chkrootkit (Check Rootkit) is a common Unix-based program intended to help system administrators check their system for known rootkits. It is a shell script using common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures and for comparing a traversal of the /proc filesystem with the output of the ps (process status) command to look for discrepancies.
You may need to install and configure the chrootkit tool in the server. You can setup a daily cron too for scanning it for rootkits.
cd /usr/local/src rm -rf chkrootkit* wget http://files.blog.xeonbd.com/chkrootkit.tar.gz tar -xzf chkrootkit.tar.gz cd chkrootkit-0.49/ make
Now setup a daily cron scripts, /etc/cron.daily/chkrootkit_cron.sh , as follows,
#!/bin/bash EMAIL="youremail@yourdomain.tld" cd /usr/local/bin/; ./chkrootkit 2>&1 | mail -s "XeonBD : CHKROOTKIT Scan Details" $EMAIL
