2024-01-05 21:12:48 +01:00
|
|
|
# chkrootkit
|
|
|
|
|
2024-01-05 21:12:50 +01:00
|
|
|
chkrootkit is a tool to locally check for signs of a rootkit.
|
|
|
|
It contains:
|
|
|
|
* chkrootkit: shell script that checks system binaries for rootkit modification.
|
|
|
|
* ifpromisc: checks if the network interface is in promiscuous mode.
|
|
|
|
* chklastlog: checks for lastlog deletions.
|
|
|
|
* chkutmp.c: checks for utmp deletions.
|
|
|
|
* chkwtmp: checks for wtmp deletions.
|
|
|
|
* chkdirs: checks for signs of LKM trojans.
|
|
|
|
* chkproc: checks for signs of LKM trojans.
|
|
|
|
* strings: quick and dirty strings replacement.
|
|
|
|
|
|
|
|
A large number of rootkits, worms and LKMs are currently detected.
|
|
|
|
For an updated list of rootkits, worms and LKMs detected by chkrootkit please
|
|
|
|
visit: http://www.chkrootkit.org/
|
|
|
|
|