How to Install Chkrootkit on Ubuntu? [Step-by-Step]


Written by - Deepak Prasad

This tutorial guides you through the steps to install chkrootkit on Ubuntu, including various installation methods, verifying the installation, basic usage, automating scans, and uninstallation, ensuring your system's security against rootkits.

Chkrootkit is a security scanner used in Unix and Linux systems to detect the presence of rootkits. Rootkits are a type of malware that disguise themselves as legitimate software, allowing unauthorized access to a computer system. They are often hard to detect because they can hide their existence from the system's normal diagnostic and monitoring tools.

The importance of chkrootkit in system security lies in its ability to search for signatures and behaviors typical of rootkits. By scanning various elements like system binaries and processes, chkrootkit helps system administrators and users identify potential security breaches. Since rootkits can give attackers deep control over systems and potentially lead to significant data breaches or system misuse, tools like chkrootkit are crucial for maintaining the integrity and security of computer systems.

 

Steps to install ChkrootKit on Ubuntu

1. Open the Terminal

Launch the Terminal on your Ubuntu system. You can do this by pressing `Ctrl + Alt + T` or searching for "Terminal" in your application menu.

How to Install Chkrootkit on Ubuntu? [Step-by-Step]

 

2. Update Package List

Before installing any new software, it's good practice to update your package list. This ensures you have the latest information about available packages and their versions. Execute the following command using sudo privilege:

sudo apt update

 

3. Install chkrootkit

Install chkrootkit using the apt package manager. The -y flag automatically answers 'yes' to prompts during installation, streamlining the process.

sudo apt install -y chkrootkit
How to Install Chkrootkit on Ubuntu? [Step-by-Step]

 

4. Verify Installation

After installation, verify that chkrootkit is installed correctly by checking its version. This command shows you the installed version of chkrootkit, confirming that the installation was successful.

chkrootkit -V

Sample Output:

chkrootkit version 0.55

Here we have successfully installed chkrootkit on our Ubuntu server.

 

Basic Usage of ChkrootKit

Once you have installed chkrootkit, you can use it to enhance your system's security by running various checks. Here's how to use chkrootkit for basic operations:

 

1. Running a Basic Scan

To perform a general scan of your system for rootkits, use the following command. This will execute chkrootkit without any specific parameters, causing it to run its default set of tests and display the results.

sudo chkrootkit
How to Install Chkrootkit on Ubuntu? [Step-by-Step]

This command scans various system aspects and reports if any common signs of rootkits are found.

 

2. Scanning in Quiet Mode for Specific Alerts

To run chkrootkit in a quieter mode where only warnings and notable results are displayed, use the -q option. This is useful for reducing the amount of output to only potentially problematic findings.

sudo chkrootkit-q
How to Install Chkrootkit on Ubuntu? [Step-by-Step]

This mode is particularly helpful when you are routinely checking your system and only want to be alerted to potential issues.

 

3. Listing All Available Tests

If you want to see all the tests chkrootkit can perform, use the -l argument. This will list all the checks that chkrootkit can do.

sudo chkrootkit -l

This command provides an overview of what chkrootkit is capable of checking, like specific system binaries, commands, and processes.

 

4. Checking Specific Directories

Chkrootkit allows you to specify a directory to check for rootkits using the -r option. This can be useful if you suspect a particular directory may be compromised.

sudo chkrootkit -r /path/to/directory

Replace /path/to/directory with the actual path of the directory you want to scan. This command will focus chkrootkit's scanning on that specific directory.

 

Automating Scans using ChkrootKit

Automating scans with chkrootkit using cron jobs and configuration files is a great way to ensure regular security checks. Here's how you can set it up:

 

1. Create a Bash Script for chkrootkit Scan

First, create a bash script that will run the chkrootkit scan. Use a text editor like nano or vim to create this script.

sudo nano /etc/cron.daily/chkrootkit_scan

Add the following lines to the script:

#!/bin/sh
/usr/bin/chkrootkit

This script calls chkrootkit and will be executed by cron. Save and close the file.

 

2. Make the Script Executable

For the cron job to run the script, it needs to be executable. Change the script's permissions with the following command:

sudo chmod +x /etc/cron.daily/chkrootkit_scan

This command makes your script executable.

 

3. Configure chkrootkit for Daily Scans

chkrootkit can be configured to run daily. Edit its configuration file:

sudo nano /etc/chkrootkit.conf

Find the line RUN_DAILY="false" and change it to RUN_DAILY="true". Save and exit the file.

 

4. Testing the Script

To test if your script works correctly, you can run it manually:

sudo /etc/cron.daily/chkrootkit_scan

This execution should perform a chkrootkit scan just as it would during its daily run.

 

5. Setting Up a Cron Job Manually (Optional)

If you want more control over when the scan runs, you can set up a cron job manually. Edit the cron file:

sudo crontab -e

Add a line to schedule the scan, for example, every day at 2 AM:

0 2 * * * /etc/cron.daily/chkrootkit_scan

 

Uninstalling Chkrootkit (Optional)

You can remove the package simply by using the remove or purge command:

sudo apt purge --autoremove -y chkrootkit
How to Install Chkrootkit on Ubuntu? [Step-by-Step]

The purge option is useful if you want to ensure that no trace of chkrootkit remains. The autoremove will remove any un-needed dependencies.

 

Conclusion

Using chkrootkit for system security is vital in today’s digital environment. Rootkits, being particularly stealthy types of malware, can compromise your system's integrity and security without detection. Chkrootkit serves as an essential tool in the arsenal against such threats, offering a way to scan and detect these hidden dangers. Regular use of chkrootkit, especially in automated routines, enhances your system’s defense against unauthorized access and potential data breaches. However, it should be part of a broader security strategy, including regular system updates, diverse security solutions, and vigilant monitoring.

For further reading and more in-depth information on chkrootkit and related topics, you can visit the following links:

 

Deepak Prasad

He is the founder of GoLinuxCloud and brings over a decade of expertise in Linux, Python, Go, Laravel, DevOps, Kubernetes, Git, Shell scripting, OpenShift, AWS, Networking, and Security. With extensive experience, he excels in various domains, from development to DevOps, Networking, and Security, ensuring robust and efficient solutions for diverse projects. You can reach out to him on his LinkedIn profile or join on Facebook page.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!