How can we help?


Rootkit Hunter

Stewart -


Is my server compromised?


  • On-Premise Server + WebMail Installations: Version 6.0 > Current Version
  • Webmail Only Installations: Version 6.0 > Current Version


Rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. Rkhunter scans the file system by comparing SHA-1 hashes of important files, with confirmed safe files in online databases. Rkhunter searches for the default directories of the rootkits, hidden files, wrong permissions, suspicious strings in kernal modules and runs special tests for Linux.


  1. Downloading Rkhunter

The first thing you need to do is download the latest version of Rkhunter. You can do this by either going to or by using the Wget command listed below:
    cd /tmp
    wget "
  2. Installing Rkhunter

After you have downloaded the latest version of Rkhunter, you will need to run the following commands as the root user in order to install Rkhunter:
    tar -xvf rkhunter-1.4.0.tar.gz

    cd rkhunter-1.4.0

    ./ --layout default --install
  3. Updating Rkhunter

Once you have installed Rkhunter, you will need to update it, this will fill the database properties by using the following commands:
    /usr/local/bin/rkhunter --update

    /usr/local/bin/rkhunter --propupd
  4. Setting Cronjob and Email Alerts

You will now need to create a file called in /etc/cron.daily/ using your preferred editor. This file will scan your system daily, sending email notifications to your email id.

    vi /etc/cron.daily/

  5. Now you need to add the following lines into the file, replacing "YourServerNameHere" and "" with the appropriate details.

/usr/local/bin/rkhunter --versioncheck

    /usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only

    ) | /bin/mail -s 'rkhunter Daily Run (YourServerNameHere)'

Now, set execute permissions on the file by entering the following command:

    chmod 755 /etc/cron.daily/

  7. Manual Scan and Usage

You can now scan the entire file system by running the following command. Be sure to run the Rkhunter as the root user.

    rkhunter --check


The command that you just entered will output a log file in /var/log/rkhunter.log, displaying the check files created by Rkhunter.

If you would like more information regarding Rkhunter run the following command:

    rkhunter --help


Contact our support team

+61 (7) 5357 6605