Rootkit checks

Here you can find tutorials and notes for server-side maintenance/configuration

Rootkit checks

Postby lik » Sun Dec 14, 2008 8:25 am

Install chkrootkit

chkrootkit is a tool to locally check for signs of a rootkit. It contains:

chkrootkit: shell script that checks system binaries for rootkit modification.
ifpromisc.c: checks if the interface is in promiscuous mode.
chklastlog.c: checks for lastlog deletions.
chkwtmp.c: checks for wtmp deletions.
check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
chkproc.c: checks for signs of LKM trojans.
chkdirs.c: checks for signs of LKM trojans.
strings.c: quick and dirty strings replacement.
chkutmp.c: checks for utmp deletions.

Installation procedure:
Code: Select all
cd /
tar -zxvf chkrootkit.tar.gz
cd chkrootkit-0.48
make sense

You can now execute:
Code: Select all

For more information of chkrootkit you can check
Also please visit
Posts: 497
Joined: Wed Dec 15, 2010 3:21 am

Return to Server Side Actions