system/chkrootkit: Initial import

1 files changed, 16 insertions, 0 deletions

diff --git a/system/chkrootkit/README b/system/chkrootkit/README
new file mode 100644
index 000000000000..31c9fa850626
--- /dev/null
+++ b/system/chkrootkit/README
@@ -0,0 +1,16 @@
+chkrootkit (Check Rootkit) is a common unix-based program intended to help 
+system administrators check their system for known rootkits. It is a shell 
+script using common UNIX/Linux tools like the strings and grep commands to 
+search core system programs for signatures and for comparing a traversal of the 
+/proc filesystem with the output of the ps (process status) command to look for 
+discrepancies.
+
+It can be used from a "rescue disc" (typically a LiveCD) or it can optionally 
+use an alternative directory from which to run all of its own commands. These 
+techniques allow chkrootkit to trust the commands upon which it depends a bit 
+more.
+
+There are inherent limitations to the reliability of any program that attempts 
+to detect compromises (such as rootkits and computer viruses). Newer rootkits 
+may specifically attempt to detect and compromise copies of the chkrootkit 
+programs or take other measures to evade detection by them.