首先到 http://www.rootkit.nl/projects/rootkit_hunter.html
下载最新版本的rkhunter.
安装:
tar -zxvf rkhunter-1.3.8.tar.gz
cd rkhunter-1.3.8
./installer.sh --install
./installer.sh --show
rkhunter就安装好了,然后我们要更新一下:
rkhunter --update
rkhunter --propupd
/usr/local/bin/rkhunter --cronjob -l --nomow --rwo
使用方法:
Usage:
rkhunter
--checkall (or -c)
Check the system, performs all tests.
--createlogfile*
Create a logfile (default /var/log/rkhunter.log)
--cronjob
Run as cronjob (removes colored layout)
--help (or -h)
Show help about usage
--nocolors*
Don't use colors for output (some terminals don't like colors or extended layout characters)
--report-mode*
Don't
show uninteresting information for reports, like header/footer.
Interesting when scanning from crontab or with usage of other
applications.
--skip-keypress*
Don't wait after every test (makes it non-interactive)
--quick*
Perform quick scan (instead of full scan). Skips some tests and performs some enhanced tests (less suitable for normal scans).
--version
Show version and quit
--versioncheck
Check for latest version
Dynamic paths
--bindir *
Uses another directory when search for binaries (use instead of using default binaries)
--configfile *
Uses a different configuration file (instead of default one)
--dbdir *
Uses another directory for the databases (instead of the default one, often /usr/local/rkhunter/db)
--rootdir *
Uses
another rootdirectory (normally '/'). So all binaries and tests will be
performed on this directory instead of the default .
--tmpdir *
Uses another directory for temporary storage of files
Explicit scan options:
--disable-md5-check*
Disable MD5 checks
--disable-passwd-check*
Disable passwd/group checks
--scan-knownbad-files*
Perform besides 'known good' check a 'known bad' check
如若转载,请注明出处:https://www.ozabc.com/jianzhan/24526.html