rkhunter安装和使用

1.前言

  • rkhunter 是一个内核级别的rootkit检测工具,下面以rkhunter-1.4.2介绍一下安装和使用

2.安装

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
#!/bin/bash
#program:
# this program init server
#history:
# 2016/09/06 qingye first release

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
rkhunter(){
tar -zxvf rkhunter-1.4.2.tar.gz
cd rkhunter-1.4.2
mkdir -p /opt/tools/rkhunter
./installer.sh --layout custom /opt/tools/rkhunter --install
k=$?
mv /bin/rkhunter /tmp
ln -s /opt/tools/rkhunter/bin/rkhunter /bin/rkhunter

if [ $? = 0 ];then
echo -e "rkhunter_install \033[32m [ ok ] \033[0m"
else
echo -e "rkhunter_install \033[31m [ fail ] \033[0m"
fi
}
main(){
rkhunter
}
main

3.rkhunter产生的日志结合zabbix进行报警

3.1 制定定时任务

1
2
#每天定时扫描一遍,会生成一个日志文件:/var/log/rkhunter.log
08 3 * * * /bin/rkhunter --check --cronjob

产生的日志有个病毒汇总信息:
rkhunter日志信息

3.2 编写脚本,添加zabbix自定义监控就可以了,当有发现病毒时报警出来

1
2
3
4
5
6
7
8
#!/bin/bash
result="`cat /var/log/rkhunter.log | grep "Possible rootkits" | awk '{print $4}'`"
if [[ $result > 0 ]]; then
echo 1
else
echo 0
fi
`

评论

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×