안녕하세요.
http://www.rootman.co.kr 운영자 정찬호입니다.

rkhunter는 rootkit을 찾아 주는 유틸리티로 설치도 간단하고 보는 법도 간단합니다.
또한 중요 파일에 대한 위, 변조를 알려 주어 관리자로 하여금 약간 안도감을 주는^^ 프로그램이죠.

혹시 모르셨던 분들 한 번 써 보세요.
도움이 꼭 되시길 바라면서.

Have a good time !


1. 관련사이트
  http://www.rootkit.nl/projects/rootkit_hunter.html


2. 소스 다운로드
  (1) http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz
  (2) http://mirror.1day.co.kr/download/Security/rkhunter-1.2.7.tar.tar


3. 설치
[root@ns1 /usr/local/src]# tar xvfz rkhunter-1.2.7.tar.tar
[root@ns1 /usr/local/src]# cd rkhunter-1.2.7
[root@ns1 rkhunter-1.2.7]# ./installer.sh
Rootkit Hunter installer 1.2.7 (Copyright 2003-2005, Michael Boelen)
---------------
Starting installation/update

Checking  /usr/local... OK
Checking file retrieval tools... /usr/bin/wget
Checking installation directories...
- Checking /usr/local/rkhunter...Created
- Checking /usr/local/rkhunter/etc...Created
- Checking /usr/local/rkhunter/bin...Created
- Checking /usr/local/rkhunter/lib/rkhunter/db...Created
- Checking /usr/local/rkhunter/lib/rkhunter/docs...Created
- Checking /usr/local/rkhunter/lib/rkhunter/scripts...Created
- Checking /usr/local/rkhunter/lib/rkhunter/tmp...Created
- Checking /usr/local/etc...Exists
- Checking /usr/local/bin...Exists
Checking system settings...
  - Perl... OK
Installing files...
Installing  Perl module checker... OK
Installing  Database updater... OK
Installing  Portscanner... OK
Installing  MD5 Digest generator... OK
Installing  SHA1 Digest generator... OK
Installing  Directory viewer... OK
Installing  Database Backdoor ports... OK
Installing  Database Update mirrors... OK
Installing  Database Operating Systems... OK
Installing  Database Program versions... OK
Installing  Database Program versions... OK
Installing  Database Default file hashes... OK
Installing  Database MD5 blacklisted files... OK
Installing  Changelog... OK
Installing  Readme and FAQ... OK
Installing  Wishlist and TODO... OK
Installing  RK Hunter configuration file... OK
Installing  RK Hunter binary... OK
Configuration updated with installation path (/usr/local/rkhunter)

Installation ready.
See /usr/local/rkhunter/lib/rkhunter/docs for more information. Run 'rkhunter' (/usr/local/bin/rkhunter)


4. 실행 파일 복사
[root@ns1 rkhunter-1.2.7]# cp rkhunter /usr/sbin/


5. 시스템 검사하기
(1) 검사 레포트 crt 출력
[root@ns1 rkhunter-1.2.7]# rkhunter -c

(2) 검사 파일 저장하기
[root@ns1 rkhunter-1.2.7]# rkhunter --checkall --createlogfile
....
....
---------------------------- Scan results ----------------------------
MD5
MD5 compared: 0
Incorrect MD5 checksums: 0

File scan
Scanned files: 342
Possible infected files: 0

Application scan
Vulnerable applications: 3

Scanning took 365 seconds
Scan results written to logfile (/var/log/rkhunter.log)


6. 버전 확인하기
[root@ns1 rkhunter-1.2.7]# /usr/local/bin/rkhunter --versioncheck
http://www.rootkit.nl/rkhunter/rkhunter_latest.dat

Rootkit Hunter 1.2.3, copyright Michael Boelen

This version:   1.2.3
Latest version: 1.2.7
Update available


7. rkhunter 업데이트하기
[root@ns1 root]# /usr/local/bin/rkhunter --update     
Running updater...

Mirrorfile /usr/local/rkhunter/lib/rkhunter/db/mirrors.dat rotated
Using mirror http://www.rootkit.nl/rkhunter
[DB] Mirror file                      : Update available
  Action: Database updated (current version: 2005033000, new version 2005050700)
[DB] MD5 hashes system binaries       : Update available
  Action: Database updated (current version: 2005041000, new version 2005080200)
[DB] Operating System information     : Update available
  Action: Database updated (current version: 2005032500, new version 2005091100)
[DB] MD5 blacklisted tools/binaries   : Up to date
[DB] Known good program versions      : Update available
  Action: Database updated (current version: 2005040300, new version 2005071500)
[DB] Known bad program versions       : Update available
  Action: Database updated (current version: 2005040300, new version 2005071500)

Ready.

- 이상 -

2005/12/25 17:45 2005/12/25 17:45