From f5dbab9ba61b522e63bad10ee6e1c1d26f040fb9 Mon Sep 17 00:00:00 2001 From: Markus Frei Date: Mon, 29 Jul 2024 17:20:08 +0200 Subject: [PATCH] scanrootkit: Update README --- check-plugins/scanrootkit/README.rst | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/check-plugins/scanrootkit/README.rst b/check-plugins/scanrootkit/README.rst index b63b147b..270b6bf3 100644 --- a/check-plugins/scanrootkit/README.rst +++ b/check-plugins/scanrootkit/README.rst @@ -85,14 +85,20 @@ Output: .. code-block:: text - 1 rootkit item found. [CRITICAL] - * CiNIK Worm (Slapper.B variant): /tmp/.cinik (File) + Found 1 rootkit item and 0 extra items. 3 possible rootkit items found. + Rootkits: + * ENYE LKM v1.1, v1.2: /etc/.enyelkmHIDE^IT.ko (File) + Possible Rootkits: + * Components for Backdoors: /usr/info/.clib (File) + * Components for BillGates botnet: /etc/ksapd (File) + * Components for BillGates botnet: /etc/kysapd (File) States ------ * WARN or CRIT if rootkit items are found, depending on the severity (default: CRIT) +* WARN if only possible rootkit items are found, regardless of the selected severity. Perfdata / Metrics @@ -104,6 +110,8 @@ Perfdata / Metrics Name, Type, Description rootkit_items, Number, The number of rootkit items found on the system. + rootkit_extra, Number, Number of rootkit items found by a specific deep scan. + rootkit_possible, Number, Number of possible rootkit items found on the system. Credits, License