diff --git a/chkrootkit/PKGBUILD b/chkrootkit/PKGBUILD
new file mode 100644
index 000000000..6424fd0ce
--- /dev/null
+++ b/chkrootkit/PKGBUILD
@@ -0,0 +1,45 @@
+# Maintainer: Neophytos Kolokotronis <tetris4 AT gmail DOT com>
+
+pkgname=chkrootkit
+pkgver=0.49
+pkgrel=2
+pkgdesc="Locally checks for signs of a rootkit."
+arch=('x86_64')
+url="http://www.chkrootkit.org"
+depends=('sh' 'net-tools')
+license=('BSD')
+categories=('system')
+source=("ftp://ftp.pangeia.com.br/pub/seg/pac/${pkgname}.tar.gz"
+        'chkrootkit.cron'
+        'fix-tools-path.patch'
+        'backslashes.patch'
+        'kallsyms.patch')
+md5sums=('304d840d52840689e0ab0af56d6d3a18'
+         'f4b6494270f708bf016e087104681739'
+         '858b9e4fe1c38ca712f24f0ca1535c1e'
+         'd6e43518968607682a7eed86123891ec'
+         'a1afdd938b09c11a5200aad0a8abed9d')
+sha1sums=('cec1a3c482b95b20d3a946b07fffb23290abc4a6'
+          '6dda90abf779b6f5c3bacd638e1231f34635575d'
+          '8d488aa47d7a74755eee94158bbe66c84061592e'
+          '8a81ed7a109ad087685ad362ffe82e64d6997d83'
+          '295d729516d31fa7e810bd6e61296e1da827915d')
+
+build() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  sed -i 's|/var/adm|/var/log|' check_wtmpx.c chklastlog.c chkutmp.c chkwtmp.c
+  patch -p0 -i "${srcdir}/fix-tools-path.patch"
+  patch -p1 -i "${srcdir}/backslashes.patch"
+  patch -p1 -i "${srcdir}/kallsyms.patch"
+  make
+}
+
+package() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  for i in check_wtmpx chkdirs chklastlog chkproc chkrootkit \
+           chkutmp chkwtmp ifpromisc strings-static ; do
+    install -D -m755 "${i}" "${pkgdir}/usr/sbin/${i}"
+  done
+  install -D -m744 "${srcdir}/chkrootkit.cron" "${pkgdir}/etc/cron.weekly/chkrootkit"
+  install -D -m644 COPYRIGHT "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+}
diff --git a/chkrootkit/backslashes.patch b/chkrootkit/backslashes.patch
new file mode 100644
index 000000000..07993c270
--- /dev/null
+++ b/chkrootkit/backslashes.patch
@@ -0,0 +1,22 @@
+Author: James R. Van Zandt <jrv@debian.org>
+Description: Two of the chkrootkit messages have unnecessary backslashes (#498063)
+--- a/chkrootkit
++++ b/chkrootkit
+@@ -672,7 +672,7 @@ etc/ld.so.hash sbin/init.zk usr/lib/in.h
+    if [ "`find ${LIBS} -name libproc.a 2> /dev/null`" != "" -a \
+        "$SYSTEM" != "FreeBSD" ]
+    then
+-      echo "Possible t0rn v8 \(or variation\) rootkit installed"
++      echo "Possible t0rn v8 (or variation) rootkit installed"
+    else
+       if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
+    fi
+@@ -726,7 +726,7 @@ etc/ld.so.hash sbin/init.zk usr/lib/in.h
+
+    if [ -d ${ROOTDIR}dev/ptyxx -o -r "${ROOTDIR}usr/lib/.ark?" -o \
+         -d ${ROOTDIR}usr/doc/"... " ]; then
+-      echo "Possible Ambient's rootkit \(ark\) installed"
++      echo "Possible Ambient's rootkit (ark) installed"
+    else
+       if [ "${QUIET}" != "t" ]; then echo "nothing found"; fi
+    fi
diff --git a/chkrootkit/chkrootkit.cron b/chkrootkit/chkrootkit.cron
new file mode 100644
index 000000000..0fc84ded8
--- /dev/null
+++ b/chkrootkit/chkrootkit.cron
@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/sbin/chkrootkit -q
diff --git a/chkrootkit/fix-tools-path.patch b/chkrootkit/fix-tools-path.patch
new file mode 100644
index 000000000..d48cf900d
--- /dev/null
+++ b/chkrootkit/fix-tools-path.patch
@@ -0,0 +1,11 @@
+--- chkrootkit
++++ chkrootkit
+@@ -17,6 +17,8 @@ unalias netstat > /dev/null 2>&1
+ unalias ps > /dev/null 2>&1
+ unalias dirname > /dev/null 2>&1
+
++cd /usr/sbin
++
+ # Workaround for recent GNU coreutils
+ _POSIX2_VERSION=199209
+ export _POSIX2_VERSION
diff --git a/chkrootkit/kallsyms.patch b/chkrootkit/kallsyms.patch
new file mode 100644
index 000000000..5333b8fd3
--- /dev/null
+++ b/chkrootkit/kallsyms.patch
@@ -0,0 +1,29 @@
+--- a/chkrootkit
++++ b/chkrootkit
+@@ -308,7 +316,7 @@ lkm ()
+       fi
+
+       if [ "${EXPERT}" = "t" ]; then
+-         [ -r /proc/ksyms ] &&  ${egrep} -i "adore|sebek" < /proc/ksyms 2>/dev/null
++         [ -r /proc/kallsyms ] &&  ${egrep} -i "adore|sebek" < /proc/kallsyms 2>/dev/null
+          [ -d /proc/knark ] &&  ${ls} -la /proc/knark 2> /dev/null
+          PV=`$ps -V 2>/dev/null| $cut -d " " -f 3 |${awk} -F . '{ print $1 "." $2 $3 }' | ${awk} '{ if ($0 > 3.19) print 3; else if ($0 < 2.015) print 1; else print 2 }'`
+          [ "$PV" = "" ] &&  PV=2
+@@ -318,14 +326,14 @@ lkm ()
+       fi
+
+       ### adore LKM
+-      [ -r /proc/ksyms ] && \
+-      if `${egrep} -i adore < /proc/ksyms >/dev/null 2>&1`; then
++      [ -r /proc/kallsyms ] && \
++      if `${egrep} -i adore < /proc/kallsyms >/dev/null 2>&1`; then
+          echo "Warning: Adore LKM installed"
+       fi
+
+       ### sebek LKM (Adore based)
+-      [ -r /proc/ksyms ] && \
+-      if `${egrep} -i sebek < /proc/ksyms >/dev/null 2>&1`; then
++      [ -r /proc/kallsyms ] && \
++      if `${egrep} -i sebek < /proc/kallsyms >/dev/null 2>&1`; then
+          echo "Warning: Sebek LKM installed"
+       fi