Old Rootkits

OSquery

old_rootkits:

Query

select * from file where path in ('/usr/include/rpc/ ../kit', '/usr/include/rpc/ ../kit2', '/usr/doc/.sl', '/usr/doc/.sp', '/usr/doc/.statnet', '/usr/doc/.logdsys', '/usr/doc/.dpct', '/usr/doc/.gifnocfi', '/usr/doc/.dnif', '/usr/doc/.nigol');

Additional Query Info

  • Platform: linux
  • Interval: 3600

JSON

{
  "queries": {
    "Old Rootkits": {
      "query": "select * from file where path in ('/usr/include/rpc/ ../kit', '/usr/include/rpc/ ../kit2', '/usr/doc/.sl', '/usr/doc/.sp', '/usr/doc/.statnet', '/usr/doc/.logdsys', '/usr/doc/.dpct', '/usr/doc/.gifnocfi', '/usr/doc/.dnif', '/usr/doc/.nigol');",
      "interval": "3600",
      "platform": "linux",
      "version": "",
      "description": "old_rootkits",
      "value": ""
    }
  }
}