GIAC Certified Incident Handler (GCIH) — Question 117

Which of the following tools uses common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures of the rootkits?

Answer options

• A. rkhunter
• B. OSSEC
• C. chkrootkit
• D. Blue Pill

Correct answer: C

Explanation

The correct answer is C, chkrootkit, as it specifically utilizes UNIX/Linux tools like strings and grep to detect rootkit signatures. rkhunter (A) and OSSEC (B) are also security tools, but they do not primarily rely on these specific commands for rootkit detection. Blue Pill (D) is a hypervisor-based rootkit and is not a tool for detecting rootkits.