- 注册时间
- 2008-5-19
- 最后登录
- 2012-2-3
- 在线时间
- 1757 小时
- 阅读权限
- 200
- 积分
- 12741
- 帖子
- 2521
- 主题
- 1198
- 精华
- 24
- UID
- 1
 
 - 签到
- 68
- 注册时间
- 2008-5-19
- 最后登录
- 2012-2-3
- 在线时间
- 1757 小时
- 阅读权限
- 200
- 积分
- 12741
- 帖子
- 2521
- 主题
- 1198
- 精华
- 24
- UID
- 1
|
Chkrootkit is a powerful tool to scan your *nux server for trojans. Here i explain how to install it, scan your server and setup a daily automated scanning job that emails you the report.
#Change to root
su -
#Download latest source
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
#Unpack the source file using the command
tar xvzf chkrootkit.tar.gz
#Change to chkrootkit source directory
cd chkrootkit
#Compile chkrootkit
make sense
#To run chkrootkit, type
./chkrootkit
A clean system should return many 'nothing found" or not infected. A comprised system may return 'INFECTED" or vulnerable.
Lastly, chkrootkit should run once a day to ensure system safety. The following script created in /etc/cron.daily will scan system one per day and report detected trojan to specified persons via emails:
# cat /etc/cron.daily/chkrootkit.sh
#!/bin/bash
SYSADMIN1=admin1@email.com
SYSADMIN2=admin2@email.com
TMPDIR=/tmp
HOSTNAME=`hostname`
DATE=`date "+%d/%m/%Y %H:%M"`
CHKROOTKIT=/usr/local/chkrootkit-0.46a/chkrootkit
MAIL=mail
# Clean up before its runs
rm -f $TMPDIR/chkrootkit.$$
if [ -f $TMPDIR/chkrootkit.$$ ]; then
echo "Checkroot kit temp files exist in $TMPDIR directory that cannot be removed. This may be an attempt to spoof the checker." | $MAIL -s "$HOSTNAME $DATE ACTIVE SYSTEM ATTACK!" -c $SYSADMIN1 $SYSADMIN2
exit 1
fi
# Check for root kits
$CHKROOTKIT | grep INFECTED > $TMPDIR/chkrootkit.$$
if [ -s $TMPDIR/chkrootkit.$$ ]; then
cat $TMPDIR/chkrootkit.$$ | $MAIL -s "$DATE - ROOTKIT DETECTED ON $HOSTNAME!" -c $SYSADMIN1 $SYSADMIN2
fi
# Clean Up
rm -f $TMPDIR/chkrootkit.$$ |
|
感谢大家对linuxtone的支持!
IP卡
狗仔卡
发表于 2008-6-8 11:04:56
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
发表于 2008-7-10 15:15:52