Chkrootkit
chkrootkit is a security package that will look for O/S modifications that may indicate that your system has been hacked. See also rkhunter.
It is a fairly low-level utility, and doesn't have a nice GUI interface.
Below are some instructions for building and running the utility.
Building chkrootkit
Download the source code from www.chkrootkit.org/download and place it in a working directory.
Uncompress it, and un-tar it:
gunzip chkrootkit.tar.gz tar xvf chkrootkit.tar cd chkrootkit-0.50
At this point, instructions differ according to your operating system.
OS/X
Edit the Makefile. About 20 lines down is a section that reads:
### ### Mac OS X ### # If you have Mac OS X, uncomment the next line #STATIC =
Uncomment the #STATIC = line.
STATIC =
Save the Makefile and build the utility
make sense
Run the full test suite with
sudo ./chkrootkit
OpenSuse 13.1
Rather than trying to build chkrootkit from source, i found an rpm installation package from software.opensuse.org. Select the correct version of OpenSuSE and the correct architecture (64 or 32-bit). Download the file and place it into a working directory.
Install the package with:
zypper install chkrootkit-0.50-7.2.x86_64.rpm
Run chkrootkit with the command (as root)
chkrootkit
Note: Apparenty, chkrootkit reports a false positive
Searching for Suckit rootkit... Warning: /sbin/init INFECTED
The rkhunter utility is also available for OpenSuSE.
Oracle Linux
Online Resources
Back to Main Page