Rootkit Hunter の変更点
- 追加された行はこの色です。
- 削除された行はこの色です。
- Linux/Rootkit Hunter へ行く。
ルートキットのチェックツール。
-[[オフィシャル>http://www.rootkit.nl/]]
*インストール
tar xvzpf rkhunter-1.1.3.tar.gz
cd rkhunter
./installer.sh
*実行
/usr/local/bin/rkhunter -c --createlogfile
再度実行する際は下記のようにするとキー入力を待たずに最後まで実行します。
/usr/local/bin/rkhunter -c --createlogfile --skip-keypress
*実行結果
Rootkit Hunter 1.1.3 is running
Determining OS... Ready
Checking binaries
* Selftests
Strings (command) [ OK ]
* System tools
Performing 'known good' check...
/sbin/ifconfig [ OK ]
/usr/bin/watch [ OK ]
/usr/bin/w [ OK ]
/usr/bin/whoami [ OK ]
/usr/bin/who [ OK ]
/usr/bin/users [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/kill [ OK ]
/usr/bin/find [ OK ]
/usr/bin/file [ OK ]
/usr/bin/pstree [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/lsattr [ OK ]
/bin/mount [ OK ]
/bin/netstat [ OK ]
/bin/egrep [ OK ]
/bin/fgrep [ OK ]
/bin/grep [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/env [ OK ]
/bin/ls [ OK ]
/bin/su [ OK ]
/bin/ps [ OK ]
/bin/dmesg [ OK ]
/bin/kill [ OK ]
/bin/login [ OK ]
/sbin/chkconfig [ OK ]
/sbin/depmod [ OK ]
/sbin/insmod [ OK ]
/sbin/modinfo [ OK ]
/sbin/sysctl [ OK ]
/sbin/syslogd [ OK ]
/sbin/init [ OK ]
/sbin/runlevel [ OK ]
[Press <ENTER> to continue]
Check rootkits
* Default files and directories
Rootkit '55808 Trojan - Variant A'... [ OK ]
Rootkit 'AjaKit'... [ OK ]
Rootkit 'aPa Kit'... [ OK ]
Rootkit 'Apache Worm'... [ OK ]
Rootkit 'Ambient (ark) Rootkit'... [ OK ]
Rootkit 'Balaur Rootkit'... [ OK ]
Rootkit 'BeastKit'... [ OK ]
Rootkit 'BOBKit'... [ OK ]
Rootkit 'CiNIK Worm (Slapper.B variant)'... [ OK ]
Rootkit 'Danny-Boy's Abuse Kit'... [ OK ]
Rootkit 'Devil RootKit'... [ OK ]
Rootkit 'Dica'... [ OK ]
Rootkit 'Dreams Rootkit'... [ OK ]
Rootkit 'Duarawkz'... [ OK ]
Rootkit 'Flea Linux Rootkit'... [ OK ]
Rootkit 'FreeBSD Rootkit'... [ OK ]
Rootkit 'Fuck`it Rootkit'... [ OK ]
Rootkit 'GasKit'... [ OK ]
Rootkit 'Heroin LKM'... [ OK ]
Rootkit 'HjC Kit'... [ OK ]
Rootkit 'ignoKit'... [ OK ]
Rootkit 'ImperalsS-FBRK'... [ OK ]
Rootkit 'Irix Rootkit'... [ OK ]
Rootkit 'Kitko'... [ OK ]
Rootkit 'Knark'... [ OK ]
Rootkit 'Li0n Worm'... [ OK ]
Rootkit 'Lockit / LJK2'... [ OK ]
Rootkit 'MRK'... [ OK ]
Rootkit 'RootKit for SunOS / NSDAP'... [ OK ]
Rootkit 'Optic Kit (Tux)'... [ OK ]
Rootkit 'Oz Rootkit'... [ OK ]
Rootkit 'Portacelo'... [ OK ]
Rootkit 'R3dstorm Toolkit'... [ OK ]
Sebek LKM [ OK ]
Rootkit 'Scalper Worm'... [ OK ]
Rootkit 'Shutdown'... [ OK ]
Rootkit 'SHV4'... [ OK ]
Rootkit 'Sin Rootkit'... [ OK ]
Rootkit 'Slapper'... [ OK ]
Rootkit 'Sneakin Rootkit'... [ OK ]
Rootkit 'Suckit Rootkit'... [ OK ]
Rootkit 'SunOS Rootkit'... [ OK ]
Rootkit 'Superkit'... [ OK ]
Rootkit 'TBD (Telnet BackDoor)'... [ OK ]
Rootkit 'TeLeKiT'... [ OK ]
Rootkit 'T0rn Rootkit'... [ OK ]
Rootkit 'Trojanit Kit'... [ OK ]
Rootkit 'Tuxtendo'... [ OK ]
Rootkit 'URK'... [ OK ]
Rootkit 'VcKit'... [ OK ]
Rootkit 'Volc Rootkit'... [ OK ]
Rootkit 'X-Org SunOS Rootkit'... [ OK ]
Rootkit 'zaRwT.KiT Rootkit'... [ OK ]
* Suspicious files and malware
Scanning for known rootkit strings [ OK ]
Scanning for known rootkit files [ OK ]
Miscellaneous Login backdoors [ OK ]
Miscellaneous directories [ OK ]
Sniffer logs [ OK ]
[Press <ENTER> to continue]
>(以下略)
*参考
-[[LunaTear: rootkit hunter>http://lunatear.net/archives/000277.html]]
-[[japan.linux.com | あなたの武器庫にrootkit hunterはあるか?>http://japan.linux.com/security/04/04/11/1158228.shtml]]
*関連
-[[chkrootkit -- locally checks for signs of a rootkit>http://www.chkrootkit.org/]]
*Amazon
#amazon(4873112044,left)
#amazon(4873112060,left)
#amazon(4873110793,left)
#amazon(4894714507,left)