cPanelConfig - cPanel server configuration guide » chkrootkit http://www.cpanelconfig.com The complete guide to setup and manage a cPanel based server Fri, 17 Jul 2009 11:15:39 +0000 http://wordpress.org/?v=2.8 en hourly 1 Install and use chkrootkit http://www.cpanelconfig.com/cpanel-security-related-articles/install-chkrootkit/ http://www.cpanelconfig.com/cpanel-security-related-articles/install-chkrootkit/#comments Mon, 17 Sep 2007 22:05:18 +0000 yolau http://www.cpanelconfig.com/cpanel-security-related-articles/install-chkrootkit/
What is chkrootkit?

chkrootkit is a tool to locally check for signs of a rootkit.  It
contains:

* chkrootkit: a shell script that checks system binaries for
   rootkit modification.

* ifpromisc.c: checks if the network interface is in promiscuous
   mode.

* chklastlog.c: checks for lastlog deletions.

* chkwtmp.c: checks for wtmp deletions.

* check_wtmpx.c: checks for wtmpx deletions.  (Solaris only)

* chkproc.c: checks for signs of LKM trojans.

* chkdirs.c: checks for signs of LKM trojans.

* strings.c: quick and dirty strings replacement.

* chkutmp.c: checks for utmp deletions.

How to install chkrootkit

  1. Login to your server as root
  2. Download chkrootkit and extract the archive

    3. wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
    tar xvzf chkrootkit.tar.gz
    cd chkrootkit-0.47

  3. Install chkrootkit

    4. make sense

  4. Now lets run chkrootkit

    5. /root/chkrootkit-0.47/chkrootkit

Make sure you run it on a regular basis, perhaps you can include the scan in a cron job.

]]> http://www.cpanelconfig.com/cpanel-security-related-articles/install-chkrootkit/feed/ 4