chkrootkit is a utility that searches your system for installed
rootkits. It is a host-based intrusion detection system (HIDS) that
should be used in conjunction with a tool such as FCheck or Tripwire.
Here are chkrootkit 0.40 RPMs I created for Red Hat Linux 9:
http://brandonhutchinson.com/chkrootkit-0.40-1.src.rpm
http://brandonhutchinson.com/chkrootkit-0.40-1-i386.rpm
1. wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
2. tar zxvf chkrootkit.tar.gz
3. cd chkrootkit-version_number
4. make
5. Copy chkrootkit and
associated executables into /usr/local/bin
find . -type f -perm +001 -exec cp {} /usr/local/bin \;
Next, create a root crontab entry to run chkrootkit daily.
0 3 * * * (cd /usr/local/bin; ./chkrootkit 2>&1 | /bin/mail -s "`/bin/hostname` chkrootkit output for `/bin/date +\%m`-`/bin/date +\%d`-`/bin/date +\%y`" root)
For more information, check the chkrootkit homepage.
Back to brandonhutchinson.com.