{"id":34,"date":"2006-11-27T09:11:54","date_gmt":"2006-11-27T01:11:54","guid":{"rendered":"http:\/\/140.123.23.69\/blog\/?p=34"},"modified":"2006-11-27T09:11:54","modified_gmt":"2006-11-27T01:11:54","slug":"%e5%ae%89%e8%a3%9d%e8%88%87%e4%bd%bf%e7%94%a8-rkhunter-root-kit-%e5%81%b5%e6%b8%ac%e8%bb%9f%e9%ab%94","status":"publish","type":"post","link":"https:\/\/blog.smallken.site\/?p=34","title":{"rendered":"\u5b89\u88dd\u8207\u4f7f\u7528 rkhunter &#8211; Root Kit \u5075\u6e2c\u8edf\u9ad4"},"content":{"rendered":"<p>RootKit \u5b98\u65b9\u7db2\u7ad9:http:\/\/www.rootkit.nl\/<br \/>\nRootKit\u4e0b\u8f09\u9801\u9762: <a href=\"http:\/\/www.rootkit.nl\/projects\/rootkit_hunter.html\">http:\/\/www.rootkit.nl\/projects\/rootkit_hunter.html<\/a><\/p>\n<p>rootkit \u662f\u4e00\u4e9b\u7db2\u8def\u4e0a\u6d41\u50b3\u7684\u529f\u64ca\u4e3b\u6a5f\u5de5\u5177\uff0c\u70ba\u4e86\u8981\u5075\u6e2c\u4e3b\u6a5f\u662f\u5426\u5df2\u7d93\u88ab Root Kit \u4e4b\u985e\u7684\u7a0b\u5f0f\u6240\u653b\u64ca\uff0c \u7531\u81ea\u7531\u8edf\u9ad4\u64b0\u5beb\u5718\u9ad4\u6240\u958b\u767c\u7684 Root Kit Hunter, rkhunter \u9019\u500b\u5957\u4ef6\uff0c\u5c31\u80fd\u5e6b\u6211\u5011\u5075\u6e2c\u6211\u5011\u4e3b\u6a5f\u662f\u5426\u5df2\u7d93\u88ab\u5165\u4fb5\u4e86\u3002<\/p>\n<p>rkhunte \u53ef\u4ee5\u5e6b\u6211\u5011\u505a\u54ea\u4e9b\u4e8b?<br \/>\n1.\u5229\u7528 MD5 \u6307\u7d0b\u5206\u6790<br \/>\n2.\u6aa2\u67e5 rootkit \u7d93\u5e38\u653b\u64ca\u7684\u6a94\u6848<br \/>\n3.\u6aa2\u67e5\u662f\u5426\u5177\u6709\u932f\u8aa4\u7684\u6a94\u6848\u6b0a\u9650&#8211;\u91dd\u5c0d binary files<br \/>\n4.\u6aa2\u67e5\u96b1\u85cf\u6a94\u6848<br \/>\n5.\u6aa2\u67e5\u53ef\u7591\u7684\u6838\u5fc3\u6a21\u7d44(LKM\/KLD)<br \/>\n6.\u4f5c\u696d\u7cfb\u7d71\u7684\u7279\u6b8a\u6aa2\u6e2c<br \/>\n7.\u6aa2\u67e5\u5df2\u555f\u52d5\u7684\u76e3\u807d\u57e0\u865f<br \/>\n8.\u7279\u5b9a\u5206\u6790(String scanner)<\/p>\n<table BORDER COLS=1 WIDTH=\"400\" BGCOLOR=\"#000000\" >\n<tr>\n<td><font color=\"#ffffff\"><br \/>\n# wget <a href=\"http:\/\/downloads.rootkit.nl\/rkhunter-1.2.8.tar.gz\">http:\/\/downloads.rootkit.nl\/rkhunter-1.2.8.tar.gz<\/a><br \/>\n# tar zxvf rkhunter-1.2.8.tar.gz<br \/>\n# cd .\/rkhunter<br \/>\n# .\/installer.sh<br \/>\nInstallation ready.<br \/>\nSee \/usr\/local\/rkhunter\/lib\/rkhunter\/docs for more information. Run &#8216;rkhunter&#8217; (\/usr\/local\/bin\/rkhunter)<\/p>\n<p><font color=\"#ffff00\">\/\/ \u57f7\u884c\u65b9\u6cd5<br \/>\n<font color=\"#ffffff\"># rkhunter &#8211;checkall<br \/>\n# rkhunter &#8211;help<br \/>\n<\/font><\/table>\n<p>\/\/ \u5e38\u7528\u529f\u80fd<br \/>\n&#8211;checkall (-c)           :\u5168\u7cfb\u7d71\u6aa2\u6e2c\uff0crkhunter \u7684\u6240\u6709\u6aa2\u6e2c\u9805\u76ee<br \/>\n&#8211;createlogfile           :\u5efa\u7acb\u767b\u9304\u6a94\uff0c\u4e00\u822c\u9810\u8a2d\u653e\u5728 \/var\/log\/rkhunter.log<br \/>\n&#8211;cronjob                 :\u53ef\u4ee5\u4f7f\u7528 crontab \u4f86\u57f7\u884c\uff0c\u4e0d\u6703\u6709\u984f\u8272\u986f\u793a<br \/>\n&#8211;report-warnings-only    :\u50c5\u5217\u51fa\u8b66\u544a\u8a0a\u606f\uff0c\u6b63\u5e38\u8a0a\u606f\u4e0d\u5217\u51fa\uff01<br \/>\n&#8211;skip-application-check  :\u5ffd\u7565\u5957\u4ef6\u7248\u672c\u6aa2\u6e2c(\u5982\u679c\u60a8\u5df2\u78ba\u5b9a\u7cfb\u7d71\u7684\u5957\u4ef6\u5df2patch)<br \/>\n&#8211;skip-keypress           :\u5ffd\u7565\u6309\u9375\u5f8c\u7e7c\u7e8c\u7684\u8209\u52d5(\u7a0b\u5f0f\u6703\u6301\u7e8c\u81ea\u52d5\u57f7\u884c)<br \/>\n&#8211;quiet                   :\u50c5\u986f\u793a\u6709\u554f\u984c\u7684\u8a0a\u606f\uff0c\u6bd4 &#8211;report-warnings-only \u66f4\u5c11\u8a0a\u606f<br \/>\n&#8211;versioncheck            :\u6aa2\u6e2c\u8a66\u5426\u6709\u65b0\u7684\u7248\u672c\u5728\u4f3a\u670d\u5668\u4e0a<br \/>\n&#8211;update                  :\u66f4\u65b0 rkhunter \u7684\u8cc7\u6599\u5eab\u4f86\u53d6\u5f97\u6700\u65b0\u7684\u8cc7\u8a0a<\/p>\n<p>\u7d93\u904e\u6aa2\u6e2c\u6709\u767c\u73fe\u300c\u7d05\u5b57\u300d\uff0c\u9019\u6642\u6700\u597d\u662f\u91cd\u65b0\u5b89\u88dd\u7cfb\u7d71\uff0c\u6216\u8005\u5230\u5b98\u65b9\u7db2\u7ad9\u627e\u5c0b\u89e3\u6c7a\u4e4b\u9053 <a href=\"http:\/\/www.rootkit.nl\/articles\/rootkit_hunter_faq.html\">http:\/\/www.rootkit.nl\/articles\/rootkit_hunter_faq.html<\/a><\/p>\n<p>\u53c3\u8003\u9ce5\u54e5\u7684Linux\u79c1\u623f\u83dc <a href=\"http:\/\/linux.vbird.org\/linux_security\/0420rkhunter.php\">http:\/\/linux.vbird.org\/linux_security\/0420rkhunter.php<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>RootKit \u5b98\u65b9\u7db2\u7ad9:http:\/\/www.rootkit.nl\/ RootKit\u4e0b\u8f09\u9801\u9762: http:\/&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-34","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/blog.smallken.site\/index.php?rest_route=\/wp\/v2\/posts\/34","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.smallken.site\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.smallken.site\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.smallken.site\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.smallken.site\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=34"}],"version-history":[{"count":0,"href":"https:\/\/blog.smallken.site\/index.php?rest_route=\/wp\/v2\/posts\/34\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.smallken.site\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=34"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.smallken.site\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=34"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.smallken.site\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=34"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}