Root Check Published: Aug 25, 2004
  • Rating


RootCheck scans the system looking for possible trojans ,scans the ports for malicious activity ,and checks for rootkits,and also the logs,permissions and more.

RootCheck scans the system looking for possible  trojans ,scans the ports for malicious activity ,and checks for rootkits,and also the logs,permissions and more.

Installation Instructions
Login to your server and su to root.


tar -xvzf rootcheck-0.4.tar.gz
cd rootcheck-0.4

This will take you to an interactive installtion. Make sure you have CPAN on your box because rootcheck requires the Perl Modules IO::Interface.

If the installtion is finished you will get this message

Compilation sucessfull. Ready to go.
 That's it! If everything went ok, you should be ready
 to run RootCheck. If you any doubts about installation,
 please refer to INSTALL file.
 You can also find additional information at : 
Improves, patches, comments are very welcome.

Scanning the System
Now you are ready to run rootcheck.

There are quite a few options butthe simplest one is


If the installation was perfect you would get a progress screen of the scan after which the results wiill be writen into results.txt the result is quite explanatory and gives details of all suspected files.

There is also an example file that explains the different options for root check
More Information about rootcheck is available at

Submitted by: Dinesh

  • Rating


Related Articles

Comments (12)

  • Gravatar - domper
    domper 22:43, August 28, 2004
    Can I install rootcheck if I have directadmin as web control panel on my server?.
  • Gravatar - WHG - Steve
    WHG - Steve 21:39, August 29, 2004
    Yes, the type of control panel shouldn't matter.
  • Gravatar - vijay kumar
    vijay kumar 12:41, September 19, 2004
    very nice tutorial thanks i tried and found it very useful
  • Gravatar - ParisDNS
    ParisDNS 10:30, May 18, 2005
    Got error when rnning ./ :<br />
    <br />
    Can't locate IO/ in @INC (@INC contains: /usr/lib/perl5/5.8.6/i686-linux /usr/lib/perl5/5.8.6 /usr/lib/perl5/site_perl/5.8.6/i686-linux /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl .) at mods/ line 22.<br />
    BEGIN failed--compilation aborted at mods/ line 22.<br />
    Compilation failed in require at ./ line 60.
  • Gravatar - Hesham
    Hesham 22:07, November 20, 2005
    The provided URL is not working!
  • Gravatar - sinangunay
    sinangunay 09:03, December 17, 2005
    Because new version is avaliable, and changed the usage of script.<br />
    please try,<br />
  • Gravatar - codeunix
    codeunix 18:22, July 14, 2006
    the new url link is:<br />
  • Gravatar - cyberspace
    cyberspace 08:20, November 6, 2006
    ParisDNS, you need to install the perl module called IO::Interface
  • Gravatar - Brendan RTG
    Brendan RTG 07:26, January 9, 2007
    root@jade [/downloads]# tar -xvzf rootcheck-0.4.tar.gz<br />
    <br />
    gzip: stdin: not in gzip format<br />
    tar: Child returned status 1<br />
    tar: Error exit delayed from previous errors<br />
    root@jade [/downloads]#<br />
  • Gravatar - Rudi
    Rudi 11:36, February 1, 2007
    Does anyone run the check via cron? And if so, how often?
  • Gravatar - Rich
    Rich 15:04, July 31, 2009
    404 error<br />
    wget<br />
    Is not found ?<br />
    <br />
    Thanks<br />
  • Gravatar - Jim
    Jim 16:26, September 3, 2009
    Updated shell commands:<br />
    <br />
    Installing and Running Rootcheck from Shell:<br />
    <br />
    wget <br />
    # tar -zxvf rootcheck-2.0.tar.gz<br />
    # cd rootcheck-2.0<br />
    # make all<br />
    # ./ossec-rootcheck

Add Your Thoughts is a hosting directory, not a web host.

Copyright © 1998-2018