Detect and Remove Rootkits in Linux Easier


Linux is invulnerable to viruses because viruses only works in Weeniedos, I mean Windows. But it should be noted that Linux is not safe from  rootkits. A rookit is a malicious code or program that enables a cracker to have a privileged access to a certain computer while using the Art of Cyber Ninjitsu in order to hide from root users or administrators.

An example of a rootkit is a PHP Backdoor shell that allows a cracker to upload and download files from your web server which makes defacing the index page easier without the use of SSH access. But there is a solution for removing and detecting rootkits easier rather than manually searching for suspicious codes (But manual searching could also be good after scanning for suspicious codes using a scanner), which is none other than Chkrootkit.

Chkrootkit is an Open Source tool that scans and checks signs of rootkits in your computer locally. Chkrootkit has been tested on: Linux 2.0.x, 2.2.x, 2.4.x and 2.6.x, FreeBSD 2.2.x, 3.x, 4.x, 5.x and 7.x, OpenBSD 2.x, 3.x and 4.x., NetBSD 1.6.x, Solaris 2.5.1, 2.6, 8.0 and 9.0, HP-UX 11, Tru64, BSDI and Mac OS X.

And so here is my simple tutorial in installing and using chkrootkit:

1. Download the tarball file from the official website (‘Using the wget command’)

wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

2. Unpack the file:

tar zxvf chkrootkit.tar.gz

3. Move to the main directory or the folder or the main unpacked folder which is the first directory displayed after unpacking the file

cd chkrootkit-0.49

[cd means move to or go to]


4. Give permission on the script:

chmod +x chkrootkit

5. Execute the script

sudo ./chkrootkitor


su ./chkrootkitor



Finding nemo

After that, it should start scanning your computer locally.

Be safe!       ~/shipcode

One Comment

Leave a Reply