In this guide from Linux Security, we want to teach you How To Install chkrootkit on Ubuntu 22.04.
The chkrootkit security scanner is a popular security tool that allows administrators to check the local system for evidence of a rootkit infection. A rootkit is a malicious application that may get access to a computer system without the user’s knowledge. This implies that the rootkit may execute files and change system configurations on the target machine, among other things, which can only be done as the Linux computer’s superuser.
The Chkrootkit utility, as you may have guessed, is used to check for the presence of rootkits. Rootkits are a sort of malicious software that allows an unauthorized person to get access to a server. Rootkits can be a concern if you operate a Linux-based server.
Chkrootkit is one of the most widely used Unix-based rootkit detection applications.
How To Install chkrootkit on Ubuntu 22.04
To install chkrootkit, you need to log in to your server as a root user.
Now follow the steps below to complete this guide.
Installing chkrootkit on Ubuntu 22.04
By default, the chkrootkit packages are available in the default Ubuntu repository.
First, update your local package index with the following command:
Then, install chkrootkit on your server by running the command below:
apt install chkrootkit
Verify your chkrootkit installation by checking its version:
Output chkrootkit version 0.53
At this point, you will learn the basic usage of chkrootkit on Ubuntu 22.04.
You can list all available tests by using the following command:
In your output you will see:
Output /usr/sbin/chkrootkit: tests: aliens asp bindshell lkm rexedcs sniffer w55808 wted scalper slapper z2 chkutmp OSX_RSPLUG amd basename biff chfn chsh cron crontab date du dirname echo egrep env find fingerd gpm grep hdparm su ifconfig inetd inetdconf identd init killall ldsopreload login ls lsof mail mingetty netstat named passwd pidof pop2 pop3 ps pstree rpcinfo rlogind rshd slogin sendmail sshd syslogd tar tcpd tcpdump top telnetd timed traceroute vdir w write
Now you can scan your server with the command below:
Also, you can use the chkrootkit command with the -q option to scan your server in a quiet mode:
Output /usr/lib/modules/5.4.0-29-generic/vdso/.build-id /usr/lib/modules/5.4.0-29-generic/vdso/.build-id ...
To check all files with a specific directory, you can use the chrootkit command as shown below on Ubuntu 22.04:
chkrootkit -r /opt
And you can create a bash script for scanning the server & send the scan details report to the mail address.
Add the following lines:
#!/bin/sh ( chkrootkit ) | /bin/mail -s 'CHROOTKIT Daily Run (Server-Name)' [email protected]
To enable the daily Schedule check, edit the file below:
And change the line below as shown:
Now you learn to Install chkrootkit on Ubuntu 22.04. Also, you learn the basic usage of chkrootkit.
Hope you enjoy it.