Jump to letter: [
ABCDEFGHIJKLMNOPQRSTUVWXYZ
]
chkrootkit - A tool to locally check for signs of a rootkit
- Description:
chkrootkit is a tool to locally check for signs of a rootkit. It contains:
* chkrootkit: shell script that checks system binaries for rootkit
modification. The following tests are made:
o aliens asp bindshell lkm rexedcs sniffer wted scalper slapper z2 amd
basename biff chfn chsh cron date du dirname echo egrep env find fingerd
gpm grep hdparm su ifconfig inetd inetdconf init identd killall ldsopreload
login ls lsof mail mingetty netstat named passwd pidof pop2 pop3 ps pstree
rpcinfo rlogind rshd slogin sendmail sshd syslogd tar tcpd tcpdump top
telnetd timed traceroute vdir w write
* ifpromisc.c: checks if the interface is in promiscuous mode.
* chklastlog.c: checks for lastlog deletions.
* chkwtmp.c: checks for wtmp deletions.
* check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
* chkproc.c: checks for signs of LKM trojans.
* chkdirs.c: checks for signs of LKM trojans.
* strings.c: quick and dirty strings replacement.
Packages