chkrootkit
is a tool that’s used to determine if a Unix server has been compromised.
You can’t do yum install chkrootkit
on CentOS so follow the instructions below instead:
yum update yum install wget gcc-c++ glibc-static wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5 md5sum -c chkrootkit.md5 chkrootkit.tar.gz: OK tar –xzf chkrootkit.tar.gz mkdir /usr/local/chkrootkit mv chkrootkit-0.52/* /usr/local/chkrootkit cd /usr/local/chkrootkit make sense
To do a scan:
/usr/local/chkrootkit/chkrootkit
To enable automatic scanning:
You can add a cron entry for running chkrootkit automatically and send a scan report to your mail address. Create and add the following entries to “/etc/cron.daily/chkrootkit.sh”
#!/bin/sh ( /usr/local/chkrootkit/chkrootkit ) | /bin/mail -s 'CHROOTKIT Daily Run (ServerName)' [email protected]