How to check for rootkits on a dedicated server

Nowadays, running a web hosting business demands a carefully planned and well developed working strategy. Our Free Reseller Program offers you the best combination between easy to set up and technically sophisticated hosting solutions, and between low-cost reseller plans and powerful dedicated hosting packages that should meet all your demands. ResellersPanel is the only company that allows you to resell Dedicated Hosting Servers, as well as Virtual Private Servers and Semi-Dedicated Servers, without making any initial investments, and to earn a reasonably profitable income by simply using our Free Reseller Program.

Running a Dedicated Server requires a decent knowledge of Linux security. You will have to monitor the Server for what in the parlance of our modern world of Internet Technologies is called a rootkit. This is a software system that consists of one or more programs designed to obscure the fact that a given Operating System has been compromised. The rootkit does not grant a user administrator privileges, as it requires prior access to execute and configure system files and processes. An attacker may use that rootkit to replace vital system executables, which may themselves be used to hide processes and files the attacker has installed, along with the presence of the rootkit. To regularly check your Dedicated Server for rootkits is very important and at the same time very easy to perform. This way you can even prevent the Server from being fully rooted (hacked). When dealing with this task, you will have to use software that will automatically check the system on your behalf. Such useful software is, for example, Rootkit Hunter (rkhunter) or chkrootkit. Both are aiming at the same thing - to scan your Dedicated Server's Operating System for rootkits, backdoors and possible local exploits. You will need to use SSH (secure shell tunneling) on your Server in order to be able to install the software. You can establish an SSH connection via a software client such as PuTTY. To install the software, you will have to download it (preferrably from its main repository page, which is https://rkhunter.sourceforge.net/) and issue the following commands once logged on the Dedicated Server.

cd installation-directory/ (you decide where to install it)
wget https://sourceforge.net/projects/rkhunter/files/rkhunter/1.3.6/rkhunter-1.3.6.tar.gz/download
tar zxvf rkhunter-1.3.6.tar.gz
cd rkhunter-1.3.2/
sh installer.sh --layout default --install

Once the installation is completed, you can run

rkhunter --help

to check the commands and variables you can use with the software.

A simple command for running a check is:

rkhunter -c

chkrootkit is also a tool for checking for rootkit signs. You can install it by running the following commands:

cd installation directory
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar zxvf chkrootkit.tar.gz
cd chkrootkit.tar.gz
make sense

To run it, simply use

./chkrootkit

A sample command where lots of data can be seen is

./chkrootkit -x |more

You can find everything you want to know about this product at its home page, which is https://www.chkrootkit.org.

Using the dedicated hosting services under ResellersPanel's Free Reseller Program can spare you a lot of headache and investigation while trying to find the best, the most reliable and resourceful low-cost Dedicated Server provider on the Internet.