This is my first post so please bear with me. I am running Zorin 12.4 32-bit.
I always ran rkhunter & chkrootkit right from the very operating system being tested. It comes to my attention, according to https://www.cyberciti.biz/faq/howto-check-linux-rootkist-with-detectors-software/ that these things should be ran from a Live CD for the best result. It sounded like a decent idea to not test from what it is that you’re testing, so this didn’t strike me as paranoid. So this put a question mark on the validity of all of my rkhunter & chkrootkit results to date.
My question is… I put in a Live CD, but the installed chkrootkit is somewhere in the /usr directory of the subject OS, not anywhere on the Live CD. Same thing with rkhunter…
What commands would I use while in a Live CD to get to the functionality of chkrootkit & rkhunter that are installed on the OS being tested? I am confused about this operation and guidance would be greatly appreciated.