Description
Finds local signs that a Linux system may have been altered by a rootkit. It is useful for administrators who want a quick terminal check for suspicious files, commands, kernel modules, or known compromise patterns.
A warning is a reason to investigate, not final proof by itself. Run it with appropriate permissions, compare results with trusted system data, and avoid making destructive cleanup decisions from one tool alone.