» 2013 » January » 05 の記事

~ 用RootKit Hunter來找linux漏洞 ~

connie 2013.01.05 Post on (2013.01.05) | ubuntu | | No Comments

先安裝RootKit Hunter 

cd /tmp
wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
tar -xvf rkhunter-1.4.0.tar.gz
cd rkhunter-1.4.0
./installer.sh --layout default --install
cd /usr/local/bin
mv rkhunter /usr/bin/

之後update db 

rkhunter --update
rkhunter --propupd

之後要修改/etc/rkhunter.conf 

nano /etc/rkhunter.conf

加入hidden file whitelist 

SCRIPTDIR=/usr/local/lib/rkhunter/scripts

ALLOWHIDDENDIR="/etc/.java"
ALLOWHIDDENDIR="/dev/.udev"

ALLOWHIDDENFILE="/dev/.initramfs"

SCRIPTWHITELIST=/usr/bin/unhide.rb

Scan Machine 方法 

rkhunter --checkall

完成 

rm -r rkhunter-1.4.0
rm -r rkhunter-1.4.0.tar.gz

 

| HOME |

Smiley face

January 2013
S M T W T F S
 12345
6789101112
13141516171819
20212223242526
2728293031