chkrootkit: Checks for signs of rootkits1

chkrootkit is a tool to locally check for signs of a rootkit. It contains a chkrootkit: shell script that checks system binaries for rootkit modification. The following tests are made: aliens, asp, bindshell, lkm, rexedcs, sniffer, wted, z2, amd, basename, biff, chfn, chsh, cron, date, du, dirname, echo, egrep, env, find, fingerd, gpm, grep, hdparm, su, ifconfig, inetd, inetdconf, identd, killall, login, ls, mail, mingetty, netstat, named, passwd, pidof, pop2, pop3, ps, pstree, rpcinfo, rlogind, rshd, slogin, sendmail, sshd, syslogd, tar, tcpd, top, telnetd, timed, traceroute, and write. ifpromisc.c checks whether the interface is in promiscuous mode, chklastlog.c checks for lastlog deletions, chkwtmp.c checks for wtmp deletions, check_wtmpx.c checks for wtmpx deletions (Solaris only), and chkproc.c checks for signs of LKM trojans.

... part of T2, get it here

URL: http://www.chkrootkit.org/

Author: Nelson Murilo <nelson [at] pangeia [dot] com [dot] br>
Author: Klaus Steding-Jessen <jessen [at] nic [dot] br>
Maintainer: The T2 Project <t2 [at] t2-project [dot] org>

License: OpenSource
Status: Stable
Version: 0.55

Remark: Does cross compile (as setup and patched in T2).

Download: ftp://ftp.pangeia.com.br/pub/seg/pac/ chkrootkit-0.55.tar.gz

T2 source: chkrootkit.cache
T2 source: chkrootkit.desc
T2 source: hotfix-make_install.patch

Build time (on reference hardware): 5% (relative to binutils)2

Installed size (on reference hardware): 0.62 MB, 14 files

Dependencies (build time detected): 00-dirtree binutils coreutils diffutils findutils grep linux-header make patch sed sysfiles tar

Installed files (on reference hardware): [show]

1) This page was automatically generated from the T2 package source. Corrections, such as dead links, URL changes or typos need to be performed directly on that source.

2) Compatible with Linux From Scratch's "Standard Build Unit" (SBU).