آموزش جامع سرور اختصاصی

[eskelet-sokhte]

اموزش نصب Chkrootkit|ابزار قدرتمند جهت اسکن لینوکس سرور در مقابل تروجانها

اموزش نصب Chkrootkit|ابزار قدرتمند جهت اسکن لینوکس سرور در مقابل تروجانها که اموزش ان در زیر بیان شده به همراه
اسکن روزانه و ارسال گذارش روزانه ایمیل به شما

Installing CHKROOTKIT
Version 0.42b (Sept. 20 2003)
SSH as admin to your server. DO NOT use telnet, it should be disabled anyways.
#Change to root

کد PHP:

 su - 


#Type the following

کد PHP:

 wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz 


# Check the MD5 SUM of the download for security:
ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5

کد PHP:

 md5sum chkrootkit.tar.gz 


#Unpack the tarball using the command

کد PHP:

 tar xvzf chkrootkit.tar.gz 


#Change to the directory it created

کد PHP:

 cd chkrootkit* 


#Compile by typing

کد PHP:

 make sense 


#To use chkrootkit, just type the command

کد PHP:

 ./chkrootkit 


#Everything it outputs should be 'not found' or 'not infected'...
Important Note: If you see 'Checking `bindshell'... INFECTED (PORTS: 465)' read on.
I'm running PortSentry/klaxon. What's wrong with the bindshell test?
If you're running PortSentry/klaxon or another program that binds itself to unused ports probably chkrootkit will give you a false positive on the bindshell test

کد PHP:

(ports 114/tcp, 465/tcp, 511/tcp, 1008/tcp,  1524/tcp, 1999/tcp, 3879/tcp, 4369/tcp, 5665/tcp, 10008/tcp, 12321/tcp,  23132/tcp, 27374/tcp, 29364/tcp, 31336/tcp, 31337/tcp, 45454/tcp,  47017/tcp, 47889/tcp, 60001/tcp). 


#Now,

کد PHP:

 cd .. 


#Then remove the .gz file

کد PHP:

 rm chkrootkit.tar.gz 


Daily Automated System Scan that emails you a report
While in SSH run the following:

کد PHP:

 pico /etc/cron.daily/chkrootkit.sh 


Insert the following to the new file:
#!/bin/bash

کد PHP:

 cd /yourinstallpath/chkrootkit-0.42b/ 


chkrootkit | mail -s "Daily chkrootkit from Servername" admin@youremail.comImportant:
1. Replace 'yourinstallpath' with the actual path to where you unpacked Chkrootkit.
2. Change 'Servername' to the server your running so you know where it's coming from.
3. Change 'admin@youremail.com' to your actual email address where the script will mail you.

Now save the file in SSH:
Ctrl+X then type Y

Change the file permissions so we can run it

کد PHP:

 chmod 755 /etc/cron.daily/chkrootkit.sh 


Now if you like you can run a test report manually in SSH to see how it looks

کد PHP:

 cd /etc/cron.daily/ 


کد PHP:

 ./chkrootkit.sh 


You'll now receive a nice email with the report! This will now happen everyday so you don't have to run it manually