chrootkit 0.45 review

chkrootkit is a tool to locally check for signs of a rootkit. It contains: · chkrootkit: shell script that checks system binari

License: GPL (GNU General Public License) File size: 36K Developer: Nelson Murilo

0

chkrootkit is a tool to locally check for signs of a rootkit.

It contains:

chkrootkit: shell script that checks system binaries for rootkit modification.
ifpromisc.c: checks if the interface is in promiscuous mode.
chklastlog.c: checks for lastlog deletions.
chkwtmp.c: checks for wtmp deletions.
check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
chkproc.c: checks for signs of LKM trojans.
chkdirs.c: checks for signs of LKM trojans.
strings.c: quick and dirty strings replacement.
chkutmp.c: checks for utmp deletions.

Installation:

To compile the C programs type:

make sense

After that it is ready to use and you can simply type:

./chkrootkit

What's New in This Release:
better support for Linux threads.
New rootkit detected: Fu, Kenga3, ESRK.
New test: chkutmp. -n option improvement.
Minor bug fixes.