2005年12月4日メインで稼動しているFreeBSDサーバには導入済みですが・・・
(FreeBSDサーバ構築メモ)
Vine3.2サーバにも導入してみます(*^^)v
http://www.rootkit.nl/projects/rootkit_hunter.html
↑ ここから、最新版をDLしました。
# cd /usr/local/src
# wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz
--13:39:57-- http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz
=> `rkhunter-1.2.7.tar.gz'
downloads.rootkit.nl をDNSに問いあわせています... 62.177.200.5
downloads.rootkit.nl[62.177.200.5]:80 に接続しています... 接続しました。
HTTP による接続要求を送信しました、応答を待っています... 200 OK
長さ: 170,732 [application/x-tar]
100%[====================================>] 170,732 68.82K/s
13:40:00 (68.70 KB/s) - `rkhunter-1.2.7.tar.gz' を保存しました [170732/170732]
解凍します(*^^)v
# tar zxvf rkhunter-1.2.7.tar.gz
l./rkhunter/files/
./rkhunter/files/CHANGELOG
./rkhunter/files/LICENSE
./rkhunter/files/README
./rkhunter/files/WISHLIST
./rkhunter/files/backdoorports.dat
./rkhunter/files/check_modules.pl
./rkhunter/files/check_port.pl
./rkhunter/files/defaulthashes.dat
./rkhunter/files/filehashmd5.pl
./rkhunter/files/filehashsha1.pl
./rkhunter/files/mirrors.dat
./rkhunter/files/os.dat
./rkhunter/files/rkhunter
./rkhunter/files/rkhunter.conf
./rkhunter/files/rkhunter.spec
./rkhunter/files/showfiles.pl
./rkhunter/files/md5blacklist.dat
./rkhunter/files/tools/
./rkhunter/files/tools/update_server.sh
./rkhunter/files/tools/update_client.sh
./rkhunter/files/tools/README
./rkhunter/files/check_update.sh
./rkhunter/files/programs_bad.dat
./rkhunter/files/contrib/
./rkhunter/files/contrib/run_rkhunter.sh
./rkhunter/files/contrib/README.txt
./rkhunter/files/testing/
./rkhunter/files/testing/stringscanner.sh
./rkhunter/files/testing/rootkitinfo.txt
./rkhunter/files/testing/rkhunter.conf
./rkhunter/files/development/
./rkhunter/files/development/createfilehashes.pl
./rkhunter/files/development/createhashes.sh
./rkhunter/files/development/rpmhashes.sh
./rkhunter/files/development/rpmprelinkhashes.sh
./rkhunter/files/development/osinformation.sh
./rkhunter/files/development/rkhunter.8
./rkhunter/files/development/createhashesall.sh
./rkhunter/files/development/search_dead_sysmlinks.sh
./rkhunter/files/programs_good.dat
./rkhunter/files/defaulthashes2.dat
./rkhunter/installer.sh
# cd rkhunter
# ./installer.sh
Rootkit Hunter installer 1.2.4 (Copyright 2003-2005, Michael Boelen)
---------------
Starting installation/update
Checking /usr/local... OK
Checking file retrieval tools... /usr/bin/wget
Checking installation directories...
- Checking /usr/local/rkhunter...Created
- Checking /usr/local/rkhunter/etc...Created
- Checking /usr/local/rkhunter/bin...Created
- Checking /usr/local/rkhunter/lib/rkhunter/db...Created
- Checking /usr/local/rkhunter/lib/rkhunter/docs...Created
- Checking /usr/local/rkhunter/lib/rkhunter/scripts...Created
- Checking /usr/local/rkhunter/lib/rkhunter/tmp...Created
- Checking /usr/local/etc...Exists
- Checking /usr/local/bin...Exists
Checking system settings...
- Perl... OK
Installing files...
Installing Perl module checker... OK
Installing Database updater... OK
Installing Portscanner... OK
Installing MD5 Digest generator... OK
Installing SHA1 Digest generator... OK
Installing Directory viewer... OK
Installing Database Backdoor ports... OK
Installing Database Update mirrors... OK
Installing Database Operating Systems... OK
Installing Database Program versions... OK
Installing Database Program versions... OK
Installing Database Default file hashes... OK
Installing Database MD5 blacklisted files... OK
Installing Changelog... OK
Installing Readme and FAQ... OK
Installing Wishlist and TODO... OK
Installing RK Hunter configuration file... OK
Installing RK Hunter binary... OK
Configuration updated with installation path (/usr/local/rkhunter)
Installation ready.
See /usr/local/rkhunter/lib/rkhunter/docs for more information. Run 'rkhunter' (/usr/local/bin/rkhunter)
# /usr/local/bin/rkhunter --update
Running updater...
Mirrorfile /usr/local/rkhunter/lib/rkhunter/db/mirrors.dat rotated
Using mirror http://www.rootkit.nl/rkhunter
[DB] Mirror file : Up to date
[DB] MD5 hashes system binaries : Update available
Action: Database updated (current version: 2005051900, new version 2005101300)
[DB] Operating System information : Update available
Action: Database updated (current version: 2005052200, new version 2005102800)
[DB] MD5 blacklisted tools/binaries : Up to date
[DB] Known good program versions : Update available
Action: Database updated (current version: 2005041700, new version 2005111500)
[DB] Known bad program versions : Update available
Action: Database updated (current version: 2005041700, new version 2005111500)
Ready.
# rkhunter -c --createlogfile --skip-keypress
Rootkit Hunter 1.2.7 is running
Determining OS... Unknown
Warning: This operating system is not fully supported!
Warning: Cannot find Location of md5
All MD5 checks will be skipped!
Checking binaries
* Selftests
Strings (command) [ OK ]
* System tools
Skipped!
Check rootkits
* Default files and directories
Rootkit '55808 Trojan - Variant A'... [ OK ]
ADM Worm... [ OK ]
Rootkit 'AjaKit'... [ OK ]
---------省略---------------------
---------------------------- Scan results ----------------------------
MD5
MD5 compared: 0
Incorrect MD5 checksums: 0
File scan
Scanned files: 342
Possible infected files: 0
Application scan
Vulnerable applications: 2
Scanning took 107 seconds
Scan results written to logfile (/var/log/rkhunter.log)
crontabで定期実行するようにし、内容をメールで受け取れる様に設定しました。