Will rkhunter catch a real rootkit?

Known rootkits yes. Novel ones probably not. Treat as one layer.

Default config flags many normal things. Spend an hour tuning out the noise once.

rkhunter or chkrootkit?

Run both, see the chkrootkit guide.

Does Anubiz scan customer VPS?

No. We do not access guest VMs without authorization.

rkhunter on an Anubiz Offshore VPS

rkhunter checks for known rootkit signatures, suspicious file modifications and hidden ports. Not a primary defense, but a useful tripwire. On an Anubiz VPS it runs as a daily cron job and emails you when anything changes. This guide installs, baselines, schedules and tunes the noisy default checks.

Need this done for your project?

We implement, you ship. Async, documented, done in days.

Start a Brief

Step 1: Install

apt install rkhunter.

Step 2: Baseline

rkhunter --propupd after a fresh install. This captures known-good file properties (hash, perms, owner).

Step 3: First Scan

rkhunter --check --sk. Review warnings. Many are noise (allowed modules, normal SSH config). Add tunings to /etc/rkhunter.conf.

Step 4: Cron

The package installs a daily cron in /etc/cron.daily/rkhunter. Confirm. Email goes to root - alias to your real address in /etc/aliases.

Step 5: After Each apt upgrade

Rerun rkhunter --propupd to re-baseline. Otherwise daily scans report every upgraded binary as suspicious.

Related Services

Offshore VPS from $17.90/mo Dedicated Servers DevOps Services

Why Anubiz Host

100% async — no calls, no meetings

Delivered in days, not weeks

Full documentation included

Production-grade from day one

Security-first approach

Post-delivery support included

Bulletproof Hosting Providers

DMCA-Ignored Servers

Offshore VPS Hosting

Anonymous Hosting Solutions

Ready to get started?

Skip the research. Tell us what you need, and we'll scope it, implement it, and hand it back — fully documented and production-ready.

Start a Brief Anubiz Offshore VPS