Sep 19, 2018

chrootkit is one of the best tools for keeping your system clean or knowing when it isn’t

chkrootkit is a tool to locally check for signs of a rootkit. It contains:
  • chkrootkit: shell script that checks system binaries for rootkit modification.
  • ifpromisc.c: checks if the interface is in promiscuous mode.
  • chklastlog.c: checks for lastlog deletions.
  • chkwtmp.c: checks for wtmp deletions.
  • check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
  • chkproc.c: checks for signs of LKM trojans.
  • chkdirs.c: checks for signs of LKM trojans.
  • strings.c: quick and dirty strings replacement.
  • chkutmp.c: checks for utmp deletions.