Just wondering where to find docs on writing/updating rules for rootkit/rootcheck? Format and all that is what I am looking for. I am looking through the various root check files under etc/shared, but can't seem to find the syntax for these files in the docs. :-(
Any help/suggestions? -K