Rkhunter ile sunucunuz da virüs taraması yapabilir ve virüsleri kaldırabilirsiniz.Rkhunter virüs tarama özelliği olduğu gibi shell tarama özelliği de mevcuttur.Rkhunter cron bağlayarak her gün otomatik tarama yapar ve size sonuçları rapor edebilir…
Rkhunter Kurulumu ile ilgili bir çok makale olmasına rağmen bir çok sitedeki linkler hasarlı.
Rkhunter Kurulumu geçelim
wget http://garr.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
tar -zxvf rkhunter-1.4.0.tar.gz
cd rkhunter-1.4.0
./installer.sh –layout default –install
/usr/local/bin/rkhunter –update
/usr/local/bin/rkhunter –propupd
Rkhunter Kurulumunu tamamladık.
Manuel Tarama yapmak için
/usr/local/bin/rkhunter -c
Rkhunter cron a bağlamak için
nano -w /etc/cron.daily/rkhunter.sh
#!/bin/sh
(
/usr/local/bin/rkhunter –versioncheck
/usr/local/bin/rkhunter –update
/usr/local/bin/rkhunter –cronjob –report-warnings-only
) | /bin/mail -s ‘rkhunter Daily Run (PutYourServerNameHere)’ mail@ozkula.com.tr
REMEMBER TO CHANGE (PutYourServerNameHere) AND mail@ozkula.com.tr
chmod 700 /etc/cron.daily/rkhunter.sh
Bu işlemler ile de otomatiğe bağladık her gün otomatik tarama yapıp sonuçları size iletecektir
2 thoughts on “Rkhunter Kurulumu”
bilal
(Ağustos 9, 2012 - 04:48)Merhaba ,
Öncelikle anlatımınız için teşekkürler.
Sunucumda aşırı işlemci ve mysql sorgusu sorunları vardı. rkhunter ı kurup tarama yaptım. sonuçları aşağıya ekledim. Konuya hakim olmadığım için incelemenizi rica ederim.
[ Rootkit Hunter version 1.4.0 ]
[1;33mChecking rkhunter version… [0;39m
This version : 1.4.0
Latest version: 1.4.0
[ Rootkit Hunter version 1.4.0 ]
[1;33mChecking rkhunter data files… [0;39m
Checking file mirrors.dat [34C[ [1;32mNo update [0;39m ]
Checking file programs_bad.dat [29C[ [1;32mNo update [0;39m ]
Checking file backdoorports.dat [28C[ [1;32mNo update [0;39m ]
Checking file suspscan.dat [33C[ [1;32mNo update [0;39m ]
Checking file i18n/cn [38C[ [1;32mNo update [0;39m ]
Checking file i18n/de [38C[ [1;32mNo update [0;39m ]
Checking file i18n/en [38C[ [1;32mNo update [0;39m ]
Checking file i18n/zh [38C[ [1;32mNo update [0;39m ]
Checking file i18n/zh.utf8 [33C[ [1;32mNo update [0;39m ]
Warning: The command ‘/sbin/ifdown’ has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
Warning: The command ‘/sbin/ifup’ has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable
Warning: The command ‘/usr/bin/groups’ has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
Warning: The command ‘/usr/bin/ldd’ has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
Warning: The command ‘/usr/bin/whatis’ has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable
Warning: The SSH configuration option ‘PermitRootLogin’ has not been set.
The default value may be ‘yes’, to allow root access.
Warning: Suspicious file types found in /dev:
/dev/.udev/db/class@input@input2@js0: ASCII text
/dev/.udev/db/class@input@input2@event2: ASCII text
/dev/.udev/db/class@usb_device@usbdev1.2: ASCII text
/dev/.udev/db/class@usb_device@usbdev1.1: ASCII text
/dev/.udev/db/class@input@input2@mouse1: ASCII text
/dev/.udev/db/block@hda@hda1: ASCII text
/dev/.udev/db/block@hda@hda3: ASCII text
/dev/.udev/db/block@hda@hda2: ASCII text
/dev/.udev/db/class@input@input3@event3: ASCII text
/dev/.udev/db/block@hda: ASCII text
/dev/.udev/db/class@input@input1@event1: ASCII text
/dev/.udev/db/class@input@input1@mouse0: ASCII text
/dev/.udev/db/block@hdc: ASCII text
/dev/.udev/db/class@input@input0@event0: ASCII text
/dev/.udev/db/block@ram0: ASCII text
/dev/.udev/db/block@ram1: ASCII text
/dev/.udev/db/class@cpuid@cpu0: ASCII text
/dev/.udev/db/class@misc@device-mapper: ASCII text
/dev/.udev/db/class@input@mice: ASCII text
/dev/.udev/db/class@msr@msr0: ASCII text
/dev/.udev/db/class@msr@msr1: ASCII text
/dev/.udev/db/class@cpuid@cpu1: ASCII text
/dev/.udev/uevent_seqnum: ASCII text
Warning: Hidden directory found: ‘/dev/.udev’
Warning: Hidden file found: /etc/.my.cnf.swp: data
Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.ssh.hmac: ASCII text
Warning: Hidden file found: /usr/sbin/.sshd.hmac: ASCII text
Warning: Application ‘openssl’, version ‘0.9.8e’, is out of date, and possibly a security risk.
Warning: Application ‘sshd’, version ‘4.3p2’, is out of date, and possibly a security risk.
Kaan
(Ağustos 18, 2014 - 18:24)404 Hatası almaktayım.