RKHunter-Rootkit后门检测工具基础使用手册
snow chuai汇总、整理、撰写—2020/2/28
1. 安装与设置RKHunter
1) 安装软件
[root@srv1 ~]# yum --enablerepo=epel install rkhunter -y
2) 配置RHKunter
[root@srv1 ~]# vim /etc/sysconfig/rkhunter
# 指定报告对象
MAILTO=root@localhost
# 设置为yes,会更详细的扫描
DIAG_SCAN=no
3) 更新数据库
[root@srv1 ~]# rkhunter --update
[ Rootkit Hunter version 1.4.6 ]
Checking rkhunter data files...
Checking file mirrors.dat [ Updated ]
Checking file programs_bad.dat [ Updated ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ Updated ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ Updated ]
Checking file i18n/en [ No update ]
Checking file i18n/tr [ Updated ]
Checking file i18n/tr.utf8 [ Updated ]
Checking file i18n/zh [ Updated ]
Checking file i18n/zh.utf8 [ Updated ]
Checking file i18n/ja [ Updated ]
4) 更新文件系统属性
[root@srv1 ~]# rkhunter --propupd
[ Rootkit Hunter version 1.4.6 ]
File created: searched for 176 files, found 135
|
2. 使用RKHunter
1) 执行检测
# 参数说明:
-c是--check参数 检测
--sk 跳过按[回车]键应答
--rwo 仅显示warnings的信息
[root@srv1 ~]# rkhunter -c --sk
[ Rootkit Hunter version 1.4.6 ]
Checking system commands...
Performing 'strings' command checks
Checking 'strings' command [ OK ]
Performing 'shared libraries' checks
Checking for preloading variables [ None found ]
Checking for preloaded libraries [ None found ]
Checking LD_LIBRARY_PATH variable [ Not found ]
Performing file properties checks
Checking for prerequisites [ OK ]
/usr/sbin/adduser [ OK ]
/usr/sbin/chkconfig [ OK ]
/usr/sbin/chroot [ OK ]
/usr/sbin/depmod [ OK ]
/usr/sbin/fsck [ OK ]
/usr/sbin/fuser [ OK ]
/usr/sbin/groupadd [ OK ]
/usr/sbin/groupdel [ OK ]
/usr/sbin/groupmod [ OK ]
/usr/sbin/grpck [ OK ]
/usr/sbin/ifconfig [ OK ]
/usr/sbin/ifdown [ OK ]
/usr/sbin/ifup [ OK ]
/usr/sbin/init [ OK ]
/usr/sbin/insmod [ OK ]
/usr/sbin/ip [ OK ]
/usr/sbin/lsmod [ OK ]
/usr/sbin/lsof [ OK ]
......
......
System checks summary
=====================
File properties checks...
Files checked: 135
Suspect files: 0
Rootkit checks...
Rootkits checked : 500
Possible rootkits: 0
Applications checks...
All checks skipped
The system checks took: 7551 minutes and 26 seconds
All results have been written to the log file: /var/log/rkhunter/rkhunter.log
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter/rkhunter.log)
2) RHKunter的自动检测
# RHKunter安装之后将自动加入到/etc/cron.daily/目录中,每日进行自动执行
[root@srv1 ~]# ls -l /etc/cron.daily/rkhunter
-rwxr-xr-x 1 root root 1745 Feb 26 2018 /etc/cron.daily/rkhunter
|
如对您有帮助,请随缘打个赏。^-^