How to Install Chkrootkit on Debian 12

Introduction

Before we begin talking about how to install Chkrootkit on Debian 12, let's briefly understand – What is Chkrootkit?

Chkrootkit is a highly regarded, free security tool for Linux systems. This software helps detect potential rootkits, which are malicious programs that give unauthorized access to an attacker.

With Chkrootkit, you can scan your system for signs of common rootkit symptoms and take prompt action if any are detected. By regularly using Chkrootkit, you can enhance the security of your Linux system and ensure that no unauthorized access is compromising your data.

In this tutorial, you will install Chkrootkit on Debian 12. We will also address a few FAQs on how to install Chkrootkit on Debian 12.

Advantages of Chkrootkit

1. Detects Rootkits: Chkrootkit efficiently scans your Linux system and detects potential rootkits, preventing unauthorized access by malicious attackers.
2. Free and Reliable: Being a free and trusted security tool, Chkrootkit provides a reliable solution for identifying and neutralizing rootkits.
3. User-Friendly: Chkrootkit's simple interface and ease of use make it accessible to both beginner and experienced Linux users.
4. Regular Scanning: By regularly running Chkrootkit, you can ensure continuous protection against evolving rootkit threats on your system.
5. Enhances System Security: Chkrootkit strengthens the security of your Linux system, giving you peace of mind knowing that your data is being protected from unauthorized access and potential compromises.

Install Chkrootkit on Debian 12 via APT

Step 1: Check For Updates Before Chkrootkit Installation

To install Chkrootkit, first make sure your Debian Linux system's package lists have been refreshed. In addition to priming your system with the newest software updates and security patches, refreshing the package lists gives it the most recent information on available packages and their versions. To do this, type the following command into the terminal:

sudo apt update && sudo apt upgrade

This command updates any installed packages to the most recent versions, if available, and obtains the most recent package information from the repositories.

Step 2: Install Chkrootkit on Debian 12 via APT Command

Once your system has been updated, continue installing Chkrootkit. Software installation is made easier with the help of the APT package manager, which is the standard software management system for Debian. To install Chkrootkit using APT, run the following command:

sudo apt install chkrootkit

The Chkrootkit package is installed when this command is run.

Step 3: Confirm Chkrootkit Installation on Debian via APT

Verify a successful installation and appropriate setup for instant use after installing Chkrootkit. This validation protects the integrity of the process and gets you ready to use Chkrootkit efficiently. Enter the Chkrootkit version command in the terminal to verify the installation:

chkrootkit -V

This command verifies that the program is installed and running by displaying the installed version of Chkrootkit.

Install Chkrootkit on Debian 12 via source

Step 1: Download Chkrootkit Source on Debian

Initially, you must download Chkrootkit's source code from its official website. By doing this, you can be sure that you are downloading the most recent version of the software, which may include security updates or new features. Open the directory where you plan to store the source code in the terminal. Next, use the following command to download the archive containing the Chkrootkit source code:

wget ftp://ftp.chkrootkit.org/pub/seg/pac/chkrootkit.tar.gz

With the help of this command, you can store the compressed source code of Chkrootkit in the directory you've designated.

Step 2: Extract Chkrootkit Source Archive on Debian

The next step is to extract the source code after downloading the archive. Because it allows you to access the files and directories required for the compilation and installation, this step is essential.

Run the following command to extract the source code:

tar -xvzf chkrootkit.tar.gz

Step 3: Configure and Build Chkrootkit on Debian

Make sure you have the necessary packages installed on your Debian Linux system before attempting to compile Chkrootkit. Among these are the GNU Compiler Collection (GCC) and the essential make utility for compilation.

Utilize the following command to install them:

sudo apt install gcc make build-essential

It should be noted that build-essential, not build-essential, is the correct package name.

Proceed to the directory where the extracted Chkrootkit source code is located. As demonstrated below, use the cd command, but be sure to substitute the real version number of the downloaded Chkrootkit source code for {your-version-number}:

cd chkrootkit-{your-version-number}
make sense

This command creates an executable binary file by compiling the Chkrootkit source code.

Step 4: Confirm Chkrootkit Installation on Debian

Once Chkrootkit has been assembled and configured, carefully confirm that the installation procedure was successful. This validation guarantees the readiness and preparation of Chkrootkit for use. To accomplish this, run the Chkrootkit version command listed below:

./chkrootkit -V

This command confirms that the software was installed and is operating correctly by displaying the installed version of Chkrootkit.

Step 5: Move Chkrootkit for System Global Access on Debian

Once Chkrootkit has successfully compiled, you should make the executable system-wide and relocate the Chkrootkit directory to a more conventional location within the file system. Putting such software in /usr/local/bin for worldwide accessibility is standard procedure.

