Install/Configure CHKROOTKIT On Linux: Security Scanner

November 15, 2011 | By
| Reply More

The chkrootkit is a common security scanner which helps the administrators to search the local system for signs that it is infected with a 'rootkit'. A rootkit can be considered as a malicious program which can take control over a computer system without the computer system user knowing about it. This means that the rootkit is capable of executing files and changing system configurations on the target machine and many more which can be done only as the super user of the Linux machine.

Please keep in mind that you can use chkrootkit to find the files and processes associated with a rootkit, but you can’t be 100% sure that all pieces of rootkits are found and removed. You can safeguard your system from rootkits by ensuring that all applications and software are up-to-date and the system kept patched against all known vulnerabilities.

How to install chkrootkit on Linux.

1. Download the source file.

wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

2. Extract the compressed file and install it.

tar –xzf chkrootkit.tar.gz
mkdir /usr/local/chkrootkit
mv chkrootkit*/* /usr/local/chkrootkit
cd /usr/local/chkrootkit
make sense

Now, you can run the chkrootkit to scan the server.

/usr/local/chkrootkit/chkrootkit

3. Enable Automatic Server Scanning.

You can add a cron entry for running chkrootkit automatically and send a scan report to your mail address. Create and add the following entries to “/etc/cron.daily/chkrootkit.sh”

#!/bin/sh
(
/usr/local/chkrootkit/chkrootkit
) | /bin/mail -s 'CHROOTKIT Daily Run (ServerName)' your@email.com

You can also install other security scanners like rkhunter on your system for better security.

Filed Under : LINUX HOWTO, SECURITY

Tagged With :

Free Linux Ebook to Download

Leave a Reply

Commenting Policy:
Promotion of your products ? Comment gets deleted.
All comments are subject to moderation.