├── README.md
└── install.sh


/README.md:
--------------------------------------------------------------------------------
 1 | Rootkit Hunter
 2 | ==============
 3 | 
 4 | Rootkit Hunter install script
 5 | 
 6 | Installs all dependencies using apt or yum
 7 | 
 8 | Tested on:
 9 | * CentOS 5.8/6.4
10 | * Debian 6.0/7.0
11 | * Fedora 17
12 | * Ubuntu 10.04/12.04/12.10
13 | 
14 | Default temp dir is ````/tmp/rkhunter````, this can be changed in install script.
15 | 
16 | By default, the installer logs into ````$TMP/install.log```` and ````$TMP/error.log````. Check these for further info about the installation process.
17 | 
18 | ## Dependencies
19 | * Package manager (apt or yum)
20 | * HTTP Client (curl, wget or fetch)
21 | * TAR executable
22 | * Mail (Debian/Ubuntu: mailutils, RHEL: mailx)
23 | 
24 | Dependencies will be installed during the progress, but installing them on your own is advised.
25 | 
26 | ## Installation
27 | 
28 | Download and run ````install.sh YOUR@EMAIL.COM````
29 | 
30 | ### Offline installation
31 | 
32 | Clone this repository or download ````install.sh```` and download the following file manually into the install script path:
33 | 
34 | [Rootkit Hunter Archive](http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz)
35 | 
36 | Run ````install.sh YOUR@EMAIL.COM````
37 | 
38 | Create file ````/etc/cron.daily/rkhunter.sh```` with execute permission, and paste the following content:
39 | ````
40 | #!/bin/sh
41 | (
42 | 	/usr/local/bin/rkhunter --versioncheck
43 | 	/usr/local/bin/rkhunter --update
44 | 	/usr/local/bin/rkhunter --cronjob --report-warnings-only
45 | ) | /bin/mail -s 'rkhunter Daily Run (HOSTNAME)' YOUR@EMAIL.COM
46 | ````
47 | 
48 | Note: You can run your cron jobs whenever you want.
49 | 
50 | 
51 | For further info check [Installation tutorial](http://www.tecmint.com/install-linux-rkhunter-rootkit-hunter-in-rhel-centos-and-fedora/)


--------------------------------------------------------------------------------
/install.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | # Script to install Rootkit Hunter
  4 | # Author: Márk Sági-Kazár (sagikazarmark@gmail.com)
  5 | # This script installs Rootkit Hunter on several Linux distributions.
  6 | #
  7 | # Version: 1.4.0
  8 | 
  9 | # Variable definitions
 10 | DIR=$(cd `dirname $0` && pwd)
 11 | NAME="Rootkit Hunter"
 12 | SLUG="rkhunter"
 13 | VER="1.4.0"
 14 | DEPENDENCIES=("tar")
 15 | TMP="/tmp/$SLUG"
 16 | INSTALL_LOG="$TMP/install.log"
 17 | ERROR_LOG="$TMP/error.log"
 18 | 
 19 | # Cleaning up
 20 | rm -rf $TMP
 21 | mkdir -p $TMP
 22 | cd $TMP
 23 | chmod 777 $TMP
 24 | 
 25 | 
 26 | # Function definitions
 27 | 
 28 | ## Echo colored text
 29 | e()
 30 | {
 31 | 	local color="\033[${2:-34}m"
 32 | 	local log="${3:-$INSTALL_LOG}"
 33 | 	echo -e "$color$1\033[0m"
 34 | 	log "$1" "$log"
 35 | }
 36 | 
