rkdet rootkit detector

Andrew Daviel <andrew@vancouver-webpages.com>
February 2000 revised March 2001

Installation:

./configure      - customize
make check       - check message mangling
make             - build
make install     - install
make bare        - erase source and documentation

The file list "xfiles.txt" is the list of files which are verified.
This should be customised for the target system; the configure script
locates common programs.

The string list "xstrings.txt" lists system commands and messages.
The configure script may be used to set these or they may be
subsequently customised before running "make".

The checksum program "md5sum" may be first copied to an alternate
location and name to frustrate attempts to tamper with it.

The build process uses a pair of Perl scripts to mangle the file list etc. and
create corresponding include files for the main C program.


An RPM specification is included, so that RPM commands such as
 rpm -ba rkdet-0.51.spec
 rpm -hi rkdet-0.51.rpm
should work.

After installation, the source files should be removed from the system.
The README (under /usr/doc) and init.rc/rkdet may be customised for your 
site, so that curious authorized users have some way to discover what
this program is for, or at least that they should not mess with it.

