In this guide, we will show you how to install Chkrootkit in Ubuntu systems.
chkrootkit (Check Rootkit) is a common Unix-based program intended to help system administrators check their system for known rootkits. It is a shell script using common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures and for comparing a traversal of the /proc filesystem with the output of the ps (process status) command to look for discrepancies.
It can be used from a rescue disc (typically a live CD) or it can optionally use an alternative directory from which to run all of its own commands. These techniques allow chkrootkit to trust the commands upon which it depends a bit more.
There are inherent limitations to the reliability of any program that attempts to detect compromises (such as rootkits and computer viruses). Newer rootkits may specifically attempt to detect and compromise copies of the chkrootkit programs or take other measures to evade detection by them.
Install Chkrootkit on Ubuntu-APT method
Follow the steps below to get started with Chkrootkit :
- Update your Ubuntu system packages with running the below command:
sudo apt update -y && sudo apt upgrade -y
- Chkrootkit package is available on Ubuntu base repository. So You can install it directly as follows:
sudo apt install chkrootkit -y
- Verify Chkrootkit installed via checking the version as shown below:
- Run the chkrootkit test with the following command:
NOTE: Because of the output shown below as infected, then you need to check:
- Scan your server in quiet mode useing the chkrootkit command with the -q option as follows:
- Enable automatic daily scan of your system first use by using your favorite editor and change the line below as shown::
sudo vim /etc/chkrootkit.conf
Then save and close the file
- List out all options with Chkrootkit as shown below:
sudo chkrootkit -h
How to Remove (Uninstall) Chkrootkit
- Remove Chkrootkit APT Method
sudo apt autoremove chkrootkit --purge -y
Install Chkrootkit -Conclusion