Brief About Chkrootkit
Chkrootkit is also known as Check Rootkit. It is a common Unix-based security scanner that allows you to detect rootkits on your system. Chkrootkit consists of a shell script that looks after various security issues and system binaries for rootkit modification.
This tutorial explains how to install and configure Chkrootkit on HostRangers Cloud Elastic Compute Service (ECS) Ubuntu 18.04 server.
- HostRangers Cloud Instance with Ubuntu 18.04 installed.
- Your instance needs to have a root password.
First of all, create a new ECS instance and connect to your instance as the root user.
If you don’t know how to do it, let the HostRangers support team help you with it.
After it, log into your Ubuntu 18.04 instance and run the following command.
This command will update your base system with the latest available packages.
Remember by default, Chkrootkit is available in the Ubuntu 18.04 default repository. So, to install it just run the below command :
Once the installation is done, you can check the version of Chkrootkit using following command :
Output will be :
To list out the options available with Chkrootkit use the following command :
Run the following command to list all the available tests with Chkrootkit :
Now, run the following command to run the Chkrootkit test :
The output will be as shown below. If any of the output shows as infected, then you will need to check :
To list the output message with only ‘infected’ status, run Chkrootkit with -q option :
Run the following command to check all the files under the specified directory :
Enable the Schedule Check
Chkrootkit consists of a default crontab configuration file. The daily checkup can be enabled by /etc/chkrootkit.conf file.
Now, change this line from –
Once you are done with all the processes, Save and Close the file.
This way you can successfully install and use Chkrootkit on Ubuntu 18.04 server. It also enables you to easily find any infected files on your system using Chkrootkit.