Install and Use Chkrootkit on AlmaLinux 8

In this guide from the Orcacore website, we want to teach you how to install and use Chkrootkit on AlmaLinux 8. Chkrootkit is a free and open-source antivirus tool available on GitHub. This tool checks locally in the binary system of your machine and scans your Linux server for a Trojan. chkrootkit is a shell script that checks system binaries for rootkit modification. This tool is used for scanning botnets, rootkits, malware, etc. 

Proceed to the guide steps below to set up Chkrootkit antivirus on AlmaLinux 8 and start using it.

Steps To Install and Use Chkrootkit on AlmaLinux 8

To install Chkrootkit, you must log in to your AlmaLinux server as the root user and follow the steps below to complete this guide.

1. Download and Install Chkrootkit on AlmaLinux 8

By default, chkrootkit packages aren’t available in the default AlmaLinux repository. First, you need to update your local package index with the following command:

dnf update -y

Then, install the required packages on AlmaLinux 8 with the following command:

dnf install wget tar gcc-c++ glibc -y

Next, you need to visit the chkrootkit downloads page and download the latest source tarball with the wget command:

wget -c ftp://ftp.chkrootkit.org/pub/seg/pac/chkrootkit.tar.gz
download the latest source tarball of Chkrootkit

Here, you need to check that the chkrootkit download has not been tampered with or damaged. For this, you can download the MD5 hash file associated with your chkrootkit download using the following command:

wget ftp://ftp.chkrootkit.org/pub/seg/pac/chkrootkit.md5
download the MD5 hash file associated with your chkrootkit

Check the chkrootkit download:

md5sum -c chkrootkit.md5
Output
chkrootkit.tar.gz: OK

At this point, you need to extract your chkrootkit downloaded file with the command below:

tar -xvzf chkrootkit.tar.gz
extract chkrootkit downloaded file

Now you need to create a folder and move the extracted contents to the file:

mkdir /usr/local/chkrootkit

To check your chkrootkit file name, you can use the ls command and use the command below to move it to your new folder:

mv chkrootkit-0.58b/* /usr/local/chkrootkit

Switch to your chkrootkit directory on AlmaLinux 8:

cd /usr/local/chkrootkit

Then, run the make sense command:

make sense

When it is completed, you can start to scan the server.

2. Scan AlmaLinux 8 Server with Chkrootkit

At this point, you need to scan your AlmaLinux 8 server by running the chkrootkit:

/usr/local/chkrootkit/chkrootkit

To enable automatic scanning, you can add a cron entry for running chkrootkit automatically and send a scan report to your email address. Create and add the following entries to “/etc/cron.daily/chkrootkit.sh

#!/bin/sh
 (
 /usr/local/chkrootkit/chkrootkit
 ) | /bin/mail -s 'CHROOTKIT Daily Run (ServerName)' your@email.com

These are some commonly used options of chkrootkit:

  • -h: Show a short help message and exit.
  • -V: Show version information and exit.
  • -I: Show available tests and exit.
  • -d: Enter debug mode.
  • -x: Enter expert mode.
  • -e: Exclude known false positive files/dirs, quoted, space-separated.
  • -q: Enter quiet mode. In quiet mode, only output messages with an infected status are displayed.
  • -r dir: Use dir as the root directory.
  • -p dir1: Ability to add more binary paths using this option.
  • -n: Skip NFS-mounted directories.

Conclusion

At this point, you have learned to install and use Chkrootkit on AlmaLinux 8. Chkrootkit is a security tool that scans a Linux system for signs of rootkits. It checks common system binaries and processes for suspicious changes, helping detect hidden malware or unauthorized access, and improves overall system integrity and security.

Hope you enjoy it. Please subscribe to us on Facebook, X, and YouTube.

You may also be interested in these articles:

Install and Use Webmin on AlmaLinux 8

How To Set up 7-Zip on AlmaLinux 8

Install and Configure Zabbix on AlmaLinux 8

How To Install MySQL on AlmaLinux 8

Share your love

Stay informed and not overwhelmed, subscribe now!