스터디그룹 > LINUX 게시판 > [보안] rkhunter 로 루트킷을 확인한다.

wget http://downloads.rootkit.nl/rkhunter-1.2.1.tar.gz 다운 받는다

./install.sh 실행한다.

rkhunter -c 체크한다.

끝

http://blog.naver.com/realnaut/120018264227

안녕하세요.
http://www.rootman.co.kr 운영자 정찬호입니다.

rkhunter는 rootkit을 찾아 주는 유틸리티로 설치도 간단하고 보는 법도 간단합니다.
또한 중요 파일에 대한 위, 변조를 알려 주어 관리자로 하여금 약간 안도감을 주는^^ 프로그램이죠.

혹시 모르셨던 분들 한 번 써 보세요.
도움이 꼭 되시길 바라면서.

Have a good time !

1. 관련사이트
   http://www.rootkit.nl/projects/rootkit_hunter.html

2. 소스 다운로드
   (1) http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz
   (2) http://mirror.1day.co.kr/download/Security/rkhunter-1.2.7.tar.tar

3. 설치
[root@ns1 /usr/local/src]# tar xvfz rkhunter-1.2.7.tar.tar
[root@ns1 /usr/local/src]# cd rkhunter-1.2.7
[root@ns1 rkhunter-1.2.7]# ./installer.sh
Rootkit Hunter installer 1.2.7 (Copyright 2003-2005, Michael Boelen)
---------------
Starting installation/update

Checking /usr/local... OK
Checking file retrieval tools... /usr/bin/wget
Checking installation directories...
- Checking /usr/local/rkhunter...Created
- Checking /usr/local/rkhunter/etc...Created
- Checking /usr/local/rkhunter/bin...Created
- Checking /usr/local/rkhunter/lib/rkhunter/db...Created
- Checking /usr/local/rkhunter/lib/rkhunter/docs...Created
- Checking /usr/local/rkhunter/lib/rkhunter/scripts...Created
- Checking /usr/local/rkhunter/lib/rkhunter/tmp...Created
- Checking /usr/local/etc...Exists
- Checking /usr/local/bin...Exists
Checking system settings...
- Perl... OK
Installing files...
Installing Perl module checker... OK
Installing Database updater... OK
Installing Portscanner... OK
Installing MD5 Digest generator... OK
Installing SHA1 Digest generator... OK
Installing Directory viewer... OK
Installing Database Backdoor ports... OK
Installing Database Update mirrors... OK
Installing Database Operating Systems... OK
Installing Database Program versions... OK
Installing Database Program versions... OK
Installing Database Default file hashes... OK
Installing Database MD5 blacklisted files... OK
Installing Changelog... OK
Installing Readme and FAQ... OK
Installing Wishlist and TODO... OK
Installing RK Hunter configuration file... OK
Installing RK Hunter binary... OK
Configuration updated with installation path (/usr/local/rkhunter)

Installation ready.
See /usr/local/rkhunter/lib/rkhunter/docs for more information. Run 'rkhunter' (/usr/local/bin/rkhunter)

4. 실행 파일 복사
[root@ns1 rkhunter-1.2.7]# cp rkhunter /usr/sbin/

5. 시스템 검사하기
(1) 검사 레포트 crt 출력
[root@ns1 rkhunter-1.2.7]# rkhunter -c

(2) 검사 파일 저장하기
[root@ns1 rkhunter-1.2.7]# rkhunter --checkall --createlogfile
....
....
---------------------------- Scan results ----------------------------
MD5
MD5 compared: 0
Incorrect MD5 checksums: 0

File scan
Scanned files: 342
Possible infected files: 0

Application scan
Vulnerable applications: 3

Scanning took 365 seconds
Scan results written to logfile (/var/log/rkhunter.log)

6. 버전 확인하기
[root@ns1 rkhunter-1.2.7]# /usr/local/bin/rkhunter --versioncheck
http://www.rootkit.nl/rkhunter/rkhunter_latest.dat

Rootkit Hunter 1.2.3, copyright Michael Boelen

This version:   1.2.3
Latest version: 1.2.7
Update available

7. rkhunter 업데이트하기
[root@ns1 root]# /usr/local/bin/rkhunter --update
Running updater...

Mirrorfile /usr/local/rkhunter/lib/rkhunter/db/mirrors.dat rotated
Using mirror http://www.rootkit.nl/rkhunter
[DB] Mirror file : Update available
Action: Database updated (current version: 2005033000, new version 2005050700)
[DB] MD5 hashes system binaries    : Update available
Action: Database updated (current version: 2005041000, new version 2005080200)
[DB] Operating System information    : Update available
Action: Database updated (current version: 2005032500, new version 2005091100)
[DB] MD5 blacklisted tools/binaries   : Up to date
[DB] Known good program versions : Update available
Action: Database updated (current version: 2005040300, new version 2005071500)
[DB] Known bad program versions    : Update available
Action: Database updated (current version: 2005040300, new version 2005071500)

Ready.

- 이상 -