Rootcheck is responsible for the rootkit detection, system auditing and policy monitoring parts of OSSEC. However, if you want to check your systems without installing the whole OSSEC package, you can run Rootcheck separately to give you an quick status on how your system is going.
The rootcheck page is http://www.ossec.net/rootcheck/.
How to use it
Rootcheck is a very simple software. Just download, unpack, compile and execute it. It will scan the system and print if it found or not anything.
[root@ossec ~]# wget http://www.ossec.net/rootcheck/files/rootcheck-2.0.tar.gz
[root@ossec ~]# tar -zxvf rootcheck-2.0.tar.gz
[root@ossec ~]# cd rootcheck-2.0
[root@ossec ~]# make all
[root@ossec ~]# ./ossec-rootcheck
..
1 response so far ↓
Rootcheck updated to v2.0 // Mar 6, 2009 at 11:13 am
[...] from: http://www.ossec.net/main/rootcheck-updated-to-v20 Rootcheck is responsible for the rootkit detection, system auditing and policy monitoring parts of [...]
Leave a Comment