Reveal RootKit Code
Reveal Rootkit detects processes hidden by rootkits on POSIX systems.
Brought to you by:
jkahnert
Menu
▾
▴
Tree [51c924] master / History
| File | Date | Author | Commit |
|---|---|---|---|
| INSTALL | 2013-01-03 |
Juergen Kahnert
|
[e76ec0] 1.0.1 changes |
| Makefile | 2016-06-08 |
Juergen Kahnert
|
[0fa8c3] added fake name detection "-f" for FreeBSD |
| README | 2013-01-03 |
Juergen Kahnert
|
[e76ec0] 1.0.1 changes |
| SConstruct | 2016-06-08 |
Juergen Kahnert
|
[0fa8c3] added fake name detection "-f" for FreeBSD |
| changelog | 2016-10-20 |
Juergen Kahnert
|
[51c924] Bugfix for FreeBSD only: zombie check speedup n... |
| config.h | 2016-06-08 |
Juergen Kahnert
|
[0fa8c3] added fake name detection "-f" for FreeBSD |
| cron.example | 2016-06-08 |
Juergen Kahnert
|
[0fa8c3] added fake name detection "-f" for FreeBSD |
| license.txt | 2013-01-02 |
Juergen Kahnert
|
[a839bc] Initial commit |
| revealrk.1 | 2016-06-08 |
Juergen Kahnert
|
[0fa8c3] added fake name detection "-f" for FreeBSD |
| revealrk.c | 2016-10-20 |
Juergen Kahnert
|
[51c924] Bugfix for FreeBSD only: zombie check speedup n... |
Read Me
Reveal RootKit is intended to run out of cron or similar services on a regular
base and avoids verbose output as long as nothing was found.
revealrk searches for hidden processes. If you have a kernel mod rootkit
loaded into memory without hiding any process, don't expect to find anything.
Reveal RootKit was tested mainly on Linux, so you may find flaws on other
operating systems.
Let me know if you find a rootkit which isn't detected by revealrk and send me
a mail to: Jürgen Kahnert <Juergen.Kahnert@DESY.de>
Simply compile it with "scons". You can also use "make", but than you need to
edit config.h -- sorry, no configure script.
For a daily or hourly run, you may like to use the -p option. This increases
the process priority (nice -20) which speeds up the check on systems with heavy
load.
For a selftest use --fake-hidden, combine it with -s to see syslog output.
I don't wish you compromised systems, but if you have some, revealrk hopefully
helps you to find them.
VERSIONING
Minor version changes won't add new functionality, just bug fixes, new rootkit
signatures (only used to display the name of the rootkit) or added docs.
Major version changes will add new tests or new features.
Release 2 isn't in sight, yet.
CREDITS
revealrk is inspired by the fine work of Yago Jesus, see:
http://sourceforge.net/projects/unhide/
