Top/Linux/Rootkit Hunter

Rootkit Hunterはてなブックマーク

ルートキットのチェックツール。

インストール

tar xvzpf rkhunter-1.1.3.tar.gz
cd rkhunter
./installer.sh

実行

/usr/local/bin/rkhunter -c --createlogfile

再度実行する際は下記のようにするとキー入力を待たずに最後まで実行します。

/usr/local/bin/rkhunter -c --createlogfile --skip-keypress

実行結果

Rootkit Hunter 1.1.3 is running

Determining OS... Ready


Checking binaries
* Selftests
     Strings (command)                                        [ OK ]


* System tools
  Performing 'known good' check...
   /sbin/ifconfig                                             [ OK ]
   /usr/bin/watch                                             [ OK ]
   /usr/bin/w                                                 [ OK ]
   /usr/bin/whoami                                            [ OK ]
   /usr/bin/who                                               [ OK ]
   /usr/bin/users                                             [ OK ]
   /usr/bin/stat                                              [ OK ]
   /usr/bin/sha1sum                                           [ OK ]
   /usr/bin/kill                                              [ OK ]
   /usr/bin/find                                              [ OK ]
   /usr/bin/file                                              [ OK ]
   /usr/bin/pstree                                            [ OK ]
   /usr/bin/killall                                           [ OK ]
   /usr/bin/lsattr                                            [ OK ]
   /bin/mount                                                 [ OK ]
   /bin/netstat                                               [ OK ]
   /bin/egrep                                                 [ OK ]
   /bin/fgrep                                                 [ OK ]
   /bin/grep                                                  [ OK ]
   /bin/cat                                                   [ OK ]
   /bin/chmod                                                 [ OK ]
   /bin/chown                                                 [ OK ]
   /bin/env                                                   [ OK ]
   /bin/ls                                                    [ OK ]
   /bin/su                                                    [ OK ]
   /bin/ps                                                    [ OK ]
   /bin/dmesg                                                 [ OK ]
   /bin/kill                                                  [ OK ]
   /bin/login                                                 [ OK ]
   /sbin/chkconfig                                            [ OK ]
   /sbin/depmod                                               [ OK ]
   /sbin/insmod                                               [ OK ]
   /sbin/modinfo                                              [ OK ]
   /sbin/sysctl                                               [ OK ]
   /sbin/syslogd                                              [ OK ]
   /sbin/init                                                 [ OK ]
   /sbin/runlevel                                             [ OK ]

[Press <ENTER> to continue]



Check rootkits
* Default files and directories
   Rootkit '55808 Trojan - Variant A'...                      [ OK ]
   Rootkit 'AjaKit'...                                        [ OK ]
   Rootkit 'aPa Kit'...                                       [ OK ]
   Rootkit 'Apache Worm'...                                   [ OK ]
   Rootkit 'Ambient (ark) Rootkit'...                         [ OK ]
   Rootkit 'Balaur Rootkit'...                                [ OK ]
   Rootkit 'BeastKit'...                                      [ OK ]
   Rootkit 'BOBKit'...                                        [ OK ]
   Rootkit 'CiNIK Worm (Slapper.B variant)'...                [ OK ]
   Rootkit 'Danny-Boy's Abuse Kit'...                         [ OK ]
   Rootkit 'Devil RootKit'...                                 [ OK ]
   Rootkit 'Dica'...                                          [ OK ]
   Rootkit 'Dreams Rootkit'...                                [ OK ]
   Rootkit 'Duarawkz'...                                      [ OK ]
   Rootkit 'Flea Linux Rootkit'...                            [ OK ]
   Rootkit 'FreeBSD Rootkit'...                               [ OK ]
   Rootkit 'Fuck`it Rootkit'...                               [ OK ]
   Rootkit 'GasKit'...                                        [ OK ]
   Rootkit 'Heroin LKM'...                                    [ OK ]
   Rootkit 'HjC Kit'...                                       [ OK ]
   Rootkit 'ignoKit'...                                       [ OK ]
   Rootkit 'ImperalsS-FBRK'...                                [ OK ]
   Rootkit 'Irix Rootkit'...                                  [ OK ]
   Rootkit 'Kitko'...                                         [ OK ]
   Rootkit 'Knark'...                                         [ OK ]
   Rootkit 'Li0n Worm'...                                     [ OK ]
   Rootkit 'Lockit / LJK2'...                                 [ OK ]
   Rootkit 'MRK'...                                           [ OK ]
   Rootkit 'RootKit for SunOS / NSDAP'...                     [ OK ]
   Rootkit 'Optic Kit (Tux)'...                               [ OK ]
   Rootkit 'Oz Rootkit'...                                    [ OK ]
   Rootkit 'Portacelo'...                                     [ OK ]
   Rootkit 'R3dstorm Toolkit'...                              [ OK ]
   Sebek LKM                                                  [ OK ]
   Rootkit 'Scalper Worm'...                                  [ OK ]
   Rootkit 'Shutdown'...                                      [ OK ]
   Rootkit 'SHV4'...                                          [ OK ]
   Rootkit 'Sin Rootkit'...                                   [ OK ]
   Rootkit 'Slapper'...                                       [ OK ]
   Rootkit 'Sneakin Rootkit'...                               [ OK ]
   Rootkit 'Suckit Rootkit'...                                [ OK ]
   Rootkit 'SunOS Rootkit'...                                 [ OK ]
   Rootkit 'Superkit'...                                      [ OK ]
   Rootkit 'TBD (Telnet BackDoor)'...                         [ OK ]
   Rootkit 'TeLeKiT'...                                       [ OK ]
   Rootkit 'T0rn Rootkit'...                                  [ OK ]
   Rootkit 'Trojanit Kit'...                                  [ OK ]
   Rootkit 'Tuxtendo'...                                      [ OK ]
   Rootkit 'URK'...                                           [ OK ]
   Rootkit 'VcKit'...                                         [ OK ]
   Rootkit 'Volc Rootkit'...                                  [ OK ]
   Rootkit 'X-Org SunOS Rootkit'...                           [ OK ]
   Rootkit 'zaRwT.KiT Rootkit'...                             [ OK ]

* Suspicious files and malware
   Scanning for known rootkit strings                         [ OK ]
   Scanning for known rootkit files                           [ OK ]
   Miscellaneous Login backdoors                              [ OK ]
   Miscellaneous directories                                  [ OK ]
   Sniffer logs                                               [ OK ]

[Press <ENTER> to continue]

(以下略)

参考

関連

Amazon

差分 一覧