chkrootkit: shell script that checks system binaries for rootkit modification. The following tests are made:
 

• aliens asp bindshell lkm rexedcs sniffer wted w55808 scalper slapper z2 amd basename biff chfn chsh cron date du dirname echo egrep env find fingerd gpm grep hdparm su ifconfig inetd inetdconf init identd killall ldsopreload login ls lsof mail mingetty netstat named passwd pidof pop2 pop3 ps pstree rpcinfo rlogind rshd slogin sendmail sshd syslogd tar tcpd tcpdump top telnetd timed traceroute vdir w write
  

First we will download the source to your server.
wget [url=ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz]ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz[/url]
We will then extract the source and change to directory.
tar zxvf chkrootkit.tar.gz
cd chkrootkit
Now to run chkrootkit
./chkrootkit
Thats it! Please be aware if your running cpanel that bindshell WILL show up as an infected port.
Can I run chkrootkit from cron?
 
 
Yes. For example, to run chkrootkit every day at 3am and mail the output to you@yoursite.com:
0 3 * * * (cd /path/to/chkrootkit; ./chkrootkit 2>&1 | mail -s "chkrootkit output" [email=you@yoursite.com)]you@yoursite.com)[/email]Thank you over at http://www.chkrootkit.org/