Linux:使用RKHunter检测Rootkit后门

下载Rootkit Hunter,进行安装

tar zxf rkhunter-<version>.tar.gz
cd rkhunter-<version>
./installer.sh --install
./installer.sh --examples
./installer.sh --help

执行系统检测，只需要：

/usr/local/bin/rkhunter --checkall

RkHunter检测的过程主要如下：

1. 进行系统命令的检查，主要是系统的二进制文件包括MD5检测
2. 检测常见的RootKit程序
3. 第三部分在检测木马以及可疑的文档
4. 对网络、系统端口、启动文件、用户组配置、SSH配置、文件系统等进行检测
5. 对应用程序版本进行检测
6. 进行一个检测总结

System checks summary
=====================

File properties checks...
    Required commands check failed
    Files checked: 128
    Suspect files: 3

Rootkit checks...
    Rootkits checked : 324
    Possible rootkits: 0

Applications checks...
    Applications checked: 3
    Suspect applications: 0

The system checks took: 16 minutes and 56 seconds

All results have been written to the log file: /var/log/rkhunter.log

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)