|
Webmaster
Resources | Dedicated
Server Guide | Root Check
Rootcheck is an open source rootkit detection software. It scans the whole system looking for
possible trojans, known rootkits, and also for the presence of unknown rootkits and kernel level ones using anomaly detection. Rootcheck includes log analysis,
port scan for malicious activity, file integrity change detection and rootkit detection (all in one simple to use package).
Installation
Instruction
Login to your server as root, download rootcheck source and install
# wget http://www.ossec.net/rootcheck/files/rootcheck-1.5.tar.gz
# tar -zxvf rootcheck-1.5.tar.gz
# cd rootcheck-1.5
# make all
# ./ossec-rootcheck
This will
take you to an interactive installation. Make sure you have CPAN
on your box because rootcheck requires the Perl Modules IO::Interface.
If the installtion
is finished you will get this message:
Compilation sucessfull. Ready to go.
---------------------------------------------------------
That's it! If everything went ok, you should be ready to run RootCheck.
If you have any doubts about installation, please refer to INSTALL file.
You can also find additional information at :
http://www.ossec.net/rootcheck/
Improves, patches, comments are very welcome.
---------------------------------------------------------
Scanning the System
Now you
are ready to run rootcheck.
There are quite a few options butthe simplest one is ./rootcheck.pl
If the installation
was perfect you would get a progress screen of the scan after which
the results wiill be writen into results.txt the result is quite
explanatory and gives details of all suspected files.
There is
also an example file that explains the different options for root
check
More Information about rootcheck is available at http://www.ossec.net/en/rootcheck.html
|
