How to Check for Rootkits on a Dedicated Server (Step-by-Step)

Keeping your server safe is one of the most important things you can do, especially if you’re running a dedicated server, One serious threat to watch out for is a rootkit, a sneaky type of malware that hides deep in your system and can go unnoticed while giving attackers control, in this guide we will show you How to Check for Rootkits on a Dedicated Server using simple tools and steps, whether you’re a begginer or want to double-check your system’s security, this guide will help you stay protected.

How to Install Rkhunter on a Dedicated Server

Keeping your dedicated server secure means regularly checking for hidden threats, one of the most dangerous types is a rootkit, which can secretly control parts of your system without being noticed, read on to get informed.

Prerequisites:

– A Dedicated Server: You can checkout NeuronVM for low cost Dedicated Servers.

– Admin access to the dedicated server

– Knowledge of the server’s operating system

– Backup and recovery plan

Step 1: Connect to the Server via SSH

In this section, we will show you how to Check for Rootkits on a Dedicated Server, to beging you need to connect to your server using SSH, once you’re logged into your server, you can start the installation proccess by following the steps below,  to find directory where Rkhunter is installed, run the following command:

cd installation-directory/

Step 2: Download the Rkhunter Installation Package

To beging the installation proccess, you need to download the Rkhunter from its official website, run the following the command, to install Rkhunter:

wget http://sourceforge.net/projects/rkhunter/files/rkhunter/1.3.6/rkhunter-1.3.6.tar.gz/download

Step 3: Extract the Rkhunter Archive file 

Once the Rkhunter file has been download it the next step you have to do is to extract its contents, to decompress it use the following command:

tar zxvf rkhunter-1.3.6.tar.gz

Step 4: Navigate to the Rkhunter directory:

After extracting the archive, you need to move into the Rkhunter directory:

cd rkhunter-1.3.2/

Step 5: Install Rkhunter

Now that you’re inside the Rkhunter directory, you can install Rkhunter with the help of the following command using trhe default layout:

sh installer.sh --layout default --install

Checking for Rootkits on a Dedicated Server

Step 1: View Rkhunter Command Guide 

After successfully installing Rkhunter, the first thing you might want to do is explore the available commands and options, which help you understand how to use the tool effectively, Run the following command to see a list of commands:

rkhunter --help

Step 2: Run a basic Rootkit scan

Once you’re familiar with the available commands, you can perform a basic system check using Rkhunter, to run the scan, enter the following command:

rkhunter -c

Step 3: Navigate to chkrootkit Installation Directory

The key takeaway is that chkrootkit is a tool used to detect symptoms of Rootkits, soo you need to install it, firstly, you need to reference the installation directory of chkrootkit:

cd installation directory

Step 4: Download the chkrootkit Package

After navigating to the preferred installation directory, the next step is to download the chkrootkit package, this tool helps scan your system for common signs of rootkits, use the following command to download the package:

wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

Step 5: Extract the chkrootkit package

Use the following command to extract chkrootkit:

tar zxvf chkrootkit.tar.gz

Step 6: Navigate to the chkrootkit Directory

After extracting the archive, you need to move into the newly created chkrootkit directory to begin the installation, use the following command:

cd chkrootkit.tar.gz

Step 7: Compile chkrootkit

Now that you’re inside the chkrootkit directory, it’s time to compile the tool so it can be used on your server, to do this, simply run the following command:

make sense

Step 8: Run chkrootkit

After compiling chkrootkit, you can now run it to scan your server for rootkits, use the following command:

./chkrootkit

Step 9: View detailed Output

If you  want to see more detailed results of the rootkit scan and view them page by page, you can use the following command:

./chkrootkit -x |more

Conclusion

Keeping your dedicated server safe from hidden threats like rootkits is essential for maintaining security amd stability, with tools like Rkhunter and chkrootkit, you can regularly scan your system for suspicious activity that might otherwise go unnoticed, in this guide, we showed you how to install and use both tools step-by-step even if you are just getting started, by following these simple commands, you’re taking a strong step toward protecting your server, make it a habit to run this scans often, stay updated, and always keep backups ready, you server’s safety depends on it.