Rootkit Hunter ( rkhunter )<\/b> \u00e8 uno shell script che scanna sistemi operativi Linux<\/b> alla ricerca di rootkits<\/b>, cavalli di troia<\/b> e altri rischi per la sicurezza.<\/p>\n
Alcune altre funzioni di Rootkit Hunter<\/b> sono:<\/p>\n Un rootkit<\/b> \u00e8 un programma installato all\u2019insaputa dell\u2019utente o dell\u2019amministratore su un computer o un server che permette a chi l\u2019ha installato di avere un accesso di tipo privilegiato. Il nome rootkit<\/b> \u00e8 formato da due parole, root, che \u00e8 l\u2019amministratore nei sistemi Unix e Linux, e kit. Con un rootkit<\/b> un “attacker” pu\u00f2 “aprirsi” una backdoor<\/b> nel sistema compromesso cosa che gli permette di installare programmi, creare degli user account, cambiare le configurazioni del sistema, rubare dati, monitorare le attivit\u00e0 degli utenti, cancellare file o intere cartelle e altro.<\/p>\n Diversi esperti sulla sicurezza affermano che una volta che un sistema \u00e8 stato compromesso con un rootkit<\/b>, \u00e8 consigliato di fare un rebuild del sistema. Il problema \u00e8 che anche nel caso si sia in grado di rilevare ogni file o processo associato con il rootkit<\/b>, \u00e8 moto difficile essere al 100% sicuri di avere eliminato ogni parte del rootkit<\/b>. Rootkit Hunter ( rkhunter )<\/b> non \u00e8 un Antivirus serve per capire se il proprio sistema \u00e8 stato compromesso per poi adottare delle misure.<\/p>\n Eseguire il Rootkit Hunter updater<\/b> per riempire la banca dati con i seguenti comandi.<\/p>\n Eseguire il seguente comando per avviare lo scanner manualmente.<\/p>\n Cos’\u00e8 Rootkit Hunter ( rkhunter ) Rootkit Hunter ( rkhunter ) \u00e8 uno shell script che scanna sistemi operativi Linux alla ricerca di rootkits, cavalli di troia e altri rischi per la sicurezza. Alcune altre funzioni di Rootkit Hunter sono: Controllare i file di configurazione di SSHD per poi dare un avvertimento se le impostazioni…<\/p>\n\n
Cosa fare se si trovano dei Rootkits<\/h2>\n
Installazione Rootkit Hunter<\/h2>\n
\n
# apt install rkhunter \t [On Debian\/Ubuntu]\n# yum install rkhunter\t [On RHEL\/CentOS] \t\n# dnf install rkhunter\t [On Fedora 22+]\n# zypper install rkhunter [On openSUSE]\n<\/pre>\n<\/blockquote>\n<\/div>\n
Fare un update di Rootkit Hunter<\/h2>\n
\n
chit-server:\/ # rkhunter --update\n[ Rootkit Hunter version 1.4.4 ]\n\nChecking rkhunter data files...\n Checking file mirrors.dat [ No update ]\n Checking file programs_bad.dat [ No update ]\n Checking file backdoorports.dat [ No update ]\n Checking file suspscan.dat [ No update ]\n Checking file i18n\/cn [ No update ]\n Checking file i18n\/de [ No update ]\n Checking file i18n\/en [ Updated ]\n Checking file i18n\/tr [ Updated ]\n Checking file i18n\/tr.utf8 [ Updated ]\n Checking file i18n\/zh [ No update ]\n Checking file i18n\/zh.utf8 [ No update ]\n Checking file i18n\/ja [ No update ]\nchit-server:\/local #\n\nchit-server:\/ # rkhunter --propupd\n[ Rootkit Hunter version 1.4.4 ]\nFile created: searched for 175 files, found 196\nchit-server:\/ # \n<\/pre>\n<\/blockquote>\n<\/div>\n
