aboutsummaryrefslogtreecommitdiff
path: root/system/chkrootkit/README
blob: 0ea9bf08e83d1713d16163ef61b95ed744d1825d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
chkrootkit (Check Rootkit) is a common unix-based program intended to
help system administrators check their system for known rootkits. It is
a shell script using common UNIX/Linux tools like the strings and grep
commands to search core system programs for signatures and for comparing
a traversal of the /proc filesystem with the output of the ps (process
status) command to look for discrepancies.

It can be used from a "rescue disc" (typically a LiveCD) or it can
optionally use an alternative directory from which to run all of its own
commands. These techniques allow chkrootkit to trust the commands upon
which it depends a bit more.

There are inherent limitations to the reliability of any program that
attempts to detect compromises (such as rootkits and computer viruses).
Newer rootkits may specifically attempt to detect and compromise copies
of the chkrootkit programs or take other measures to evade detection by
them.