Search for rootkit malware with chkrootkit
Going the Extra Mile
Chkrootkit uses a handful of native commands (awk, cut, echo, egrep, etc.). If you believe that your system might be compromised, then the best option is to mount its disk onto a clean system for inspection. Do not trust executables on a compromised system. Rootkit writers know about chkrootkit and will attempt to infect those commands it uses.You can also run chkrootkit in “expert” mode, which provides you with a verbose output of its checks so that you can inspect what it finds for yourself. Chkrootkit runs from cron so that you can schedule a daily scan of your system and mail the output to your user account or to a shared account.
Summary
Chkrootkit has been around for more than 20 years and is still actively developed. It, like other security solutions, is not a panacea. It is simply a part of a layered approach to your overall security strategy. Exercise caution before relying too heavily on a single approach in your own networks. Getting a clean bill of health from a chkrootkit scan doesn’t mean that your system is clean or uninfected by malware. There are many different types of malware, and chkrootkit checks for a single type.
« Previous 1 2