A rootkit is a type of malware that is used to enable unauthorized access to a system. The chkrootkit is a command line tool that scans system in order to detect the rootkits.
This tutorial shows how to install chkrootkit on Raspberry Pi.
Connect to Raspberry Pi via SSH. Execute the following commands to update the package lists and install chkrootkit:
sudo apt update
sudo apt install -y chkrootkitAfter the installation is finished, we can check chkrootkit version.
chkrootkit -VNow run the chkrootkit command without any arguments as root user to scan the system for rootkits:
sudo chkrootkitFormat of the output will be similar to this:
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
...........The output is quite long. So if you want to get only warnings and results with "INFECTED" status, use -q option:
sudo chkrootkit -qWe can also filter the output to find results with "INFECTED" status by using grep command:
sudo chkrootkit | grep INFECTEDIf you want to completely remove the chkrootkit, run the following command:
sudo apt purge --autoremove -y chkrootkit
Leave a Comment
Cancel reply