1.下載檔案放置於/usr/local/src/

   wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz

2.解壓縮

   tar -zxvf rkhunter-1.4.0.tar.gz

3.安裝

   ./installer.sh --layout default --install 

   執行結果如下:

[root@dns rkhunter-1.4.0]# ./installer.sh --layout default --install
Checking system for:
Rootkit Hunter installer files: found
A web file download command: wget found
Starting installation:
Checking installation directory "/usr/local": it exists and is writable.
Checking installation directories:
Directory /usr/local/share/doc/rkhunter-1.4.0: creating: OK
Directory /usr/local/share/man/man8: exists and is writable.
Directory /etc: exists and is writable.
Directory /usr/local/bin: exists and is writable.
Directory /usr/local/lib64: exists and is writable.
Directory /var/lib: exists and is writable.
Directory /usr/local/lib64/rkhunter/scripts: creating: OK
Directory /var/lib/rkhunter/db: creating: OK
Directory /var/lib/rkhunter/tmp: creating: OK
Directory /var/lib/rkhunter/db/i18n: creating: OK
Installing check_modules.pl: OK
Installing filehashsha.pl: OK
Installing stat.pl: OK
Installing readlink.sh: OK
Installing backdoorports.dat: OK
Installing mirrors.dat: OK
Installing programs_bad.dat: OK
Installing suspscan.dat: OK
Installing rkhunter.8: OK
Installing ACKNOWLEDGMENTS: OK
Installing CHANGELOG: OK
Installing FAQ: OK
Installing LICENSE: OK
Installing README: OK
Installing language support files: OK
Installing rkhunter: OK
Installing rkhunter.conf: OK
Installation complete

4.更新系統是否有安裝新的功能指令,建議每次新安裝套件時,執行此指令

/usr/local/bin/rkhunter --update

執行結果如下:

[root@dns ~]# /usr/local/bin/rkhunter --update
[ Rootkit Hunter version 1.4.0 ]

Checking rkhunter data files...
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]

5.更新木馬特徵資料庫

/usr/local/bin/rkhunter --propupd

執行結果如下:

[root@dns ~]# /usr/local/bin/rkhunter --propupd
[ Rootkit Hunter version 1.4.0 ]
File created: searched for 167 files, found 138

6.檢查是否有更新版本

   範例版本目前為1.4.0

  /usr/local/bin/rkhunter --versioncheck

執行結果如下:

[root@dns ~]# /usr/local/bin/rkhunter --versioncheck
[ Rootkit Hunter version 1.4.0 ]

Checking rkhunter version...
This version : 1.4.0
Latest version: 1.4.0

7.設定cron自動執行排程,每日自動執行

    7.1.建立排程執行檔

          vi /etc/cron.daily/rkhunter.sh

           內容如下:

#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --propud
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run' 你的管理者電子郵件信箱

   7.2.更改執行檔權限

         chmod 755 /etc/cron.daily/rkhunter.sh

8.刪除安裝原始檔案

   rm -Rf /usr/local/src/rkhunter*

 

 

其他:

1.掃描全系統

/usr/local/bin/rkhunter -c

執行最後結果:

System checks summary
=====================

File properties checks...
Files checked: 138
Suspect files: 4

Rootkit checks...
Rootkits checked : 311
Possible rootkits: 0

Applications checks...
Applications checked: 6
Suspect applications: 1

The system checks took: 6 minutes and 0 seconds

All results have been written to the log file (/var/log/rkhunter.log)

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)

 

2.檢查rkhunter設定檔

   /usr/local/bin/rkhunter -C

3.無互動掃描,掃描時使用者無需再按下Enter按鍵繼續執行

/usr/local/bin/rkhunter -c -sk

       

 

 

資料來源:

http://www.rootkit.nl/projects/rootkit_hunter.html

http://www.woktron.com/secure/knowledgebase/79/Installation-Rootkit-Hunter-rkhunter-on-CentOS-5-and-6.html

,

K 發表在 痞客邦 PIXNET 留言(0) 人氣()