Chkrootkit or Check Rootkit is a common Linux security tool which will scan your server for any signs of rootkits or worms which could severely impact the security of your server if they are not removed. In this blog post we are going to cover installing chkrootkit on a dedicated server and configure it to run daily and e-mail the results to a system administrator.
1. Move to /usr/local/src
cd /usr/local/src
2. Download and install the RPM
wget http://www6.atomicorp.com/channels/atomic/centos/5/i386/RPMS/chkrootkit-0.49-1.el5.art.i386.rpm rpm -ivh chkrootkit-0.49-1.el5.art.i386.rpm
3. Create file /etc/cron.daily/chkrootkit.sh with the following contents.
#!/bin/sh ( /usr/local/chkrootkit/chkrootkit ) | /bin/mail -s 'CHROOTKIT Daily Run (ServerNameHere)' name@domain.com
Replace ServerNameHere with the actual serer name and name@domain.com with your mail address.
Now you have installed Chkrootkit on the server and setup the cron that will run everyday.