Easy ways to Installing CHKROOTKIT on Linux server

Easy ways to Installing CHKROOTKIT on Linux server

Chkrootkit (Check Rootkit) is a common Unix-based program intended to help system administrators check their system for known rootkits. It is a shell script using common UNIX/Linux tools like the strings.

Easy ways to Installing CHKROOTKIT on Linux server


Environments for chkrootkit:

chkrootkit is tested on: Linux 2.0.x, 2.2.x, 2.4.x and 2.6.x,FreeBSD 2.2.x, 3.x, 4.x and 5.x, OpenBSD 2.x, 3.x and 4.x., NetBSD1.6.x, Solaris 2.5.1, 2.6, 8.0 and 9.0, HP-UX 11, Tru64, BSDI and MacOS X.

1. Login to your server as root. (SSH)

2. Down load the chkrootkit.

Type: wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

3. Unpack the chkrootkit you just downloaded.

#tar xvzf chkrootkit.tar.gz

4. Change to new directory using cd command

#cd chkrootkit*

5. Compile chkrootkit

#make sense

6. Run chkrootkit

# ./chkrootkit

what chkrootkit will do

1. It checks for signs of rootkits – chkrootkit, ifpromisc.c, chklastlog.c, chkwtmp.c, check_wtmpx.c, chkproc.c, chkdirs.c, strings.c, chkutmp.c; chkrootkit is the main module which controls all other modules.

2.chkrootkit checks system binaries for modifications. eg: find, grep, cron, crontab, echo, env, su, ifconfig, init, sendmail …).

3.Next, it finds default files and directories of many rootkits (sniffer’s logs, HiDrootkit’s default dir, tOrn’s default files and dirs…).

4.After that, it continues to look for default files and directories of known rootkits.

If it says “Checking `bindshell’… INFECTED (PORTS: 465)”

This is normal and it is NOT really a virus.

The following tests are made:

aliens asp bindshell lkm rexedcs sniffer wted w55808 scalper slapper z2 amd basename biff chfn chsh cron date du dirname echo egrep env find fingerd gpm grep hdparm su ifconfig inetd inetdconf init identd killall ldsopreload login ls lsof mail mingetty netstat named passwd pidof pop2 pop3 ps pstree rpcinfo rlogind rshd slogin sendmail sshd syslogd tar tcpd tcpdump top telnetd timed traceroute vdir w write.


Leave a Reply

Your email address will not be published. Required fields are marked *