Checking your Linux system for Rootkits

Chkrootkit is a tool to locally check for signs of a rootkit
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5
2) Check the md5checksum:

md5sum chkrootkit.tar.gz

3) Then extract and install:

tar -zxvf chkrootkit.tar.gz
cd chkrootkit
./configure
make sense

4) You can run it with the following command:

./chkrootkit

5) Now we are going to add it to contrab to schedule daily automatic scans in the system:

vi /etc/cron.daily/chkrootkit.sh

#!/bin/bash
# Enter the directory where the rootkit is installed
cd /root/chkrootkit/
# Enter your email address where you want to receive the report
./chkrootkit | mail -s “Daily chkrootkit from Server Name” your@email.com

6) Now change the file permissions so we can run it: chmod 755 /etc/cron.daily/chkrootkit.sh
7) To give it a try you can run the chkrootkit.sh file manually from /etc/cron.daily directory and you should receive a report to the email account you provided.

Leave a Reply

Your email address will not be published. Required fields are marked *