Scannare il sistema con Rootkit Hunter<\/h2>\n
\n
chit-server:\/ # rkhunter --check\n[ Rootkit Hunter version 1.4.4 ]\n\nChecking system commands...\n\n Performing 'strings' command checks\n Checking 'strings' command [ OK ]\n\n Performing 'shared libraries' checks\n Checking for preloading variables [ None found ]\n Checking for preloaded libraries [ None found ]\n Checking LD_LIBRARY_PATH variable [ Not found ]\n\n Performing file properties checks\n Checking for prerequisites [ OK ]\n \/usr\/bin\/awk [ OK ]\n \/usr\/bin\/basename [ OK ]\n \/usr\/bin\/cat [ OK ]\n \/usr\/bin\/chattr [ OK ]\n \/usr\/bin\/chkconfig [ OK ]\n \/usr\/bin\/chmod [ OK ]\n \/usr\/bin\/chown [ OK ]\n \/usr\/bin\/chroot [ OK ]\n \/usr\/bin\/cp [ OK ]\n \/usr\/bin\/csh [ OK ]\n \/usr\/bin\/curl [ OK ]\n \/usr\/bin\/cut [ OK ]\n \/usr\/bin\/date [ OK ]\n \/usr\/bin\/df [ OK ]\n \/usr\/bin\/diff [ OK ]\n \/usr\/bin\/dirname [ OK ]\n \/usr\/bin\/dmesg [ OK ] \n \/usr\/bin\/du [ OK ] \n \/usr\/bin\/echo [ OK ] \n \/usr\/bin\/ed [ OK ] \n \/usr\/bin\/egrep [ OK ] \n \/usr\/bin\/env [ OK ] \n \/usr\/bin\/fgrep [ OK ] \n \/usr\/bin\/file [ OK ] \n \/usr\/bin\/find [ OK ] \n \/usr\/bin\/grep [ OK ] \n \/usr\/bin\/groups [ OK ] \n \/usr\/bin\/head [ OK ] \n \/usr\/bin\/id [ OK ] \n \/usr\/bin\/ipcs [ OK ] \n \/usr\/bin\/kill [ OK ] \n \/usr\/bin\/killall [ OK ] \n \/usr\/bin\/last [ OK ] \n \/usr\/bin\/lastlog [ OK ] \n \/usr\/bin\/ldd [ OK ] \n \/usr\/bin\/less [ OK ] \n \/usr\/bin\/logger [ OK ] \n \/usr\/bin\/ls [ OK ] \n \/usr\/bin\/lsattr [ OK ] \n \/usr\/bin\/lsmod [ OK ] \n \/usr\/bin\/lsof [ OK ]\n \/usr\/bin\/mail [ OK ]\n \/usr\/bin\/md5sum [ OK ]\n \/usr\/bin\/mktemp [ OK ]\n \/usr\/bin\/more [ OK ]\n \/usr\/bin\/mount [ OK ]\n \/usr\/bin\/mv [ OK ]\n \/usr\/bin\/newgrp [ OK ]\n \/usr\/bin\/passwd [ OK ]\n \/usr\/bin\/perl [ OK ]\n \/usr\/bin\/pgrep [ OK ]\n \/usr\/bin\/ping [ OK ]\n \/usr\/bin\/pkill [ OK ]\n \/usr\/bin\/ps [ OK ]\n \/usr\/bin\/pstree [ OK ]\n \/usr\/bin\/pwd [ OK ]\n.........................................................................