From f20809db3f7e86c8ec516efad57525545435d6ba Mon Sep 17 00:00:00 2001
From: Michiel van Wessem <michiel.van.wessem@gmail.com>
Date: Tue, 11 May 2010 15:18:34 +0200
Subject: system/chkrootkit: Initial import

---
 system/chkrootkit/README | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 system/chkrootkit/README

(limited to 'system/chkrootkit/README')

diff --git a/system/chkrootkit/README b/system/chkrootkit/README
new file mode 100644
index 000000000000..31c9fa850626
--- /dev/null
+++ b/system/chkrootkit/README
@@ -0,0 +1,16 @@
+chkrootkit (Check Rootkit) is a common unix-based program intended to help 
+system administrators check their system for known rootkits. It is a shell 
+script using common UNIX/Linux tools like the strings and grep commands to 
+search core system programs for signatures and for comparing a traversal of the 
+/proc filesystem with the output of the ps (process status) command to look for 
+discrepancies.
+
+It can be used from a "rescue disc" (typically a LiveCD) or it can optionally 
+use an alternative directory from which to run all of its own commands. These 
+techniques allow chkrootkit to trust the commands upon which it depends a bit 
+more.
+
+There are inherent limitations to the reliability of any program that attempts 
+to detect compromises (such as rootkits and computer viruses). Newer rootkits 
+may specifically attempt to detect and compromise copies of the chkrootkit 
+programs or take other measures to evade detection by them.
-- 
cgit v1.2.3