orig

Rootcheck Project

RootCheck is an Open Source software that scans all the system looking for
possible problems. The result of the scan can be sent to an e-mail and you
can choose between the html or text format.
On this version, RootCheck execute these "checks":

• Check the binaries for trojans
• Check for hidden/malicious open ports (used to find LKM rootkits too)
• Check the network interfaces and the "ifconfig"
• Check the passwd files
• Check the configuration files (httpd.conf, inetd.conf, xinetd.conf, sshd_config, sudoers and exports)
• Check the log files for possible problems (log file deleted, linked to /dev/null, etc)
• Check /proc and ps for hidden process (used to discover LKM rootkits)
• Check for public rootkits
• Check the /dev directory
• Check all the system for malicious files/directories and bad permissions

For more information, look at the README.security file


Download

To download our files, please access: http://sourceforge.net/projects/rootcheck/


Examples

Some examples that shows the rootcheck output against some systems are available here
The output of version 0.4, using the html format is available here


Documentation

Information about the messages : ./info/
Information about the rootkits : ossec.net/rootkits/
Information about the levels : levels.html
Information about how to use : EXAMPLES


Systems tested

• Redhat 7.2
• Redhat 8.0
• Redhat 9.0
• Debian 3
• Slackware 9.0
• Slackware 9.1
• Conective 8
• OpenBSD 3.3
• OpenBSD 3.4
• SunOS 2.7
• *NetBSD, *FreeBSD

                                         




Copyright © Ossec.net 2001-2003
$RootCheck, v 0.2 2003/12/04, Daniel B. Cid$