[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

New: security/chkrootkit




Today I discovered a rootkit on a Linux machine with this tool so I thought it
might probably be of some worth for some of you and made a port for it.

chkrootkit is a tool to locally check for signs of a rootkit. It provides:

* a shell script that checks system binaries for rootkit modification
* checks if the interface is in promiscuous mode
* checks for lastlog deletions
* checks for wtmp deletions
* quick and dirty strings replacement

You can change the root path to check mounted filesystems from other systems.

Although it's extremely ugly shell code I found this tool rather pretty. But
don't count on it.

-- 
Free your mind and your ass will follow -- http://www.funkaffair.de

chkrootkit.shar