10 years ago
* Chkrootkit: shell script That checks system binaries for rootkit modification.
* Ifpromisc.c: Checks if the interface is in promiscuous mode.
* Chklastlog.c: checks for lastlog deletions.
* Chkwtmp.c: checks for wtmp deletions.
* Chkproc.c: checks for signs of LKM trojans.
* Chkdirs.c: checks for signs of LKM trojans.
* Strings.c: quick and dirty strings replacement.
* Chkutmp.c: checks for utmp deletions.
You open the Terminal and give the task below.
Enter - Password - Enter the program then spits out its findings in the terminal, the output speaks for itself.
And when in doubt, there is always quick on the website below to find an answer.
Informative and fast
thanks for the info..I had to use sudo rkhunter -c
I never panic. (smile)
That's kind of cool, but just to warn newbies not to panic when you get suspicious files and directories. A chkrootkit scan showed several on my system mainly under python and java. Googling around showed that both this and rkhunter give quite a few false positives (and mine seem to be very common in Debian derived systems), A few false positives are better than missing a real rootkit.
Just sayin' that if you get hits, don't panic and then Google :)