|
|
|
|
|
|
by gasda
4950 days ago
|
|
|
I don't have access to a system with the root kit, but something like comparing the reported size of the file and the number of bytes you can read might work if ls -l /etc/rc.local | awk '{print $5}' != \
cat /etc/rc.local | wc -c Also looks like you might be able to see it running with a ps also. |
|
|