Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like (公式サイトから抜粋)
ランニング・テストによって、rootkits、
RootkitHunterの公式サイトはこちら → http://www.rootkit.nl/
最新版、rkhunter-1.2.8.tar.gz を /usr/local/src/ 配下にDL (*^^)v
# wget http://downloads.rootkit.nl/rkhunter-1.2.8.tar.gz
--08:09:44-- http://downloads.rootkit.nl/rkhunter-1.2.8.tar.gz
=> `rkhunter-1.2.8.tar.gz'
Resolving downloads.rootkit.nl... 62.177.200.5
Connecting to downloads.rootkit.nl|62.177.200.5|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 126,314 (123K) [application/x-tar]
100%[====================================>] 126,314 26.41K/s ETA 00:00
08:09:50 (26.37 KB/s) - `rkhunter-1.2.8.tar.gz' saved [126314/126314]
展開しましょう(*^^)v
# tar zxvf rkhunter-1.2.8.tar.gz
./rkhunter/files/
./rkhunter/files/CHANGELOG
./rkhunter/files/LICENSE
./rkhunter/files/README
./rkhunter/files/WISHLIST
./rkhunter/files/backdoorports.dat
./rkhunter/files/check_modules.pl
./rkhunter/files/check_port.pl
./rkhunter/files/defaulthashes.dat
./rkhunter/files/filehashmd5.pl
./rkhunter/files/filehashsha1.pl
./rkhunter/files/mirrors.dat
./rkhunter/files/os.dat
./rkhunter/files/rkhunter
./rkhunter/files/rkhunter.conf
./rkhunter/files/rkhunter.spec
./rkhunter/files/showfiles.pl
./rkhunter/files/md5blacklist.dat
./rkhunter/files/tools/
./rkhunter/files/tools/update_server.sh
./rkhunter/files/tools/update_client.sh
./rkhunter/files/tools/README
./rkhunter/files/check_update.sh
./rkhunter/files/programs_bad.dat
./rkhunter/files/contrib/
./rkhunter/files/contrib/run_rkhunter.sh
./rkhunter/files/contrib/README.txt
./rkhunter/files/testing/
./rkhunter/files/testing/stringscanner.sh
./rkhunter/files/testing/rootkitinfo.txt
./rkhunter/files/testing/rkhunter.conf
./rkhunter/files/development/
./rkhunter/files/development/createfilehashes.pl
./rkhunter/files/development/createhashes.sh
./rkhunter/files/development/rpmhashes.sh
./rkhunter/files/development/rpmprelinkhashes.sh
./rkhunter/files/development/osinformation.sh
./rkhunter/files/development/rkhunter.8
./rkhunter/files/development/createhashesall.sh
./rkhunter/files/development/search_dead_sysmlinks.sh
./rkhunter/files/programs_good.dat
./rkhunter/installer.sh
ディレクトリを移動して・・・
# cd rkhunter
スクリプト実行!!
# ./installer.sh
Rootkit Hunter installer 1.2.4 (Copyright 2003-2005, Michael Boelen)
---------------
Starting installation/update
Checking /usr/local... OK
Checking file retrieval tools... /usr/bin/wget
Checking installation directories...
- Checking /usr/local/rkhunter...Created
- Checking /usr/local/rkhunter/etc...Created
- Checking /usr/local/rkhunter/bin...Created
- Checking /usr/local/rkhunter/lib/rkhunter/db...Created
- Checking /usr/local/rkhunter/lib/rkhunter/docs...Created
- Checking /usr/local/rkhunter/lib/rkhunter/scripts...Created
- Checking /usr/local/rkhunter/lib/rkhunter/tmp...Created
- Checking /usr/local/etc...Exists
- Checking /usr/local/bin...Exists
Checking system settings...
- Perl... OK
Installing files...
Installing Perl module checker... OK
Installing Database updater... OK
Installing Portscanner... OK
Installing MD5 Digest generator... OK
Installing SHA1 Digest generator... OK
Installing Directory viewer... OK
-------------省略--------------------------
アップデート確認してみるぅ( ̄ー ̄)
# /usr/local/bin/rkhunter --update
Running updater...
Mirrorfile /usr/local/rkhunter/lib/rkhunter/db/mirrors.dat rotated
Using mirror http://www.rootkit.nl/rkhunter
[DB] Mirror file : Update available
Action: Database updated (current version: 2005050700, new version 2006041300)
[DB] MD5 hashes system binaries : Update available
Action: Database updated (current version: 2006021400, new version 2006022800)
[DB] Operating System information : Update available
Action: Database updated (current version: 2005102800, new version 2006051200)
[DB] MD5 blacklisted tools/binaries : Up to date
[DB] Known good program versions : Update available
Action: Database updated (current version: 2006021400, new version 2006031400)
[DB] Known bad program versions : Update available
Action: Database updated (current version: 2006021400, new version 2006031400)
Ready.
動かしてみます。キープレスを飛ばした状態でチェック( ̄∇ ̄)
# rkhunter -c --createlogfile --skip-keypress
Rootkit Hunter 1.2.8 is running
Determining OS... Ready
Checking binaries
* Selftests
Strings (command) [ OK ]
* System tools
Performing 'known bad' check...
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/date [ OK ]
/bin/df [ OK ]
------------------省略------------------------
げっ!Warning出てる(;一_一)
・・・SSHのバージョン???
何が悪いんだろ・・・バージョンUPしたら、IRLP動かなくなると困るなぁ。
私は、定期実行するために、crontab -e で一週間に一回、下記を実行するように設定しました。
# /usr/local/bin/rkhunter --update
# /usr/local/bin/rkhunter -c --createlogfile --skip-keypress