[5] RKHunter – Detektor Rootkit’ów
14 marca 2022Zainstaluj RKHunter, który jest narzędziem do wykrywania rootkitów.
[1] Zainstaluj RKHuntera.
# zainstaluj z EPEL [root@vlsr01 ~]# dnf --enablerepo=epel install rkhunter
[2] Skonfiguruj i używaj RKHuntera.
W celu regularnego sprawdzania, skrypt sprawdzający jest instalowany w katalogu [/etc/cron.daily] i jest wykonywany codziennie przez Cron.
[root@vlsr01 ~]# mcedit /etc/sysconfig/rkhunter # adres odbiorcy raportów MAILTO=root@localhost # jeśli ustawisz [yes] skanowanie będzie dokładniejsze DIAG_SCAN=no # zaktualizuj bazę danych [root@vlsr01 ~]# rkhunter –update # zaktualizuj właściwości systemu plików [root@vlsr01 ~]# rkhunter –propupd # uruchom sprawdzanie # [--sk] pomija po naciśnieciu klawisza [Enter] # [--rwo] tylko pokazuje ostrzeżenia [root@vlsr01 ~]# rkhunter --check --sk [ Rootkit Hunter version 1.4.6 ] Checking system commands... Performing 'strings' command checks Checking 'strings' command [ OK ] Performing 'shared libraries' checks Checking for preloading variables [ None found ] Checking for preloaded libraries [ None found ] Checking LD_LIBRARY_PATH variable [ Not found ] Performing file properties checks Checking for prerequisites [ OK ] /usr/sbin/adduser [ OK ] . . . . . /usr/lib/systemd/systemd [ OK ] Checking for rootkits... Performing check of known rootkit files and directories 55808 Trojan - Variant A [ Not found ] ADM Worm [ Not found ] . . . . . zaRwT.KiT Rootkit [ Not found ] ZK Rootkit [ Not found ] Performing additional rootkit checks Suckit Rootkit additional checks [ OK ] Checking for possible rootkit files and directories [ None found ] Checking for possible rootkit strings [ None found ] Performing malware checks Checking running processes for suspicious files [ None found ] Checking for hidden processes [ Skipped ] Checking for login backdoors [ None found ] Checking for sniffer log files [ None found ] Checking for suspicious directories [ None found ] Checking for Apache backdoor [ Not found ] Performing Linux specific checks Checking loaded kernel modules [ OK ] Checking kernel module names [ OK ] Checking the network... Performing checks on the network ports Checking for backdoor ports [ None found ] Performing checks on the network interfaces Checking for promiscuous interfaces [ None found ] Checking the local host... Performing system boot checks Checking for local host name [ Found ] Checking for system startup files [ Found ] Checking system startup files for malware [ None found ] Performing group and account checks Checking for passwd file [ Found ] Checking for root equivalent (UID 0) accounts [ None found ] Checking for passwordless accounts [ None found ] Checking for passwd file changes [ Warning ] Checking for group file changes [ Warning ] Checking root account shell history files [ OK ] Performing system configuration file checks Checking for an SSH configuration file [ Found ] Checking if SSH root access is allowed [ Allowed ] Checking if SSH protocol v1 is allowed [ Not set ] Checking for other suspicious configuration settings [ None found ] Checking for a running system logging daemon [ Found ] Checking for a system logging configuration file [ Found ] Checking if syslog remote logging is allowed [ Not allowed ] Performing filesystem checks Checking /dev for suspicious file types [ None found ] Checking for hidden files and directories [ None found ] System checks summary ===================== File properties checks... Files checked: 126 Suspect files: 0 Rootkit checks... Rootkits checked : 489 Possible rootkits: 0 Applications checks... All checks skipped The system checks took: 1 minute and 39 seconds All results have been written to the log file: /var/log/rkhunter/rkhunter.log One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter/rkhunter.log)