Rootkit Hunter (rkhunter) 是 Unix Like 環境下掃瞄 rootkit, 後門及本機漏洞的工具, 下文會介紹在 RHEL, CentOS 及 Fedora 安裝及使用 rkunter 的方法。
如果是 RHEL 及 CentOS 要先安裝 RPMForge Repository:
RHEL / CentOS 7:
# yum install http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
RHEL / CentOS 6 64 bit:
# wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
# rpm -Uvh rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
# rpm -Uvh rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
RHEL / CentOS 6 32 bit:
# wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.i686.rpm
# rpm -Uvh rpmforge-release-0.5.3-1.el6.rf.i686.rpm
# rpm -Uvh rpmforge-release-0.5.3-1.el6.rf.i686.rpm
安裝 Rootkit Hunter
# yum install rkhunter
安裝好 Rootkit Hunter 後, 就像防毒軟體一樣, 先更新資料庫:
# /usr/local/bin/rkhunter –update
# /usr/local/bin/rkhunter –propupd
# /usr/local/bin/rkhunter –propupd
更新資料庫後, 就可以用 Rootkit Hunter 掃瞄了, 以下是手動掃瞄方法:
# rkhunter -c
掃瞄完成後, Rootkit Hunter 會將結果儲存到 /var/log/rkhunter.log, 可以檢查裡面出現 “Warning” 字串的地方:
# grep Warning /var/log/rkhunter.log
出現 “Warning” 的地方, 就是 Rootkit Hunter 認為有可疑的檔案。