- Fix false positive on NetBSD for "login". Thanks to Richard Ibbotson for
helping sort this out.
- Install main shell script and documentation.
chkwtmp.c
fix: del counter (Thanks to Dietrich Raisin)
chkproc.c
fix: better support for Linux threads
chkrootkit;
new rootkit detected: Madalin rootkit
top and find tests improved for Suse Linux
more ports added in the bindshell test
fix: FreeBSD false positives
fix: slammer detection
lots of minor bug fixes
modified by me.
chkrootkit is a tool to locally check for signs of a rootkit. It
contains:
* chkrootkit: a shell script that checks system binaries for
rootkit modification.
* ifpromisc.c: checks if the network interface is in promiscuous
mode.
* chklastlog.c: checks for lastlog deletions.
* chkwtmp.c: checks for wtmp deletions.
* check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
* chkproc.c: checks for signs of LKM trojans.
* chkdirs.c: checks for signs of LKM trojans.
* strings.c: quick and dirty strings replacement.
