一 什么是rootkit
      这个可以从名字上面看出来，就是得到root权限的工具，你可以把它理解成一组木马工具，它用自身替换掉我们在linux系统中原有的工具命令。比如:它替换掉ps这个命令后，当我们再执行ps时，它会把相应的偷偷运行的进程隐藏掉，让我们看不到木马的运行

二 chkrootkit

介绍 http://www.chkrootkit.org/
下载 ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
解压后可直接运行

[root@done opt]# wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
[root@done opt]# cd chkrootkit-0.49/
[root@done chkrootkit-0.49]# ./chkrootkit -h
Usage: ./chkrootkit [options] [test ...]
Options:
        -h                show this help and exit
        -V                show version information and exit
        -l                show available tests and exit
        -d                debug
        -q                quiet mode
        -x                expert mode
        -r dir            use dir as the root directory
        -p dir1:dir2:dirN path for the external commands used by chkrootkit
        -n                skip NFS mounted dirs
[root@done chkrootkit-0.49]# ./chkrootkit

三 rkhunter

介绍 http://www.rootkit.nl/projects/rootkit_hunter.html
下载 http://sourceforge.net/projects/rkhunter/

解压安装
[root@done opt]# tar -zxvf rkhunter-1.3.6.tar.gz
[root@done rkhunter-1.3.6]# ./installer.sh --install
[root@done rkhunter-1.3.6]# ./installer.sh --show
Install into:       /usr/local
Application:        /usr/local/bin
Configuration file: /etc
Documents:          /usr/local/share/doc/rkhunter-1.3.6
Man page:           /usr/local/share/man/man8
Scripts:            /usr/local/lib/rkhunter/scripts
Databases:          /var/lib/rkhunter/db
Temporary files:    /var/lib/rkhunter/tmp

[root@done rkhunter-1.3.6]# /usr/local/bin/rkhunter -c
最后编辑： selboo 编辑于2010/05/25 17:04