• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Urban Penguin

The Urban Penguin - Linux Training

  • Home
  • About
  • Live Online Courses
  • Shop
  • RHCSA Guide
  • Programming
    • Master Editing Text Files Using VIM
    • Learn Shell Scripting with BASH
    • PERL Scripting in Linux
    • Ruby Scripting in Linux
    • Scripting with PowerShell
    • Learn C Programming using Linux and the Raspberry Pi
    • General Java Tutorials
    • Java 7 OCA Exam 1ZO-803
  • OS Tutorials
    • Red Hat and CentOS Training
      • Red Hat Enterprise Linux System Administration 1 – RH124
      • RHCSA – System Admin 2 – RH134
      • RHCE – EX294 – Automation With Ansible
    • Learning Ubuntu
    • LPI Training
      • LPI Linux Essentials
      • LPIC-1 Linux Administrator
      • LPIC-2 Certified Linux Engineer
      • LPIC-3 Senior Level Certification
        • LPIC-3 Exam 300 : Mixed Environments
        • LPIC-3 Exam 303 : Security
        • LPIC-3 Exam 304 : Virtualization and High Availability
    • Linux Technologies
      • Apache HTTPD Server
      • Learning PHP
      • Learning PUPPET
      • Learning SAMBA
      • Linux File-Systems
      • Monitoring with Nagios Core
      • MYSQL
      • openLDAP Directories on Linux
You are here: Home / Linux / LPIC-3 Exam 303 / CentOS 7 chkrootkit

CentOS 7 chkrootkit

August 23, 2018 by The Urban Penguin

Using CentOS 7 chkrootkit

The standard repositories for CentOS do not include a package for chkrootkit as they do for Ubuntu. However, this is not really an issue as the installation from source is not a difficult task. To use CentOS 7 chkrootkit, first, we make sure that we have the packages needed to compile from source. The group Development Tools is a good target for this, but we will also add wget and glibc-static.

$ sudo yum groups install -y "Development Tools"
$ sudo yum install -y wget glibc-static

We can now download the source from the software author. The website is http://www.chkrootkit.org. You can check on the latest version from the site and retrieve the link to download it. As of 2017 the current version is 0.52 for us to use CentOS 7 chkrootkit. To download the current version:

$ wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

Now you can proceed to expand the archive:

$ tar -xzf chkrootkit.tar.gz

We can then move into the directory and compile the required files. The main program is a shell script, this script, though, calls the compliled binaries.

$ cd chkrootkit-0.52/

To compile the code we uase make. There is only one make target in the Makefile. The target is called sense, so we can amusingly call:

$ make sense

We now should copy the directory to a sensible location:

$ cd ; sudo mv chkrootkit-0.52/ /usr/local/ 
$ ln -s /usr/local/chkrootkit-0.52/ /usr/local/chkrootkit

The last command creates a link /usr/local/chkrootkit that points to the current version directory /usr/local/chkrootkit-0.52/. When a new version is developed we can link to the new directory. The link gives us a consistent location to use that is independent to the verion of chkrootkit.

The chkrootkit script calls the compiled binaries using a relative path. We should run the command from the directory which we can acheive by grouping commands:

$ sudo bash -c 'cd /usr/local/chkrootkit && ./chkrootkit -q'

Running Cronjobs

Most of the time we will by running chkrootkit and most other malware detectors as a cron job. If we have compiled chkrootkit we will need to define our own cron task. To run the task daily we can create a script in /etc/cron.daily

$ sudo vim /etc/cron.daily/chkrootkit 
#!/bin/sh
cd /usr/local/chkrootkit ./chkrootkit -q | mail -s "CHKROOTKIT daily run" root
$ chmod +x /etc/cron.daily/chkrootkit

We can leave this to run with cron and check the root user’s mail daily. To test execution we can execute as the root user:

$ sudo /etc/cron.daily/chkrootkit

To check the mail has been recieved we can open a root shell and read mail:

$ sudo -i
# mail

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Tumblr (Opens in new window)
  • Click to print (Opens in new window)

Filed Under: LPIC-3 Exam 303

Primary Sidebar

Newest Video

The Urban Penguin On Youtube

Products

  • Complete RHCSA 8 Study Guide Complete RHCSA 8 Study Guide £5.99
  • SELinux Guide SELinux Fundamentals in Red Hat Enterprise Linux 8 £1.99
  • Managing POSIX ACLS in Linux £0.99
  • Managing Linux File Permissions £0.99
  • Kernel Module Administration in Linux £0.99

Categories

Pages

  • About The Urban Penguin
  • Contact Us
  • Shop
    • Basket
    • Checkout
    • My Account
  • LPI Training from The Urban Penguin
    • Live and Pluralsight hosted courses
    • Complete Linux Essentials
    • LPIC-3 Senior Level Certification
      • LPIC-3 Exam 300 : Mixed Environments
      • LPIC-3 Exam 303 : Security
      • LPIC-3 Exam 304 : Virtualization and High Availability
    • LPIC-2 Certified Linux Engineer
    • LPIC-1 Linux Administrator
    • LPI Linux Essentials for Raspberry Pi
    • LPI Linux Essentials
  • Operating System Tutorials
    • Linux Foundation Training
    • Solaris 11 OCA 1ZO-821
    • Learning Ubuntu
    • Learning SUSE
    • Red Hat and CentOS Training
      • RHCE – EX294 – Automation With Ansible
      • RHCSA – System Admin 1 – RH124
      • RHCSA – System Admin 2 – RH134
  • Scripting – the power of repetition!
    • Java 7 OCA Exam 1ZO-803
    • General Java Tutorials
    • Learn C Programming using Linux and the Raspberry Pi
    • Ruby Scripting in Linux
    • Scripting with PowerShell
    • PERL Scripting in Linux
    • Learn Shell Scripting with BASH
    • Master Editing Text Files Using VIM
  • Linux Technologies
    • Learning PUPPET
    • openLDAP Directories on Linux
    • Monitoring with Nagios Core
    • Linux File-Systems
    • Learning SAMBA
    • Apache HTTPD Server
    • Learning PHP
    • MYSQL
  • OpenStack
    • Pluralsight
    • Udemy
    • Raspberry Pi Tutorials
    • Citrix Videos
  • Online Instructor-led Courses
    • Red Hat Enterprise Linux System Administration 1 – RH124
    • SELinux Masterclass
    • Bash Scripting Masterclass
    • Nftables Masterclass

© 2021 The Urban Penguin · All Rights Reserved

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok