Thế Giới Đồ Cổ | Diễn Đàn Mua Bán - Đăng Tin - Rao Vặt - Miễn PhíĐồ gỗ Mộc GiaQuạt Trần Kim Thuận Phong

  Các gian hàng đảm bảo  

Công nghệ - Số Hóa Hướng dẫn cài đặt Rootkit Hunter để scan Rootkits, backdoors và Exploits trong linux.

Xem trong 'Làng Tin Tức' đăng bởi Tin Tức - Kiến Thức, 1/6/16, [ Mã Tin: 45285 ] [177 lượt xem - 0 bình luận]

 1. SĐT :
  0922121289
  Địa Chỉ :
  50/19 Đường Chiến Lược, Phường Bình Trị Đông, Quận Bình Tân, Thành phố Hồ Chí Minh
  Gửi tin nhắn
  Rootkit Hunter là open source trên Linux/Unix, là một công cụ quét backdoors, rootkits và local exploits trên linux. Các bạn có thể tham khảo thêm tại https://rootkit.nl/projects/rootkit_hunter.html .


  1) Tải Rootkit Hunter.

  Để tạỉ Rootkit Hunter bạn có thể truy cập https://rootkit.nl/projects/rootkit_hunter.html và dùng lệnh wget để tải.

  Mã:
  wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz
  2) Cài đặt Rootkit Hunter.

  Để cài đặt Rootkit Hunter bạn cần dùng quyền root chạy các lệnh sau:

  Mã:
  tar -xvf rkhunter-1.4.2.tar.gz
  cd rkhunter-1.4.2
  ./installer.sh --layout default --install
  3) Cập nhật Rootkit Hunter.

  Để cập nhật Rootkit Hunter các bạn chạy lệnh sau :

  Mã:
  /usr/local/bin/rkhunter --update
  /usr/local/bin/rkhunter --propupd
  4) Tiến hành quét Rootkits, backdoors và Exploits.

  Để quét trên hệ thông các bạn dùng lệnh:

  Mã:
  /usr/local/bin/rkhunter --check
  Dưới đầy là hình ảnh khi quét Rootkits, backdoors và Exploits

