chkrootkit 0.41 is now available! This version includes:
* chkproc.c
- Fix for NPTL threading mechanisms; (thanks to Michael Griego)
- minor corrections;
* chkrootkit
- new test added: vdir
- new worm detected
- 55808.A Worm
- TC2 Worm
- new rootkits detected
- Volc
- Gold2
- Anonoying
- Suckit (improved)
- ZK (improved)
- minor corrections;
chkrootkit is a tool to locally check for signs of a rootkit. More
information about chkrootkit and rootkits can be found at
http://www.chkrootkit.org/.
chkrootkit's tarball and its MD5 checksum are available at:
*
ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
*
ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5
or at the chkrootkit's homepage, at:
*
http://www.chkrootkit.org/
//moderator.note:
WARNING.
I would urge anyone running a system with the following characteristics:
- ethernet devices *not* ifconfig'ed for promiscuous mode and,
- libpcap-based apps running in promiscuous mode
to use /sbin/ip from the "ip2route" package to check interface promiscuous mode manually.
Unfortunately Chkrootkit-0.41 hasn't fixed the problem, even tho the problem was discussed early april and a temporary solution presented to the Chkrootkit developer.
If you somehow trust me, you could try and apply a patch as a temporary fix.
My patch was made against chkrootkit-0.40 but since you only see plusses, you should be able to insert the code manually.
See
unspawn/packaging/chkrootkit for more info.