EssayBoard

I was performing security check on my system using Chkrootkit and RKHunter, and I found out that there were two hidden processes, Chkrootkit reported that trojan virus may have been installed on system.  Surprisingly, it is a brand new installation of Ubuntu 9.10 too.  It turned out to be a false positive, because this false positive can be reproduced by running RKHunter and Chkrootkit at the same time.  Folks, by running both rootkit detectors at the same time, chkrootkit is going to think that RKHunter is a trojan, because RKHunter uses unhide (a program that has a trojan like characteristic).

Want to be super paranoid?  You can download Chkrootkit by doing this in a terminal (shell) [wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz], do not include the square brackets in your command line.  This command gets you the latest Chkrootkit program.  Now you want to check for its MD5 signature by using this command [md5sum chkrootkit.tar.gz].  Compare the signature that the md5sum command outputs to here.  The output number of md5sum command should be the same as the number from the web link.  Checking MD5 signature is to ensure your download is not corrupted or being changed in any way or shape or form (you can do this with all files on your Linux system).  The next command is [tar xzvf chkrootkit.tar.gz] to extract the program from its compressed form (i.e., tar.gz).  You need to enter the uncompressed directory (folder), and then use command [make sense] to build the program.

To ensure that the Chkrootkit program stays the same even a hacker is able to hack your system, it’s best to put the Chkrootkit program onto a read only medium.  To do just that, you need to load a blank CD/DVD/USB HD/USB Flash Drive onto your computer, and then use a CD burning software (i.e., for CD/DVD) to burn the Chkrootkit program, if you haven’t built it already.  On your next rootkit hunting trip, all you have to do is to pop your Chkrootkit CD/DVD/USB HD/USB Flash Drive onto your computer, change into the directory that is representing your external medium (i.e., on Ubuntu – most likely be in /media/your-external-storage-here), and use command line [./chkrootkit] to check for rootkits on your Linux system.  The Chkrootkit program is safe from being modified by hackers if you save Chkrootkit’s files and folders on read only storage medium like CD/DVD.  Source.