리눅스, 자료실, 성경검색, 추억의게임, 고전게임, 오락실게임, rootman, http://www.rootman.co.kr
* 54.196.42.8 *
| Home | Profile | Linux | 자료실 | zabbix | Mysql 5.6 | 갤러리 | 성경검색 | 해피니스 | 자유게시판 | 게시물검색 | L | O | R |    

 
[Doc/Faq] rkhunter을 통한 시스템 무결성 체킹하기
 작성자 : rootman
Date : 2005-09-28 11:57  |  Hit : 13,642  
안녕하세요.
http://www.rootman.co.kr 운영자 정찬호입니다.

rkhunter는 rootkit을 찾아 주는 유틸리티로 설치도 간단하고 보는 법도 간단합니다.
또한 중요 파일에 대한 위, 변조를 알려 주어 관리자로 하여금 약간 안도감을 주는^^ 프로그램이죠.

혹시 모르셨던 분들 한 번 써 보세요.
도움이 꼭 되시길 바라면서.

Have a good time !


1. 관련사이트
http://www.rootkit.nl/projects/rootkit_hunter.html


2. 소스 다운로드
(1) http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz



3. 설치
[[email protected] /usr/local/src]# tar xvfz rkhunter-1.2.7.tar.tar
[[email protected] /usr/local/src]# cd rkhunter-1.2.7
[[email protected] rkhunter-1.2.7]# ./installer.sh
Rootkit Hunter installer 1.2.7 (Copyright 2003-2005, Michael Boelen)
---------------
Starting installation/update

Checking /usr/local... OK
Checking file retrieval tools... /usr/bin/wget
Checking installation directories...
- Checking /usr/local/rkhunter...Created
- Checking /usr/local/rkhunter/etc...Created
- Checking /usr/local/rkhunter/bin...Created
- Checking /usr/local/rkhunter/lib/rkhunter/db...Created
- Checking /usr/local/rkhunter/lib/rkhunter/docs...Created
- Checking /usr/local/rkhunter/lib/rkhunter/scripts...Created
- Checking /usr/local/rkhunter/lib/rkhunter/tmp...Created
- Checking /usr/local/etc...Exists
- Checking /usr/local/bin...Exists
Checking system settings...
- Perl... OK
Installing files...
Installing Perl module checker... OK
Installing Database updater... OK
Installing Portscanner... OK
Installing MD5 Digest generator... OK
Installing SHA1 Digest generator... OK
Installing Directory viewer... OK
Installing Database Backdoor ports... OK
Installing Database Update mirrors... OK
Installing Database Operating Systems... OK
Installing Database Program versions... OK
Installing Database Program versions... OK
Installing Database Default file hashes... OK
Installing Database MD5 blacklisted files... OK
Installing Changelog... OK
Installing Readme and FAQ... OK
Installing Wishlist and TODO... OK
Installing RK Hunter configuration file... OK
Installing RK Hunter binary... OK
Configuration updated with installation path (/usr/local/rkhunter)

Installation ready.
See /usr/local/rkhunter/lib/rkhunter/docs for more information. Run 'rkhunter' (/usr/local/bin/rkhunter)


4. 실행 파일 복사
[[email protected] rkhunter-1.2.7]# cp rkhunter /usr/sbin/


5. 시스템 검사하기
(1) 검사 레포트 crt 출력
[[email protected] rkhunter-1.2.7]# rkhunter -c

(2) 검사 파일 저장하기
[[email protected] rkhunter-1.2.7]# rkhunter --checkall --createlogfile
....
....
---------------------------- Scan results ----------------------------
MD5
MD5 compared: 0
Incorrect MD5 checksums: 0

File scan
Scanned files: 342
Possible infected files: 0

Application scan
Vulnerable applications: 3

Scanning took 365 seconds
Scan results written to logfile (/var/log/rkhunter.log)


6. 버전 확인하기
[[email protected] rkhunter-1.2.7]# /usr/local/bin/rkhunter --versioncheck
http://www.rootkit.nl/rkhunter/rkhunter_latest.dat

Rootkit Hunter 1.2.3, copyright Michael Boelen

This version: 1.2.3
Latest version: 1.2.7
Update available


7. rkhunter 업데이트하기
[[email protected] root]# /usr/local/bin/rkhunter --update
Running updater...

Mirrorfile /usr/local/rkhunter/lib/rkhunter/db/mirrors.dat rotated
Using mirror http://www.rootkit.nl/rkhunter
[DB] Mirror file : Update available
Action: Database updated (current version: 2005033000, new version 2005050700)
[DB] MD5 hashes system binaries : Update available
Action: Database updated (current version: 2005041000, new version 2005080200)
[DB] Operating System information : Update available
Action: Database updated (current version: 2005032500, new version 2005091100)
[DB] MD5 blacklisted tools/binaries : Up to date
[DB] Known good program versions : Update available
Action: Database updated (current version: 2005040300, new version 2005071500)
[DB] Known bad program versions : Update available
Action: Database updated (current version: 2005040300, new version 2005071500)

Ready.

- 이상 -

 
 

Total. 645
번호 분류 제목 작성자 등록일 조회수
645 기초강좌 NFS server unable to open connection to tcp6/udp6 networks rootman 09-27 2080
644 php [php] mssql ms-sql 한글 변환 끄적임.. 정리 rootman 03-29 3015
643 기초강좌 java vim 에서 자바 환경 만들기 rootman 02-16 2335
642 삭제예정 [xencenter] xenserver tool 설치 rootman 08-24 3277
641 mysql [mysql] Creating a File-Per-Table Tablespace Outside the Dat… rootman 08-03 3447
640 기초강좌 Centos Xwindow 설치 rootman 06-16 4305
639 php [php] highlight 함수 rootman 04-01 4162
638 qmail [qmail] qmail-scanner에 filtering 된 이메일 처리 rootman 02-14 4602
637 Shell [날짜] awk를 이용하여 unixtime의 시간 차 구하기 rootman 01-27 5348
636 기초강좌 centos에 그놈(gnome) 설치하기 rootman 01-10 5224
635 쉘(awk) [awk] shell 변수 사용하기 rootman 12-27 5091
634 기초강좌 서버 캐시 메모리 초기화하기 (drop_caches) rootman 12-11 5943
633 windows tips 그리드 제거 배치 스크립트 rootman 11-28 5660
632 기초강좌 패스워드 lockgin control rootman 09-06 4
631 windows tips win7 자동 로그인 설정하기 rootman 08-18 5320
 1  2  3  4  5  6  7  8  9  10    
AND OR