mirror of
https://github.com/mubix/kaliwiki.git
synced 2025-10-29 16:59:26 +00:00
1.3 KiB
1.3 KiB
chkrootkit
Notes
chkrootkit is a tool to locally check for signs of a rootkit. It contains:
* chkrootkit: a shell script that checks system binaries for rootkit modification.
* ifpromisc.c: checks if the network interface is in promiscuous mode.
* chklastlog.c: checks for lastlog deletions.
* chkwtmp.c: checks for wtmp deletions.
* check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
* chkproc.c: checks for signs of LKM trojans.
* chkdirs.c: checks for signs of LKM trojans.
* strings.c: quick and dirty strings replacement.
* chkutmp.c: checks for utmp deletions.
Help Text
Usage: /usr/sbin/chkrootkit [options] [test ...]
Options:
-h show this help and exit
-V show version information and exit
-l show available tests and exit
-d debug
-q quiet mode
-x expert mode
-e exclude known false positive files/dirs, quoted,
space separated, READ WARNING IN README
-r dir use dir as the root directory
-p dir1:dir2:dirN path for the external commands used by chkrootkit
-n skip NFS mounted dirs
Example Usage
Links
Homepage: http://www.chkrootkit.org/