Posted by: Mangesh_Linux_Administrator | March 2, 2011

Chkrootkit installation


:chkrootkit is a tool to locally check for signs of a rootkit. It contains a chkrootkit: shell script that checks system binaries for rootkit modification.
Installation:– Login to your server as root. (SSH)
cd /usr/local/src
– Down load the chkrootkit.# wget
– Unpack the chkrootkit you just downloaded.# tar -xvzf chkrootkit.tar.gz
– Change to new directory# cd chkrootkit*
– Compile chkrootkit# make sense
– Run chkrootkit# ./chkrootkit
How to setup a daily scan report?
– Load crontab# crontab -e
– Add this line to the top:==========================================================================0 1 * * * (cd /path/to/chkrootkit; ./chkrootkit 2>&1 | mail -s “chkrootkit output” 1 * * *  (cd /usr/local/src/chkrootkit-0.49; ./chkrootkit | mail -s “chkrootkit output” )
This will run CHKROOTKIT at 1am every day, and e-mail the output to root. (you need change the time whenever you want it to run and the email id according to your needs.)

Save and exit.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: