chkrootkit (Check Rootkit) is a common Unix-based program intended to help system administrators check their system for known rootkits. It is a shell script using common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures and for comparing a traversalof the /proc filesystem with the output of the ps (process status) command to look for discrepancies
There are inherent limitations to the reliability of any program that attempts to detect compromises (such as rootkits and computer viruses). Newer rootkits may specifically attempt to detect and compromise copies of the chkrootkit programs or take other measures to evade detection by them.
Follow these steps to install ChkRootKit
– Down load the chkrootkit.
# wget http://www.spenneberg.org/chkrootkit-mirror/files/chkrootkit.tar.gz
– Unpack the chkrootkit you just downloaded.
# tar -xvzf chkrootkit.tar.gz
– Change to new directory
# cd chkrootkit-*
(select the version )
– Compile chkrootkit
# make sense
– Run chkrootkit
How to setup a daily scan report?
– Load crontab
# crontab -e
– Add this line to the top:
0 1 * * * (cd /usr/local/src/chkrootkit*; ./chkrootkit 2>&1 | mail -s “chkrootkit output” firstname.lastname@example.org)