最後更新: 2017-09-26
目錄
rkhunter - Rootkit Hunter
安裝:
apt-get install rkhunter
Check Version
rkhunter -V
Rootkit Hunter 1.4.2
使用:
rkhunter --update
rkhunter --checkall
Checking binaries
- /bin/*
- /sbin/*
- /usr/bin/*
- /usr/sbin/*
Configure File
/etc/rkhunter.conf
/etc/rkhunter.conf.local
-C, --config-check
use rootkits
--update # to check if there is a later version of any of its text data files.
[ Rootkit Hunter version 1.4.2 ] Checking rkhunter data files... Checking file mirrors.dat [ No update ] Checking file programs_bad.dat [ No update ] Checking file backdoorports.dat [ No update ] Checking file suspscan.dat [ No update ] .........
-c, --check # tells rkhunter to perform various checks
......... System checks summary ===================== File properties checks... Required commands check failed Files checked: 131 Suspect files: 4 Rootkit checks... Rootkits checked : 378 Possible rootkits: 0 Applications checks... All checks skipped The system checks took: 1 minute and 20 seconds All results have been written to the log file: /var/log/rkhunter/rkhunter.log One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter/rkhunter.log)
log file
/var/log/rkhunter/rkhunter.log
unhide
原理
- 對比 program ps 與 fs /proc 的不同
- 對比 program netstat 與 /proc 的不同
使用:
unhide-linux26 proc
unhide-linux26 sys
unhide-linux26 brute
unhide-tcp