How to Install Chkrootkit on Debian 12 Bookworm

If you have installed Debian 12 Bookworm, you might have noticed the many security enhancements. 

However, it’s not impervious to attacks, and that’s where Chkrootkit comes in.

So, if you’re looking for a way to secure your device running Debian 12 Bookworm but confused with Chkrootkit installation, you’re in the right place. 

In this guide, we walk you through the step-by-step process of installing Chkrootkit on Debian 12 Bookworm. 

Let’s dive right in!

What Is Chkrootkit and Why Is It Necessary?

Chkrootkit is an essential tool for any Debian user, providing robust security against malicious intruders, known as rootkits, which aim to gain unauthorized access to your system.

Here are some of the reasons why Chkrootkit is necessary:

• Chkrootkit is an open-source tool that is free and easy to use, and the best part is the community continuously improves it.
• It can detect several well-known rootkits on UNIX-based systems, increasing overall security.
• Chkrootkit helps identify rootkits, preventing them from gaining unauthorized access to a system and modifying its operations.
• Chkrootkit performs scans of system binaries, network ports, and system calls to uncover any anomalies.
• Chkrootkit can be automated to perform daily scans, thus regularly ensuring system security without manual intervention. 

Continue reading to know the prerequisites and the steps on how to install Chkrootkit on Debian 12 Bookworm.

What You’ll Need

It is crucial to have the following prerequisites before proceeding with the installation of Chkrootkit:

• A functioning Debian 12 Bookworm system (guide)
• A user account with sudo privileges (guide)
• Basic familiarity with terminal commands 

If you have all the above requirements, continue reading to install the Chkrootkit on Debian 12 using the steps below.

How to Install Chkrootkit on Debian 12 Bookworm: Step-by-Step

Step 1: Update and Upgrade Debian 12 Bookworm

Running the commands ‘sudo apt update’ and ‘sudo apt upgrade’ helps to ensure that your system is up-to-date.

While performing the update or upgrade operation, you might be prompted if you want to continue. When asked, enter ‘Y‘ to proceed. 

Note: If you don’t encounter any prompt, it’s a good indicator that your device is already in its most updated and upgraded state.

1. The following command fetches the package lists from the repositories and “updates” them, providing information on the newest versions of packages and their dependencies:

sudo apt update

2. The next command below will install the newest versions of all packages currently installed on your system:

sudo apt upgrade

After you have updated and upgraded the Debian packages, you can proceed to installing Chkrootkit.

Step 2: Install Chkrootkit on Debian 12 Bookworm using Apt

If you’re looking for an easy approach that doesn’t involve a lot of steps, we suggest installing Chkrootkit using the steps below through Apt, the default Debian package manager. 

1. To download and install Chkrootkit from the repositories, use the following command that involves Debian’s package manager:

sudo apt install chkrootkit

2. After the installation, we suggest rebooting your device using the following command: 

sudo reboot

3. Now, verify if Chkrootkit has been successfully installed using the following command:

chkrootkit -V

Note: If you see the version number as shown in the screenshot above, it is a sign that you have installed Chkrootkit successfully. However, if you find the older version in the input or there is an error, reboot and execute the Chkrootkit apt installation command.

(Alternate Approach) Step 2: Install Chkrootkit on Debian 12 Bookworm Using Source Code

If you want more control over the Chkrootkit installation, prefer installation through the source code. We don’t suggest this approach to beginners, as everything must be manually done.

Here are steps on how to install Chkrootkit using the source code:

1. The first thing to do is download the Chkrootkit source code using the following command from its official FTP site. The wget command fetches the source code package for Chkrootkit, which is stored as a .tar.gz file.

wget ftp://chkrootkit.org/pub/seg/pac/chkrootkit.tar.gz

2. Once you have downloaded the source code archive, use the following command to unpack it:

tar -xvzf chkrootkit.tar.gz 

Tip: Here, ‘tar‘ is a commonly used command for tape drive backups. The ‘x‘ means extract, ‘v‘ stands for verbose, allowing us to see the files being extracted, ‘z‘ is for dealing with tarballs compressed using gzip, and ‘f‘ denotes the file we are working with, which is our downloaded archive in this case.

3. Before we can compile the Chkrootkit from its source code, we need to install some necessary development tools. The below command will install the GCC compiler, the ‘make’ utility, a set of libraries, and utilities called ‘build-essential.’ These are necessary for creating executables from source code.

sudo apt install gcc make build-essential

4. Now that you have successfully downloaded, unpacked, and installed Chkrootkit, you can proceed to compile Chkrootkit. For this, navigate to the directory containing the Chkrootkit source code using the following command:

cd chkrootkit-{your-version-number}

Once the process finishes compiling successfully without errors, we can verify the installation by running chkrootkit -V, which will return the version number of Chkrootkit if it has been compiled and installed successfully.

Step 3: Initiate Chkrootkit on Debian 12 Bookworm

To get it running, initiation is important regardless of the approach you have considered to install Chrootkit. 

1. Use the following command to initiate the Chkrootkit:

sudo chkrootkit

When the above command is run, Chkrootkit starts examining key elements of your system for any inconsistencies or irregularities that might indicate a rootkit’s presence. This includes checking binaries for modifications, inspecting system calls, and other potential signs of rootkit infections.

(Optional) Step 4: Automate Chkrootkit on Debian 12 Bookworm

If you’ve installed Chkrootkit using the apt package manager, you can configure it to run daily scans automatically. 

1. This is achieved by modifying Chkrootkit’s configuration file through the below command. The below command opens the configuration file using the nano text editor. We suggest you run the command with sudo for the necessary permissions:

sudo nano /etc/chkrootkit/chkrootkit.conf

2. Within this file, search for the RUN_DAILY attribute and ensure that it’s set to TRUE. This setting typically comes as default, but confirming this ensures automated daily scans are activated.

Note: The automation feature is available when Chkrootkit is installed through the apt package manager and may not work when Chkrootkit is compiled and installed from source code.

Also Read: How to Configure Automated Security Updates on Debian 11

Troubleshooting Chkrootkit Installation Issues on Debian 12 Bookworm

Even if you’re facing an issue that cannot be fixed immediately and doesn’t display as an error, we suggest following the below troubleshooting steps:

1. If the installation fails, make sure your system packages are updated.
2. Check that you have the necessary permissions to install the software.
3. If you cannot connect to the repositories, test your internet connection.
4. If compiling from source fails, ensure you’ve installed the necessary dependencies.

Conclusion

Congratulations! You have successfully installed Chkrootkit on your Debian 12 Bookworm system. Whether you opted for the straightforward Apt package manager installation process or the more hands-on approach using the source code, you now have a robust tool to safeguard your system.

If you still find yourself in need of assistance, you can reach out to the Debian User Forum, as it is an excellent place to seek support from a helpful community of fellow users.