How To Install rootcheck

Rootcheck Description:
"Rootcheck is an open source rootkit detection software. It scans the whole system looking for known rootkits and also for the presence of unknown rootkits and kernel level ones using anomaly detection. Rootcheck is also integrated with the OSSEC HIDS, providing a powerful host-based IDS solution. It includes log analysis, file integrity change detection and rootkit detection (all in one simple to use package). "
(Font:
http://www.ossec.net/ )

Login as root to your server

Download rootcheck source and install:
# wget http://www.ossec.net/rootcheck/files/rootcheck-0.7.tar.gz
# tar -xvzf rootcheck-0.7.tar.gz
# cd rootcheck-0.7
# ./install
# ./rootcheck.pl


It should be fine.

Remember to always look for updates in the signatures before using it, the signatures are posted at www.ossec.net/rootkits/

Check the manual and configuration options:
http://www.ossec.net/en/manual.html#config

1 Comments:

kuriharu said...

There is no install program; it has to be made from source. I can't get it to run.