 37 | ## Exit error
 38 | ee()
 39 | {
 40 | 	local exit_code="${2:-1}"
 41 | 	local color="${3:-31}"
 42 | 
 43 | 	has_dep "dialog"
 44 | 	[ $? -eq 0 ] && clear
 45 | 	e "$1" "$color" "$ERROR_LOG"
 46 | 	exit $exit_code
 47 | }
 48 | 
 49 | ## Log messages
 50 | log()
 51 | {
 52 | 	local log="${2:-$INSTALL_LOG}"
 53 | 	echo "$1" >> "$log"
 54 | }
 55 | 
 56 | ## Install required packages
 57 | install()
 58 | {
 59 | 	[ -z "$1" ] && { e "No package passed" 31; return 1; }
 60 | 
 61 | 	e "Installing package: $1"
 62 | 	${install[1]} "$1" >> $INSTALL_LOG 2>> $ERROR_LOG || ee "Installing $1 failed"
 63 | 	e "Package $1 successfully installed"
 64 | 
 65 | 	return 0
 66 | }
 67 | 
 68 | ## Check installed package
 69 | check()
 70 | {
 71 | 	[ -z "$1" ] && { e "No package passed" 31; return 2; }
 72 | 
 73 | 	[ `which "$1" 2> /dev/null` ] && return 0
 74 | 
 75 | 	case ${install[2]} in
 76 | 		dpkg )
 77 | 			${install[3]} -s "$1" &> /dev/null
 78 | 			;;
 79 | 		rpm )
 80 | 			${install[3]} -qa | grep "$1"  &> /dev/null
 81 | 			;;
 82 | 	esac
 83 | 	return $?
 84 | }
 85 | 
 86 | ## Add dependency
 87 | dep()
 88 | {
 89 | 	has_dep "$1"
 90 | 	if [ ! -z "$1" -a $? -eq 1 ]; then
 91 | 		DEPENDENCIES+=("$1")
 92 | 		return 0
 93 | 	fi
 94 | 	return 1
 95 | }
 96 | 
 97 | ## Dependency is added or not
 98 | has_dep()
 99 | {
100 | 	for dep in ${DEPENDENCIES[@]}; do [ "$dep" == "$1" ] && return 0; done
101 | 	return 1
102 | }
103 | 
104 | ## Install dependencies
105 | install_deps()
106 | {
107 | 	e "Checking dependencies..."
108 | 	for dep in ${DEPENDENCIES[@]}; do
109 | 		check "$dep"
110 | 		[ $? -eq 0 ] || install "$dep"
111 | 	done
112 | }
113 | 
114 | ## Download required file
115 | download()
116 | {
117 | 	[ -z "$1" ] && { e "No package passed" 31; return 1; }
118 | 
119 | 	local text="${2:-files}"
120 | 	e "Downloading $text"
121 | 	$download "$1" >> $INSTALL_LOG 2>> $ERROR_LOG || ee "Downloading $text failed"
122 | 	e "Downloading $text finished"
123 | 	return 0
124 | }
125 | 
126 | ## Install init script
127 | init()
128 | {
129 | 	[ -z "$1" ] && { e "No init script passed" 31; return 1; }
130 | 
131 | 	$init "$1" >> $INSTALL_LOG 2>> $ERROR_LOG || ee "Error during init"
132 | 	return 0
133 | }
134 | 
135 | ## Cleanup
136 | cleanup()
137 | {
138 | 	has_dep "dialog"
139 | 	[ $? -eq 0 ] && clear
140 | 	e "Cleaning up"
141 | 	cd $TMP 2> /dev/null || return 1
142 | 	find * -not -name '*.log' | xargs rm -rf
143 | }
144 | 
145 | # CTRL_C trap
146 | ctrl_c()
147 | {
148 | 	echo
149 | 	cleanup
150 | 	e "Installation aborted by user!" 31
151 | }
152 | trap ctrl_c INT
153 | 
154 | 
155 | # Basic checks
156 | 
157 | ## Checking root access
158 | if [ $EUID -ne 0 ]; then
159 | 	ee "This script has to be ran as root!"
160 | fi
161 | 
162 | ## Check for wget or curl or fetch
163 | e "Checking for HTTP client..."
