summaryrefslogtreecommitdiff
path: root/system/chkrootkit/README
diff options
context:
space:
mode:
Diffstat (limited to 'system/chkrootkit/README')
-rw-r--r--system/chkrootkit/README16
1 files changed, 16 insertions, 0 deletions
diff --git a/system/chkrootkit/README b/system/chkrootkit/README
new file mode 100644
index 0000000000..31c9fa8506
--- /dev/null
+++ b/system/chkrootkit/README
@@ -0,0 +1,16 @@
+chkrootkit (Check Rootkit) is a common unix-based program intended to help
+system administrators check their system for known rootkits. It is a shell
+script using common UNIX/Linux tools like the strings and grep commands to
+search core system programs for signatures and for comparing a traversal of the
+/proc filesystem with the output of the ps (process status) command to look for
+discrepancies.
+
+It can be used from a "rescue disc" (typically a LiveCD) or it can optionally
+use an alternative directory from which to run all of its own commands. These
+techniques allow chkrootkit to trust the commands upon which it depends a bit
+more.
+
+There are inherent limitations to the reliability of any program that attempts
+to detect compromises (such as rootkits and computer viruses). Newer rootkits
+may specifically attempt to detect and compromise copies of the chkrootkit
+programs or take other measures to evade detection by them.