Home » Feature » rkhunter And chkrootkit Can Check Rootkit In Linux

rkhunter And chkrootkit Can Check Rootkit In Linux

Author by linuxceon on Dec 25, 2011 in Feature, Security | 0 comments

Worried if rootkit is appear in your Linux, right? Then you can use these tool between rkhunter and chkrootkit.

These tools are commonly use in any web hosting when you own your VPS or dedicated server.

And these would be useful if you check that software is outdated (e.g. Apache, OpenSSL), detected that rootkit is appear (e.g. Tuxtendo Rootkit, Solaris rootkit) and other misconfigured. Depending what rootkit tools do you run that i mention above.

It’s not just only server but also in your personal computer, too.

And actually rkhunter and chkrootkit are same but it’s just different running check rootkit.

Anyway, time to setup for installing rkhunter and chkrootkit

rkhunter

rkhunter (rootkit hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits.

For installing or updating this tool would be very easy. Follow these instruction using terminal command line.

If you want install manually with latest tool, follow this:

su or sudo -i     // Change to be privilege root. Depending distribution when you use a command for server or desktop

wget http://sourceforge.net/projects/rkhunter/files/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz

tar xzf rkhunter-1.3.8.tar.gz

cd rkhunter-1.3.8

./installer.sh --install

cd /etc     // Use this command only if you want update rkhunter that is exist

In command cd /etc, delete file name rkhunter.conf from previous version, then rename this file like this for example rkhunter.conf.201112xxxxxxxx (this file will be appear randomly number when you succeded install) to be rkhunter.conf. Follow this command for this section:

rm rkhunter.conf

mv rkhunter.conf.201112xxxxxxxx rkhunter.conf

rkhunter --propupd     // Don’t forget to run this command to update entire file properties databse after you done installation

If you want install automatically for more comfortable, use this command on below:

Debian user:

apt-get install rkhunter

Redhat user:

yum install rkhunter

Done for rkhunter. Time to running rkhunter using this command:

rkhunter --check

rkhunter --propupd // Run this command in case if you encounter warning at /etc/rkunter.conf

chkrootkit

chkrootkit (check rootkit) is a common Unix-based program intended to help system administrators check their system for known rootkits.

For installing and update with manual and latest version, that would be a little troublesome because everytime you run, you must be run in that location again (depending where do you save a location)

To install it, follow this command:

su or sudo -i // Change to be privilege root. Depending distribution when you use a command for server or desktop

cd /opt

wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

tar xzf chkrootkit.tar.gz

cd chkrootkit-0.49

make sense

Done and done. Time to running chkrootkit using this command

./chkrootkit

It would be best if you install automatically for not running this command ./chkrootkit again everytime you run

Debian user:

apt-get install chkrootkit

Redhat user:

yum install chkrootkit

Finished. Running this command only without dot slash:

chkrootkit

That’s all today from me. Actually, there is more rootkit tools for Linux beside rkhunter and chkrootkit, but i will post it later when i find a good tools.

Be Sociable, Share!