Rkdet 0.54 review (linux)

Add to Watch List

This program is a daemon intended to catch someone installing a rootkit or running a packet sniffer

License: GPL (GNU General Public License)
OS: Linux
File size: 0K
Developer: Andrew Daviel      
Price: $0.00
User Rating:  
0 stars award from rbytes.net

Rkdet 0.54 is monitoring software developed by Andrew Daviel.
This program is a daemon intended to catch someone installing a rootkit or running a packet sniffer. It is designed to run continually with a small footprint under an innocuous name. When triggered, it sends email, appends to a logfile, and disables networking or halts the system. it is designed to install with the minimum of disruption to a normal multiuser system, and should not require rebuilding with each kernel change or system upgrade.http://vancouver-webpages.com/rkdet/rkdet-0.54-2.i386.rpm

The program regularly verifies the checksum of a small number of system files that are typically modified by a rootkit. This list of files is compiled into the program. The file list, together with the system commands and messages, are obfuscated in the compiled code to prevent someone from figuring out what the program is for by eyeballing the binary.
The obfuscation algorithm is simple, but is compiled into the program and does not depend on external programs or other libraries.

The program takes a single optional numeric argument. If odd (bit 0 set), the interface "eth0" is checked for promiscuous operation (packet sniffing). If bit 1 is clear, the program will delete the default route on the network when triggered. Of bit 1 is set, the program will disable the eth0 interface. Systems with multiple interfaces may require an alternate interface specification in "xstrings.txt", or modification of the program to disable multiple interfaces. If bit 2 is set, the program will only log events and not disconnect the network.
The command may be modified to "init 1" or "shutdown -h now" if desired, or to run a script such as "panic.sh" (included).

What's New in This Release:

  • Added configure script.
  • Do not trap if checksum program fails (due to load, etc.)
    Rkdet 0.54 supports different languages (including english). It works with Linux.

    Downloading Rkdet 0.54 will take if you use fast ADSL connection.


    Download

    • 100mbit/s dedicated server
    • 100% availability


    Latest User Reviews

    Write a Rkdet Review

    Please register to submit reviews. Registration will grant you access to a number of features and capabilities otherwise unavailable.

    Rkdet related software

    • Rkdet 0.54
      This program is a daemon intended to catch someone installing a rootkit or running a packet sniffer
    • Template::Tutorial 2.15
      Template::Tutorial are template toolkit tutorials. This section includes tutorials on using the Template Toolkit
    • MathML::Entities 0.13
      MathML::Entities is a Perl module that can convert XHTML+MathML Named Entities to Numeric Character References. SYNOPSIS use M
    • TrackFS 0.0.7
      Trackfs is a small program that tracks file system changes -- creation, update and removal of fs objects -- of another program (or gr