Rkhunter

Rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing MD5 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.

Step 1: Downloading, Installing and Updating

cd /usr/local/src
wget http://sourceforge.net/projects/rkhunter/files/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
wget http://sourceforge.net/projects/rkhunter/files/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz.sha1
wget http://sourceforge.net/projects/rkhunter/files/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz.asc
sha1sum -c rkhunter-1.4.0.tar.gz.sha1.txt
tar -zxvf rkhunter-1.4.0.tar.gz
cd rkhunter-1.4.0
./installer.sh --layout default --install
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --propupd
rm -Rf /usr/local/src/rkhunter*
cd

Step 2: Adding daily cron job

Create the file /etc/cron.daily/rkhunter.sh with the following contents.

#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (YourServerNameHere)' name@domain.com

Change YourServerNameHere to your hostname and name@domain.com to your mail address.

Correct the permissions.

chmod 700 /etc/cron.daily/rkhunter.sh

Your Server will be scanned regularly and the result will be sent to the mentioned mail address.