How to Install and Use RootCheck

Protecting your server is the most important thing you can do for it, more important than adding features, speed, or optimizations.  It is security that your websites and your client’s websites need more than anything else.  Many security threats are annoyances or may slow down your system a bit, but they do not do serious damage.  On the other hand, some exploit your dedicated server’s weakest point and can bring it to its knees.

For those rare threats that are dangerously severe, you need something that can sniff them out and help you eliminate them before they do their damage.  RootCheck is one such tool.  With it you can scan ports, logs, and more for rootkits, trojans, and other nefarious activity.

To install RootCheck, do the following:

1. Login to your server via SSH and become root


2. Download the latest version from the website:


3. Verify its checksum, for security purposes

cat rootcheck-2.4_checksum.txt
md5 rootcheck-2.4.tar.gz
sha1 rootcheck-2.4.tar.gz

Both should match the corresponding checkum entries in the text file.

4. Extract the contents of the archive

tar -zxvf rootcheck-2.4.tar.gz

5. Run the install program

cd rootcheck-2.4

make all

6. Run root check.  When it is finished scanning, it will tell you if it found anything.

If the scan comes up with a positive hit, you should read more about the particular exploit detected to verify that your system is in fact infected, rather than generating a false positive.

RootCheck is free and open source software developed by Trend Micro.  It is part of OSSEC,  an open source host-based intrusion detection system.