====== Linux - Anti-Virus - chkrootkit ======

**chkrootKit** is a free and open-source security scanner designed to detect known rootkits.

It scans your system for signs of rootkits, which are malicious programs that can grant unauthorized access and control over a compromised system.

It contains various programs/scripts which include:

  * chkrootkit – a shell script that checks system binaries for rootkit modification.
  * ifpromisc.c – it checks if an interface is in promiscuous mode.
  * chklastlog.c – this checks for lastlog deletions.
  * chkwtmp.c – this checks for wtmp deletions.
  * check_wtmpx.c – checks for wtmpx deletions (Solaris only).
  * chkproc.c – checks for signs of LKM trojans.
  * chkdirs.c – this checks for signs of LKM trojans.
  * strings.c – it performs quick and dirty string replacement.
  * chkutmp.c – this checks for utmp deletions.


----

[[Linux:Anti-Virus:chkrootkit:Install chkrootkit|Install chkrootkit]]

----

===== References =====

https://www.chkrootkit.org/