How To Install and Use chkrootkit on Ubuntu 20.04

In this article, we want to teach you How To Install and Use chkrootkit on Ubuntu 20.04.

The chkrootkit security scanner searches for signs that the system is infected with a ‘rootkit’. Rootkits are a form of malware that seek to exploit security flaws to grant unauthorized access to a computer or its services, generally for malicious purposes.

chkrootkit can identify signs of over 70 different rootkits.

How To Install and Use chkrootkit on Ubuntu 20.04

Before you start to install chkrootkit, you need to log in to your server as a root user.

Then, you can follow the steps below to complete this guide.

Install chkrootkit on Ubuntu 20.04

By default, the chkrootkit is available in the default Ubuntu repository. First, update your local package index with the following command:

apt update

Then, you can use the following command to install chkrootkit:

apt install chkrootkit

When your installation is complete, verify your chkrootkit installation on Ubuntu 20.04 by checking its version:

chkrootkit -V

In your output you will see:

Output
chkrootkit version 0.53

Now that you have chkrootkit installed on your server, let’s see how to use it.

How To Use chkrootkit

At this point, we want to teach you some basic usage of chkrootkit on Ubuntu 20.04.

You can list all available tests by using the following command:

chkrootkit -l

In your output you will see:

Output
/usr/sbin/chkrootkit: tests: 
aliens asp bindshell lkm rexedcs sniffer w55808 wted scalper slapper z2 chkutmp OSX_RSPLUG amd basename biff chfn chsh cron crontab date du dirname 
echo egrep env find fingerd gpm grep hdparm su ifconfig inetd inetdconf identd init killall ldsopreload login ls lsof mail mingetty netstat named passwd pidof pop2 pop3 ps pstree rpcinfo rlogind
 rshd slogin sendmail sshd syslogd tar tcpd tcpdump top telnetd timed traceroute vdir w write

Now you can scan your server with the command below:

chkrootkit

Also, you can use the chkrootkit command with the -q option to scan your server in a quiet mode:

chkrootkit -q
Output
/usr/lib/modules/5.4.0-29-generic/vdso/.build-id
/usr/lib/modules/5.4.0-29-generic/vdso/.build-id
...

To check all files with a specific directory, you can use the chrootkit command as shown below on Ubuntu 20.04:

chkrootkit -r /opt

And you can create a bash script for scanning the server & send the scan details report to the mail address.

vi /etc/cron.daily/chkrootkit.sh

Add the following lines:

#!/bin/sh
(
chkrootkit
) | /bin/mail -s 'CHROOTKIT Daily Run (Server-Name)' recipient@email.com

To enable the daily Schedule check, edit the file below:

vi /etc/chkrootkit.conf

And change the line below as shown:

RUN_DAILY="true"

Conclusion

At this point, you learn to Install and Use chkrootkit on Ubuntu 20.04.

Hope you enjoy it.

May you will be interested in these articles:

How To Install AnyDesk on Ubuntu 20.04.

Set up MariaDB 10.8 on Ubuntu 20.04.

How To Install CMake on Ubuntu 20.04.

Install and Configure Froxlor on Ubuntu 20.04.

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Leave a Reply

Stay informed and not overwhelmed, subscribe now!