This is a daemon software designed to capture the installation of rootkits or use of packet sniffers. It operates in the background to monitor such activity.
The installation process is smooth and straightforward, and it is designed to cause minimal disturbance to the multiuser system. Even upon upgrades or kernel changes, the program should not require rebuilding. One of the most impressive features of the program is that it regularly checks the checksum of a small number of system files that are often altered by rootkits. These files are compiled into the program, and together with system commands and messages, they are obfuscated in the compiled code to prevent unauthorized access to the program's purpose.
This program offers a single optional numeric argument. The interface "eth0" is checked for promiscuous operation (packet sniffing) if the first bit is odd (bit 0 is set). When the second bit is clear, the program will delete the default network route upon triggering. When the second bit is set, the program will disable the "eth0" interface. In systems with multiple interfaces, one may need an alternative interface specification in "xstrings.txt," or modify the program to disable multiple interfaces. If the command is set to bit 2, the program will restrict its functions to logging events only, and it will not disconnect the network.
The program also allows extensive customization options. The command may be modified to "init 1" or "shutdown -h now" if desired, or a script like "panic.sh" (included) can be run. The most recent update has added a configure script, and the program will no longer trap if the checksum program fails (due to load, etc.). I recommend this program to anyone who frequently works in high-risk areas and wants to ensure their systems are secure from potential threats.
Version 0.54: N/A