Install/Configure CHKROOTKIT On Linux: Security Scanner

The chkrootkit is a common security scanner which helps the administrators to search the local system for signs that it is infected with a 'rootkit'. A rootkit can be considered as a malicious program which can take control over a computer system without the computer system user knowing about it. This means that the rootkit is capable of executing files and changing system configurations on the target machine and many more which can be done only as the super user of the Linux machine.

Please keep in mind that you can use chkrootkit to find the files and processes associated with a rootkit, but you can’t be 100% sure that all pieces of rootkits are found and removed. You can safeguard your system from rootkits by ensuring that all applications and software are up-to-date and the system kept patched against all known vulnerabilities.

How to install chkrootkit on Linux.

1. Download the source file.

wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

2. Extract the compressed file and install it.

tar –xzf chkrootkit.tar.gz
mkdir /usr/local/chkrootkit
mv chkrootkit*/* /usr/local/chkrootkit
cd /usr/local/chkrootkit
make sense

Now, you can run the chkrootkit to scan the server.

/usr/local/chkrootkit/chkrootkit

3. Enable Automatic Server Scanning.

You can add a cron entry for running chkrootkit automatically and send a scan report to your mail address. Create and add the following entries to “/etc/cron.daily/chkrootkit.sh”

#!/bin/sh
(
/usr/local/chkrootkit/chkrootkit
) | /bin/mail -s 'CHROOTKIT Daily Run (ServerName)' your@email.com

You can also install other security scanners like rkhunter on your system for better security.

About Bobbin Zachariah

Founder of LinOxide, passionate lover of Linux and technology writer. Started his career in Linux / Opensource from 2000. Love traveling, blogging and listening music. Reach Bobbin Zachariah about me page and google plus page.

Author Archive Page

Have anything to say?

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.

1 Comment

  1. Who has reviewed the source code for all of the chkrootkit C programs, especially the script “chkrootkit”, to ensure that they aren’t infecting our computers with rootkits or key loggers?

    In other words, how do we know that chkrootkit isn't malware, disguised as malware detector?