How To Install Chkrootkit on Fedora 40
In this tutorial, we will show you how to install Chkrootkit on Fedora 40. Chkrootkit is a free, open-source rootkit detection tool designed specifically for Unix-like operating systems, including Linux distributions such as Fedora 40. Developed by Nelson Murilo and Klaus Steding-Jessen, Chkrootkit is a shell script that performs a thorough scan of your system, searching for signs of rootkit infection. It accomplishes this by checking system binaries, libraries, and configuration files for known rootkit signatures and anomalies.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo
‘ to the commands to get root privileges. I will show you the step-by-step installation of the Chkrootkit on Fedora 40.
Prerequisites
Before we dive into the installation process, ensure that you have the following prerequisites in place:
- A server running one of the following operating systems: Fedora 40.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- You will need access to the terminal to execute commands. Fedora provides the Terminal application for this purpose. It can be found in your Applications menu.
- A stable internet connection to download the necessary packages.
- A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install Chkrootkit on Fedora 40
Step 1. Update the System.
Before installing any new software, it is crucial to ensure that your Fedora 40 system is up-to-date with the latest security patches and software updates. Open a terminal and run the following command:
sudo dnf clean all sudo dnf update
The package manager will retrieve the latest package information and prompt you to confirm the update. Press “y” and hit Enter to proceed with the update process. Depending on the number of updates available, this step may take a few minutes to complete.
Step 2. Installing Required Dependencies.
Chkrootkit relies on certain dependencies to function properly. Install the required packages by running the following command:
sudo dnf install wget gcc-c++ glibc-static
Step 3. Installing Chkrootkit on Fedora 40.
To keep your system organized, create a directory where you will download and compile Chkrootkit. For example:
mkdir ~/chkrootkit cd ~/chkrootkit
Navigate to the directory you created for Chkrootkit:
cd ~/chkrootkit
Download the latest version of Chkrootkit using wget
:
wget ftp://ftp.chkrootkit.org/pub/seg/pac/chkrootkit.tar.gz
Extract the downloaded tarball using the following command:
tar xvfz chkrootkit.tar.gz
Change to the extracted directory:
cd chkrootkit-*
Run the make command to compile Chkrootkit:
sudo make sense
Wait for the compilation process to complete. If there are no errors, proceed to the next step.
Move the compiled Chkrootkit files to a suitable directory, such as /usr/local/bin/
:
sudo mv chkrootkit /usr/local/bin/
Verify the installation by running Chkrootkit with the version option:
chkrootkit -V
If the installation was successful, you should see the version information displayed.
Step 4. Running Chkrootkit on Fedora 40.
With Chkrootkit installed on your Fedora 40 system, you are now ready to run scans and check for potential rootkit infections. This section will guide you through the basic usage of Chkrootkit and help you understand its output.
To run a simple Chkrootkit scan, open a terminal and execute the following command:
sudo chkrootkit
Chkrootkit will now perform a series of tests, scanning your system for known rootkit signatures and anomalies. The scan may take a few minutes to complete, depending on your system’s size and performance.
Once the scan is complete, Chkrootkit will display the results in the terminal. Each line represents a specific test performed by Chkrootkit, followed by the test’s status. Here are some common status messages you may encounter:
- “not infected”: This indicates that no signs of rootkit infection were found for the specific test.
- “not found”: The file or directory being tested was not found on your system.
- “not tested”: The test was skipped, usually because the necessary files or directories were not present.
- “INFECTED”: Chkrootkit has detected signs of a potential rootkit infection. This requires further investigation.
If Chkrootkit reports any “INFECTED” items, it is crucial to investigate the issue further. Take note of the specific test that triggered the warning and consult the Chkrootkit documentation or seek assistance from security experts to determine the appropriate course of action.
Congratulations! You have successfully installed Chkrootkit. Thanks for using this tutorial for installing the Chkrootkit on Fedora 40. system. For additional help or useful information, we recommend you check the Chkrootkit website.