  Mã:
  [root@test rkhunter-1.4.2]# rkhunter --check
  [ Rootkit Hunter version 1.4.2 ]
  Checking system commands...
   Performing 'strings' command checks
    Checking 'strings' command                [ OK ]
   Performing 'shared libraries' checks
    Checking for preloading variables            [ None found ]
    Checking for preloaded libraries             [ None found ]
    Checking LD_LIBRARY_PATH variable            [ Not found ]
   Performing file properties checks
    Checking for prerequisites                [ OK ]
    /usr/local/bin/rkhunter                 [ OK ]
    /sbin/chkconfig                     [ OK ]
    /sbin/depmod                       [ OK ]
    /sbin/fsck                        [ OK ]
    /sbin/fuser                       [ OK ]
    /sbin/ifconfig                      [ OK ]
    /sbin/ifdown                       [ Warning ]
    /sbin/ifup                        [ Warning ]
    /sbin/init                        [ OK ]
    /sbin/insmod                       [ OK ]
    /sbin/ip                         [ OK ]
    /sbin/lsmod                       [ OK ]
    /sbin/modinfo                      [ OK ]
    /sbin/modprobe                      [ OK ]
    /sbin/nologin                      [ OK ]
    /sbin/rmmod                       [ OK ]
    /sbin/route                       [ OK ]
    /sbin/rsyslogd                      [ OK ]
    /sbin/runlevel                      [ OK ]
    /sbin/sulogin                      [ OK ]
    /sbin/sysctl                       [ OK ]
    /bin/awk                         [ OK ]
    /bin/basename                      [ OK ]
    /bin/bash                        [ OK ]
    /bin/cat                         [ OK ]
    /bin/chmod                        [ OK ]
    /bin/chown                        [ OK ]
    /bin/cp                         [ OK ]
    /bin/cut                         [ OK ]
    /bin/date                        [ OK ]
    /bin/df                         [ OK ]
    /bin/dmesg                        [ OK ]
    /bin/echo                        [ OK ]
    /bin/egrep                        [ OK ]
    /bin/env                         [ OK ]
    /bin/fgrep                        [ OK ]
    /bin/find                        [ OK ]
    /bin/grep                        [ OK ]
    /bin/kill                        [ OK ]
    /bin/logger                       [ OK ]
    /bin/login                        [ OK ]
    /bin/ls                         [ OK ]
    /bin/mktemp                       [ OK ]
    /bin/more                        [ OK ]
    /bin/mount                        [ OK ]
    /bin/mv                         [ OK ]
    /bin/netstat                       [ OK ]
    /bin/ping                        [ OK ]
    /bin/ps                         [ OK ]
    /bin/pwd                         [ OK ]
    /bin/readlink                      [ OK ]
    /bin/rpm                         [ OK ]
    /bin/sed                         [ OK ]
    /bin/sh                         [ OK ]
    /bin/sort                        [ OK ]
    /bin/su                         [ OK ]
    /bin/touch                        [ OK ]
    /bin/uname                        [ OK ]
    /bin/gawk                        [ OK ]
    /usr/sbin/adduser                    [ OK ]
    /usr/sbin/chroot                     [ OK ]
    /usr/sbin/groupadd                    [ OK ]
    /usr/sbin/groupdel                    [ OK ]
    /usr/sbin/groupmod                    [ OK ]
    /usr/sbin/grpck                     [ OK ]
    /usr/sbin/lsof                      [ OK ]
    /usr/sbin/pwck                      [ OK ]
    /usr/sbin/sestatus                    [ OK ]
    /usr/sbin/sshd                      [ OK ]
    /usr/sbin/useradd                    [ OK ]
    /usr/sbin/userdel                    [ OK ]
    /usr/sbin/usermod                    [ OK ]
    /usr/sbin/vipw                      [ OK ]
    /usr/bin/awk                       [ OK ]
    /usr/bin/chattr                     [ OK ]
    /usr/bin/curl                      [ OK ]
    /usr/bin/cut                       [ OK ]
    /usr/bin/diff                      [ OK ]
    /usr/bin/dirname                     [ OK ]
    /usr/bin/du                       [ OK ]
    /usr/bin/env                       [ OK ]
    /usr/bin/file                      [ OK ]
    /usr/bin/find                      [ OK ]
    /usr/bin/groups                     [ OK ]
    /usr/bin/head                      [ OK ]
    /usr/bin/id                       [ OK ]
    /usr/bin/kill                      [ OK ]
    /usr/bin/killall                     [ OK ]
    /usr/bin/last                      [ OK ]
    /usr/bin/lastlog                     [ OK ]
