Scan server with Chkrootkit

A rootkit is a hidden type of software. Usually it allows you to hide the existence of certain processes or programs from conventional detection methods or allow remote access to a computer.


Chkrootkit provides a set of utilities for scanning and detecting rootkits on a server. Chkrootkit can be installed from the software repositories. In the case of RedHat/CentOS you need to enable Epel.

The release history is available at

You can start a scan by running:



chkrootkit -r /var/www

It is recommended to run the scan in the screen, so that if you disconnect from the server, you will not lose progress. To do this, before starting, run:


To return to the active screen in case of disconnection with the server, run:

screen -r %screen_id%