Install and Use Chkrootkit on AlmaLinux 8

In this guide, we want to teach you How To Install and Use Chkrootkit on AlmaLinux 8.

Chkrootkit is a free and open-source antivirus tool available on GitHub. This tool checks locally in the binary system of your machine and scans your Linux server for a trojan. chkrootkit is a shell script that checks system binaries for rootkit modification. This tool is used for scanning botnets, rootkits, malware, etc. 

How To Install and Use Chkrootkit on AlmaLinux 8

To install Chkrootkit, you must log in to your AlmaLinux server as a root user.

Now follow the steps below to complete this guide.

Steps To Install Chkrootkit on AlmaLinux 8

By default, chkrootkit packages aren’t available in the default AlmaLinux repository.

First, you need to update your local package index with the following command:

dnf update -y

Then, install the required packages on AlmaLinux 8 with the following command:

dnf install wget gcc-c++ glibc

Next, you need to visit the chkrootkit downloads page and download the latest source tarball with the wget command:

wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

Here you need to check that the chkrootkit download has not been tampered with or damaged. For this, you can download the md5 hash file associated with your chkrootkit download using the following command:

wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5

Check the chkrootkit download:

md5sum -c chkrootkit.md5
Output
chkrootkit.tar.gz: OK

At this point, you need to extract your chkrootkit downloaded file with the command below:

tar -xvzf chkrootkit.tar.gz

Now you need to create a folder and move the extracted contents to the file:

mkdir /usr/local/chkrootkit

To check your chkrootkit file name you can use the ls command and use the command below to move it to your new folder:

mv chkrootkit-0.55/* /usr/local/chkrootkit

Switch to your chkrootkit directory on AlmaLinux 8:

cd /usr/local/chkrootkit

Then, run the make sense command:

make sense

When it is completed, you can start to scan the server.

Using Chkrootkit on AlmaLinux 8

At this point, you need to scan your AlmaLinux 8 server by running the chkrootkit:

/usr/local/chkrootkit/chkrootkit

To enable automatic scanning, you can add a cron entry for running chkrootkit automatically and send a scan report to your mail address. Create and add the following entries to “/etc/cron.daily/chkrootkit.sh

#!/bin/sh
 (
 /usr/local/chkrootkit/chkrootkit
 ) | /bin/mail -s 'CHROOTKIT Daily Run (ServerName)' [email protected]

These are some commonly used options of chkrootkit:

  • -h: Show a short help message and exit.
  • -V: Show version information and exit.
  • -I: Show available tests and exit.
  • -d: Enter debugs mode.
  • -x: Enter expert mode.
  • -e: Exclude known false positive files/dirs, quoted, space-separated.
  • -q: Enter quiet mode. In quiet mode, only output messages with infected status are displayed.
  • -r dir: use dir as the root directory.
  • -p dir1: Ability to add more binary paths using this option.
  • -n: Skip NFS-mounted directories.

Conclusion

At this point, you learn to Install and Use Chkrootkit on AlmaLinux 8.

Hope you enjoy it.

You may be interested in these articles:

Install and Use Webmin on AlmaLinux 8

How To Set up 7-Zip on AlmaLinux 8

Install and Configure Zabbix on AlmaLinux 8

How To Install MySQL on AlmaLinux 8

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay informed and not overwhelmed, subscribe now!