blob: 31c9fa850626af755e5998aeee0dffaa9a55d1c6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
chkrootkit (Check Rootkit) is a common unix-based program intended to help
system administrators check their system for known rootkits. It is a shell
script using common UNIX/Linux tools like the strings and grep commands to
search core system programs for signatures and for comparing a traversal of the
/proc filesystem with the output of the ps (process status) command to look for
discrepancies.
It can be used from a "rescue disc" (typically a LiveCD) or it can optionally
use an alternative directory from which to run all of its own commands. These
techniques allow chkrootkit to trust the commands upon which it depends a bit
more.
There are inherent limitations to the reliability of any program that attempts
to detect compromises (such as rootkits and computer viruses). Newer rootkits
may specifically attempt to detect and compromise copies of the chkrootkit
programs or take other measures to evade detection by them.
|
