Home page logo

basics logo Security Basics mailing list archives

RootCheck - 0.4
From: Daniel Cid <danielcid () yahoo com br>
Date: Fri, 5 Dec 2003 14:45:13 -0300 (ART)

A new version of the RootCheck (0.4) is available.
It now supports the report in html format and detect
some more problems.
the rootkit page was updated too, with a few more
rootkits documented and more links.

Link: http://www.ossec.net/rootcheck/


RootCheck is an Open Source software that scans all
the system looking for 
possible problems. The result of the scan can be sent
to an e-mail and you 
can choose between the html or text format. 
On this version, RootCheck execute these "checks": 

Check the binaries for trojans 
Check for hidden/malicious open ports (used to find
LKM rootkits too) 
Check the network interfaces and the "ifconfig" 
Check the passwd files 
Check the configuration files (httpd.conf, inetd.conf,
xinetd.conf, sshd_config, sudoers and exports) 
Check the log files for possible problems (log file
deleted, linked to /dev/null, etc) 
Check /proc and ps for hidden process (used to
discover LKM rootkits) 
Check for public rootkits 
Check the /dev directory 
Check all the system for malicious files/directories
and bad permissions 


Yahoo! Mail: 6MB, anti-spam e antivĂ­rus gratuito! Crie sua conta agora:


  By Date           By Thread  

Current thread:
  • RootCheck - 0.4 Daniel Cid (Dec 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]