The Chkrootkit directory should first be moved to /usr/local/share. To begin with, make sure you are in the Chkrootkit directory's parent directory, which is located one level above chkrootkit-{your-version-number}. Next, carry out the subsequent command:

sudo mv chkrootkit-{your-version-number} /usr/local/share/chkrootkit

Next, make a symbolic link in /usr/local/bin to the Chkrootkit executable. Because of this, Chkrootkit can be accessed from anywhere on the computer without having to go to its directory. To create the symbolic link, run the following command:

sudo ln -s /usr/local/share/chkrootkit/chkrootkit /usr/local/bin/chkrootkit

Chkrootkit is now available everywhere. Simply typing the Chkrootkit version command into the terminal from any location will allow you to confirm this:

chkrootkit -V

This extra step simplifies the use of Chkrootkit, makes it more accessible, and conforms to standard procedures for handling Linux system software installations.

Basic Commands with Chkrootkit for Rootkit Detection on Debian 12

Before proceeding, it's important to understand that you usually need to run Chkrootkit with sudo in order to perform system scanning. This is due to the fact that Chkrootkit needs elevated privileges in order to fully examine every part of your Debian Linux system, including parts that are inaccessible to ordinary users. Chkrootkit can effectively search the entire system for rootkits if it is run with sudo.

Let's use Chkrootkit to perform some scanning now.

Step 1: Initiate Rootkit Scanning Using Chkrootkit on Debian

Now that you have Chkrootkit installed, you should make use of its features to protect your Debian Linux system. Finding any rootkits on your system is one of Chkrootkit's main functions. Malicious software called rootkits can grant unauthorized users access to and control over your computer. To run a comprehensive scan in a terminal, type the following command:

sudo chkrootkit

This command starts a thorough scan that examines all components of the system for anomalies that could point to the existence of rootkits.

Use the quiet mode if you would prefer a more condensed output that simply highlights possible problems without overloading you with information:

sudo chkrootkit -q

By limiting the output, any red flags are easier to identify.

Step 2: Establish an Automatic Scanning Regimen with Chkrootkit

Continuous attention to detail is necessary to maintain a secure environment. Modify Chkrootkit's configuration file to set it up to run automatic scans every day.

Use the following command to open the configuration file:

sudo nano /etc/chkrootkit/chkrootkit.conf

Look for the RUN_DAILY attribute in this file and confirm that its value is set to TRUE. Although this is usually the default configuration, making sure assures that the daily automated scans are enabled.

RUN_DAILY="true"

Press CTRL + O to save the file after editing, and CTRL + X to close the editor.

Unlike installing from the Debian repositories, installing Chkrootkit from source removes the need for the default configuration file chkrootkit.conf. Usually, the packaged version of Chkrootkit that is included with Debian repositories includes the chkrootkit.conf file.

You don't need a configuration file to run the tool directly when manually installing Chkrootkit from source. You must write your own script or cron job, though, if you wish to automate or configure the scans.

For instance, you could write a short shell script that runs the desired chkrootkit command and schedule it using cron, allowing you to run Chkrootkit every day.

Here's an example of how to do it:

For example, create the script file daily_chkrootkit.sh.

#!/bin/bash
/usr/local/bin/chkrootkit

Make the script available for execution:

chmod +x daily_chkrootkit.sh

To set the script to run every day, edit the crontab file:

sudo crontab -e

In order to execute the script every day at a specified time (such as 2:00 AM), add the following line to the crontab file:

0 2 * * * /path/to/daily_chkrootkit.sh

In this manner, Chkrootkit scans can be efficiently automated, even when installing straight from the source.

Step 3: Delve into Chkrootkit’s Array of Commands and Documentation

Knowing what Chkrootkit can do is essential for such a powerful tool. Chkrootkit includes a number of commands and options suited to different types of scans.

Open the Help menu and run the following to see a list of commands:

chkrootkit -h

This offers a concise overview of the features and options available in Chkrootkit.

To gain a comprehensive understanding, examine the Chkrootkit manual page, which can be accessed via:

man chkrootkit

This brings up a plethora of information that explains Chkrootkit's options, commands, and use cases.

Step 4: Experimenting with Advanced Scanning Options

Chkrootkit provides specific settings for personalized, improved scanning. If you know the name of a rootkit, you can search for it:

sudo chkrootkit wormscan

With this command, worms are found.

You can also use the following advanced command to find out when the network service binaries were last modified:

sudo chkrootkit -l /sbin

This sample command checks for changes in the /sbin directory.

To properly use Chkrootkit, you must become familiar with its many settings and experiment to match your security goals with the scans. More thorough and targeted protection is possible when you adjust the depth and focus of your scans.

FAQs to Install Chkrootkit on Debian 12

Conclusion

We hope this tutorial helped you understand how to install Chkrootkit on Debian 12.

If you have any queries, please leave a comment below, and we’ll be happy to respond to them for sure.