This file is indexed.

/usr/lib/tiger/html/rootkit.html is in tiger 1:3.2.3-10.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
<HR><PRE>








</PRE><HR>
<CENTER><H2> Documents for rootkit</H2></CENTER>
<A NAME="rootkit001f"><P><B>Code [rootkit001f]</B><P>
A test was run on the 'ls' command to determine if it 'sees'
certain pathnames (e.g., '...','bnc','war',etc). Tiger creates
a temporary directory, creates files with known hacker program
names/directories, and attempts an 'ls'. If the 'ls' does not
recognize the file, a FAIL is issued
<PRE>










</PRE><HR>
<A NAME="rootkit002f"><P><B>Code [rootkit002f]</B><P>
A test was run on the 'find' command to determine if it 'sees'
certain pathnames (e.g., '...','bnc','war',etc). Tiger creates
a temporary directory, creates files with known hacker program
names/directories, and attempts an 'find'. If the 'find' does
not recognize the file, a FAIL is issued.
<PRE>










</PRE><HR>
<A NAME="rootkit003w"><P><B>Code [rootkit003w]</B><P>
The 'chkrootkit' program has detected a suspicious directory
which might be an indication of an intrusion.
A full analysis of the system is recommended to determine the
presence of further signs of intrusion since a rootkit might have
been installed.
<PRE>










</PRE><HR>
<A NAME="rootkit004w"><P><B>Code [rootkit004w]</B><P>
The 'chkrootkit' program has detected a possible rootkit installation
A full analysis of the system is recommended to determine the
presence of further signs of intrusion since a rootkit might have
been installed.
<PRE>










</PRE><HR>
<A NAME="rootkit005a"><P><B>Code [rootkit005a]</B><P>
The 'chkrootkit' program has detected a rootkit installation
A full analysis of the system is recommended to determine the
presence of further signs of intrusion and to determine if the
rootkit is indeed installed.
<PRE>










</PRE><HR>
<A NAME="rootkit006a"><P><B>Code [rootkit006a]</B><P>
A rootkit is installed by intruders in systems which have been
successfully compromised and in which they have obtained full
administrator privileges. The installation of a rootkit is
an indication of a major system compromise.
<P>
If the installation of a rootkit is confirmed you are encouraged
to power off the system and follow the steps outlined by
Steps for Recovering from a UNIX or NT System Compromise
(http://www.cert.org/tech_tips/root_compromise.html)