rootkit-hunter
On Debian:
apt-cache show rkhunter
Package: rkhunter Priority: optional Section: admin Installed-Size: 476 Maintainer: Micah Anderson <micah@debian.org> Architecture: all Version: 1.2.8-3 Depends: wget, file, mailx, perl, debconf (>= 0.5) | debconf-2.0 Recommends: libmd5-perl Filename: pool/main/r/rkhunter/rkhunter_1.2.8-3_all.deb Size: 114020 MD5sum: 5d9a4a118a2e45ea09521500babc0794 Description: rootkit, backdoor, sniffer and exploit scanner Rootkit Hunter scans your system for known and unknown rootkits, backdoors, sniffers and exploits. . Some of the tests it does: - MD5 hash compare - Look for default files used by rootkits - Wrong file permissions for binaries - Look for suspected strings in LKM and KLD modules - Look for hidden files - Optional scan within plaintext and binary files . Please note that rkhunter does *not* guarantee your system has not been compromised! You should also run additional tests, e.g. using chkrootkit and other measures.
Valid paramters
--checkall (-c) : Check system --createlogfile* : Create logfile --cronjob : Run as cronjob (removes colored layout) --display-logfile : Show logfile at end of the output --help (-h) : Show this help --nocolors* : Don't use colors for output --report-mode* : Don't show uninteresting information for reports --report-warnings-only* : Show only warnings (lesser output than --report-mode , more than --quiet) --skip-application-check* : Don't run application version checks --skip-keypress* : Don't wait after every test (non-interactive) --quick* : Perform quick scan (instead of full scan) --quiet* : Be quiet (only show warnings) --update : Run update tool and check for database updates --version : Show version and quit --versioncheck : Check for latest version --bindir <bindir>* : Use <bindir> instead of using default binaries --configfile <file>* : Use different configuration file --dbdir <dir>* : Use <dbdir> as database directory --rootdir <rootdir>* : Use <rootdir> instead of / (slash at end) --tmpdir <tempdir>* : Use <tempdir> as temporary directory Explicit scan options: --allow-ssh-root-user* : Allow usage of SSH root user ogin --disable-md5-check* : Disable MD5 checks --disable-passwd-check* : Disable passwd/group checks --scan-knownbad-files* : Perform besides 'known good' check a 'known bad' che ck Multiple parameters are allowed *) Parameter can only be used with other parameters