---------------------

  rkhunter インストール

[root@falcon21 ~]# yum --enablerepo=epel -y install rkhunter
インストール済み:
  rkhunter-1.4.6-6.el8.noarch

完了しました!


デフォルトで cron.daily 配下にチェックスクリプトが配置される

[root@falcon21 ~]# vi /etc/sysconfig/rkhunter
MAILTO=root@falcon21.space
DIAG_SCAN=no
    ALLOW_SSH_ROOT_USER=no
~

----------------
  データベースをアップデート

[root@falcon21 ~]# rkhunter --update
[ Rootkit Hunter version 1.4.6 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ Updated ]
  Checking file programs_bad.dat                             [ Updated ]
  Checking file backdoorports.dat                            [ No update ]
  Checking file suspscan.dat                                 [ Updated ]
  Checking file i18n/cn                                      [ No update ]
  Checking file i18n/de                                      [ Updated ]
  Checking file i18n/en                                      [ No update ]
  Checking file i18n/tr                                      [ Updated ]
  Checking file i18n/tr.utf8                                 [ Updated ]
  Checking file i18n/zh                                      [ Updated ]
  Checking file i18n/zh.utf8                                 [ Updated ]
  Checking file i18n/ja                                      [ Updated ]


------------------------

 システムのファイル情報をアップデート

[root@falcon21 ~]# rkhunter --propupd
[ Rootkit Hunter version 1.4.6 ]
File created: searched for 177 files, found 139


-------------------------

  チェック実行
# --sk で Enterキー押下をスキップ
# --rwo を指定すると、警告のみ表示


[root@falcon21 ~]# rkhunter --check --sk
                     ↓
  Performing filesystem checks
    Checking /dev for suspicious file types                  [ None found ]
    Checking for hidden files and directories                [ None found ]


System checks summary
=====================

File properties checks...
    Files checked: 139
    Suspect files: 0

Rootkit checks...
    Rootkits checked : 503
    Possible rootkits: 0

Applications checks...
    All checks skipped

The system checks took: 2 minutes and 22 seconds

All results have been written to the log file: /var/log/rkhunter/rkhunter.log

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter/rkhunter.log)


ーーーーーーーーーーーーーーーーーーーーーーー

[root@falcon21 ~]# rkhunter --check --rwo
Warning: The SSH and rkhunter configuration options should be the same:
         SSH configuration option 'PermitRootLogin': no
         Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': yes





[root@falcon21 ~]# cat /var/log/rkhunter/rkhunter.log

[00:47:02] Info: No empty log file names configured.
[00:47:02]
[00:47:02] Info: Test 'apps' disabled at users request.
[00:47:02]
[00:47:02] System checks summary
[00:47:02] =====================
[00:47:02]
[00:47:02] File properties checks...
[00:47:02] Files checked: 139
[00:47:02] Suspect files: 0
[00:47:02]
[00:47:02] Rootkit checks...
[00:47:02] Rootkits checked : 503
[00:47:02] Possible rootkits: 0
[00:47:02]
[00:47:02] Applications checks...
[00:47:02] All checks skipped
[00:47:02]
[00:47:02] The system checks took: 2 minutes and 14 seconds
[00:47:02]
[00:47:02] Info: End date is 2020年 11月 22日 日曜日 00:47:02 JST
投票数:2 平均点:10.00
この記事の1行目に飛ぶ
 
Back to Top