FICHA · AUR

chkrootkit

Locally checks for signs of a rootkit

  • cli-tool
  • CLI
  • SECURITY
  • System
  • Launchable
  • Runs in terminal
official+codex · reviewed · May 30, 2026 description in en

Description

Finds local signs that a Linux system may have been altered by a rootkit. It is useful for administrators who want a quick terminal check for suspicious files, commands, kernel modules, or known compromise patterns.

A warning is a reason to investigate, not final proof by itself. Run it with appropriate permissions, compare results with trusted system data, and avoid making destructive cleanup decisions from one tool alone.

How to run

chkrootkit

Commands: chkrootkit

Permissions

Permissions not analysed for this source yet.