How to Install Chkrootkit on Ubuntu 22.04 or 20.04

Chkrootkit is a renowned security tool for Ubuntu systems, specifically designed to detect and neutralize rootkits and other malicious entities. For those aiming to install Chkrootkit on Ubuntu 22.04 Jammy Jellyfish or its older stable release Ubuntu 20.04 Focal Fossa, understanding its capabilities and significance is paramount. Let’s delve into the attributes and advantages of Chkrootkit.

Key Attributes of Chkrootkit:

Extensive Malware Detection: With the capability to identify over 70 known rootkits, worms, and other threats, Chkrootkit ensures comprehensive protection against prevalent security risks.
Consistent Updates: The tool is frequently updated to counteract emerging threats, ensuring a robust defense mechanism for your Ubuntu system.
User Accessibility: Designed with a command-line interface, Chkrootkit is intuitive and caters to novices and seasoned Ubuntu users.
Broad Compatibility: Chkrootkit integrates with various Ubuntu iterations, including the latest 22.04 Jammy Jellyfish and the widely-used 20.04 Focal Fossa.
Region-Specific Detection: Especially beneficial for Chinese Ubuntu users, Chkrootkit can pinpoint region-centric rootkits and malware, enhancing system security.

Why Chkrootkit is Essential for Ubuntu Users:

Swift Scanning: Chkrootkit ensures rapid and meticulous system scans, swiftly identifying potential threats.
Advanced Detection Mechanisms: Employing signature-based detection and heuristic analysis, Chkrootkit uncovers concealed rootkits and malicious software.
Comprehensive Reports: Post-scan, Chkrootkit produces detailed reports highlighting potential vulnerabilities and detected anomalies.
Tailored Scans: Users can modify the scanning parameters per their requirements, ensuring a personalized security check.
Community-Driven Development: Being open-source, Chkrootkit thrives on the collective contributions of a dedicated community, ensuring its continual refinement.

In essence, Chkrootkit stands as an indispensable security asset for Ubuntu users. Its comprehensive detection capabilities and adaptability position it as a vital tool for safeguarding Ubuntu systems. The subsequent guide will elucidate the steps to install Chkrootkit on Ubuntu using the APT package manager or source compilation via the command-line terminal.

Table of Contents

Install Chkrootkit on Ubuntu 22.04 or 20.04 via APT

Step 1: Update Package Lists Before Chkrootkit Installation

Before installing Chkrootkit, updating the package lists on your system is essential. This step ensures you have the latest information about available packages and the most recent versions. To update the package lists, open a terminal and run the following command:

sudo apt update & sudo apt upgrade

This command will fetch the latest package information from the repositories and upgrade any installed packages with newer versions.

Step 2: Install Chkrootkit on Ubuntu 22.04 or 20.04 via APT Command

To install Chkrootkit, you can utilize the APT package manager. This package manager is a convenient and efficient way to manage software on your Ubuntu system. Run the following command to install Chkrootkit:

sudo apt install chkrootkit

This command will install the Chkrootkit package, which includes the necessary tools and scripts to detect and prevent rootkits on your system. These tools will help you safeguard your system against malicious software and maintain its security.

Step 3: Verify the Chkrootkit Installation on Ubuntu

After installing Chkrootkit, verifying that the installation was successful is crucial. This step ensures that the software is correctly installed and ready to use. To verify the installation, run the Chkrootkit version command in the terminal:

chkrootkit -V

Install Chkrootkit on Ubuntu 22.04 or 20.04 via Source

Step 1: Download the Chkrootkit Source Code on Ubuntu

First, you must download the Chkrootkit source code from the official website. This process ensures that you have the most recent version of the software. Open a terminal and navigate to the directory where you want to download the source code. Then, run the following command:

wget ftp://chkrootkit.org/pub/seg/pac/chkrootkit.tar.gz

This command will download the Chkrootkit source code archive to your chosen directory.

Step 2: Extract the Chkrootkit source archive on Ubuntu

Next, you must extract the source code from the downloaded archive. Extracting the source code is necessary to access the files required for compilation and installation. Run the following command to extract the source code:

tar -xvzf chkrootkit.tar.gz

Step 3: Compile and Install Chkrootkit on Ubuntu 22.04 or 20.04

Before compiling Chkrootkit, ensure you have the necessary packages installed on your system. These packages include the GNU Compiler Collection (GCC) and the make utility. To check if you have these packages installed or to install them, run the following command:

sudo apt install gcc make build-essential

Now, navigate to the extracted Chkrootkit source code directory and run the following command to compile and install Chkrootkit:

cd chkrootkit-{your-version-number}
make sense

This command will compile the Chkrootkit source code and create an executable binary file.

