A rootkit is a type of malware that is used to enable unauthorized access to a system. The chkrootkit is a command line tool for scaning system to detect the rootkits.
This tutorial demonstrates how to install chkrootkit on Ubuntu 20.04.
Install chkrootkit
Execute the following command to update the package lists:
sudo apt updateNext, install chkrootkit:
sudo apt install -y chkrootkitWhen installation is finished, we can check chkrootkit version:
chkrootkit -VTesting chkrootkit
Execute the chkrootkit command without any arguments as root user to scan the system for rootkits:
sudo chkrootkitPart of an example output:
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
...........Output is pretty long. The -q option can be used in order to get only warnings and results with "INFECTED" status.
sudo chkrootkit -qWe can filter the output to find results with "INFECTED" status with grep command:
sudo chkrootkit | grep INFECTEDUninstall chkrootkit
If you decided to completely remove the chkrootkit, execute the following command:
sudo apt purge --autoremove -y chkrootkit
Leave a Comment
Cancel reply