Zeppoo allows you to detect rootkits on the i386 architecture under Linux by using /dev/kmem and /dev/mem. It can also detect hidden tasks, modules, syscalls, some corrupted symbols, and hidden connections. Anti-Rootkits which don't use these methods can be fooled easily.
|Operating Systems||POSIX Linux|
Release Notes: Red Hat and Ubuntu are supported with the -r option. MD5 is used. AMD64 is supported. /proc/kallsyms was added. Many bugs were fixed.
Release Notes: Execution of a binary (through execve or binfmt) is checked. Symbol verification was added (only for execve).
Release Notes: The global option -z was added. Resolving symbols is now more portable.
Release Notes: Some bugfixes and code cleanup.
No changes have been submitted for this release.