Step 4: Verify the Chkrootkit Installation on Ubuntu

You can verify the installation by running the Chkrootkit command in the terminal. This step confirms that the software has been successfully compiled and installed. Run the following command:

./chkrootkit -V

Step 5: Setting Up Chkrootkit for Global Accessibility on Ubuntu

This section will focus on organizing the Chkrootkit installation on your Ubuntu system, making it globally accessible. This is important for the ease of use and keeping in line with the conventional structure of file systems in Linux.

Positioning Chkrootkit in a Standard Directory with Chkrootkit on Ubuntu

After successfully compiling Chkrootkit, it is considered best practice to move its directory to a standardized location in the file system. This not only organizes your files but also simplifies the accessibility of the Chkrootkit executable.

The convention is to place such software in /usr/local/bin for global accessibility. However, before doing that, we’ll move the Chkrootkit directory to /usr/local/share.

Make sure you are in the parent directory of the Chkrootkit directory. This should be one level above chkrootkit-{your-version-number}. To move Chkrootkit to /usr/local/share, execute the following command:

sudo mv chkrootkit-{your-version-number} /usr/local/share/chkrootkit

This command utilizes sudo to execute the move (mv) command with administrative privileges. It relocates the Chkrootkit directory to /usr/local/share, which is a common location for storing shared data.

Creating a Symbolic Link for Easy Access with Chkrootkit on Ubuntu

Now that we’ve moved Chkrootkit to a more appropriate location, let’s make it easily accessible from anywhere in the system by creating a symbolic link in /usr/local/bin. A symbolic link acts like a shortcut, enabling you to execute Chkrootkit without navigating to its directory every time.

To create this symbolic link, execute the following command:

sudo ln -s /usr/local/share/chkrootkit/chkrootkit /usr/local/bin/chkrootkit

This creates a symbolic link named chkrootkit in /usr/local/bin which points to the actual Chkrootkit executable in /usr/local/share/chkrootkit.

Verifying Chkrootkit’s Accessibility on Ubuntu

You should now be able to run Chkrootkit from anywhere in the terminal. To verify this, let’s use the version command to check Chkrootkit’s version:

chkrootkit -V

If you receive an output showing the version of Chkrootkit, it confirms that Chkrootkit is globally accessible.

Basic Commands with Chkrootkit on Ubuntu 22.04 or 20.04

Run a Scan for Rootkits with Chkrootkit on Ubuntu

Once Chkrootkit is installed, you can scan your system to detect any rootkits. To run a scan, open a terminal and execute the following command:

sudo chkrootkit

This command will display the version of Chkrootkit and initiate a comprehensive scan of your system, searching for any potential rootkits.

If you prefer a more concise output that only displays potential issues, you can use the quiet mode:

sudo chkrootkit -q

Configure Automatic Scanning with Chkrootkit on Ubuntu

You can enable automatic daily scanning with the APT version of Chkrootkit to enhance your system’s security. First, open the configuration file by running the following command:

sudo nano /etc/chkrootkit/chkrootkit.conf

Next, find the line containing RUN_DAILY and change its value to TRUE. By default, this value should already be set to TRUE, but it’s a good practice to verify this setting.

Screenshot of setting up daily automatic scans using Chkrootkit on Ubuntu 22.04 or 20.04. — Configuring Chkrootkit to perform daily scans on Ubuntu 22.04 or 20.04.

Save the changes by pressing CTRL+O and exit the editor with CTRL+X.

Explore Chkrootkit Commands and Documentation on Ubuntu

To learn more about Chkrootkit commands and options, you can access its Help menu by running the following command:

chkrootkit -h

Screenshot of Chkrootkit's help command output on Ubuntu 22.04 or 20.04. — Example of Chkrootkit’s help command results on Ubuntu 22.04 or 20.04.

Alternatively, you can access Chkrootkit’s manual page using the man command:

man chkrootkit

Another screenshot of Chkrootkit's help command output on Ubuntu 22.04 or 20.04. — Further insights into Chkrootkit’s help command on Ubuntu 22.04 or 20.04.

Conclusion

In this guide, we have covered the installation and usage of Chkrootkit on Ubuntu Linux to help protect your system from rootkits. We discussed two different methods of installation: using the APT package manager and installing from the source code. Additionally, we went through the process of running Chkrootkit, configuring automatic scanning, and exploring its commands and documentation. By following these steps, you can ensure that your Ubuntu Linux system remains secure and up to date against potential rootkit threats.

Share This Post: