How To Install and Use chkrootkit on Centos 7

In this article, we want to teach you How To Install and Use chkrootkit on Centos 7.

chkrootkit is a free and open-source antivirus tool available on GitHub. This tool checks locally in the binary system of your machine and scans your Linux server for a trojan. chkrootkit is a shell script that checks system binaries for rootkit modification. This tool is used for scanning botnets, rootkits, malware, etc.

How To Install and Use chkrootkit on Centos 7

To install chkrootkit, you need to log in to your server as a root user.

Now you can follow the steps below to install chkrootkit on Centos 7.

Installing chkrootkit on Centos 7

By default, chkrootkit packages aren’t available in the default Centos 7 repository.

First, you need to update your local package index with the following command:

sudo yum update -y

Then, install the required packages on Centos 7 with the following command:

yum install wget gcc-c++ glibc-static

Next, you need to visit the chkrootkit downloads page and download the latest source tarball with the wget command:

wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

Here you need to check that the chkrootkit download has not been tampered with or damaged. For this, you can download the md5 hash file associated with your chkrootkit download using the following command:

wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5

Check the chkrootkit download:

md5sum -c chkrootkit.md5
Output
chkrootkit.tar.gz: OK

At this point, you need to extract your chkrootkit downloaded file with the command below:

tar -xvzf chkrootkit.tar.gz

Now you need to create a folder and move the extracted contents to the file:

mkdir /usr/local/chkrootkit

To check your chkrootkit file name you can use the ls command and use the command below to move it to your new folder:

mv chkrootkit-0.55/* /usr/local/chkrootkit

Switch to your chkrootkit directory on Centos 7:

cd /usr/local/chkrootkit

Then, run the make sense command:

make sense

When it is completed, you can start to scan the server.

How To Use chkrootkit

At this point, you need to scan your Centos 7 server by running the chkrootkit:

/usr/local/chkrootkit/chkrootkit

To enable automatic scanning, you can add a cron entry for running chkrootkit automatically and send a scan report to your mail address. Create and add the following entries to “/etc/cron.daily/chkrootkit.sh”

#!/bin/sh
 (
 /usr/local/chkrootkit/chkrootkit
 ) | /bin/mail -s 'CHROOTKIT Daily Run (ServerName)' [email protected]

These are some commonly used options of chkrootkit:

  • -h: Show a short help message and exit.
  • -V: Show version information and exit.
  • -I: Show available tests and exit.
  • -d: Enter debugs mode.
  • -x: Enter expert mode.
  • -e: Exclude known false positive files/dirs, quoted, space-separated.
  • -q: Enter quiet mode. In quiet mode, only output messages with infected status are displayed.
  • -r dir: use dir as the root directory.
  • -p dir1: Ability to add more binary paths using this option.
  • -n: Skip NFS-mounted directories.

Conclusion

At this point, you learn to Install and Use chkrootkit on Centos 7.

Hope you enjoy it.

Also, you may be interested in these articles:

How To Set up Siege Stress Tester on Centos 7.

Enable Remote Connections For MySQL on Centos 7.

How To Find the CPU Information on Centos 7.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

POPULAR TAGS

Most Popular