Determine whether the system is infected with a rootkit
chkrootkit [OPTION]... [TESTNAME]...
chkrootkit examines certain elements of the target system and deter‐ mines whether they have been tampered with. Some tools which chkrootkit applies while analyzing binaries and log files can be found at /usr/lib/chkrootkit.
-h Print a short help message and exit. -V Print version information and exit. -l Print available tests. -d Enter debug mode. -x Enter expert mode. -e Exclude known false positive files/dirs, quoted, space sepa‐ rated. -q Enter quiet mode. -r dir Use dir as the root directory. -p dir1:dir2:dirN Specify the path for the external commands used by chkrootkit. -n skip NFS mounted dirs
Manual page written by Yotam Rubin