1.下載檔案放置於/usr/local/src/
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
2.解壓縮
tar -zxvf rkhunter-1.4.0.tar.gz
3.安裝
./installer.sh --layout default --install
執行結果如下:
[root@dns rkhunter-1.4.0]# ./installer.sh --layout default --install
Checking system for:
Rootkit Hunter installer files: found
A web file download command: wget found
Starting installation:
Checking installation directory "/usr/local": it exists and is writable.
Checking installation directories:
Directory /usr/local/share/doc/rkhunter-1.4.0: creating: OK
Directory /usr/local/share/man/man8: exists and is writable.
Directory /etc: exists and is writable.
Directory /usr/local/bin: exists and is writable.
Directory /usr/local/lib64: exists and is writable.
Directory /var/lib: exists and is writable.
Directory /usr/local/lib64/rkhunter/scripts: creating: OK
Directory /var/lib/rkhunter/db: creating: OK
Directory /var/lib/rkhunter/tmp: creating: OK
Directory /var/lib/rkhunter/db/i18n: creating: OK
Installing check_modules.pl: OK
Installing filehashsha.pl: OK
Installing stat.pl: OK
Installing readlink.sh: OK
Installing backdoorports.dat: OK
Installing mirrors.dat: OK
Installing programs_bad.dat: OK
Installing suspscan.dat: OK
Installing rkhunter.8: OK
Installing ACKNOWLEDGMENTS: OK
Installing CHANGELOG: OK
Installing FAQ: OK
Installing LICENSE: OK
Installing README: OK
Installing language support files: OK
Installing rkhunter: OK
Installing rkhunter.conf: OK
Installation complete
4.更新系統是否有安裝新的功能指令,建議每次新安裝套件時,執行此指令
/usr/local/bin/rkhunter --update
執行結果如下:
[root@dns ~]# /usr/local/bin/rkhunter --update
[ Rootkit Hunter version 1.4.0 ]
Checking rkhunter data files...
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]
5.更新木馬特徵資料庫
/usr/local/bin/rkhunter --propupd
執行結果如下:
[root@dns ~]# /usr/local/bin/rkhunter --propupd
[ Rootkit Hunter version 1.4.0 ]
File created: searched for 167 files, found 138
6.檢查是否有更新版本
範例版本目前為1.4.0
/usr/local/bin/rkhunter --versioncheck
執行結果如下:
[root@dns ~]# /usr/local/bin/rkhunter --versioncheck
[ Rootkit Hunter version 1.4.0 ]
Checking rkhunter version...
This version : 1.4.0
Latest version: 1.4.0
7.設定cron自動執行排程,每日自動執行
7.1.建立排程執行檔
vi /etc/cron.daily/rkhunter.sh
內容如下:
#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --propud
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run' 你的管理者電子郵件信箱
7.2.更改執行檔權限
chmod 755 /etc/cron.daily/rkhunter.sh
8.刪除安裝原始檔案
rm -Rf /usr/local/src/rkhunter*
其他:
1.掃描全系統
/usr/local/bin/rkhunter -c
執行最後結果:
System checks summary
=====================
File properties checks...
Files checked: 138
Suspect files: 4
Rootkit checks...
Rootkits checked : 311
Possible rootkits: 0
Applications checks...
Applications checked: 6
Suspect applications: 1
The system checks took: 6 minutes and 0 seconds
All results have been written to the log file (/var/log/rkhunter.log)
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
2.檢查rkhunter設定檔
/usr/local/bin/rkhunter -C
3.無互動掃描,掃描時使用者無需再按下Enter按鍵繼續執行
/usr/local/bin/rkhunter -c -sk
資料來源:
留言列表
軟體開發 (1)
{{ article.title }}