CentOS 6
Sponsored Link

RootKit検出ツール - ChkrootKit
2014/08/26
  サーバーに rootkit が仕掛けられていないかをチェックする ChkrootKit をインストールします。 既知のものしか検出できない上に、誤検知もたまにあるので、検出結果は参考程度に留めておいてよいでしょう。
# EPEL からインストール

[root@dlp ~]#
yum --enablerepo=epel -y install chkrootkit
[root@dlp ~]#
chkrootkit
 
# 実行
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
...
...
...
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... chkproc: nothing detected
chkdirs: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... eth1: not promisc and no PF_PACKET sockets
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'... chkutmp: nothing deleted
Checking `OSX_RSPLUG'... not infected

# 問題のある結果のみに表示を絞る

[root@dlp ~]#
chkrootkit | grep INFECTED

[root@dlp ~]#    
# 何もでてこなければ問題なし
 
Tweet