http://www.chkrootkit.org/
[root@reyad data]# gunzip chkrootkit.tar.gz
[root@reyad data]# tar xvf chkrootkit.tar
chkrootkit-0.48
chkrootkit-0.48/ACKNOWLEDGMENTS
chkrootkit-0.48/check_wtmpx.c
chkrootkit-0.48/chkdirs.c
chkrootkit-0.48/chklastlog.c
chkrootkit-0.48/chkproc.c
chkrootkit-0.48/chkrootkit
chkrootkit-0.48/chkrootkit.lsm
chkrootkit-0.48/chkutmp.c
chkrootkit-0.48/chkwtmp.c
chkrootkit-0.48/COPYRIGHT
chkrootkit-0.48/ifpromisc.c
chkrootkit-0.48/Makefile
chkrootkit-0.48/README
chkrootkit-0.48/README.chklastlog
chkrootkit-0.48/README.chkwtmp
chkrootkit-0.48/strings.c
[root@reyad data]# cd chkrootkit
-bash: cd: chkrootkit: No such file or directory
[root@reyad data]# cd chkrootkit
chkrootkit-0.48/ chkrootkit.tar
[root@reyad data]# cd chkrootkit-0.48/
[root@reyad chkrootkit-0.48]# make sense
gcc -DHAVE_LASTLOG_H -o chklastlog chklastlog.c
gcc -DHAVE_LASTLOG_H -o chkwtmp chkwtmp.c
gcc -DHAVE_LASTLOG_H -D_FILE_OFFSET_BITS=64 -o ifpromisc ifpromisc.c
gcc -o chkproc chkproc.c
gcc -o chkdirs chkdirs.c
gcc -o check_wtmpx check_wtmpx.c
gcc -static -o strings-static strings.c
gcc -o chkutmp chkutmp.c
[root@reyad chkrootkit-0.48]#lsattr /usr/bin/* /usr/sbin/* /bin/* /sbin/* | awk -F\ '!/-------------/ {print $2}'
Ȯ
[root@reyad chkrootkit-0.48]# ./chkrootkit
ROOTDIR is `/'
Checking `amd'... not infected
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
...................................
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 2482 tty1 /sbin/mingetty tty1
! root 2507 tty2 /sbin/mingetty tty2
! root 2580 tty3 /sbin/mingetty tty3
! root 2597 tty4 /sbin/mingetty tty4
! root 2635 tty5 /sbin/mingetty tty5
! root 3475 tty8 /bin/sh /etc/X11/gdm/XKeepsCrashing -noopen
! root 3554 tty8 /usr/bin/dialog --yesno I cannot start the X server (your graphical interface). It is likely that it is not set up correctly. Would you like to view the X server output to diagnose the problem? 10 50
chkutmp: nothing deleted
[root@reyad chkrootkit-0.48]# l
- INFECTED : ش Ǿ.
- not infected : ʾ.
- not tested : θ üũ .
- not fount : θ üũϷ .
Ȯ Ͽ ǰ ũŶ ġǾٴ Ȯ Ŀ Ϸ üϰ ġǾ ִ 鵵 ã ؾ Ѵ. 鵵 ġǾٴ ̹ ŷϿ ý ȹߴٴ ǹ̹Ƿ ã Ϸ üϴ ӽ ̴. ̷ ý ٽ ġϴ .
[ũ ]