rkhunter介绍
rkhunter是Linux下的一款开源入侵检测工具。
rkhunter具有比chrootkit更为全面的扫描范围。除rootkit特征码扫描外,rkhunter还支持端口扫描,常用开源软件版本和文件变动情况检查等。
rkhunter安装
wget -N http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Frkhunter%2F&ts=1293009026&use_mirror=ncu
gzip -d -c rkhunter-1.3.6.tar.gz | gtar xvf -
cd rkhunter-1.3.6
./installer.sh --install
./installer.sh --show |
rkhunter配置文件调整
sed -i 's/DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps"/DISABLE_TESTS="suspscan deleted_files"/' /etc/rkhunter.conf
sed -i 's/ALLOW_SSH_ROOT_USER=no/ALLOW_SSH_ROOT_USER=without-password/' /etc/rkhunter.conf
sed -i 's/#ATTRWHITELIST=\/bin\/ps/ATTRWHITELIST=\/bin\/ps/' /etc/rkhunter.conf
sed -i 's/#WRITEWHITELIST=\/bin\/ps/WRITEWHITELIST=\/bin\/ps/' /etc/rkhunter.conf
sed -i 's/#SCRIPTWHITELIST=\/sbin\/ifup/SCRIPTWHITELIST=\/sbin\/ifup/' /etc/rkhunter.conf
sed -i 's/#SCRIPTWHITELIST=\/sbin\/ifdown/SCRIPTWHITELIST=\/sbin\/ifdown/' /etc/rkhunter.conf
sed -i 's/#SCRIPTWHITELIST=\/usr\/bin\/groups/SCRIPTWHITELIST=\/usr\/bin\/groups/' /etc/rkhunter.conf
sed -i 's/#ALLOWHIDDENDIR=\/dev\/.udev/ALLOWHIDDENDIR=\/dev\/.udev/' /etc/rkhunter.conf
sed -i 's/#ALLOWHIDDENDIR=\/dev\/.udevdb/ALLOWHIDDENDIR=\/dev\/.udevdb/' /etc/rkhunter.conf
sed -i 's/#ALLOWHIDDENFILE=\/usr\/sbin\/.sshd.hmac/ALLOWHIDDENFILE=\/usr\/sbin\/.sshd.hmac/' /etc/rkhunter.conf
sed -i 's/#ALLOWHIDDENFILE=\/usr\/bin\/.ssh.hmac/ALLOWHIDDENFILE=\/usr\/bin\/.ssh.hmac/' /etc/rkhunter.conf
sed -i 's/#ALLOWHIDDENFILE=\/usr\/bin\/.fipscheck.hmac/ALLOWHIDDENFILE=\/usr\/bin\/.fipscheck.hmac/' /etc/rkhunter.conf
echo 'ALLOWHIDDENDIR=/dev/ida' >> /etc/rkhunter.conf
sed -i 's/#SCRIPTWHITELIST=\/sbin\/ifdown/SCRIPTWHITELIST=\/sbin\/ifdown/' /etc/rkhunter.conf
sed -i 's/#SCRIPTWHITELIST=\/usr\/bin\/groups/SCRIPTWHITELIST=\/usr\/bin\/groups/' /etc/rkhunter.conf
echo 'SCRIPTWHITELIST=/usr/bin/ldd' >> /etc/rkhunter.conf
echo 'SCRIPTWHITELIST=/usr/bin/whatis' >> /etc/rkhunter.conf
echo 'SCRIPTWHITELIST=/usr/bin/GET' >> /etc/rkhunter.conf
## 更新rkhunter数据库 ##
rkhunter --update
rkhunter --propupd
/usr/local/bin/rkhunter --cronjob -l --nomow --rwo |
rkhunter的crontab定期扫描
运行crontab -e添加以下信息。
3 * * * (/usr/local/bin/rkhunter --cronjob -l --nomow --rwo | mail -s "【标题】rkhunter report" 【邮箱】)
使用说明:
--checkall (or -c)
Check the system, performs all tests.
檢查系統並執行所有測試。
--createlogfile*
Create a logfile (default /var/log/rkhunter.log)
建立Log(預設產生於/var/log/rkhunter.log)
--cronjob
Run as cronjob (removes colored layout)
加入系統排程 (會自動拿掉彩色輸出)
--help (or -h)
Show help about usage
顯示說明及相關用法
--nocolors*
Don't use colors for output (some terminals don't like colors or extended layout characters)
不要使用顏色為輸出型式(一些Term Type對顏色或延長的顯示符號會有問題)
--report-mode*
Don't show uninteresting information for reports, like header/footer. Interesting when scanning from crontab or with usage of other applications.
若用 crontab 或其他用法時,如header/footer則不顯示
--skip-keypress*
Don't wait after every test (makes it non-interactive)
(不採互動)也就是不要每個測試後等待提示出現,按下 Enter 才能繼續
--quick*
Perform quick scan (instead of full scan). Skips some tests and performs some enhanced tests (less suitable for normal scans).
執行快的掃瞄(代替充分的掃瞄) 略過一些測試而執行某些加強的測試(對正常掃瞄而言,較不適當)。
--update
更新 hashes database
--version
Show version and quit
顯示版本並離開
--versioncheck
Check for latest version
檢查最新的版本 |
![[转]常见的nginx的配置选项](http://www.jiunile.com/wp-content/themes/xupeng/images/random/13.jpg)
![[转]为什么服务器上,我们要使用 CentOS](http://www.pubyun.com/blog/wp-includes/images/smilies/icon_smile.gif){kind=icon}
最新评论
如何建立自己的特征码呢? 我
怎么修改啊,帮帮忙啊,,,,
你好,我照您的方法做了之后,
可否请教,要如何的调整呢?
拜读……
您这个是是2003的服务器
安装上以后 发现运行了 直接
有点意思,不错!
你QQ号多少?我是智生道顾问
请问你是怎么修改的啊?为什么