The Chkrootkit security scanner is a popular security tool that allows administrators to check the local system for evidence of a rootkit infection. It consists of a shell script that checks various security issues and system binaries for rootkit modification. You can use Chkrootkit in the command line or GUI. It is just like rkhunter which is another rootkit detection and removal tool.

Here at FixWebNode, we shall look into how to install Chkrootkit on Ubuntu 22.10 Kinetic Kudu.

Steps to install Chkrootkit on Ubuntu 22.10 Kinetic Kudu

1. Perform System Update

To begin, update all packages in the system by running the below command:

$ sudo apt update
$ sudo apt upgrade

Also install a few important system packages with the below command:

$ sudo apt install wget apt-transport-https gnupg2 software-properties-common

2. Install Chkrootkit on the system

Now, you can install the latest version of Chkrootkit to your Ubuntu system, which is available by default on the system's base repository:

$ sudo apt install chkrootkit

3. Confirm Chkrootkit installation

You can run the below command to confirm Chkrootkit installation:

chkrootkit -V

This will display the version installed.

How to launch Chkrootkit on Ubuntu ?

You can run the below command to use Chkrootkit on your system:

$ chkrootkit

If your system is infected, you will see an output similar to below:

Checking `sshd'...                                          not infected
Checking `syslogd'...                                       not tested
Checking `tar'...                                           not infected
Checking `tcpd'...                                          INFECTED
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not found

Alternatively, you can scan your server in quiet mode using the chkrootkit command with the -q option:

$ chkrootkit -q

To enable an automatic daily scan of your system first use:

$ sudo nano /etc/chkrootkit.conf

And change the line below:

RUN_DAILY="true"

Save and close the file, then exit the editor.

You can list out the options available with Chkrootkit with the following command:

$ chkrootkit -h

You can filter the output to find results with "INFECTED" status with grep command:

$ sudo chkrootkit | grep INFECTED

How to uninstall Chkrootkit from Ubuntu 22.10 Kinetic Kudu system ?

If you decided to completely remove the chkrootkit, execute the following command:

$ sudo apt purge --autoremove -y chkrootkit

[Need help in fixing Ubuntu Linux system issues ? We can help you. ]