[COPY] --- SDE-COPYRIGHT-NOTE-BEGIN --- [COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch. [COPY] [COPY] Filename: package/.../chkrootkit/chkrootkit.desc [COPY] Copyright (C) 2006 The OpenSDE Project [COPY] Copyright (C) 2004 - 2006 The T2 SDE Project [COPY] Copyright (C) 1998 - 2003 Clifford Wolf [COPY] [COPY] More information can be found in the files COPYING and README. [COPY] [COPY] This program is free software; you can redistribute it and/or modify [COPY] it under the terms of the GNU General Public License as published by [COPY] the Free Software Foundation; version 2 of the License. A copy of the [COPY] GNU General Public License can be found in the file COPYING. [COPY] --- SDE-COPYRIGHT-NOTE-END --- [I] Checks for signs of rootkits [T] chkrootkit is a tool to locally check for signs of a rootkit. It contains [T] a chkrootkit: shell script that checks system binaries for rootkit [T] modification. The following tests are made: aliens, asp, bindshell, lkm, [T] rexedcs, sniffer, wted, z2, amd, basename, biff, chfn, chsh, cron, date, [T] du, dirname, echo, egrep, env, find, fingerd, gpm, grep, hdparm, su, [T] ifconfig, inetd, inetdconf, identd, killall, login, ls, mail, mingetty, [T] netstat, named, passwd, pidof, pop2, pop3, ps, pstree, rpcinfo, rlogind, [T] rshd, slogin, sendmail, sshd, syslogd, tar, tcpd, top, telnetd, timed, [T] traceroute, and write. ifpromisc.c checks whether the interface is in [T] promiscuous mode, chklastlog.c checks for lastlog deletions, chkwtmp.c [T] checks for wtmp deletions, check_wtmpx.c checks for wtmpx deletions [T] (Solaris only), and chkproc.c checks for signs of LKM trojans. [U] http://www.chkrootkit.org/ [A] Nelson Murilo [A] Klaus Steding-Jessen [M] Alejandro Mery [C] extra/security [L] OpenSource [S] Stable [V] 0.47 [P] X -----5---9 198.500 [D] 3687880445 chkrootkit-0.47.tar.gz ftp://ftp.pangeia.com.br/pub/seg/pac/