    /usr/bin/ldd                       [ Warning ]
    /usr/bin/less                      [ OK ]
    /usr/bin/logger                     [ OK ]
    /usr/bin/lsattr                     [ OK ]
    /usr/bin/md5sum                     [ OK ]
    /usr/bin/newgrp                     [ OK ]
    /usr/bin/passwd                     [ OK ]
    /usr/bin/perl                      [ OK ]
    /usr/bin/pgrep                      [ OK ]
    /usr/bin/pkill                      [ OK ]
    /usr/bin/pstree                     [ OK ]
    /usr/bin/readlink                    [ OK ]
    /usr/bin/runcon                     [ OK ]
    /usr/bin/sha1sum                     [ OK ]
    /usr/bin/sha224sum                    [ OK ]
    /usr/bin/sha256sum                    [ OK ]
    /usr/bin/sha384sum                    [ OK ]
    /usr/bin/sha512sum                    [ OK ]
    /usr/bin/size                      [ OK ]
    /usr/bin/ssh                       [ OK ]
    /usr/bin/stat                      [ OK ]
    /usr/bin/strace                     [ OK ]
    /usr/bin/strings                     [ OK ]
    /usr/bin/sudo                      [ OK ]
    /usr/bin/tail                      [ OK ]
    /usr/bin/telnet                     [ OK ]
    /usr/bin/test                      [ OK ]
    /usr/bin/top                       [ OK ]
    /usr/bin/tr                       [ OK ]
    /usr/bin/uniq                      [ OK ]
    /usr/bin/users                      [ OK ]
    /usr/bin/vmstat                     [ OK ]
    /usr/bin/w                        [ OK ]
    /usr/bin/watch                      [ OK ]
    /usr/bin/wc                       [ OK ]
    /usr/bin/wget                      [ OK ]
    /usr/bin/whereis                     [ OK ]
    /usr/bin/which                      [ OK ]
    /usr/bin/who                       [ OK ]
    /usr/bin/whoami                     [ OK ]
    /usr/bin/gawk                      [ OK ]
    /etc/rkhunter.conf                    [ OK ]
  [Press <ENTER> to continue]
  Checking for rootkits...
   Performing check of known rootkit files and directories
    55808 Trojan - Variant A                 [ Not found ]
    ADM Worm                         [ Not found ]
    AjaKit Rootkit                      [ Not found ]
    Adore Rootkit                      [ Not found ]
    aPa Kit                         [ Not found ]
    Apache Worm                       [ Not found ]
    Ambient (ark) Rootkit                  [ Not found ]
    Balaur Rootkit                      [ Not found ]
    BeastKit Rootkit                     [ Not found ]
    beX2 Rootkit                       [ Not found ]
    BOBKit Rootkit                      [ Not found ]
    cb Rootkit                        [ Not found ]
    CiNIK Worm (Slapper.B variant)              [ Not found ]
    Danny-Boy's Abuse Kit                  [ Not found ]
    Devil RootKit                      [ Not found ]
    Dica-Kit Rootkit                     [ Not found ]
    Dreams Rootkit                      [ Not found ]
    Duarawkz Rootkit                     [ Not found ]
    Enye LKM                         [ Not found ]
    Flea Linux Rootkit                    [ Not found ]
    Fu Rootkit                        [ Not found ]
    Fuck`it Rootkit                     [ Not found ]
    GasKit Rootkit                      [ Not found ]
    Heroin LKM                        [ Not found ]
    HjC Kit                         [ Not found ]
    ignoKit Rootkit                     [ Not found ]
    IntoXonia-NG Rootkit                   [ Not found ]
    Irix Rootkit                       [ Not found ]
    Jynx Rootkit                       [ Not found ]
    KBeast Rootkit                      [ Not found ]
    Kitko Rootkit                      [ Not found ]
    Knark Rootkit                      [ Not found ]
    ld-linuxv.so Rootkit                   [ Not found ]
    Li0n Worm                        [ Not found ]
    Lockit / LJK2 Rootkit                  [ Not found ]
    Mood-NT Rootkit                     [ Not found ]
    MRK Rootkit                       [ Not found ]
    Ni0 Rootkit                       [ Not found ]
    Ohhara Rootkit                      [ Not found ]
    Optic Kit (Tux) Worm                   [ Not found ]
    Oz Rootkit                        [ Not found ]
    Phalanx Rootkit                     [ Not found ]
    Phalanx2 Rootkit                     [ Not found ]
    Phalanx2 Rootkit (extended tests)            [ Not found ]
    Portacelo Rootkit                    [ Not found ]
    R3dstorm Toolkit                     [ Not found ]
    RH-Sharpe's Rootkit                   [ Not found ]
