The chkrootkit is a security scanner to check if the system is infected with the ‘rootkit’. A rootkit is a malicious software which is capable of having administrator-level access to a computer or network.
Install chkrootkit
The following steps will help you to install chkrootkit on CentOS.
cd /usr/local/src wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz tar xvf chkrootkit.tar.gz cd chkrootkit-* make sense
Now, you can run the chkrootkit to scan the server. Please note that the present working directory should be “/usr/local/src/chkrootkit-0.50”.
./chkrootkit
Daily scan report script
Create a file named scan.sh
vim /etc/cron.daily/chkrootkit.sh
#!/bin/bash cd /usr/local/src/chkrootkit-*/ ; ./chkrootkit |grep -v not| /bin/mail -s 'CHROOTKIT Scan Result' [email protected]
Make it executable
chmod +x /etc/cron.daily/chkrootkit.sh
The script will email your daily scan report. Also, the above steps can also be used to install chkrootkit on cPanel server. Also, please keep this in mind that, using chkrootkit, you can’t remove and found 100% rootkits. You can secure your server from rootkits by ensuring that all applications and software are up-to-date and the system kept patched against all known vulnerabilities.
That’s it!