和6年能登半島地震により亡くなられた方々のご冥福をお祈りするとともに、被害に遭われた皆さまに対し、心よりお見舞い申し上げます。一日も早く被災地の安全が確保され、復旧が進む事を心よりお祈り申し上げます。

IRLP RootkitHunter導入

Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like (公式サイトから抜粋)

ランニング・テストによって、rootkits、どこでもドア、 バックドアとローカル功績のためにスキャンしてくれるツールです。

RootkitHunterの公式サイトはこちら → http://www.rootkit.nl/

最新版、rkhunter-1.2.8.tar.gz を /usr/local/src/ 配下にDL (*^^)v
# wget http://downloads.rootkit.nl/rkhunter-1.2.8.tar.gz
–08:09:44– http://downloads.rootkit.nl/rkhunter-1.2.8.tar.gz
=> `rkhunter-1.2.8.tar.gz’
Resolving downloads.rootkit.nl… 62.177.200.5
Connecting to downloads.rootkit.nl|62.177.200.5|:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 126,314 (123K) [application/x-tar]

100%[====================================>] 126,314 26.41K/s ETA 00:00

08:09:50 (26.37 KB/s) – `rkhunter-1.2.8.tar.gz’ saved [126314/126314]

展開しましょう(*^^)v
# tar zxvf rkhunter-1.2.8.tar.gz
./rkhunter/files/
./rkhunter/files/CHANGELOG
./rkhunter/files/LICENSE
./rkhunter/files/README
./rkhunter/files/WISHLIST
./rkhunter/files/backdoorports.dat
./rkhunter/files/check_modules.pl
./rkhunter/files/check_port.pl
./rkhunter/files/defaulthashes.dat
./rkhunter/files/filehashmd5.pl
./rkhunter/files/filehashsha1.pl
./rkhunter/files/mirrors.dat
./rkhunter/files/os.dat
./rkhunter/files/rkhunter
./rkhunter/files/rkhunter.conf
./rkhunter/files/rkhunter.spec
./rkhunter/files/showfiles.pl
./rkhunter/files/md5blacklist.dat
./rkhunter/files/tools/
./rkhunter/files/tools/update_server.sh
./rkhunter/files/tools/update_client.sh
./rkhunter/files/tools/README
./rkhunter/files/check_update.sh
./rkhunter/files/programs_bad.dat
./rkhunter/files/contrib/
./rkhunter/files/contrib/run_rkhunter.sh
./rkhunter/files/contrib/README.txt
./rkhunter/files/testing/
./rkhunter/files/testing/stringscanner.sh
./rkhunter/files/testing/rootkitinfo.txt
./rkhunter/files/testing/rkhunter.conf
./rkhunter/files/development/
./rkhunter/files/development/createfilehashes.pl
./rkhunter/files/development/createhashes.sh
./rkhunter/files/development/rpmhashes.sh
./rkhunter/files/development/rpmprelinkhashes.sh
./rkhunter/files/development/osinformation.sh
./rkhunter/files/development/rkhunter.8
./rkhunter/files/development/createhashesall.sh
./rkhunter/files/development/search_dead_sysmlinks.sh
./rkhunter/files/programs_good.dat
./rkhunter/installer.sh

ディレクトリを移動して・・・
# cd rkhunter

スクリプト実行!!
# ./installer.sh
Rootkit Hunter installer 1.2.4 (Copyright 2003-2005, Michael Boelen)
—————
Starting installation/update

Checking /usr/local… OK
Checking file retrieval tools… /usr/bin/wget
Checking installation directories…
– Checking /usr/local/rkhunter…Created
– Checking /usr/local/rkhunter/etc…Created
– Checking /usr/local/rkhunter/bin…Created
– Checking /usr/local/rkhunter/lib/rkhunter/db…Created
– Checking /usr/local/rkhunter/lib/rkhunter/docs…Created
– Checking /usr/local/rkhunter/lib/rkhunter/scripts…Created
– Checking /usr/local/rkhunter/lib/rkhunter/tmp…Created
– Checking /usr/local/etc…Exists
– Checking /usr/local/bin…Exists
Checking system settings…
– Perl… OK
Installing files…
Installing Perl module checker… OK
Installing Database updater… OK
Installing Portscanner… OK
Installing MD5 Digest generator… OK
Installing SHA1 Digest generator… OK
Installing Directory viewer… OK

————-省略————————–

ップデート確認してみるぅ( ̄ー ̄)
# /usr/local/bin/rkhunter –update
Running updater…

Mirrorfile /usr/local/rkhunter/lib/rkhunter/db/mirrors.dat rotated
Using mirror http://www.rootkit.nl/rkhunter
[DB] Mirror file : Update available
Action: Database updated (current version: 2005050700, new version 2006041300)
[DB] MD5 hashes system binaries : Update available
Action: Database updated (current version: 2006021400, new version 2006022800)
[DB] Operating System information : Update available
Action: Database updated (current version: 2005102800, new version 2006051200)
[DB] MD5 blacklisted tools/binaries : Up to date
[DB] Known good program versions : Update available
Action: Database updated (current version: 2006021400, new version 2006031400)
[DB] Known bad program versions : Update available
Action: Database updated (current version: 2006021400, new version 2006031400)

Ready.

動かしてみます。キープレスを飛ばした状態でチェック( ̄∇ ̄)
# rkhunter -c –createlogfile –skip-keypress

Rootkit Hunter 1.2.8 is running

Determining OS… Ready

Checking binaries
* Selftests
Strings (command) [ OK ]

* System tools
Performing ‘known bad’ check…
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/date [ OK ]
/bin/df [ OK ]
——————省略————————

げっ!Warning出てる(;一_一)
・・・SSHのバージョン???
何が悪いんだろ・・・バージョンUPしたら、IRLP動かなくなると困るなぁ。

私は、定期実行するために、crontab -e で一週間に一回、下記を実行するように設定しました。
# /usr/local/bin/rkhunter –update
# /usr/local/bin/rkhunter -c –createlogfile –skip-keypress