先安裝RootKit Hunter
cd /tmp wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
tar -xvf rkhunter-1.4.0.tar.gz cd rkhunter-1.4.0 ./installer.sh --layout default --install
cd /usr/local/bin mv rkhunter /usr/bin/
之後update db
rkhunter --update rkhunter --propupd
之後要修改/etc/rkhunter.conf
nano /etc/rkhunter.conf
加入hidden file whitelist
SCRIPTDIR=/usr/local/lib/rkhunter/scripts ALLOWHIDDENDIR="/etc/.java" ALLOWHIDDENDIR="/dev/.udev" ALLOWHIDDENFILE="/dev/.initramfs" SCRIPTWHITELIST=/usr/bin/unhide.rb
Scan Machine 方法
rkhunter --checkall
完成
rm -r rkhunter-1.4.0 rm -r rkhunter-1.4.0.tar.gz
Comment feed