orig
Rootcheck Project
RootCheck is an Open Source software that scans all the system looking for
possible problems. The result of the scan can be sent to an e-mail and you
can choose between the html or text format.
On this version, RootCheck execute these "checks":
- Check the binaries for trojans
- Check for hidden/malicious open ports (used to find LKM rootkits too)
- Check the network interfaces and the "ifconfig"
- Check the passwd files
- Check the configuration files (httpd.conf, inetd.conf, xinetd.conf, sshd_config, sudoers and exports)
- Check the log files for possible problems (log file deleted, linked to /dev/null, etc)
- Check /proc and ps for hidden process (used to discover LKM rootkits)
- Check for public rootkits
- Check the /dev directory
- Check all the system for malicious files/directories and bad permissions
For more information, look at the README.security file
Download
To download our files, please access:
http://sourceforge.net/projects/rootcheck/
Examples
Some examples that shows the rootcheck output against some systems are
available here
The output of version 0.4, using the html format is available here
Documentation
Information about the messages : ./info/
Information about the rootkits : ossec.net/rootkits/
Information about the levels : levels.html
Information about how to use : EXAMPLES
Systems tested
- Redhat 7.2
- Redhat 8.0
- Redhat 9.0
- Debian 3
- Slackware 9.0
- Slackware 9.1
- Conective 8
- OpenBSD 3.3
- OpenBSD 3.4
- SunOS 2.7
- *NetBSD, *FreeBSD
|
|
|
Copyright © Ossec.net 2001-2003
$RootCheck, v 0.2 2003/12/04, Daniel B. Cid$