Inspired by 'Autoruns' from Sysinternals, RCLocals analyzes all Linux startup possibilities to find backdoors, also performs process integrity verification, scan for DLL injected processes and much more

Things covered:

·List GPG keys trusted by the system

·Installed Packages

·File integrity

·Process integrity (process and libraries loaded in a process that not belongs to any installed package)

·Processes with name spoofed (processes that use prctl() to change their name in /bin/ps)

·CRON entries

·RC files

·X system startup files

·Active Systemd Units

·Systemd Timer Units

·tmpfiles.d

·linger users

USAGE

For only suspicious information:

#python3 rclocals.py --triage

For detailed information:

#python3 rclocals.py --all

Screenshots