chkrootkit-0.41-0.i386.rpm


chkrootkit-0.41-0.i386.rpm

---------------------------------------------------------
Configuration results:

Default configuration.
---------------------------------------------------------

root@nostromo:/usr/src/redhat/RPMS/i386# rpm -qpi chkrootkit-0.41-0.i386.rpm 
Name        : chkrootkit                   Relocations: (not relocateable)
Version     : 0.41                              Vendor: Weyland Yutani
Release     : 0                             Build Date: Fri Aug  1 11:43:05 2003
Install date: (not installed)               Build Host: nostromo.pLANetOne.at
Group       : Applications/System           Source RPM: chkrootkit-0.41-0.src.rpm
Size        : 514761                           License: COPYRIGHTED
Packager    : Nostromo Eiljeen
URL         : http://www.chkrootkit.org
Summary     : A tool to locally check for signs of a rootkit.
Description :
chkrootkit is a tool to locally check for signs of a rootkit. It contains:

 * chkrootkit: shell script that checks system binaries for rootkit
  modification. The following tests are made:

  o aliens asp bindshell lkm rexedcs sniffer wted scalper slapper z2 amd
    basename biff chfn chsh cron date du dirname echo egrep env find fingerd
    gpm grep hdparm su ifconfig inetd inetdconf init identd killall ldsopreload
    login ls lsof mail mingetty netstat named passwd pidof pop2 pop3 ps pstree
    rpcinfo rlogind rshd slogin sendmail sshd syslogd tar tcpd tcpdump top
    telnetd timed traceroute vdir w write

 * ifpromisc.c: checks if the interface is in promiscuous mode.
 * chklastlog.c: checks for lastlog deletions.
 * chkwtmp.c: checks for wtmp deletions.
 * check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
 * chkproc.c: checks for signs of LKM trojans.
 * chkdirs.c: checks for signs of LKM trojans.
 * strings.c: quick and dirty strings replacement.

root@nostromo:/usr/src/redhat/RPMS/i386# rpm -qpR chkrootkit-0.41-0.i386.rpm
/bin/sh  
/bin/sh  
libc.so.6  
libc.so.6(GLIBC_2.0)  
libc.so.6(GLIBC_2.1)  
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1

root@nostromo:/usr/src/redhat/RPMS/i386# rpm -qpl chkrootkit-0.41-0.i386.rpm
/etc/cron.weekly/chkrootkit-check
/etc/sysconfig/chkrootkit
/usr/lib/chkrootkit-0.41
/usr/lib/chkrootkit-0.41/check_wtmpx
/usr/lib/chkrootkit-0.41/chkdirs
/usr/lib/chkrootkit-0.41/chklastlog
/usr/lib/chkrootkit-0.41/chkproc
/usr/lib/chkrootkit-0.41/chkrootkit
/usr/lib/chkrootkit-0.41/chkwtmp
/usr/lib/chkrootkit-0.41/ifpromisc
/usr/lib/chkrootkit-0.41/strings
/usr/share/doc/chkrootkit-0.41
/usr/share/doc/chkrootkit-0.41/ACKNOWLEDGMENTS
/usr/share/doc/chkrootkit-0.41/COPYRIGHT
/usr/share/doc/chkrootkit-0.41/README
/usr/share/doc/chkrootkit-0.41/README.chklastlog
/usr/share/doc/chkrootkit-0.41/README.chkwtmp
/usr/share/doc/chkrootkit-0.41/chkrootkit.lsm