Installing CHKROOTKIT on Your cPanel Server To Find Trojans and Rootkits

Print Friendly, PDF & Email

chkrootkit

If this blog post helped you in some way, please leave a comment letting me know. Thanks!

If you’ve ever tried WHM/cPanel’s Trojan Scanner, you’ll know this tool list produces way too many false positives to be useful. I’ve had it list several hundred false positives in some instances. The last thing I want to do is spend my day double checking false positives. Instead, I installed a very powerful tool called CHKROOTKIT to get the job done and with minimal false positives.

Please note this applies for CentOS running WHM/cPanel.

To start, go ahead and ssh into your server as root.

Download CHKROOTKIT by typing:
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

Check the md5um from the vendor site here: ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5

Now, type this in your ssh session to make sure your md5sum matches the one on the vendor site:
md5sum chkrootkit.tar.gz

Unpack the download:
tar xvzf chkrootkit.tar.gz

Change to the chkrootkit director:
cd chkrootkit*

Compile chkrootkit:
make sense

Now you’re ready to run chkrootkit:
./chkrootkit

Everything listed should be either “not found” or “not infected.”

You’re going to want to do a quick removal of just the downloade tarbell:
cd..

And then:
rm chkrootkit.tar.gz

And you’re done! If you do happen to have a trojan or rootkit, start googling!

No comments yet.

Leave a Reply