In the unfortunate event that an attacker gains access to your system, one of the first things they'll do is try to hide their intrusion while preserving access for as long as possible, perhaps by installing a rootkit. A rootkit is a program that runs stealthily and gives the attacker administrator access. They embed themselves in the Linux kernel to prevent detection, and there are even rootkits that can hide in a system firmware's dedicated memory allowing an attacker to control the system even when it's powered down. This recipe shows you how to check your system for rootkits using chkrootkit.
This recipe requires a CentOS system with a working network connection. Administrative privileges are also required, either by logging in with the root
account or through the use of sudo
.