    RSHA's Rootkit                      [ Not found ]
    Scalper Worm                       [ Not found ]
    Sebek LKM                        [ Not found ]
    Shutdown Rootkit                     [ Not found ]
    SHV4 Rootkit                       [ Not found ]
    SHV5 Rootkit                       [ Not found ]
    Sin Rootkit                       [ Not found ]
    Slapper Worm                       [ Not found ]
    Sneakin Rootkit                     [ Not found ]
    'Spanish' Rootkit                    [ Not found ]
    Suckit Rootkit                      [ Not found ]
    Superkit Rootkit                     [ Not found ]
    TBD (Telnet BackDoor)                  [ Not found ]
    TeLeKiT Rootkit                     [ Not found ]
    T0rn Rootkit                       [ Not found ]
    trNkit Rootkit                      [ Not found ]
    Trojanit Kit                       [ Not found ]
    Tuxtendo Rootkit                     [ Not found ]
    URK Rootkit                       [ Not found ]
    Vampire Rootkit                     [ Not found ]
    VcKit Rootkit                      [ Not found ]
    Volc Rootkit                       [ Not found ]
    Xzibit Rootkit                      [ Not found ]
    zaRwT.KiT Rootkit                    [ Not found ]
    ZK Rootkit                        [ Not found ]
  [Press <ENTER> to continue]
   Performing additional rootkit checks
    Suckit Rookit additional checks             [ OK ]
    Checking for possible rootkit files and directories   [ None found ]
    Checking for possible rootkit strings          [ None found ]
   Performing malware checks
    Checking running processes for suspicious files     [ None found ]
    Checking for login backdoors               [ None found ]
    Checking for suspicious directories           [ None found ]
    Checking for sniffer log files              [ None found ]
    Suspicious Shared Memory segments            [ None found ]
   Performing Linux specific checks
    Checking loaded kernel modules              [ OK ]
    Checking kernel module names               [ OK ]
  [Press <ENTER> to continue]
  Checking the network...
   Performing checks on the network ports
    Checking for backdoor ports               [ None found ]
   Performing checks on the network interfaces
    Checking for promiscuous interfaces           [ None found ]
  Checking the local host...
   Performing system boot checks
    Checking for local host name               [ Found ]
    Checking for system startup files            [ Found ]
    Checking system startup files for malware        [ None found ]
   Performing group and account checks
    Checking for passwd file                 [ Found ]
    Checking for root equivalent (UID 0) accounts      [ None found ]
    Checking for passwordless accounts            [ None found ]
    Checking for passwd file changes             [ None found ]
    Checking for group file changes             [ None found ]
    Checking root account shell history files        [ OK ]
   Performing system configuration file checks
    Checking for an SSH configuration file          [ Found ]
    Checking if SSH root access is allowed          [ Warning ]
    Checking if SSH protocol v1 is allowed          [ Not allowed ]
    Checking for a running system logging daemon       [ Found ]
    Checking for a system logging configuration file     [ Found ]
    Checking if syslog remote logging is allowed       [ Not allowed ]
   Performing filesystem checks
    Checking /dev for suspicious file types         [ Warning ]
    Checking for hidden files and directories        [ Warning ]
  [Press <ENTER> to continue]
  Checking application versions...
    Checking version of GnuPG                [ OK ]
    Checking version of OpenSSL               [ Warning ]
    Checking version of OpenSSH               [ OK ]
  System checks summary
  =====================
  File properties checks...
    Files checked: 132
    Suspect files: 3
  Rootkit checks...
    Rootkits checked : 378
    Possible rootkits: 0
  Applications checks...
    Applications checked: 3
    Suspect applications: 1
  The system checks took: 2 minutes and 37 seconds
  All results have been written to the log file: /var/log/rkhunter.log
  One or more warnings have been found while checking the system.
  Please check the log file (/var/log/rkhunter.log)
  Bạn có thể xem log lại tại /var/log/rkhunter.log

  Ngoài ra các bạn có thể dùng lệnh

  Mã:
  /usr/local/bin/rkhunter --help
  Để xem thêm các tùy chọn của Rootkit Hunter

   

  Khu vực quảng cáo


Google+
Xưa Và Nay