chkrootkit
chkrootkit is a tool to locally check for signs of a rootkit.
It
tests the following applications: aliens, asp, bindshell, lkm, rexedcs,
sniffer, w55808, wted, scalper, slapper, z2, chkutmp, amd, basename,
biff, chfn, chsh, cron, crontab, date, du, dirname, echo, egrep, env,
find, fingerd, gpm, grep, hdparm, su, ifconfig, inetd, inetdconf,
identd, init, killall, ldsopreload, login, ls, lsof, mail, mingetty,
netstat, named, passwd, pidof, pop2, pop3, ps, pstree, rpcinfo,
rlogind, rshd, slogin, sendmail, sshd, syslogd, tar, tcpd, tcpdump,
top, telnetd, timed, traceroute, vdir, w, and write.
chkrootkit
|
|
License
Free software
Developer
Nelson Murilo, Klaus Steding
Website
www.chkrootkit.org
Requirements
Support:
README,
FAQ
Selected
Reviews:
|
Includes:
- chkrootkit: shell script that checks system binaries for
rootkit modification.
- ifpromisc.c: checks if the interface is in promiscuous
mode.
- chklastlog.c: checks for lastlog deletions.
- chkwtmp.c: checks for wtmp deletions.
- check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
- chkproc.c: checks for signs of LKM trojans.
- chkdirs.c: checks for signs of LKM trojans.
- strings.c: quick and dirty strings replacement.
- chkutmp.c: checks for utmp deletions.
Return
to Security Home Page
Last Updated Sunday, May 04 2008 @ 03:44 PM EDT
|
