Share your love
How To Install and Use chkrootkit on Ubuntu 20.04
In this article, we want to teach you How To Install and Use chkrootkit on Ubuntu 20.04.
The chkrootkit security scanner searches for signs that the system is infected with a ‘rootkit’. Rootkits are a form of malware that seek to exploit security flaws to grant unauthorized access to a computer or its services, generally for malicious purposes.
chkrootkit can identify signs of over 70 different rootkits.
How To Install and Use chkrootkit on Ubuntu 20.04
Before you start to install chkrootkit, you need to log in to your server as a root user.
Then, you can follow the steps below to complete this guide.
Install chkrootkit on Ubuntu 20.04
By default, the chkrootkit is available in the default Ubuntu repository. First, update your local package index with the following command:
apt update
Then, you can use the following command to install chkrootkit:
apt install chkrootkit
When your installation is complete, verify your chkrootkit installation on Ubuntu 20.04 by checking its version:
chkrootkit -V
In your output you will see:
Output
chkrootkit version 0.53
Now that you have chkrootkit installed on your server, let’s see how to use it.
How To Use chkrootkit
At this point, we want to teach you some basic usage of chkrootkit on Ubuntu 20.04.
You can list all available tests by using the following command:
chkrootkit -l
In your output you will see:
Output
/usr/sbin/chkrootkit: tests:
aliens asp bindshell lkm rexedcs sniffer w55808 wted scalper slapper z2 chkutmp OSX_RSPLUG amd basename biff chfn chsh cron crontab date du dirname
echo egrep env find fingerd gpm grep hdparm su ifconfig inetd inetdconf identd init killall ldsopreload login ls lsof mail mingetty netstat named passwd pidof pop2 pop3 ps pstree rpcinfo rlogind
rshd slogin sendmail sshd syslogd tar tcpd tcpdump top telnetd timed traceroute vdir w write
Now you can scan your server with the command below:
chkrootkit
Also, you can use the chkrootkit command with the -q option to scan your server in a quiet mode:
chkrootkit -q
Output
/usr/lib/modules/5.4.0-29-generic/vdso/.build-id
/usr/lib/modules/5.4.0-29-generic/vdso/.build-id
...
To check all files with a specific directory, you can use the chrootkit command as shown below on Ubuntu 20.04:
chkrootkit -r /opt
And you can create a bash script for scanning the server & send the scan details report to the mail address.
vi /etc/cron.daily/chkrootkit.sh
Add the following lines:
#!/bin/sh
(
chkrootkit
) | /bin/mail -s 'CHROOTKIT Daily Run (Server-Name)' recipient@email.com
To enable the daily Schedule check, edit the file below:
vi /etc/chkrootkit.conf
And change the line below as shown:
RUN_DAILY="true"
Conclusion
At this point, you learn to Install and Use chkrootkit on Ubuntu 20.04.
Hope you enjoy it.
May you will be interested in these articles:
How To Install AnyDesk on Ubuntu 20.04.
Set up MariaDB 10.8 on Ubuntu 20.04.