Rootcheck is an open source rootkit detection and system auditing software. It scans the whole system looking for known rootkits and for the presence of unknown (private or custom) rootkits and kernel level ones using anomaly detection. In addition to that, it checks your configuration looking for insecure options.
Rootcheck is integrated with the OSSEC HIDS, providing a powerful host-based IDS solution. It includes log analysis, file integrity change detection and rootkit detection (all in one simple to use package). For more information about the integration of Rootcheck with the OSSEC HIDS, look at www.ossec.net
How to use it
Rootcheck is a very simple software. Just unpack, compile and execute it. It will scan the system and print if it found or not anything.
[root@ossec ~]# tar -zxvf rootcheck-2.4.tar.gz
[root@ossec ~]# cd rootcheck-2.4
[root@ossec ~]# make all
[root@ossec ~]# ./ossec-rootcheck