chkrootkit is a tool to locally check for signs of a rootkit. It contains:
chkrootkit: shell script that checks system binaries for rootkit modification.
ifpromisc.c: checks if the interface is in promiscuous mode.
chklastlog.c: checks for lastlog deletions.
chkwtmp.c: checks for wtmp deletions.
check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
chkproc.c: checks for signs of LKM trojans.
chkdirs.c: checks for signs of LKM trojans.
strings.c: quick and dirty strings replacement.
chkutmp.c: checks for utmp deletions.
Installation procedure:
- Code: Select all
cd /
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar -zxvf chkrootkit.tar.gz
cd chkrootkit-0.48
make sense
You can now execute:
- Code: Select all
/chkrootkit-0.48/chkrootkit
For more information of chkrootkit you can check http://www.chkrootkit.org/
Also please visit http://rkhunter.sourceforge.net/
