modern NetBSD has PAM - add a patch so that this is recognised
there is no reason not to run this on modern NetBSD systems - remove the
old NOT_FOR_PLATFORM, since this runs just fine on NetBSD 5.99.20
Add a MESSAGE about false-positive results on non-supported platforms
Helps to address PR# 31813 reported by Eric Mumpower
From the README:
02/22/2005 - Version 0.45 chkproc.c: better support for Linux
threads. New rootkit detected: Fu,
Kenga3, ESRK. New test: chkutmp. -n
option improvement. Minor bug fixes.
10/26/2005 - Version 0.46 chkproc.c: more fixes to better support
Linux threads. chkutmp.c: improved
execution speed. chkwtmp.c: segfault
fixed. New rootkit detected: rootedoor.
Mac OS X support added. Minor bug fixes.
10/28/2005 - Version 0.46a chkproc.c: bug fix for FreeBSD: chkproc
was sending a SIGXFSZ (kill -25) to init,
causing a reboot.
- Fix false positive on NetBSD for "login". Thanks to Richard Ibbotson for
helping sort this out.
- Install main shell script and documentation.
chkwtmp.c
fix: del counter (Thanks to Dietrich Raisin)
chkproc.c
fix: better support for Linux threads
chkrootkit;
new rootkit detected: Madalin rootkit
top and find tests improved for Suse Linux
more ports added in the bindshell test
fix: FreeBSD false positives
fix: slammer detection
lots of minor bug fixes
modified by me.
chkrootkit is a tool to locally check for signs of a rootkit. It
contains:
* chkrootkit: a shell script that checks system binaries for
rootkit modification.
* ifpromisc.c: checks if the network interface is in promiscuous
mode.
* chklastlog.c: checks for lastlog deletions.
* chkwtmp.c: checks for wtmp deletions.
* check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
* chkproc.c: checks for signs of LKM trojans.
* chkdirs.c: checks for signs of LKM trojans.
* strings.c: quick and dirty strings replacement.
