Chkrootkit :
chkrootkit is a tool to locally check for signs of a rootkit. It contains a chkrootkit: shell script that checks system binaries for rootkit modification.

– Login to your server as root. (SSH)

– Down load the chkrootkit.
# wget

– Unpack the chkrootkit you just downloaded.
# tar xvzf chkrootkit.tar.gz

– Change to new directory
# cd chkrootkit*

– Compile chkrootkit
# make sense

– Run chkrootkit
# ./chkrootkit

How to setup a daily scan report?

– Load crontab
# crontab -e

– Add this line to the top:
0 1 * * * (cd /path/to/chkrootkit; ./chkrootkit 2>&1 | mail -s “chkrootkit output”

This will run CHKROOTKIT at 1am every day, and e-mail the output to root. (you need change the time whenever you want it to run and the email id according to your needs.)

Save and exit.

Done!!!! 🙂


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: