俺のひとり言

Icon

一人外人の世界観、価値観、恋愛観の適当話

マルウェア対策・Rootkit Hunterインストール/設定


まずはダウンロード

[root@centos ~]#  wget http://downloads.sourceforge.net/rkhunter/rkhunter-1.3.6.tar.gz

ソースの解凍/インストール

[root@centos ~]# tar zvxf rkhunter-1.3.6.tar.gz 
[root@centos ~]# cd rkhunter-1.3.6
[root@centos ~]# ./installer.sh --install
Checking system for:
 Rootkit Hunter installer files: found
 A web file download command: wget found
Starting installation:
 Checking installation directory "/usr/local": it exists and is writable.
 Checking installation directories:
  Directory /usr/local/share/doc/rkhunter-1.3.6: creating: OK
  Directory /usr/local/share/man/man8: exists and is writable.
  Directory /etc: exists and is writable.
  Directory /usr/local/bin: exists and is writable.
  Directory /usr/local/lib: exists and is writable.
  Directory /var/lib: exists and is writable.
  Directory /usr/local/lib/rkhunter/scripts: creating: OK
  Directory /var/lib/rkhunter/db: creating: OK
  Directory /var/lib/rkhunter/tmp: creating: OK
  Directory /var/lib/rkhunter/db/i18n: creating: OK
 Installing check_modules.pl: OK
 Installing filehashmd5.pl: OK
 Installing filehashsha1.pl: OK
 Installing filehashsha.pl: OK
 Installing stat.pl: OK
 Installing readlink.sh: OK
 Installing backdoorports.dat: OK
 Installing mirrors.dat: OK
 Installing programs_bad.dat: OK
 Installing suspscan.dat: OK
 Installing rkhunter.8: OK
 Installing ACKNOWLEDGMENTS: OK
 Installing CHANGELOG: OK
 Installing FAQ: OK
 Installing LICENSE: OK
 Installing README: OK
 Installing language support files: OK
 Installing rkhunter: OK
 Installing rkhunter.conf: OK
Installation complete

データベース情報を更新

[root@centos ~]# /usr/local/bin/rkhunter --update
[root@centos ~]# /usr/local/bin/rkhunter --propupd

スキャンを実行コマンド※実行結果結構長い

[root@centos ~]# /usr/local/bin/rkhunter -c --skip-keypress

スキャン結果にwarningのみ表示

[root@centos ~]# /usr/local/bin/rkhunter -c --report-warnings-only 

定期自動スキャン設定
1.結果をメールで通知

[root@centos ~]# vi /etc/cron.daily/rkhunter.sh
 #!/bin/sh
 /usr/local/bin/rkhunter --update > /dev/null 2>&1
 /usr/local/bin/rkhunter -c --skip-keypress --cronjob | \
 mail -s "[Rootkit Hunter] HOSTNAME `date +%Y-%m-%d`" admin@hogehoge.jp

[root@centos ~]# chmod +x /etc/cron.daily/rkhunter.sh

2.結果をlogだけに吐き出す

[root@centos ~]# vi /etc/cron.daily/rkhunter.sh
 #!/bin/sh
 /usr/local/bin/rkhunter --update > /dev/null 2>&1
 /usr/local/bin/rkhunter -c --skip-keypress /dev/null 2>&1

[root@centos ~]# chmod +x /etc/cron.daily/rkhunter.sh

Category: セキュリティ

Tagged: , , ,

Leave a Reply

 

 


俺のひとり言トップ | Xperia云々 | 俺のアンケート | 俺の独り言 | 俺のツール | 俺のつぶやき | Linuxサーバ構築 | Windowsサーバ構築 | シンクライアント