Install chkrootkit on Ubuntu 20.04

A rootkit is a type of malware that is used to enable unauthorized access to a system. The chkrootkit is a command line tool for scaning system to detect the rootkits.

This tutorial demonstrates how to install chkrootkit on Ubuntu 20.04.

Install chkrootkit

Execute the following command to update the package lists:

sudo apt update

Next, install chkrootkit:

sudo apt install -y chkrootkit

When installation is finished, we can check chkrootkit version:

chkrootkit -V

Testing chkrootkit

Execute the chkrootkit command without any arguments as root user to scan the system for rootkits:

sudo chkrootkit

Part of an example output:

ROOTDIR is `/'
Checking `amd'...                                           not found
Checking `basename'...                                      not infected
Checking `biff'...                                          not found
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
...........

Output is pretty long. The -q option can be used in order to get only warnings and results with "INFECTED" status.

sudo chkrootkit -q

We can filter the output to find results with "INFECTED" status with grep command:

sudo chkrootkit | grep INFECTED

Uninstall chkrootkit

If you decided to completely remove the chkrootkit, execute the following command:

sudo apt purge --autoremove -y chkrootkit

Leave a Comment

Your email address will not be published.