rkhunter安装和使用

1.前言

• rkhunter 是一个内核级别的rootkit检测工具,下面以rkhunter-1.4.2介绍一下安装和使用

2.安装

#!/bin/bash
#program:
#    this program init  server
#history:
# 2016/09/06     qingye   first release

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
rkhunter(){
tar -zxvf rkhunter-1.4.2.tar.gz
        cd rkhunter-1.4.2
        mkdir -p /opt/tools/rkhunter
        ./installer.sh  --layout custom /opt/tools/rkhunter  --install
        k=$?
        mv /bin/rkhunter  /tmp
        ln -s /opt/tools/rkhunter/bin/rkhunter  /bin/rkhunter

        if [ $? = 0 ];then
        echo -e "rkhunter_install                               \033[32m  [  ok  ] \033[0m"
        else
        echo -e "rkhunter_install                                \033[31m [ fail ] \033[0m"
fi
        }
main(){
rkhunter
}
main

3.rkhunter产生的日志结合zabbix进行报警

3.1 制定定时任务

#每天定时扫描一遍，会生成一个日志文件:/var/log/rkhunter.log
08 3 * * * /bin/rkhunter --check --cronjob

产生的日志有个病毒汇总信息：

3.2 编写脚本，添加zabbix自定义监控就可以了，当有发现病毒时报警出来

#!/bin/bash
result="`cat /var/log/rkhunter.log | grep "Possible rootkits" | awk '{print $4}'`"
if [[ $result > 0 ]]; then
    echo 1
else
    echo 0
fi
`