Просмотр полной версии : RKHunter

23.06.2005, 21:44
Ну что-ж если есть раздел по Линукс, то не мешает его наполнить чем-то более серьёзным, чем флейм, поэтому - поехали, и первый пост я наверное имеет смысл посвятить программе обеспечивающей зашиту пользователей Unix от троянов, червей и прочей дряни которая может испортить им жизнь.

Rootkit Hunter


Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use.

* No, not really 99.9%.. It's just another security layer

Rootkit Hunter usage

Rootkit Hunter is a package which contains a few binary scripts (shell / perl) and a few databases.

You can use Rootkit Hunter by running 'rkhunter' with one or more parameters (when using no parameters at all, you'll get the usage screen).

rkhunter <parameters>

--checkall (or -c)
Check the system, performs all tests.

Create a logfile (default /var/log/rkhunter.log)

Run as cronjob (removes colored layout)

--help (or -h)
Show help about usage

Don't use colors for output (some terminals don't like colors or extended layout characters)

Don't show uninteresting information for reports, like header/footer. Interesting when scanning from crontab or with usage of other applications.

Don't wait after every test (makes it non-interactive)

Perform quick scan (instead of full scan). Skips some tests and performs some enhanced tests (less suitable for normal scans).

Show version and quit

Check for latest version

Dynamic paths
--bindir <bindir>*
Uses another directory when search for binaries (use <bindir> instead of using default binaries)

--configfile <file>*
Uses a different configuration file (instead of default one)

--dbdir <dir>*
Uses another directory for the databases (instead of the default one, often /usr/local/rkhunter/db)

--rootdir <rootdir>*
Uses another rootdirectory (normally '/'). So all binaries and tests will be performed on this directory instead of the default <rootdir>.

--tmpdir <tempdir>*
Uses another directory for temporary storage of files

Explicit scan options:
Disable MD5 checks
Disable passwd/group checks
Perform besides 'known good' check a 'known bad' check

08.07.2005, 07:37
рут-киты, это на десктопе эт не актуально, а вот "MD5 hash compare" и "Wrong file permissions for binaries" это очень даже. мало ли де у меня лишний SUID выставлен ;-)

зы. нах было сюда совать сюда его краткую справку, к тому же с потерей форматирования?