Rootcheck is an open source rootkit detection software. It scans the whole system looking for known rootkits and also for the presence of unknown (private or custom) rootkits and kernel level ones using anomaly detection.
Rootcheck is also integrated with the OSSEC HIDS, providing a powerful host-based IDS solution. It includes log analysis, file integrity change detection and rootkit detection (all in one simple to use package). For more information about the integration of Rootcheck with the OSSEC HIDS, look at www.ossec.net
How to use it
Rootcheck is a very simple software. Just unpack, compile and execute it. It will scan the system and print if it found or not anything.
Remember to always look for updates in the signatures before using it.
The signatures will be posted at www.ossec.net/rootkits/
[root@ossec ~]# tar -zxvf rootcheck-1.5.tar.gz
[root@ossec ~]# cd rootcheck-1.5
[root@ossec ~]# make all
[root@ossec ~]# ./ossec-rootcheck
..