July 26, 2017

How to Install chkrootkit on FreeBSD

chkrootkit Logo

With chkrootkit you can regularly check your system for signs of a rootkit. chkrootkit looks for known signatures in trojaned system binaries. It also checks if the interface is in promiscuous mode, for lastlog deletions, for wtmp deletions, for wtmpx deletions, for signs of LKM trojans and for utmp deletions. Running chkrootkit as cron makes this a very useful security tool. chkrootkit is available on FreeBSD and can be installed through the port directory.

Root access is required to edit the following files and to execute commands. Log in as root (su) or simply prepend sudo to all commands that require root privileges.

Installing chkrootkit on FreeBSD

Navigate to the port directory and install chkrootkit with the following commands:

cd /usr/ports/security/chkrootkit
make install clean; rehash

Using chkrootkit on FreeBSD

Once chkrootkit is installed, you can simply start the tool by typing chkrootkit into the console.

Run chkrootkit from cron on FreeBSD

For example, to run chkrootkit every day at 3am and mail the output to root open your crontab with crontab -e, paste the following line, change the chkrootkit path and save it.

0 3 * * * (cd /path/to/chkrootkit; ./chkrootkit 2>&1 | mail -s "chkrootkit output" root)

Speak Your Mind