This article includes a list of references, related reading or external links, but its sources remain unclear because it lacks inline citations. (March 2017) (Learn how and when to remove this template message)
This article needs additional citations for verification. (September 2011) (Learn how and when to remove this template message)
chkrootkit on Linux
0.53 / Feb 11, 2019
|Operating system||Linux, FreeBSD, OpenBSD, NetBSD, Solaris, HP-UX, Tru64, BSD/OS, Mac OS X|
chkrootkit (Check Rootkit) is a common Unix-based program intended to help system administrators check their system for known rootkits. It is a shell script using common UNIX/Linux tools like the
grep commands to search core system programs for signatures and for comparing a traversal of the
/proc filesystem with the output of the
ps (process status) command to look for discrepancies.
It can be used from a rescue disc (typically a Live CD) or it can optionally use an alternative directory from which to run all of its own commands. These techniques allow chkrootkit to trust the commands upon which it depends a bit more.
There are inherent limitations to the reliability of any program that attempts to detect compromises (such as rootkits and computer viruses). Newer rootkits may specifically attempt to detect and compromise copies of the chkrootkit programs or take other measures to evade detection by them.
- Host-based intrusion detection system comparison
- Hardening (computing)
- Linux malware
- Samhain (software)
|This Unix-related article is a stub. You can help Wikipedia by expanding it.|