How do I scan my Linux system for rootkits, worms, trojans, etc.?

On this page

  1. chkrootkit
  2. rkhunter

Either with chkrootkit or with rkhunter.


Either install the package that comes with your distribution (on Debian you would run

apt-get install chkrootkit

), or download the sources from and install manually:

wget --passive-ftp
tar xvfz chkrootkit.tar.gz
cd chkrootkit-<version>/
make sense

Afterwards, you can move the chkrootkit directory somewhere else, e.g. /usr/local/chkrootkit:

cd ..
mv chkrootkit-<version>/ /usr/local/chkrootkit

Now you can run chkrootkit manually:

cd /usr/local/chkrootkit

(if you installed a chkrootkit package coming with your distribution, your chkrootkit might be somewhere else).

You can even run chkrootkit by a cron job and get the results emailed to you:


crontab -e

to create a cron job like this:

0 3 * * * (cd /usr/local/chkrootkit-<version>; ./chkrootkit 2>&1 | mail -s "chkrootkit output my server" [email protected])

That would run chkrootkit every night a 3.00h.


Download the latest rkhunter sources from

tar xvfz rkhunter-1.2.7.tar.gz
cd rkhunter/

This will install rkhunter to the directory /usr/local/rkhunter. Now run

rkhunter --update

to download the latest chkrootkit/trojan/worm signatures (you should do this regularly).

Now you can scan your system for malware by running

rkhunter -c

Share this page:

0 Comment(s)

Add comment