Area51 Roll: Users Guide: 
| ||
|---|---|---|
| Prev | Chapter 3. Using | Next |
To see if your frontend has been infected by a rootkit, simply run:
# /opt/chkrootkit/bin/chkrootkit |
This will return output similar to:
ROOTDIR is `/' Checking `amd'... not found Checking `basename'... not infected Checking `biff'... not found Checking `chfn'... not infected Checking `chsh'... not infected Checking `cron'... not infected Checking `date'... not infected Checking `du'... not infected Checking `dirname'... not infected Checking `echo'... not infected Checking `egrep'... not infected Checking `env'... not infected Checking `find'... not infected Checking `fingerd'... not found Checking `gpm'... not infected |
Make sure none of the tests report INFECTED.
For more information, login to the frontend and read /opt/chkrootkit/README.