()ý
Home
Ȩ ȸҰ ý Ʈ ũ
 
 
ۼ : 08-03-18 16:17
linux rootkit ġ Ȯ
 ۾ :
ȸ : 15,542  
   http://cafe.naver.com/intercop.cafe?iframe_url=/ArticleRead.nhn%3Farti [758]

http://www.chkrootkit.org/


[root@reyad data]# gunzip chkrootkit.tar.gz
[root@reyad data]# tar xvf chkrootkit.tar
chkrootkit-0.48
chkrootkit-0.48/ACKNOWLEDGMENTS
chkrootkit-0.48/check_wtmpx.c
chkrootkit-0.48/chkdirs.c
chkrootkit-0.48/chklastlog.c
chkrootkit-0.48/chkproc.c
chkrootkit-0.48/chkrootkit
chkrootkit-0.48/chkrootkit.lsm
chkrootkit-0.48/chkutmp.c
chkrootkit-0.48/chkwtmp.c
chkrootkit-0.48/COPYRIGHT
chkrootkit-0.48/ifpromisc.c
chkrootkit-0.48/Makefile
chkrootkit-0.48/README
chkrootkit-0.48/README.chklastlog
chkrootkit-0.48/README.chkwtmp
chkrootkit-0.48/strings.c
[root@reyad data]# cd chkrootkit
-bash: cd: chkrootkit: No such file or directory
[root@reyad data]# cd chkrootkit
chkrootkit-0.48/ chkrootkit.tar  
[root@reyad data]# cd chkrootkit-0.48/
[root@reyad chkrootkit-0.48]# make sense
gcc -DHAVE_LASTLOG_H -o chklastlog chklastlog.c
gcc -DHAVE_LASTLOG_H -o chkwtmp chkwtmp.c
gcc -DHAVE_LASTLOG_H   -D_FILE_OFFSET_BITS=64 -o ifpromisc ifpromisc.c
gcc  -o chkproc chkproc.c
gcc  -o chkdirs chkdirs.c
gcc  -o check_wtmpx check_wtmpx.c
gcc -static  -o strings-static strings.c
gcc  -o chkutmp chkutmp.c
[root@reyad chkrootkit-0.48]#lsattr /usr/bin/* /usr/sbin/* /bin/* /sbin/* | awk -F\  '!/-------------/ {print $2}'

Ȯ

[root@reyad chkrootkit-0.48]# ./chkrootkit


ROOTDIR is `/'
Checking `amd'... not infected
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected


...................................


Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'...  The tty of the following user process(es) were not found
 in /var/run/utmp !
! RUID          PID TTY    CMD
! root         2482 tty1   /sbin/mingetty tty1
! root         2507 tty2   /sbin/mingetty tty2
! root         2580 tty3   /sbin/mingetty tty3
! root         2597 tty4   /sbin/mingetty tty4
! root         2635 tty5   /sbin/mingetty tty5
! root         3475 tty8   /bin/sh /etc/X11/gdm/XKeepsCrashing -noopen
! root         3554 tty8   /usr/bin/dialog --yesno I cannot start the X server (your graphical interface).  It is likely that it is not set up correctly.  Would you like to view the X server output to diagnose the problem? 10 50
chkutmp: nothing deleted
[root@reyad chkrootkit-0.48]# l


- INFECTED : ش Ǿ.
- not infected : ʾ.
- not tested : θ üũ .
- not fount : θ üũϷ .


Ȯ Ͽ ǰ ũŶ ġǾٴ Ȯ Ŀ Ϸ üϰ ġǾ ִ 鵵 ã ؾ Ѵ. ׷ 鵵 ġǾٴ ̹ ŷϿ ý ȹߴٴ ǹ̹Ƿ ã Ϸ üϴ ӽ ̴. ̷ ý ٽ ġϴ .

[ũ ]


 


 
 

Total 106
ȣ     ۾ ¥ ȸ
106 heartbeat HA-Cluster
2007/09/12 39220
105 linux - solaris nfs .(2)
2005/11/30 23947
104 ntp ð ڵȭ
2008/03/18 21570
103 DL580G5 NIC 10G NC510C ġ
2008/03/10 19872
102 ̵尡 Ƽ .... HP DL380 sm
2005/12/23 19695
101 LVM . (Logical Volume Manager) (1)
2005/12/06 18730
100 linux
2006/09/05 18607
99 insmod modprobe []
2006/08/14 17962
98 linux nfs (1)
2005/11/30 17612
97 linux rootkit ġ Ȯ
2008/03/18 15543
96 ⰡƮ Ȯ ( ethtool )
2007/11/16 15305
95 󿡼 Ϻ
2007/07/09 14355
94 x3560 centos 4.6 DSA
2009/07/01 14018
93 ý ̻ ..(rescue mode)
2007/01/19 13579
92 lVM
2007/01/22 13147
 1  2  3  4  5  6  7  8  
 
 
 
Administrator Login