chkrootkit: Checks for signs of rootkits1
chkrootkit is a tool to locally check for signs of a rootkit. It contains a chkrootkit: shell script that checks system binaries for rootkit modification. The following tests are made: aliens, asp, bindshell, lkm, rexedcs, sniffer, wted, z2, amd, basename, biff, chfn, chsh, cron, date, du, dirname, echo, egrep, env, find, fingerd, gpm, grep, hdparm, su, ifconfig, inetd, inetdconf, identd, killall, login, ls, mail, mingetty, netstat, named, passwd, pidof, pop2, pop3, ps, pstree, rpcinfo, rlogind, rshd, slogin, sendmail, sshd, syslogd, tar, tcpd, top, telnetd, timed, traceroute, and write. ifpromisc.c checks whether the interface is in promiscuous mode, chklastlog.c checks for lastlog deletions, chkwtmp.c checks for wtmp deletions, check_wtmpx.c checks for wtmpx deletions (Solaris only), and chkproc.c checks for signs of LKM trojans.
... part of T2, get it here
URL: https://www.chkrootkit.org/
Author: Nelson Murilo <nelson [at] pangeia [dot] com [dot] br>
Author: Klaus Steding-Jessen <jessen [at] nic [dot] br>
Maintainer: The T2 Project <t2 [at] t2-project [dot] org>
License: OpenSource
Status: Stable
Version: 0.58b
Remark: Does cross compile (as setup and patched in T2).
Download: ftp://ftp.chkrootkit.org/pub/seg/pac/ chkrootkit-0.58b.tar.gz
T2 source: chkrootkit.cache
T2 source: chkrootkit.desc
T2 source: hotfix-make_install.patch
Build time (on reference hardware): 1% (relative to binutils)2
Installed size (on reference hardware): 0.84 MB, 14 files
Dependencies (build time detected): bash coreutils diffutils gawk grep gzip linux-header make patch sed tar
Installed files (on reference hardware):
[show]
1) This page was automatically generated from the T2 package source. Corrections, such as dead links, URL changes or typos need to be performed directly on that source.
2) Compatible with Linux From Scratch's "Standard Build Unit" (SBU).