If your system becomes infected by a rootkit then someone can corrupt or steal your data, deface your sites, steal your data, send spam or launch phishing attacks. This article will help you set up automated scans which email you about any issues on your server. I have written guides for chkrootkit and rkhunter, two great rootkit scanners, both of which I would recommend running as each excel in different areas.
chkrootkit
Install and run chkrootkit by running the following commands (as root or su).
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz tar xvzf chkrootkit.tar.gz cd chkrootkit* make sense ./chkrootkit
Create a new daily cron job to run the scan (this code uses the vi text editor).
cd /etc/cron.daily vi chrootkit.sh
Enter the following text (this code assumes chkrootkit was installed to /root/chkrootkit-0.49).
cd /root/chkrootkit-0.49/ ./chkrootkit | mail -s "chkrootkit scan results" YOUR_EMAIL_ADDRESS
rkhunter
Install and run rkhunter by running the following commands (as root or su). At the time of writing 1.3.6 was the latest version of rkhunter.
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.3.6/rkhunter-1.3.6.tar.gz?use_mirror=nchc tar xvzf rkhunter-1.3.6.tar.gz cd rkhunter-1.3.6 ./installer.sh ––install ./rkhunter --update ./rkhunter -c
Create a new daily cron job to run the scan.
cd /etc/cron.daily vi rkhunter.sh
Enter the following text (this code assumes chkrootkit was installed to /root/rkhunter-1.3.6).
cd /root/rkhunter-1.3.6/files/ ./rkhunter --cronjob --rwo --nocolors | mail -s "rkhunter scan results" YOUR_EMAIL_ADDRESS
