[COPY] --- T2-COPYRIGHT-BEGIN --- [COPY] t2/package/*/chkrootkit/chkrootkit.desc [COPY] Copyright (C) 2004 - 2025 The T2 SDE Project [COPY] Copyright (C) 1998 - 2003 ROCK Linux Project [COPY] SPDX-License-Identifier: GPL-2.0 [COPY] --- T2-COPYRIGHT-END --- [I] Checks for signs of rootkits [T] chkrootkit is a tool to locally check for signs of a rootkit. It contains [T] a chkrootkit: shell script that checks system binaries for rootkit [T] modification. The following tests are made: aliens, asp, bindshell, lkm, [T] rexedcs, sniffer, wted, z2, amd, basename, biff, chfn, chsh, cron, date, [T] du, dirname, echo, egrep, env, find, fingerd, gpm, grep, hdparm, su, [T] ifconfig, inetd, inetdconf, identd, killall, login, ls, mail, mingetty, [T] netstat, named, passwd, pidof, pop2, pop3, ps, pstree, rpcinfo, rlogind, [T] rshd, slogin, sendmail, sshd, syslogd, tar, tcpd, top, telnetd, timed, [T] traceroute, and write. ifpromisc.c checks whether the interface is in [T] promiscuous mode, chklastlog.c checks for lastlog deletions, chkwtmp.c [T] checks for wtmp deletions, check_wtmpx.c checks for wtmpx deletions [T] (Solaris only), and chkproc.c checks for signs of LKM trojans. [U] https://www.chkrootkit.org/ [A] Nelson Murilo [A] Klaus Steding-Jessen [M] The T2 Project [C] extra/security [F] CROSS [L] OpenSource [S] Stable [V] 0.58b var_remove makeopt ' ' all var_append makeopt ' ' sense var_append makeinstopt ' ' SBINDIR=$sbindir [D] 57211d85a6c31bccce0b4bc4635830cae8b6ec73db4857ec83ec665f chkrootkit-0.58b.tar.gz ftp://ftp.chkrootkit.org/pub/seg/pac/