RiC
23.06.2005, 22:44
Ну что-ж если есть раздел по Линукс, то не мешает его наполнить чем-то более серьёзным, чем флейм, поэтому - поехали, и первый пост я наверное имеет смысл посвятить программе обеспечивающей зашиту пользователей Unix от троянов, червей и прочей дряни которая может испортить им жизнь.
Rootkit Hunter
Description
Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
Rootkit Hunter is released as GPL licensed project and free for everyone to use.
* No, not really 99.9%.. It's just another security layer
Rootkit Hunter usage
Rootkit Hunter is a package which contains a few binary scripts (shell / perl) and a few databases.
You can use Rootkit Hunter by running 'rkhunter' with one or more parameters (when using no parameters at all, you'll get the usage screen).
Usage:
rkhunter <parameters>
--checkall (or -c)
Check the system, performs all tests.
--createlogfile*
Create a logfile (default /var/log/rkhunter.log)
--cronjob
Run as cronjob (removes colored layout)
--help (or -h)
Show help about usage
--nocolors*
Don't use colors for output (some terminals don't like colors or extended layout characters)
--report-mode*
Don't show uninteresting information for reports, like header/footer. Interesting when scanning from crontab or with usage of other applications.
--skip-keypress*
Don't wait after every test (makes it non-interactive)
--quick*
Perform quick scan (instead of full scan). Skips some tests and performs some enhanced tests (less suitable for normal scans).
--version
Show version and quit
--versioncheck
Check for latest version
Dynamic paths
--bindir <bindir>*
Uses another directory when search for binaries (use <bindir> instead of using default binaries)
--configfile <file>*
Uses a different configuration file (instead of default one)
--dbdir <dir>*
Uses another directory for the databases (instead of the default one, often /usr/local/rkhunter/db)
--rootdir <rootdir>*
Uses another rootdirectory (normally '/'). So all binaries and tests will be performed on this directory instead of the default <rootdir>.
--tmpdir <tempdir>*
Uses another directory for temporary storage of files
Explicit scan options:
--disable-md5-check*
Disable MD5 checks
--disable-passwd-check*
Disable passwd/group checks
--scan-knownbad-files*
Perform besides 'known good' check a 'known bad' check
Rootkit Hunter
Description
Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
Rootkit Hunter is released as GPL licensed project and free for everyone to use.
* No, not really 99.9%.. It's just another security layer
Rootkit Hunter usage
Rootkit Hunter is a package which contains a few binary scripts (shell / perl) and a few databases.
You can use Rootkit Hunter by running 'rkhunter' with one or more parameters (when using no parameters at all, you'll get the usage screen).
Usage:
rkhunter <parameters>
--checkall (or -c)
Check the system, performs all tests.
--createlogfile*
Create a logfile (default /var/log/rkhunter.log)
--cronjob
Run as cronjob (removes colored layout)
--help (or -h)
Show help about usage
--nocolors*
Don't use colors for output (some terminals don't like colors or extended layout characters)
--report-mode*
Don't show uninteresting information for reports, like header/footer. Interesting when scanning from crontab or with usage of other applications.
--skip-keypress*
Don't wait after every test (makes it non-interactive)
--quick*
Perform quick scan (instead of full scan). Skips some tests and performs some enhanced tests (less suitable for normal scans).
--version
Show version and quit
--versioncheck
Check for latest version
Dynamic paths
--bindir <bindir>*
Uses another directory when search for binaries (use <bindir> instead of using default binaries)
--configfile <file>*
Uses a different configuration file (instead of default one)
--dbdir <dir>*
Uses another directory for the databases (instead of the default one, often /usr/local/rkhunter/db)
--rootdir <rootdir>*
Uses another rootdirectory (normally '/'). So all binaries and tests will be performed on this directory instead of the default <rootdir>.
--tmpdir <tempdir>*
Uses another directory for temporary storage of files
Explicit scan options:
--disable-md5-check*
Disable MD5 checks
--disable-passwd-check*
Disable passwd/group checks
--scan-knownbad-files*
Perform besides 'known good' check a 'known bad' check