RootKit検出ツール - ChkrootKit2014/08/26 |
| サーバーに rootkit が仕掛けられていないかをチェックする ChkrootKit をインストールします。 既知のものしか検出できない上に、誤検知もたまにあるので、検出結果は参考程度に留めておいてよいでしょう。 |
|
[root@dlp ~]# chkrootkit # 実行
ROOTDIR is `/' Checking `amd'... not found Checking `basename'... not infected Checking `biff'... not found Checking `chfn'... not infected Checking `chsh'... not infected Checking `cron'... not infected Checking `crontab'... not infected Checking `date'... not infected Checking `du'... not infected Checking `dirname'... not infected Checking `echo'... not infected Checking `egrep'... not infected Checking `env'... not infected Checking `find'... not infected ... ... ... Searching for ENYELKM rootkit default files... nothing found Searching for common ssh-scanners default files... nothing found Searching for anomalies in shell history files... nothing found Checking `asp'... not infected Checking `bindshell'... not infected Checking `lkm'... chkproc: nothing detected chkdirs: nothing detected Checking `rexedcs'... not found Checking `sniffer'... eth1: not promisc and no PF_PACKET sockets Checking `w55808'... not infected Checking `wted'... chkwtmp: nothing deleted Checking `scalper'... not infected Checking `slapper'... not infected Checking `z2'... chklastlog: nothing deleted Checking `chkutmp'... chkutmp: nothing deleted Checking `OSX_RSPLUG'... not infected # 問題のある結果のみに表示を絞る [root@dlp ~]# chkrootkit | grep INFECTED [root@dlp ~]# # 何もでてこなければ問題なし
|
| Sponsored Link |