In this article, we want to teach you How To Install and Use chkrootkit on Centos 7.
chkrootkit is a free and open-source antivirus tool available on GitHub. This tool checks locally in the binary system of your machine and scans your Linux server for a trojan. chkrootkit is a shell script that checks system binaries for rootkit modification. This tool is used for scanning botnets, rootkits, malware, etc.
How To Install and Use chkrootkit on Centos 7
To install chkrootkit, you need to log in to your server as a root user.
Now you can follow the steps below to install chkrootkit on Centos 7.
Installing chkrootkit on Centos 7
By default, chkrootkit packages aren’t available in the default Centos 7 repository.
First, you need to update your local package index with the following command:
sudo yum update -y
Then, install the required packages on Centos 7 with the following command:
yum install wget gcc-c++ glibc-static
Next, you need to visit the chkrootkit downloads page and download the latest source tarball with the wget command:
wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
Here you need to check that the chkrootkit download has not been tampered with or damaged. For this, you can download the md5 hash file associated with your chkrootkit download using the following command:
Check the chkrootkit download:
md5sum -c chkrootkit.md5
Output chkrootkit.tar.gz: OK
At this point, you need to extract your chkrootkit downloaded file with the command below:
tar -xvzf chkrootkit.tar.gz
Now you need to create a folder and move the extracted contents to the file:
To check your chkrootkit file name you can use the ls command and use the command below to move it to your new folder:
mv chkrootkit-0.55/* /usr/local/chkrootkit
Switch to your chkrootkit directory on Centos 7:
Then, run the make sense command:
When it is completed, you can start to scan the server.
How To Use chkrootkit
At this point, you need to scan your Centos 7 server by running the chkrootkit:
To enable automatic scanning, you can add a cron entry for running chkrootkit automatically and send a scan report to your mail address. Create and add the following entries to “/etc/cron.daily/chkrootkit.sh”
#!/bin/sh ( /usr/local/chkrootkit/chkrootkit ) | /bin/mail -s 'CHROOTKIT Daily Run (ServerName)' [email protected]
These are some commonly used options of chkrootkit:
- -h: Show a short help message and exit.
- -V: Show version information and exit.
- -I: Show available tests and exit.
- -d: Enter debugs mode.
- -x: Enter expert mode.
- -e: Exclude known false positive files/dirs, quoted, space-separated.
- -q: Enter quiet mode. In quiet mode, only output messages with infected status are displayed.
- -r dir: use dir as the root directory.
- -p dir1: Ability to add more binary paths using this option.
- -n: Skip NFS-mounted directories.
At this point, you learn to Install and Use chkrootkit on Centos 7.
Hope you enjoy it.
Also, you may be interested in these articles: