Chkrootkit Security.

wanda
   13 years ago
  6


Chkrootkit Security.

    * Chkrootkit: shell script That checks system binaries for rootkit modification.
    * Ifpromisc.c: Checks if the interface is in promiscuous mode.
    * Chklastlog.c: checks for lastlog deletions.
    * Chkwtmp.c: checks for wtmp deletions.
    * Chkproc.c: checks for signs of LKM trojans.
    * Chkdirs.c: checks for signs of LKM trojans.
    * Strings.c: quick and dirty strings replacement.
    * Chkutmp.c: checks for utmp deletions.

You open the Terminal and give the task below.

sudo chkrootkit

Enter - Password - Enter the program then spits out its findings in the terminal, the output speaks for itself.
And when in doubt, there is always quick on the website below to find an answer.

http://www.chkrootkit.org/README

Comments
808Souljah 9 years ago

Informative and fast

philsoft 10 years ago

thanks for the info..I had to use sudo rkhunter -c

wanda 13 years ago

I never panic. (smile)

trollboy 13 years ago

That's kind of cool, but just to warn newbies not to panic when you get suspicious files and directories. A chkrootkit scan showed several on my system mainly under python and java. Googling around showed that both this and rkhunter give quite a few false positives (and mine seem to be very common in Debian derived systems), A few false positives are better than missing a real rootkit.

Just sayin' that if you get hits, don't panic and then Google :)