Directly from: http://www.ossec.net/main/rootcheck-updated-to-v20
Rootcheck is responsible for the rootkit detection, system auditing and policy monitoring parts of OSSEC. However, if you want to check your systems without installing the whole OSSEC package, you can run Rootcheck separately to give you an quick status on how your system is going.
The rootcheck page is http://www.ossec.net/rootcheck/.
How to use it
Rootcheck is a very simple software. Just download, unpack, compile and execute it. It will scan the system and print if it found or not anything.
[root@ossec ~]# wget http://www.ossec.net/rootcheck/files/rootcheck-2.0.tar.gz
[root@ossec ~]# tar -zxvf rootcheck-2.0.tar.gz
[root@ossec ~]# cd rootcheck-2.0
[root@ossec ~]# make all
[root@ossec ~]# ./ossec-rootcheck