This program is a daemon intended to catch someone installing a rootkit or running a packet sniffer.
The program regularly verifies the checksum of a small number of system files that are typically modified by a rootkit. This list of files is compiled into the program. The file list, together with the system commands and messages, are obfuscated in the compiled code to prevent someone from figuring out what the program is for by eyeballing the binary.
The obfuscation algorithm is simple, but is compiled into the program and does not depend on external programs or other libraries.
The program takes a single optional numeric argument. If odd (bit 0 set), the interface "eth0" is checked for promiscuous operation (packet sniffing). If bit 1 is clear, the program will delete the default route on the network when triggered. Of bit 1 is set, the program will disable the eth0 interface. Systems with multiple interfaces may require an alternate interface specification in "xstrings.txt", or modification of the program to disable multiple interfaces. If bit 2 is set, the program will only log events and not disconnect the network.
The command may be modified to "init 1" or "shutdown -h now" if desired, or to run a script such as "panic.sh" (included).
What's New in This Release:
· Added configure script.
· Do not trap if checksum program fails (due to load, etc.)