|File Search||Catalog||Content Search|
Types that chkrootkit can identify are listed on the project's home page.
Please note that where chkrootkit detects no intrusions, this does not guarantee that the system is uncompromised. In addition to running chkrootkit, more specific tests should always be performed.
README.Debian for chkrootkit ---------------------------- if chkrootkit says that it may have found a rootkit, "don't panic." first, inspect your system and make sure that chkrootkit hasn't found a false positive. by design, chkrootkit is a bit trigger happy. it's better to be safe than to be sorry, i suppose. please see README.FALSE-POSITIVES for a brief discussion on false positives and a li more»
the false positives that have been reported to me have fallen into to five basic camps: hidden process, hidden files under /usr/lib, a specific file is found, legitimate sniffers, and listening on well known ports. the hidden processes problem *seems* to be a thing of the past. mostly it was due to the difference between how threads were reported under 2.4 and 2.6. the hidden files issue contin more»
chklastlog - check lastlog-file for deleted information Copyright (c) DFN-CERT, Univ. of Hamburg 1994 Univ. Hamburg, Dept. of Computer Science DFN-CERT Vogt-Koelln-Strasse 30 22527 Hamburg Germany This program is free software; you can distribute it and/or modify it as long as you retain the DFN-CERT copyright statement. It can be obtained via anonymous FTP from more»
chkwtmp - check wtmp-file for overwritten information Copyright (c) DFN-CERT, Univ. of Hamburg more»
chkrootkit V. 0.49 Nelson Murilo <email@example.com> (main a more»
CHKLASTLOG(1) CHKLASTLOG(1) NAME chklastlog - che more»
chkrootkit(1) chkrootkit(1) NAME chkrootkit - De more»
CHKWTMP(1) CHKWTMP(1) NAME chkwtmp - check more»