1. What's chkrootkit? --------------------- chkrootkit is a tool to locally check for signs of a rootkit. It contains: * chkrootkit: a shell script that checks system binaries for rootkit modification. * ifpromisc.c: checks if the network interface is in promiscuous mode. * chklastlog.c: checks for lastlog deletions. * chkwtmp.c: checks for wtmp deletions. * check_wtmpx.c: checks for wtmpx deletions. (Solaris only) * chkproc.c: checks for signs of LKM trojans. * chkdirs.c: checks for signs of LKM trojans. * strings.c: quick and dirty strings replacement. * chkutmp.c: checks for utmp deletions. chkwtmp and chklastlog *try* to check for deleted entries in the wtmp and lastlog files, but it is *not* guaranteed that any modification will be detected. Aliens tries to find sniffer logs and rootkit config files. It looks for some default file locations -- so it is also not guaranteed it will succeed in all cases. chkproc checks if /proc entries are hidden from ps and the readdir system call. This could be the indication of a LKM trojan. You can also run this command with the -v option (verbose). 2. Rootkits, Worms and LKMs detected ------------------------------------ For an updated list of rootkits, worms and LKMs detected by chkrootkit please visit: http://www.chkrootkit.org/ 3. Supported Systems -------------------- chkrootkit has been tested on: Linux 2.0.x, 2.2.x, 2.4.x and 2.6.x, FreeBSD 2.2.x, 3.x, 4.x and 5.x, OpenBSD 2.x, 3.x and 4.x., NetBSD 1.6.x, Solaris 2.5.1, 2.6, 8.0 and 9.0, HP-UX 11, Tru64, BSDI and Mac OS X. 4. Package Contents ------------------- README README.chklastlog README.chkwtmp COPYRIGHT chkrootkit.lsm Makefile chklastlog.c chkproc.c chkdirs.c chkwtmp.c check_wtmpx.c ifpromisc.c strings.c chkutmp.c chkrootkitOfficial Website: http://www.chkrootkit.org/
Server is hosted by Alanstudio
Linux Operating System
Recommend screen resolution 1024 x 768 / IE / FireFox
Alan Studio © 2007 by Alan Cheung Hin Lun. All rights reserved.