()ý
Home
Ȩ ȸҰ ý Ʈ ũ
 
 
ۼ : 08-03-18 16:17
linux rootkit ġ Ȯ
 ۾ :
ȸ : 15,543  
   http://cafe.naver.com/intercop.cafe?iframe_url=/ArticleRead.nhn%3Farti [758]

http://www.chkrootkit.org/


[root@reyad data]# gunzip chkrootkit.tar.gz
[root@reyad data]# tar xvf chkrootkit.tar
chkrootkit-0.48
chkrootkit-0.48/ACKNOWLEDGMENTS
chkrootkit-0.48/check_wtmpx.c
chkrootkit-0.48/chkdirs.c
chkrootkit-0.48/chklastlog.c
chkrootkit-0.48/chkproc.c
chkrootkit-0.48/chkrootkit
chkrootkit-0.48/chkrootkit.lsm
chkrootkit-0.48/chkutmp.c
chkrootkit-0.48/chkwtmp.c
chkrootkit-0.48/COPYRIGHT
chkrootkit-0.48/ifpromisc.c
chkrootkit-0.48/Makefile
chkrootkit-0.48/README
chkrootkit-0.48/README.chklastlog
chkrootkit-0.48/README.chkwtmp
chkrootkit-0.48/strings.c
[root@reyad data]# cd chkrootkit
-bash: cd: chkrootkit: No such file or directory
[root@reyad data]# cd chkrootkit
chkrootkit-0.48/ chkrootkit.tar  
[root@reyad data]# cd chkrootkit-0.48/
[root@reyad chkrootkit-0.48]# make sense
gcc -DHAVE_LASTLOG_H -o chklastlog chklastlog.c
gcc -DHAVE_LASTLOG_H -o chkwtmp chkwtmp.c
gcc -DHAVE_LASTLOG_H   -D_FILE_OFFSET_BITS=64 -o ifpromisc ifpromisc.c
gcc  -o chkproc chkproc.c
gcc  -o chkdirs chkdirs.c
gcc  -o check_wtmpx check_wtmpx.c
gcc -static  -o strings-static strings.c
gcc  -o chkutmp chkutmp.c
[root@reyad chkrootkit-0.48]#lsattr /usr/bin/* /usr/sbin/* /bin/* /sbin/* | awk -F\  '!/-------------/ {print $2}'

Ȯ

[root@reyad chkrootkit-0.48]# ./chkrootkit


ROOTDIR is `/'
Checking `amd'... not infected
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected


...................................


Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'...  The tty of the following user process(es) were not found
 in /var/run/utmp !
! RUID          PID TTY    CMD
! root         2482 tty1   /sbin/mingetty tty1
! root         2507 tty2   /sbin/mingetty tty2
! root         2580 tty3   /sbin/mingetty tty3
! root         2597 tty4   /sbin/mingetty tty4
! root         2635 tty5   /sbin/mingetty tty5
! root         3475 tty8   /bin/sh /etc/X11/gdm/XKeepsCrashing -noopen
! root         3554 tty8   /usr/bin/dialog --yesno I cannot start the X server (your graphical interface).  It is likely that it is not set up correctly.  Would you like to view the X server output to diagnose the problem? 10 50
chkutmp: nothing deleted
[root@reyad chkrootkit-0.48]# l


- INFECTED : ش Ǿ.
- not infected : ʾ.
- not tested : θ üũ .
- not fount : θ üũϷ .


Ȯ Ͽ ǰ ũŶ ġǾٴ Ȯ Ŀ Ϸ üϰ ġǾ ִ 鵵 ã ؾ Ѵ. ׷ 鵵 ġǾٴ ̹ ŷϿ ý ȹߴٴ ǹ̹Ƿ ã Ϸ üϴ ӽ ̴. ̷ ý ٽ ġϴ .

[ũ ]


 


 
 

Total 106
ȣ     ۾ ¥ ȸ
91 DL320s 8.5TB CentOS 4.6 ġ
2008/05/23 7203
90 CentOS 5.0 HP DL360G5 Warning only 4GB will be used ð桦
2008/05/19 6568
89 iptable ̿ Ͽ Ʈ IP
2008/04/25 10237
88 ý ޺
2008/04/18 6369
87 memory leak
2008/04/17 8832
86 yum
2008/04/15 4962
85 sfdisk Ƽ
2008/04/07 11259
84 HBA FC linux binding
2008/04/07 8741
83 chkproc -v
2008/03/18 5723
82 linux rootkit ġ Ȯ
2008/03/18 15544
81 ntp ð ڵȭ
2008/03/18 21570
80 device sd(8,17) ũ Ȯ
2008/03/14 9483
79 Ʈũ Ʃ
2008/03/10 8011
78 DL580G5 NIC 10G NC510C ġ
2008/03/10 19872
77 core dump
2008/03/05 11937
 1  2  3  4  5  6  7  8  
 
 
 
Administrator Login