rkhunter. I gerenerally do not as they are copied in the first scan. The ubuntu install makes copies of these files for you.<\/p>\n<p>If we don\u2019t the first scan will warn that the group file and passwd file could have changed.<\/p>\n<pre class=\"wp-block-preformatted\">$ sudo rkhunter --check --sk\r\n...\r\nPerforming group and account checks\r\n\u00a0 \u00a0 Checking for passwd file \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0[ Found ]\r\n\u00a0 \u00a0 Checking for root equivalent (UID 0) accounts\u00a0 \u00a0 \u00a0[ None found ]\r\n\u00a0 \u00a0 Checking for passwordless accounts \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0[ None found ]\r\n\u00a0 \u00a0 Checking for passwd file changes \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0[ Warning ]\r\n\u00a0 \u00a0 Checking for group file changes\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0[ Warning ]\r\n\u00a0 \u00a0 Checking root account shell history files\u00a0 \u00a0 \u00a0 \u00a0 \u00a0[ OK ]<\/pre>\n<p>Further details can be found in the log file \/var\/log\/rkhunter\/rkhunter.log. Note that with rkhunter 1.4.6 on CentOS 7 we have the extra rkhunter log directory.\u00a0 As this is the first scan though, we know that the reference files did not exist.<\/p>\n<p>They will exist now and on a second running the warning will not show. Of course, adding a new user will trigger the warning again but will also update the reference files, \/var\/lib\/rkhunter\/passwd and \/var\/lib\/rkhunter\/group. Each check will update the references.<\/p>\n<p>By default the CentOS install does not check root access in SSH. We should enable this by editong \/etc\/rkhunter.conf. Look for the line:<\/p>\n<pre class=\"wp-block-preformatted\">ALLOW_SSH_ROOT_USER=unset<\/pre>\n<p>Change the line to read:<\/p>\n<pre class=\"wp-block-preformatted\">ALLOW_SSH_ROOT_USER=no<\/pre>\n<p>The file \/etc\/ssh\/sshd_config can be configured with:<\/p>\n<pre class=\"wp-block-preformatted\">PermitRootLogin=no<\/pre>\n<p>Once set, restart the sshd service with:<\/p>\n<pre class=\"wp-block-preformatted\">$ sudo systemctl restart sshd<\/pre>\n<p>Running the rkhunter check now will report SSH root login as secured. The execution of rkhunter is enabled with cron by default.<\/p>\n<p><strong><em>Enjoy!<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Installing rkhunter 1.4.6 on CentOS 7 I think that rkhunter is a valuable tool no matter the distribution that is used. In CentOS 7 rkhunter 1.4.6 is found in the EPEL repository, we must make sure that this is available to use first: $ sudo yum install -y epel-release The install then is straight forward &hellip; <a href=\"https:\/\/easy-admin.ca\/index.php\/2020\/08\/30\/install-rkhunter-1-4-6-on-centos-7\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Install rkhunter on CentOS 7<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":2982,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"slim_seo":{"title":"Install rkhunter on CentOS 7 - HP Server","description":"Installing rkhunter 1.4.6 on CentOS 7 I think that rkhunter is a valuable tool no matter the distribution that is used. In CentOS 7 rkhunter 1.4.6 is found in t"},"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2981","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/posts\/2981","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/comments?post=2981"}],"version-history":[{"count":0,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/posts\/2981\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/media\/2982"}],"wp:attachment":[{"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/media?parent=2981"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/categories?post=2981"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/easy-admin.ca\/index.php\/wp-json\/wp\/v2\/tags?post=2981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}