mirror of
https://github.com/mubix/kaliwiki.git
synced 2025-10-29 16:59:26 +00:00
42 lines
1.3 KiB
Markdown
42 lines
1.3 KiB
Markdown
# chkrootkit
|
|
|
|
Notes
|
|
-------
|
|
```
|
|
chkrootkit is a tool to locally check for signs of a rootkit. It contains:
|
|
* chkrootkit: a shell script that checks system binaries for rootkit modification.
|
|
* ifpromisc.c: checks if the network interface is in promiscuous mode.
|
|
* chklastlog.c: checks for lastlog deletions.
|
|
* chkwtmp.c: checks for wtmp deletions.
|
|
* check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
|
|
* chkproc.c: checks for signs of LKM trojans.
|
|
* chkdirs.c: checks for signs of LKM trojans.
|
|
* strings.c: quick and dirty strings replacement.
|
|
* chkutmp.c: checks for utmp deletions.
|
|
```
|
|
|
|
Help Text
|
|
-------
|
|
```
|
|
Usage: /usr/sbin/chkrootkit [options] [test ...]
|
|
Options:
|
|
-h show this help and exit
|
|
-V show version information and exit
|
|
-l show available tests and exit
|
|
-d debug
|
|
-q quiet mode
|
|
-x expert mode
|
|
-e exclude known false positive files/dirs, quoted,
|
|
space separated, READ WARNING IN README
|
|
-r dir use dir as the root directory
|
|
-p dir1:dir2:dirN path for the external commands used by chkrootkit
|
|
-n skip NFS mounted dirs
|
|
```
|
|
|
|
Example Usage
|
|
-------
|
|
|
|
Links
|
|
-------
|
|
Homepage: http://www.chkrootkit.org/
|