Install chkrootkit
The following steps will help you to install chkrootkit on CentOS.
cd /usr/local/src wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz tar xvf chkrootkit.tar.gz cd chkrootkit-* make sense
Now, you can run the chkrootkit to scan the server. Please note that the present working directory should be “/usr/local/src/chkrootkit-0.50”.
./chkrootkit
Daily scan report script
Create a file named scan.sh
vim /etc/cron.daily/chkrootkit.sh
#!/bin/bash cd /usr/local/src/chkrootkit-*/ ; ./chkrootkit |grep -v not| /bin/mail -s 'CHROOTKIT Scan Result' your@email.com
Make it executable
chmod +x /etc/cron.daily/chkrootkit.sh
The script will email your daily scan report. Also, the above steps can also be used to install chkrootkit on cPanel server. Also, please keep this in mind that, using chkrootkit, you can’t remove and found 100% rootkits. You can secure your server from rootkits by ensuring that all applications and software are up-to-date and the system kept patched against all known vulnerabilities.
That’s it!