chkrootkit is not installed by default on servers.
To install it:
mkdir -p /usr/local/src
gzip -d -c chkrootkit.tar.gz | tar xvf –
Then run it
Please keep in mind the following:
1. If a hacker got in, your safest recourse is to wipe the box, re-install the operating system, and restore from a backup that was made prior to the hack.
2. Security must be done in layers to be the most effective. You should start off with as many layers as you are comfortable managing and monitoring; and then add layers as they either become available, you see the pattern to make one, etc.
3. Security must be an ongoing concern. You don’t just add on the layers (tighten the hatches), and walk away from the ship. You have to manage it several times a day for as long as the server is connected to the Internet.