Search for rootkit malware with chkrootkit

Going the Extra Mile

Chkrootkit uses a handful of native commands (awk, cut, echo, egrep, etc.). If you believe that your system might be compromised, then the best option is to mount its disk onto a clean system for inspection. Do not trust executables on a compromised system. Rootkit writers know about chkrootkit and will attempt to infect those commands it uses.You can also run chkrootkit in “expert” mode, which provides you with a verbose output of its checks so that you can inspect what it finds for yourself. Chkrootkit runs from cron so that you can schedule a daily scan of your system and mail the output to your user account or to a shared account.

Summary

Chkrootkit has been around for more than 20 years and is still actively developed. It, like other security solutions, is not a panacea. It is simply a part of a layered approach to your overall security strategy. Exercise caution before relying too heavily on a single approach in your own networks. Getting a clean bill of health from a chkrootkit scan doesn’t mean that your system is clean or uninfected by malware. There are many different types of malware, and chkrootkit checks for a single type.

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • chkrootkit

    Detect rootkits, worms, and other malware with chkrootkit.

  • Expert Security Intro

    Internet intruders have many ingenious ways of escalating privileges and hiding their presence once they get inside your system. The best protection is to keep them out in the cold.

  • Host-Based IDS

    A host-based intrusion detection system is a simple but powerful tool for finding traces of an attacker's footprint.

  • Trinity Rescue Kit

    Trinity Rescue Kit is driven by the practical requirements of the admin’s daily work, integrating a full set of tools for maintaining and rescuing Linux and Windows PCs.

  • Virtualizing Rootkits

    A new generation of rootkits avoids detection by virtualizing the compromised system – and the user doesn't notice a thing.

comments powered by Disqus

Direct Download

Read full article as PDF:

News