The chkrootkit is a security scanner to check if the system is infected with the ‘rootkit’. A rootkit is a malicious software which is capable of having administrator-level access to a computer or network. 

Install chkrootkit

The following steps will help you to install chkrootkit on CentOS.

 
cd /usr/local/src
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvf chkrootkit.tar.gz
cd chkrootkit-*
make sense

Now, you can run the chkrootkit to scan the server. Please note that the present working directory should be “/usr/local/src/chkrootkit-0.50”.

 
./chkrootkit

Daily scan report script

Create a file named scan.sh

 
vim /etc/cron.daily/chkrootkit.sh

 
#!/bin/bash
cd /usr/local/src/chkrootkit-*/ ; ./chkrootkit |grep -v not| /bin/mail -s 'CHROOTKIT Scan Result' [email protected]

Make it executable

 
chmod +x /etc/cron.daily/chkrootkit.sh

The script will email your daily scan report. Also, the above steps can also be used to install chkrootkit on cPanel server. Also, please keep this in mind that, using chkrootkit, you can’t remove and found 100% rootkits. You can secure your server from rootkits by ensuring that all applications and software are up-to-date and the system kept patched against all known vulnerabilities.

That’s it!