Linux:使用RKHunter检测Rootkit后门:修订间差异
imported>Soleverlee 以“下载[https://rootkit.nl/software/rootkit-hunter/ Rootkit Hunter],进行安装 <source lang="bash"> tar zxf rkhunter-<version>.tar.gz cd rkhunter-<version> ./instal...”为内容创建页面 |
imported>Soleverlee 无编辑摘要 |
||
| (未显示同一用户的1个中间版本) | |||
| 第11行: | 第11行: | ||
/usr/local/bin/rkhunter --checkall | /usr/local/bin/rkhunter --checkall | ||
</source> | </source> | ||
[[Image:RkHunter_Example.png | RkHunter检测的过程主要如下: | ||
[[Category:Unix | #进行系统命令的检查,主要是系统的二进制文件包括MD5检测 | ||
#检测常见的[[RootKit]]程序 | |||
#第三部分在检测木马以及可疑的文档 | |||
#对网络、系统端口、启动文件、用户组配置、SSH配置、文件系统等进行检测 | |||
#对应用程序版本进行检测 | |||
#进行一个检测总结 | |||
[[Image:RkHunter_Example.png|使用RkHunter检测后门程序]] | |||
<pre> | |||
System checks summary | |||
===================== | |||
File properties checks... | |||
Required commands check failed | |||
Files checked: 128 | |||
Suspect files: 3 | |||
Rootkit checks... | |||
Rootkits checked : 324 | |||
Possible rootkits: 0 | |||
Applications checks... | |||
Applications checked: 3 | |||
Suspect applications: 0 | |||
The system checks took: 16 minutes and 56 seconds | |||
All results have been written to the log file: /var/log/rkhunter.log | |||
One or more warnings have been found while checking the system. | |||
Please check the log file (/var/log/rkhunter.log) | |||
</pre> | |||
[[Category:Linux/Unix]] | |||
2015年4月3日 (五) 03:46的最新版本
下载Rootkit Hunter,进行安装
tar zxf rkhunter-<version>.tar.gz
cd rkhunter-<version>
./installer.sh --install
./installer.sh --examples
./installer.sh --help
执行系统检测,只需要:
/usr/local/bin/rkhunter --checkall
RkHunter检测的过程主要如下:
- 进行系统命令的检查,主要是系统的二进制文件包括MD5检测
- 检测常见的RootKit程序
- 第三部分在检测木马以及可疑的文档
- 对网络、系统端口、启动文件、用户组配置、SSH配置、文件系统等进行检测
- 对应用程序版本进行检测
- 进行一个检测总结
System checks summary
=====================
File properties checks...
Required commands check failed
Files checked: 128
Suspect files: 3
Rootkit checks...
Rootkits checked : 324
Possible rootkits: 0
Applications checks...
Applications checked: 3
Suspect applications: 0
The system checks took: 16 minutes and 56 seconds
All results have been written to the log file: /var/log/rkhunter.log
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)