Reveal Rootkit detects processes hidden by rootkits. It is intended to run out of cron or similar services on a regular base and avoids verbose output as long as nothing was found. It’s fast and shouldn’t produce false positives. Reveal RootKit is tested mainly on Linux but should work on other POSIX systems with a /proc filesystem, too.
REQUIREMENTS
* C compiler
* scons (optional GNU make) Building and Installing scons on Any System: http://scons.org/doc/0.98.4/HTML/scons-user/x166.html
Design Goal:
+ avoid unnecessary output (run out of cron)
+ reduce false positives to almost zero
+ fast and efficient check
revealrk v1.2.1
Tested on:
* FreeBSD (9.0, 9.1)
* Linux
++ Debian (6.0, 7.0 )
++ Gentoo (12.1)
++ Red Hat Enterprise Linux (3, 4, 5, 6)
++ SuSE (7.2, 8.2)
++ Ubuntu (8.04, 10.04, 12.04, 14.04)
* OpenBSD (5.2)
* SunOS (5.6, 5.7, 5.8, 5.10)
Install requirements Debian/Ubuntu:
sudo apt-get install scons sudo apt-get install libcap-dev tar xf revealrk-1.2.1.tgz cd revealrk-1.2.1 sudo scons ./revealrk -h
Download: revealrk-1.2.1.tgz
Source: https://sourceforge.net/projects/revealrk