Chkrootkit

From aoxoaWiki
Jump to navigationJump to search

chkrootkit is a security package that will look for O/S modifications that may indicate that your system has been hacked. See also rkhunter.

It is a fairly low-level utility, and doesn't have a nice GUI interface.

Below are some instructions for building and running the utility.

Building chkrootkit

Download the source code from www.chkrootkit.org/download and place it in a working directory.

Uncompress it, and un-tar it: 

  gunzip chkrootkit.tar.gz
  tar xvf chkrootkit.tar
  cd chkrootkit-0.50

At this point, instructions differ according to your operating system.

OS/X

Edit the Makefile. About 20 lines down is a section that reads: 

  ###
  ### Mac OS X
  ###
  # If you have Mac OS X, uncomment the next line
  #STATIC =


Uncomment the #STATIC = line. 

  STATIC =

Save the Makefile and build the utility 

  make sense

Run the full test suite with 

  sudo ./chkrootkit

OpenSuse 13.1

Rather than trying to build chkrootkit from source, i found an rpm installation package from software.opensuse.org. Select the correct version of OpenSuSE and the correct architecture (64 or 32-bit). Download the file and place it into a working directory.

Install the package with: 

  zypper install chkrootkit-0.50-7.2.x86_64.rpm

Run chkrootkit with the command (as root) 

  chkrootkit

Note: Apparenty, chkrootkit reports a false positive 

  Searching for Suckit rootkit... Warning: /sbin/init INFECTED

The rkhunter utility is also available for OpenSuSE.

Oracle Linux

Online Resources

www.chkrootkit.org

Back to Main Page

Retrieved from "http://wiki.aoxoa.com/index.php?title=Chkrootkit&oldid=727"