What is chkrootkit?

The chkrootkit is a common security scanner which helps the administrators to search the local system for signs that it is infected with a ‘rootkit’. A rootkit can be considered as a malicious program which can take control over a computer system, without the computer system user knowing about it. This means that the rootkit is capable of executing files and changing system configurations on the target machine and many more which can be done only as the super user of the Linux machine.

Please keep in mind that, you can use chkrootkit to find the files and processes associated with a rootkit, but you can’t be 100% sure that all pieces of rootkits are found and removed. You can safeguard your system from rootkits by ensuring that all applications and softwares are up-to-date and the system kept patched against all known vulnerabilities.

How to install chkrootkit on Linux

1. Download the source file

wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

2. Extract the compressed file and install it.

tar –xzf chkrootkit.tar.gz
mkdir /usr/local/chkrootkit
mv chkrootkit*/* /usr/local/chkrootkit
cd /usr/local/chkrootkit
make sense

Now, you can run the chkrootkit to scan the server.

/usr/local/chkrootkit/chkrootkit

3. Enable Automatic Server Scanning

You can add a cron entry for running chkrootkit automatically and send a scan report to your mail address. Create and add the following entries to “/etc/cron.daily/chkrootkit.sh”

#!/bin/sh
(
/usr/local/chkrootkit/chkrootkit
) | /bin/mail -s ‘CHROOTKIT Daily Run (ServerName)’ [email protected]

You can also install other security scanners like rkhunter on your system for better security.

 

http://linoxide.com/security/installing-chkrootkit-redhat-linux/