chkrootkit (Check Rootkit) is a common Unix-based program intended to help system administrators check their system for known rootkits. It is a shell script using common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures and for comparing a traversal of the /proc filesystem with the output of the ps (process status) command to look for discrepancies.
#cd /usr/local/src
Download chkrootkit
#wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit-0.49.tar.gz
md5 check : To check that the file you have is the same file that chkrootkit.org intended you to have, check the md5 signature. To do this enter:
#md5sum chkrootkit.tar.gz
This will create an output that is unique to the downloaded file - check this with the md5 signature which is available from a mirror website
ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5
# tar -xvzf chkrootkit-0.49.tar.gz
Change to new directory
# cd chkrootkit-0.49
Compile chkrootkit
# make sense
Run chkrootkit
# ./chkrootkit
- Monthly cron
#vi /etc/cron.hourly/chkrootkit.sh
cd /usr/local/src/chkrootkit-0.49; ./chkrootkit 2>&1 | mail -s “chkrootkit output” mail@domain.com
#chmod +x /etc/cron.hourly/chkrootkit.sh
#cd /usr/local/src
Download chkrootkit
#wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit-0.49.tar.gz
md5 check : To check that the file you have is the same file that chkrootkit.org intended you to have, check the md5 signature. To do this enter:
#md5sum chkrootkit.tar.gz
This will create an output that is unique to the downloaded file - check this with the md5 signature which is available from a mirror website
ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5
# tar -xvzf chkrootkit-0.49.tar.gz
Change to new directory
# cd chkrootkit-0.49
Compile chkrootkit
# make sense
Run chkrootkit
# ./chkrootkit
- Monthly cron
#vi /etc/cron.hourly/chkrootkit.sh
cd /usr/local/src/chkrootkit-0.49; ./chkrootkit 2>&1 | mail -s “chkrootkit output” mail@domain.com
#chmod +x /etc/cron.hourly/chkrootkit.sh
0 comments: