Skip to content

YJesus/RCLocals

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
screenshots
 
 
LICENSE
 
 
README.md
 
 
rclocals.py
 
 
RCLocals Things covered: REQUIREMENTS USAGE Screenshots

README.md

RCLocals

Inspired by 'Autoruns' from Sysinternals, RCLocals analyzes all Linux startup possibilities to find backdoors, also performs process integrity verification, scan for DLL injected processes and much more

Things covered:

·List GPG keys trusted by the system

·Installed Packages

·File integrity

·Process integrity (process and libraries loaded in a process that not belongs to any installed package)

·Processes with name spoofed (processes that use prctl() to change their name in /bin/ps)

·CRON entries

·RC files

·X system startup files

·Active Systemd Units

·Systemd Timer Units

·tmpfiles.d

·linger users

·Hashing binaries and libs + searching in CYMRU malware hash registry https://team-cymru.com/community-services/mhr/

REQUIREMENTS

Debian/Ubuntu and derivatives: install debsums # apt-get install debsums

All platforms: pay attention to non default Python modules (colorama and DNS)

USAGE

For only suspicious information:

#python3 rclocals.py --triage

For detailed information:

#python3 rclocals.py --all

Screenshots

Keys and packages

File integrity

Process integrity

Process integrity

About

Linux startup analyzer

Resources

Readme

License

GPL-3.0 license
Activity

Stars

60 stars

Watchers

3 watching

Forks

15 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages