chkrootkit - Tool to locally check for signs of a rootkit

Property Value
Distribution CentOS 5
Repository FlexBox i386
Package name chkrootkit
Package version 0.48
Package release 14.el5
Package architecture i386
Package type rpm
Installed size 633.02 KB
Download size 285.38 KB
Official Mirror
chkrootkit is a tool to locally check for signs of a rootkit.
It contains:
* chkrootkit: shell script that checks system binaries for
rootkit modification.
* ifpromisc: checks if the network interface is in promiscuous mode.
* chklastlog: checks for lastlog deletions.
* chkwtmp: checks for wtmp deletions.
* chkproc: checks for signs of LKM trojans.
* chkdirs: checks for signs of LKM trojans.
* strings: quick and dirty strings replacement.
* chkutmp: checks for utmp deletions.


Package Version Architecture Repository
chkrootkit-0.49-9.el5.x86_64.rpm 0.49 x86_64 EPEL
chkrootkit-0.49-9.el5.i386.rpm 0.49 i386 EPEL
chkrootkit-0.49-1.el5.rf.i386.rpm 0.49 i386 Repoforge (RPMforge)
chkrootkit-0.49-1.el5.rf.x86_64.rpm 0.49 x86_64 Repoforge (RPMforge) 0.49 i386 Atomic 0.49 x86_64 Atomic
chkrootkit-0.48-14.el5.x86_64.rpm 0.48 x86_64 FlexBox
chkrootkit-0.47-1.el5.rf.i386.rpm 0.47 i386 Repoforge (RPMforge)
chkrootkit-0.47-1.el5.rf.x86_64.rpm 0.47 x86_64 Repoforge (RPMforge)
chkrootkit - - -


Name Value
/usr/bin/consolehelper -
config(chkrootkit) = 0.48-14.el5 - - - - - - -
rtld(GNU_HASH) -


Name Value
chkrootkit = 0.48-14.el5
config(chkrootkit) = 0.48-14.el5


Type URL
Binary Package chkrootkit-0.48-14.el5.i386.rpm
Source Package chkrootkit-0.48-14.el5.src.rpm

Install Howto

  1. Download latest flexbox-release rpm from
  2. Install flexbox-release rpm:
    # rpm -Uvh flexbox-release*rpm
  3. Install chkrootkit rpm package:
    # yum install chkrootkit




2009-07-24 - Fedora Release Engineering <> - 0.48-14
- Rebuilt for
2009-07-22 - Jon Ciesla <> 0.48-13
- Additional items in chkutmp patch.
2009-07-21 - Jon Ciesla <> 0.48-12
- Patch to fix crash in chkutmp on x86_64.
2009-02-24 - Michael Schwendt <> - 0.48-11
- update .desktop file for Icon Theme Specification
- no longer add X-Fedora category to .desktop file
- Fedora > 10: conditional BR glibc-static as needed for strings-static
2009-02-23 - Fedora Release Engineering <> - 0.48-10
- Rebuilt for
2008-07-15 - Tom "spot" Callaway <> - 0.48-9
- fix license tag
2008-05-30 - Michael Schwendt <> - 0.48-8
- Let chkproc default to procps version 3.
2008-04-09 - Michael Schwendt <> - 0.48-7
- Build with large file API (#441638).
2008-03-18 - Michael Schwendt <> - 0.48-6
- Delete the "suspect PHP files" check. Not only does it trigger
SIGPIPE for file names which contain special unescaped characters,
the second half is doubtful (it doesn't print any filenames and
gets confused by binary file contents).
2008-02-12 - Michael Schwendt <> - 0.48-5
- Fix the empty warning of the shell history files anomalies check.
- Initialise two variables in chkdirs.c to silence compiler.

See Also

Package Description
chrpath-0.13-6.el5.i386.rpm Modify rpath of compiled programs
cifs-utils-4.6-1.el5.i386.rpm Utilities for mounting and managing CIFS mounts
clamav-0.97.2-1.el5.i386.rpm Anti-virus software
clamav-db-0.97.2-1.el5.i386.rpm Virus database for clamav
clamav-devel-0.97.2-1.el5.i386.rpm Header files, libraries and development documentation for clamav
clamav-milter-0.97.2-1.el5.i386.rpm The Clam AntiVirus sendmail-milter Daemon
clamav-unofficial-sigs-3.7.1-1.centos5.noarch.rpm Clamav Anti Virus Unnoficial Sigs
clamd-0.97.2-1.el5.i386.rpm The Clam AntiVirus Daemon
clearsilver-0.10.4-2.el5.i386.rpm ClearSilver HTML template system
clearsilver-devel-0.10.4-2.el5.i386.rpm ClearSilver development package
conntrack-tools-0.9.15-1.el5.i386.rpm Tools to manipulate netfilter connection tracking table
ctdb-1.0.113-1.el5.i386.rpm A Clustered Database based on Samba's Trivial Database (TDB)
ctdb-devel-1.0.113-1.el5.i386.rpm CTDB clustered database development package
dhclient-4.1.1-9.centos5.i386.rpm Provides the dhclient ISC DHCP client daemon and dhclient-script
dhcp-4.1.1-9.centos5.i386.rpm Dynamic host configuration protocol software