164 | if [ `which curl 2> /dev/null` ]; then
165 | 	download="$(which curl) -s -O"
166 | elif [ `which wget 2> /dev/null` ]; then
167 | 	download="$(which wget) --no-certificate"
168 | elif [ `which fetch 2> /dev/null` ]; then
169 | 	download="$(which fetch)"
170 | else
171 | 	dep "wget"
172 | 	download="$(which wget) --no-certificate"
173 | 	e "No HTTP client found, wget added to dependencies" 31
174 | fi
175 | 
176 | ## Check for package manager (apt or yum)
177 | e "Checking for package manager..."
178 | if [ `which apt-get 2> /dev/null` ]; then
179 | 	install[0]="apt"
180 | 	install[1]="$(which apt-get) -y --force-yes install"
181 | elif [ `which yum 2> /dev/null` ]; then
182 | 	install[0]="yum"
183 | 	install[1]="$(which yum) -y install"
184 | else
185 | 	ee "No package manager found."
186 | fi
187 | 
188 | ## Check for package manager (dpkg or rpm)
189 | if [ `which dpkg 2> /dev/null` ]; then
190 | 	install[2]="dpkg"
191 | 	install[3]="$(which dpkg)"
192 | elif [ `which rpm 2> /dev/null` ]; then
193 | 	install[2]="rpm"
194 | 	install[3]="$(which rpm)"
195 | else
196 | 	ee "No package manager found."
197 | fi
198 | 
199 | ## Check for init system (update-rc.d or chkconfig)
200 | e "Checking for init system..."
201 | if [ `which update-rc.d 2> /dev/null` ]; then
202 | 	init="$(which update-rc.d)"
203 | elif [ `which chkconfig 2> /dev/null` ]; then
204 | 	init="$(which chkconfig) --add"
205 | else
206 | 	ee "Init system not found, service not started!"
207 | fi
208 | 
209 | 
210 | [ -z "$1" ] && ee "Please pass an email address as an argument"
211 | 
212 | 
213 | # Adding dependencies
214 | case ${install[2]} in
215 | 	dpkg )
216 | 		dep "mailutils"
217 | 		;;
218 | 	rpm )
219 | 		dep "mailx"
220 | 		;;
221 | esac
222 | 
223 | install_deps
224 | 
225 | 
226 | 
227 | if [ -f $DIR/rkhunter-1.4.0.tar.gz ]; then
228 | 	cp $DIR/rkhunter-1.4.0.tar.gz $TMP
229 | else
230 | 	download http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz "$NAME $VER files"
231 | fi
232 | 
233 | e "Installing $NAME $VER"
234 | 
235 | tar -xzf rkhunter-1.4.0.tar.gz >> $INSTALL_LOG 2>> $ERROR_LOG
236 | cd rkhunter-1.4.0
237 | 
238 | sh installer.sh --layout default --install >> $INSTALL_LOG 2>> $ERROR_LOG || ee "Installing $NAME $VER failed"
239 | 
240 | e "Updating database"
241 | /usr/local/bin/rkhunter --update  >> $INSTALL_LOG 2>> $ERROR_LOG || e "Updating database failed" 31
242 | /usr/local/bin/rkhunter --propupd  >> $INSTALL_LOG 2>> $ERROR_LOG || e "Updating database failed" 31
243 | 
244 | e "Installing cron script"
245 | echo "#!/bin/sh
246 | (
247 | 	/usr/local/bin/rkhunter --versioncheck
248 | 	/usr/local/bin/rkhunter --update
249 | 	/usr/local/bin/rkhunter --cronjob --report-warnings-only
250 | ) | /bin/mail -s 'rkhunter Daily Run ($(hostname))' $1" >> /etc/cron.daily/rkhunter.sh
251 | chmod 755 /etc/cron.daily/rkhunter.sh
252 | 
253 | cleanup
254 | 
255 | e "It is recommended to run a scan on the file system by running rkhunter --check"
256 | 
257 | if [ -s $ERROR_LOG ]; then
258 | 	e "Error log is not empty. Please check $ERROR_LOG for further details." 31
259 | fi
260 | 
261 | e "Installation done."
262 | 


--------------------------------------------------------------------------------