Re: [CentOS] How to install rkhunter properly

after a bit of struggling I found out how to cleanly install rkhunter ... maybe this is useful for you:

• Download rkhunter (I downloaded v 1.2.8)
• mv /etc/rpm/platform /root/etc_rpm_platform
• setarch i386 rpmbuild -ta --target=i386 rkhunter-1.2.8.tar.gz
• mv /root/etc_rpm_platform /etc/rpm/platform
• rpm -ivh /usr/src/redhat/RPMS/noarch/rkhunter-1.2.8-1.noarch.rpm
• wget http://prdownloads.sourceforge.net/rkhunter/hashupd.sh?download
• chmod +x hashupd.sh
• ./hashupd.sh

In general I had 2 problems:

• On my 64 bit machine, the __libdir was set to /usr/lib64 whereas

rkhunter uses an ugly "/usr/lib" (solved with moving the platform file temporarily)

• rkhunter -c showed me all the binaries in /bin /sbin/ and /usr/bin as

'bad'. (solved with downloading and calling ./hashupd.sh)

You can (should) use the pre-built rk-hunter package in KBS-Extras(http://centos.karan.org, or http://wiki.centos.org/Repositories). It's prebuilt for you, which solves have your issue. The other half is because rkhunter doesn't play well with prelink, which runs as a cron job and ensures that applications load as quickly as possible. There are workarounds for this, and I believe there's a patch to rkhunter which resolves it.