Posted by: Mangesh_Linux_Administrator | March 2, 2011

Chkrootkit installation


Chkrootkit

:chkrootkit is a tool to locally check for signs of a rootkit. It contains a chkrootkit: shell script that checks system binaries for rootkit modification.
Installation:– Login to your server as root. (SSH)
cd /usr/local/src
– Down load the chkrootkit.# wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
– Unpack the chkrootkit you just downloaded.# tar -xvzf chkrootkit.tar.gz
– Change to new directory# cd chkrootkit*
– Compile chkrootkit# make sense
– Run chkrootkit# ./chkrootkit
How to setup a daily scan report?
– Load crontab# crontab -e
– Add this line to the top:==========================================================================0 1 * * * (cd /path/to/chkrootkit; ./chkrootkit 2>&1 | mail -s “chkrootkit output” email@domain.com)==========================================================================E.G:0 1 * * *  (cd /usr/local/src/chkrootkit-0.49; ./chkrootkit | mail -s “chkrootkit output”  test@hotmail.com )
This will run CHKROOTKIT at 1am every day, and e-mail the output to root. (you need change the time whenever you want it to run and the email id according to your needs.)

Save and exit.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: