The topic of this article may not meet Wikipedia's general notability guideline. (February 2025) |
| chkrootkit | |
|---|---|
 chkrootkit on Linux | |
| Developer | Nelson Murilo Klaus Steding-Jessen |
| Stable release | 0.57
/ Jan 13 2023 |
| Operating system | Linux, FreeBSD, OpenBSD, NetBSD, Solaris, HP-UX, Tru64, BSD/OS, Mac OS X |
| Type | Rootkit Detector |
| Website | www |
| Repository | |
chkrootkit (Check Rootkit) is a Unix-based program intended to help system administrators check their system for local signs of known rootkits.[1] It is a shell script using common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures and for comparing a traversal of the /proc filesystem with the output of the ps (process status) command to look for discrepancies.[2][3]
It can be used from a rescue disc (typically a live CD) or it can optionally use an alternative directory from which to run all of its commands. These techniques allow chkrootkit to trust the commands upon which it depends a bit more.
There are inherent limitations to the reliability of any program that attempts to detect compromises (such as rootkits and computer viruses). Newer rootkits may specifically attempt to detect and compromise copies of the chkrootkit programs or take other measures to evade detection by them.
See also
edit- Host-based intrusion detection system comparison
- Hardening (computing)
- Linux malware
- MalwareMustDie
- rkhunter
- Lynis
- OSSEC
- Samhain (software)
References
edit- ^ Emms, Steve (2023-11-05). "chkrootkit - locally checks for signs of a rootkit". LinuxLinks. Retrieved 2025-03-13.
- ^ Turnbull, James (2006-11-01). Hardening Linux. Apress. ISBN 978-1-4302-0005-5.
- ^ Hatch, Brian; Lee, James; Kurtz, George (2003). Hacking Linux Exposed. McGraw-Hill/Osborne. ISBN 978-0-07-222564-8.
External links
edit | This Unix-related article is a stub. You can help Wikipedia by adding missing information. |
