Download latest chkrootkit and the md5 file from the source.

# wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

# wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5

Check the md5 file to make sure it is not corrupted. It should show OK.

# md5sum -c chkrootkit.md5
chkrootkit.tar.gz: OK

Extract it.

# tar -xzvf chkrootkit.tar.gz

compile after extraction.

# cd chkrootkit-0.52
# make sense

To run the rootkit test.

# cd chkrootkit-0.52/

# sudo ./chkrootkit

It should show nothing or not infected result.

If it show a sample output like this, it should be corrected.

++++++
Searching for Linux.Xor.DDoS … INFECTED: Possible Malicious Linux.Xor.DDoS installed
/tmp/postfix.config.SslMbt
++++++

To enabled the daily check you can open /etc/chkrootkit.conf and enable RUN_DAILY=”true”

• Uncategorized