Rootkit Hunter (RKH) is an easy-to-use tool which checks computers running UNIX (clones) for the presence of rootkits and other unwanted tools. You can use RKH along with ckrootkit to routinely check your system for possible infestation. You could manually update or scan your system or you could use a crontan script like this:

#!/bin/sh

( /usr/local/bin/rkhunter –versioncheck
/usr/local/bin/rkhunter –update
/usr/local/bin/rkhunter –cronjob –report-warnings-only
) | /bin/mail -s ‘rkhunter Daily Run’ root

For Linux systems, if the script is saved in the /etc/cron.daily directory, then the system will automatically run it once per day.

Alternatively, the rkhunter command can be added directly to your root crontab. For example:

30 5 * * * /rkhunter -c –cronjob

Rootkit Hunter will now run at 5:30 (AM).

Rootkit Hunter in action: