rootcheck

base_directory

The base directory that will be prefixed to the following options:

• Check rootkits

• Check trojans

• Scan the /dev directory

• Check the hidden files using system calls

ignore

List of files or directories to be ignored (one entry per line). Multiple lines may be entered to include multiple files or directories. These files and directories will be ignored during scans.

Attributes:

scanall

Tells rootcheck to scan the entire system. This option may lead to some false positives.

readall

Allow Rootcheck read all system files and compare the bytes read with files size. With readall set to no, only these folders are checked: /bin, /sbin, /usr/bin, /usr/sbin, /dev, /lib, /etc, /root, /var/log, /var/mail, /var/lib, /var/www, /usr/lib, /usr/include, /tmp, /boot, /usr/local, /var/tmp and /sys.

frequency

Frequency that the rootcheck is going to be executed (in seconds).

disabled

Disables the execution of rootcheck.

check_dev

Enable or disable the checking of /dev.

check_if

Enable or disable the checking of network interfaces.

check_pids

Enable or disable the checking of process ID's.

check_ports

Enable or disable the checking of network ports.

check_sys

Enable or disable checking for anomalous file system objects.

skip_nfs

Enable or disable the scanning of network mounted filesystems (Works on Linux and FreeBSD). Currently, skip_nfs will exclude checking files on CIFS or NFS mounts.