This file is indexed.

/usr/lib/tiger/doc/rootkit.txt is in tiger 1:3.2.3-10.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
%rootkit001f
A test was run on the 'ls' command to determine if it 'sees'
certain pathnames (e.g., '...','bnc','war',etc).  Tiger creates
a temporary directory, creates files with known hacker program
names/directories, and attempts an 'ls'.  If the 'ls' does not
recognize the file, a FAIL is issued
%rootkit002f
A test was run on the 'find' command to determine if it 'sees'
certain pathnames (e.g., '...','bnc','war',etc).  Tiger creates
a temporary directory, creates files with known hacker program
names/directories, and attempts an 'find'.  If the 'find' does 
not recognize the file, a FAIL is issued.
%rootkit003w
The 'chkrootkit' program has detected a suspicious directory
which might be an indication of an intrusion. 
A full analysis of the system is recommended to determine the 
presence of further signs of intrusion since a rootkit might have
been installed. 
%rootkit004w
The 'chkrootkit' program has detected a possible rootkit installation
A full analysis of the system is recommended to determine the 
presence of further signs of intrusion since a rootkit might have
been installed. 
%rootkit005a
The 'chkrootkit' program has detected a rootkit installation
A full analysis of the system is recommended to determine the 
presence of further signs of intrusion and to determine if the
rootkit is indeed installed.
%rootkit006a
A rootkit is installed by intruders in systems which have been
successfully compromised and in which they have obtained full
administrator privileges. The installation of a rootkit is 
an indication of a major system compromise.

If the installation of a rootkit is confirmed you are encouraged 
to power off the system and follow the steps outlined by
Steps for Recovering from a UNIX or NT System Compromise
(http://www.cert.org/tech_tips/root_compromise.html)