\n \/bin\/ls [ OK ]\n \/bin\/lsmod [ OK ]\n \/bin\/mail [ OK ]\n \/bin\/md5sum [ OK ]\n \/bin\/mktemp [ OK ]\n \/bin\/more [ OK ]\n \/bin\/mount [ OK ]\n \/bin\/mv [ OK ]\n \/bin\/netstat [ OK ]\n \/bin\/pgrep [ OK ]\n \/bin\/ping [ OK ]\n \/bin\/pkill [ OK ]\n \/bin\/ps [ OK ]\n \/bin\/pwd [ OK ]\n \/bin\/readlink [ OK ]\n \/bin\/rpm [ OK ]\n \/bin\/sed [ OK ]\n \/bin\/sh [ OK ]\n \/bin\/sort [ OK ]\n \/bin\/stat [ OK ]\n \/bin\/su [ OK ]\n \/bin\/touch [ OK ]\n \/bin\/uname [ OK ]\n \/bin\/gawk [ OK ]\n \/bin\/tcsh [ OK ]\n \/bin\/kmod [ OK ]\n \/bin\/systemd [ OK ]\n \/bin\/systemctl [ OK ]\n \/usr\/lib\/systemd\/systemd [ OK ]\n \/etc\/rkhunter.conf [ OK ]\n \/etc\/rkhunter.d\/00-opensuse.conf [ OK ]\n\nChecking for rootkits... \n \n Performing check of known rootkit files and directories \n 55808 Trojan - Variant A [ Not found ]\n ADM Worm [ Not found ]\n AjaKit Rootkit [ Not found ]\n Adore Rootkit [ Not found ]\n aPa Kit [ Not found ]\n Apache Worm [ Not found ]\n Ambient (ark) Rootkit [ Not found ]\n Balaur Rootkit [ Not found ]\n BeastKit Rootkit [ Not found ]\n beX2 Rootkit [ Not found ]\n BOBKit Rootkit [ Not found ]\n cb Rootkit [ Not found ]\n CiNIK Worm (Slapper.B variant) [ Not found ]\n Danny-Boy's Abuse Kit [ Not found ]\n Devil RootKit [ Not found ]\n Dica-Kit Rootkit [ Not found ]\n Dreams Rootkit [ Not found ]\n Duarawkz Rootkit [ Not found ]\n Enye LKM [ Not found ]\n Flea Linux Rootkit [ Not found ]\n Fu Rootkit [ Not found ]\n Fuck`it Rootkit [ Not found ]\n GasKit Rootkit [ Not found ]\n Heroin LKM [ Not found ]\n HjC Kit [ Not found ]\n ignoKit Rootkit [ Not found ]\n IntoXonia-NG Rootkit [ Not found ]\n Irix Rootkit [ Not found ]\n Jynx Rootkit [ Not found ]\n KBeast Rootkit [ Not found ]\n Kitko Rootkit [ Not found ]\n Knark Rootkit [ Not found ]\n ld-linuxv.so Rootkit [ Not found ]\n Li0n Worm [ Not found ]\n Lockit \/ LJK2 Rootkit [ Not found ]\n Mood-NT Rootkit [ Not found ]\n MRK Rootkit [ Not found ]\n Ni0 Rootkit [ Not found ]\n Ohhara Rootkit [ Not found ]\n Optic Kit (Tux) Worm [ Not found ]\n Oz Rootkit [ Not found ]\n Phalanx Rootkit [ Not found ]\n Phalanx2 Rootkit [ Not found ]\n Phalanx2 Rootkit (extended tests) [ Not found ]\n Portacelo Rootkit [ Not found ]\n R3dstorm Toolkit [ Not found ]\n RH-Sharpe's Rootkit [ Not found ]\n RSHA's Rootkit [ Not found ]\n Scalper Worm [ Not found ]\n Sebek LKM [ Not found ]\n Shutdown Rootkit [ Not found ]\n SHV4 Rootkit [ Not found ]\n SHV5 Rootkit [ Not found ]\n Sin Rootkit [ Not found ]\n Slapper Worm [ Not found ]\n Sneakin Rootkit [ Not found ]\n 'Spanish' Rootkit [ Not found ]\n Suckit Rootkit [ Not found ]\n Superkit Rootkit [ Not found ]\n TBD (Telnet BackDoor) [ Not found ]\n TeLeKiT Rootkit [ Not found ]\n T0rn Rootkit [ Not found ]\n trNkit Rootkit [ Not found ]\n Trojanit Kit [ Not found ]\n Tuxtendo Rootkit [ Not found ]\n URK Rootkit [ Not found ]\n Vampire Rootkit [ Not found ]\n VcKit Rootkit [ Not found ]\n Volc Rootkit [ Not found ]\n Xzibit Rootkit [ Not found ]\n zaRwT.KiT Rootkit [ Not found ]\n ZK Rootkit [ Not found ]\n\n[Press