Provided by: chkrootkit_0.55-4_amd64 bug

NAME
       chkrootkit - Scan the system for signs of rootkits


SYNOPSIS
       chkrootkit [OPTION]... [TESTNAME]...


DESCRIPTION
       chkrootkit  examines  the  target  system  for  signs  that  it  has been tampered with. Some tools which
       chkrootkit uses can be found in /usr/lib/chkrootkit.


OPTIONS
       Unlike usual programmes, options cannot be 'combined', so you cannot need to  write  '-q -n'  instead  of
       '-qn'

       -q     Enter quiet mode. This suppresses output of tests that find nothing suspicious.

       -x     Enter expert mode. This makes many tests produces additional output showing what they have found.

       -d     Enter  debug  mode. This shows exactly what chkrootkit is doing at every step (it includes running
              chkrootkit with 'set -x').

       -e "FILE1[ FILE2...]"
              Exclude listed files from the results of some tests. The list should be pace-separated (which will
              generally require quoting when run from a shell. You can also specify -e several times). Use  this
              to     remove     false     positives     from    the    result    of    many    tests    -    see
              /usr/share/doc/chkrootkit/README.FALSE-POSITIVES.

       -s REGEXP
              Similar to -e but only applies to the result of the sniffer test.  This test  will  flag  standard
              network     managers     like    systemd-networkd(1), NetworkManager(1) or wpa_supplicant(1)    as
              PACKET SNIFFER s,  and  you  can  remove  such  messages  from  the  output  with  something  like
              chkrootkit -s '(systemd-netword|NetworkManager|wpa_supplicant)',  where the argument lists whicher
              managers you expect to be present. The argument  can  be  any  regular  expression  understood  by
              egrep(1).

       -p DIR1[:DIR2...]
              Specify  an  alternative  $PATH.   chkrootkit  assumes  that  standard  programmes,  like  find(1)
              andgrep(1), are uncompromised. The intention is that you place trusted copies where they cannot be
              modified and invoke with something like chkrootkit -p /media/usb

       -r     DIR Use DIR as the root directory. For example, you might mount a disk on an uncompromised  system
              and run chkrootkit-r/mnt

       -n     make some tests ignore NFS-mounted directories.

       -l     Print available tests. These are the following:
              aliens  asp  bindshell  lkm  rexedcs sniffer w55808 wted scalper slapper z2 chkutmp OSX_RSPLUG amd
              basename biff chfn chsh cron crontab date du dirname echo egrep env find fingerd gpm  grep  hdparm
              su  ifconfig  inetd inetdconf identd init killall  ldsopreload login ls lsof mail mingetty netstat
              named passwd pidof pop2 pop3 ps pstree rpcinfo rlogind rshd slogin sendmail sshd syslogd tar  tcpd
              tcpdump top telnetd timed traceroute vdir w write

       -h     Print a short help message and exit.

       -V     Print version information and exit.


AUTHOR
       Manual page written by Yotam Rubin <yotam@makif.omer.k12.il>, Marcos Fouces <marcos@debian.org> and lantz
       moore <lmoore@debian.org> for the Debian project. It may be used by others.


SEE ALSO
       strings(1) chklastlog(8) chkwtmp(8)

                                                  Oct 23, 2021                                     chkrootkit(8)