- 论坛徽章:
- 0
|
我們知道,要取得一部主機的所有權限,那就是需要取得該部主機的超級管理員 root 的權限!
所以一般黑客都會想盡辦法去取得 root 的權限的。那麼該如何取得 root 的權限呢?
最簡單的方法就是利用網路上流傳的 Root Kit 工具程式來進行入侵的動作了。
由於 Root Kit 工具的取得相當的容易,因此難保我們一般使用者的主機不會被低級的怪客所干擾,
所以我們當然要想辦法保護我們自己的主機啦!為了要偵測主機是否已經被 Root Kit 之類的程式所攻擊,
由自由軟體撰寫團體所開發的 Root Kit Hunter, rkhunter 這個套件,就能夠幫我們偵測囉!
所以,底下我們就來談一談這個咚咚。
一先下載rkhunter.
到www.rootkit.nl上下載最新的版本.
[root@TG-internet root]# wget http://downloads.rootkit.nl/rkhunter-1.1.9.tar.gz
--13:38:18-- http://downloads.rootkit.nl/rkhunter-1.1.9.tar.gz
=> `rkhunter-1.1.9.tar.gz'
Resolving downloads.rootkit.nl... done.
Connecting to downloads.rootkit.nl[62.177.200.5]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 115,254 [application/x-tar]
100%[========================================================================================>] 115,254 11.40K/s ETA 00:00
13:38:40 (11.40 KB/s) - `rkhunter-1.1.9.tar.gz' saved [115254/115254]
二. 開始安裝
[root@TG-internet root]# ls
anaconda-ks.cfg rkhunter-1.1.9.tar.gz
[root@TG-internet root]# mv rkhunter-1.1.9.tar.gz /tmp
[root@TG-internet root]# cd /tmp
[root@TG-internet tmp]# ls
ed.DCp75y install.log orbit-root ssh-XX0WNYpR ssh-XXIlJViP ssh-XXv4b0ZO X-Test.log
ed.Lk3cvF install.log.syslog rkhunter-1.1.9.tar.gz ssh-XXCWWzh1 ssh-XXNPJO1G XF86Config.test
1.先解壓安裝程式
[root@TG-internet tmp]# tar xzvf rkhunter-1.1.9.tar.gz
./rkhunter/files/
./rkhunter/files/CHANGELOG
./rkhunter/files/LICENSE
./rkhunter/files/README
./rkhunter/files/WISHLIST
./rkhunter/files/backdoorports.dat
./rkhunter/files/check_modules.pl
./rkhunter/files/check_port.pl
./rkhunter/files/defaulthashes.dat
./rkhunter/files/filehashmd5.pl
./rkhunter/files/filehashsha1.pl
./rkhunter/files/mirrors.dat
./rkhunter/files/os.dat
./rkhunter/files/rkhunter
./rkhunter/files/rkhunter.conf
./rkhunter/files/rkhunter.spec
./rkhunter/files/showfiles.pl
./rkhunter/files/md5blacklist.dat
./rkhunter/files/tools/
./rkhunter/files/tools/update_server.sh
./rkhunter/files/tools/update_client.sh
./rkhunter/files/tools/README
./rkhunter/files/check_update.sh
./rkhunter/files/programs_bad.dat
./rkhunter/files/testing/
./rkhunter/files/testing/stringscanner.sh
./rkhunter/files/testing/rootkitinfo.txt
./rkhunter/files/testing/rkhunter.conf
./rkhunter/files/development/
./rkhunter/files/development/createfilehashes.pl
./rkhunter/files/development/createhashes.sh
./rkhunter/files/development/rpmhashes.sh
./rkhunter/files/development/rpmprelinkhashes.sh
./rkhunter/files/development/osinformation.sh
./rkhunter/files/development/rkhunter.8
./rkhunter/files/development/createhashesall.sh
./rkhunter/files/development/search_dead_sysmlinks.sh
./rkhunter/files/programs_good.dat
./rkhunter/installer.sh
[root@TG-internet tmp]# cd rkhunter
rkhunter rkhunter-1.1.9.tar.gz
[root@TG-internet tmp]# cd rkhunter
[root@TG-internet rkhunter]# ls
files installer.sh
2.咝邪惭b腳本
[root@TG-internet rkhunter]# ./installer.sh
Rootkit Hunter installer 1.1.9 (Copyright 2003-2004, Michael Boelen)
---------------
Starting installation/update
Checking UID... OK
Checking /usr/local... OK
Checking file retrieval tools... /usr/bin/wget
Checking installation directories...
- Checking /usr/local/rkhunter...Created
- Checking /usr/local/rkhunter/etc...Created
- Checking /usr/local/rkhunter/bin...Created
- Checking /usr/local/rkhunter/lib/rkhunter/db...Created
- Checking /usr/local/rkhunter/lib/rkhunter/docs...Created
- Checking /usr/local/rkhunter/lib/rkhunter/scripts...Created
- Checking /usr/local/rkhunter/lib/rkhunter/tmp...Created
- Checking /usr/local/etc...Exists
Checking system settings...
- Perl... OK
Installing files...
Installing Perl module checker... OK
Installing Database updater... OK
Installing Portscanner... OK
Installing MD5 Digest generator... OK
Installing SHA1 Digest generator... OK
Installing Directory viewer... OK
Installing Database Backdoor ports... OK
Installing Database Update mirrors... OK
Installing Database Operating Systems... OK
Installing Database Program versions... OK
Installing Database Program versions... OK
Installing Database Default file hashes... OK
Installing Database MD5 blacklisted files... OK
Installing Changelog... OK
Installing Readme and FAQ... OK
Installing Wishlist and TODO... OK
Installing RK Hunter configuration file... OK
Installing RK Hunter binary... OK
Configuration updated with installation path (/usr/local/rkhunter)
Installation ready.
See /usr/local/rkhunter/lib/rkhunter/docs for more information. Run 'rkhunter' (/usr/local/bin/rkhunter)
至此安裝成功了.
使用方法
Usage:
rkhunter
--checkall (or -c)
Check the system, performs all tests.
--createlogfile*
Create a logfile (default /var/log/rkhunter.log)
--cronjob
Run as cronjob (removes colored layout)
--help (or -h)
Show help about usage
--nocolors*
Don't use colors for output (some terminals don't like colors or extended layout characters)
--report-mode*
Don't
show uninteresting information for reports, like header/footer.
Interesting when scanning from crontab or with usage of other
applications.
--skip-keypress*
Don't wait after every test (makes it non-interactive)
--quick*
Perform quick scan (instead of full scan). Skips some tests and performs some enhanced tests (less suitable for normal scans).
--version
Show version and quit
--versioncheck
Check for latest version
Dynamic paths
--bindir *
Uses another directory when search for binaries (use instead of using default binaries)
--configfile *
Uses a different configuration file (instead of default one)
--dbdir *
Uses another directory for the databases (instead of the default one, often /usr/local/rkhunter/db)
--rootdir *
Uses
another rootdirectory (normally '/'). So all binaries and tests will be
performed on this directory instead of the default .
--tmpdir *
Uses another directory for temporary storage of files
Explicit scan options:
--disable-md5-check*
Disable MD5 checks
--disable-passwd-check*
Disable passwd/group checks
--scan-knownbad-files*
Perform besides 'known good' check a 'known bad' check
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/2939/showart_10660.html |
|
免费注册
发表于 2005-01-25 13:41