• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Urban Penguin

The Urban Penguin - Linux Training

  • Home
  • About
  • Live Online Courses
  • Shop
  • Programming
    • Master Editing Text Files Using VIM
    • Learn Shell Scripting with BASH
    • PERL Scripting in Linux
    • Ruby Scripting in Linux
    • Scripting with PowerShell
    • Learn C Programming using Linux and the Raspberry Pi
    • General Java Tutorials
    • Java 7 OCA Exam 1ZO-803
  • OS Tutorials
    • Red Hat and CentOS Training
      • Red Hat Enterprise Linux System Administration 1 – RH124
      • RHCSA – System Admin 2 – RH134
      • RHCE – EX294 – Automation With Ansible
    • Learning Ubuntu
    • LPI Training
      • LPI Linux Essentials
      • LPIC-1 Linux Administrator
      • LPIC-2 Certified Linux Engineer
      • LPIC-3 Senior Level Certification
        • LPIC-3 Exam 300 : Mixed Environments
        • LPIC-3 Exam 303 : Security
        • LPIC-3 Exam 304 : Virtualization and High Availability
    • Linux Technologies
      • Apache HTTPD Server
      • Learning PHP
      • Learning PUPPET
      • Learning SAMBA
      • Linux File-Systems
      • Monitoring with Nagios Core
      • MYSQL
      • openLDAP Directories on Linux
You are here: Home / Linux / LPIC-3 Exam 303 / Install rkhunter on CentOS 7

Install rkhunter on CentOS 7

August 19, 2018 by The Urban Penguin

rkhunter

Installing rkhunter on CentOS 7

I think that rkhunter is a valuable tool no matter the distribution that is used. Having first seen this with Ubuntu 18.04, we will now look at it and a little more detail using rkhunter on CentOS 7.

In CentOS 7 rkhunter is found in the EPEL repository, we must make sure that this is available to use first:

$ sudo yum install -y epel-release

The install then is straight forward using yum and we update in the same way as in Ubuntu

$ sudo yum install rkhunter
$ sudo rkhunter --update $ sudo rkhunter --propupd

We may also want to manually copy the /etc/passwd and /etc/group file to /var/lib/rkhunter. I gerenerally do not as they are copied in the first scan. The ubuntu install makes copies of these files for you.

If we don’t the first scan will warn that the group file and passwd file could have changed.

$ sudo rkhunter --check --sk
... Performing group and account checks
    Checking for passwd file                          [ Found ]
    Checking for root equivalent (UID 0) accounts     [ None found ]
    Checking for passwordless accounts                [ None found ]
    Checking for passwd file changes                  [ Warning ]
    Checking for group file changes                   [ Warning ]     Checking root account shell history files         [ OK ]

Further details can be found in the log file /var/log/rkhunter/rkhunter.log. Note that with rkhunter on CentOS 7 we have the extra rkhunter log directory.  As this is the first scan though, we know that the reference files did not exist. They will exist now and on a second running the warning will not show. Of course, adding a new user will trigger the warning again but will also update the reference files, /var/lib/rkhunter/passwd and /var/lib/rkhunter/group. Each check will update the references.

By default the CentOS install does not check root access in SSH. We should enable this by editong /etc/rkhunter.conf. Look for the line:

ALLOW_SSH_ROOT_USER=unset

Change the line to read:

ALLOW_SSH_ROOT_USER=no

The file /etc/ssh/sshd_config can be configured with:

PermitRootLogin=no

Once set, restart the sshd service with:

$ sudo systemctl restart sshd

Running the rkhunter check now will report SSH root login as secured. The execution of rkhunter is enabled with cron by default.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to print (Opens in new window)

Filed Under: LPIC-3 Exam 303

Primary Sidebar

Newest Video

The Urban Penguin On Youtube

Categories

Pages

  • About The Urban Penguin
  • Contact Us
  • Shop
    • Basket
    • Checkout
    • My Account
  • LPI Training from The Urban Penguin
    • Live and Pluralsight hosted courses
    • Complete Linux Essentials
    • LPIC-3 Senior Level Certification
      • LPIC-3 Exam 300 : Mixed Environments
      • LPIC-3 Exam 303 : Security
      • LPIC-3 Exam 304 : Virtualization and High Availability
    • LPIC-2 Certified Linux Engineer
    • LPIC-1 Linux Administrator
    • LPI Linux Essentials for Raspberry Pi
    • LPI Linux Essentials
  • Operating System Tutorials
    • Linux Foundation Training
    • Solaris 11 OCA 1ZO-821
    • Learning Ubuntu
    • Learning SUSE
    • Red Hat and CentOS Training
      • RHCE – EX294 – Automation With Ansible
      • RHCSA – System Admin 1 – RH124
      • RHCSA – System Admin 2 – RH134
  • Scripting – the power of repetition!
    • Java 7 OCA Exam 1ZO-803
    • General Java Tutorials
    • Learn C Programming using Linux and the Raspberry Pi
    • Ruby Scripting in Linux
    • Scripting with PowerShell
    • PERL Scripting in Linux
    • Learn Shell Scripting with BASH
    • Master Editing Text Files Using VIM
  • Linux Technologies
    • Learning PUPPET
    • openLDAP Directories on Linux
    • Monitoring with Nagios Core
    • Linux File-Systems
    • Learning SAMBA
    • Apache HTTPD Server
    • Learning PHP
    • MYSQL
  • OpenStack
    • Pluralsight
    • Udemy
    • Raspberry Pi Tutorials
    • Citrix Videos
  • Online Instructor-led Courses
    • Red Hat Enterprise Linux System Administration 1 – RH124
    • SELinux Masterclass
    • Bash Scripting Masterclass
    • Nftables Masterclass

© 2021 The Urban Penguin · All Rights Reserved