This week, in our Linux Page (in Spanish), we would like to focus your attention on chkrootkit, an interesting software for Linux which can really help you to detect malicious rootkits on your Linux PC. Unfortunately, the last update we have found on the chkrootkit homepage is dated December 2007 but we hope to see a new release during the 2009. To check if you have chkrootkit already installed, type chkrootkit on you Terminal:

desktop:~$ chkrootkit

and you certainly will receive this message:
The program ‘chkrootkit’ is currently not installed.  You can install it by typing:
sudo apt-get install chkrootkit

Follow the above instructions and you will be ready to execute the software just typing:

sudo chkrootkit

Please, note that, at our first scan on Ubuntu 8.10, we found a false positive:

Checking `sniffer’… lo: not promisc and no packet sniffer sockets

eth0: PACKET SNIFFER(/sbin/dhclient3[4835])

Do not worry! This (unfortunately frequent) false positive has already been discussed by the community at

http://ubuntuforums.org/showthread.php?t=556517

and

http://ubuntuforums.org/showthread.php?t=270340

If you know other good anti-rootkits, please be so kind, to add a comment on this post. We are really interested to discover new “security software” (especially anti-rootkit) for Linux machines!