Chkrootkit

Last updated
chkrootkit
Developer Nelson Murilo Klaus Steding-Jessen
Stable release
0.57 / Jan 13 2023
Repository
Operating system Linux, FreeBSD, OpenBSD, NetBSD, Solaris, HP-UX, Tru64, BSD/OS, Mac OS X
Type Rootkit Detector
Website www.chkrootkit.org

chkrootkit (Check Rootkit) is a Unix-based program intended to help system administrators check their system for local signs of known rootkits. [1] It is a shell script using common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures and for comparing a traversal of the /proc filesystem with the output of the ps (process status) command to look for discrepancies. [2] [3]

Contents

It can be used from a rescue disc (typically a live CD) or it can optionally use an alternative directory from which to run all of its commands. These techniques allow chkrootkit to trust the commands upon which it depends a bit more.

There are inherent limitations to the reliability of any program that attempts to detect compromises (such as rootkits and computer viruses). Newer rootkits may specifically attempt to detect and compromise copies of the chkrootkit programs or take other measures to evade detection by them.

See also

References

  1. Emms, Steve (2023-11-05). "chkrootkit - locally checks for signs of a rootkit". LinuxLinks. Retrieved 2025-03-13.
  2. Turnbull, James (2006-11-01). Hardening Linux. Apress. ISBN   978-1-4302-0005-5.
  3. Hatch, Brian; Lee, James; Kurtz, George (2003). Hacking Linux Exposed. McGraw-Hill/Osborne. ISBN   978-0-07-222564-8.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.