Chkrootkit or Check Rootkit is a common Linux security tool that will scan your server for any signs of rootkits or worms which could severely impact the security of your server if they are not removed. In this blog post, we are going to cover installing Check Rootkit on a dedicated server and configuring it to run daily and e-mailing the results to a system administrator.
1. Move to /usr/local/src
cd /usr/local/src
2. Download and install the RPM
wget http://www6.atomicorp.com/channels/atomic/centos/5/i386/RPMS/chkrootkit-0.49-1.el5.art.i386.rpm rpm -ivh chkrootkit-0.49-1.el5.art.i386.rpm
3. Create file /etc/cron.daily/chkrootkit.sh with the following contents.
#!/bin/sh ( /usr/local/chkrootkit/chkrootkit ) | /bin/mail -s 'CHROOTKIT Daily Run (ServerNameHere)' name@domain.com
Replace ServerNameHere with the actual server name and name@domain.com with your mail address.
Now you have installed Chkrootkit on the server and set up the cron that will run every day.