{"id":1092,"date":"2016-05-13T12:52:46","date_gmt":"2016-05-13T03:52:46","guid":{"rendered":"http:\/\/www.kinryo.net\/?p=1092"},"modified":"2016-05-13T12:54:44","modified_gmt":"2016-05-13T03:54:44","slug":"%ef%bc%91%ef%bc%96%ef%bc%9a%e3%82%b5%e3%83%96%e3%83%9b%e3%82%b9%e3%83%88%e3%81%ae%e8%a8%ad%e5%ae%9a%ef%bc%93%e3%80%81chkrookit%e3%81%ae%e3%82%a4%e3%83%b3%e3%82%b9%e3%83%88%e3%83%bc%e3%83%ab","status":"publish","type":"post","link":"https:\/\/www.kinryo.net\/?p=1092","title":{"rendered":"\uff11\uff16\uff1a\u30b5\u30d6\u30db\u30b9\u30c8\u306e\u8a2d\u5b9a\uff13\u3001chkrookit\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb"},"content":{"rendered":"<div class=\"itemBody\">\n<p class=\"itemText\">\u53c2\u8003URL\uff1a<a href=\"http:\/\/centossrv.com\/chkrootkit.shtml\" target=\"_blank\">http:\/\/centossrv.com\/chkrootkit.shtml<\/a><br \/>\n<span style=\"color: #ff6600;\">#<\/span><span style=\"color: #008000;\"> yum -y install chkrootkit<\/span><\/p>\n<p class=\"itemText\">EPEL\u30ec\u30dd\u30b8\u30c8\u30ea\u30fc\u3092\u6709\u52b9\u306b\u3057\u3066\u3044\u306a\u3044\u3068\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u51fa\u6765\u306a\u3044<br \/>\n<span style=\"color: #ff6600;\">#<\/span><span style=\"color: #008000;\"> chkrootkit | grep INFECTED<\/span><br \/>\ngrep\u306f\u5927\u6587\u5b57\u3068\u5b50\u6587\u5b57\u3092\u533a\u5225\u3059\u308b\u306e\u3067\u5fc5\u305a\u5927\u6587\u5b57\u3067INFECTED\u3068\u3059\u308b\u4e8b\u3002<br \/>\n\u6c5a\u67d3\u3055\u308c\u3066\u3044\u306a\u3044\u5834\u5408\u306f not infected \u3068\u306a\u308b\u306e\u3067\u3001\u5c0f\u6587\u5b57\u3067\u3084\u308b\u3068\u6b63\u5e38\u306a\u5206\u304c\u8868\u793a\u3055\u308c\u308b\u3002<br \/>\nchkrootkit\u5b9a\u671f\u81ea\u52d5\u5b9f\u884c\u8a2d\u5b9a<br \/>\n<span style=\"color: #ff6600;\">#<\/span><span style=\"color: #008000;\"> gedit chkrootkit<\/span><\/p>\n<div class=\"xoopsCode\">\n<pre><code><span style=\"color: #0000ff;\">#!\/bin\/bash\r\nPATH=\/usr\/bin:\/bin\r\nTMPLOG=`mktemp`\r\n# chkrootkit\u5b9f\u884c\r\nchkrootkit &gt; $TMPLOG\r\n\r\n# \u30ed\u30b0\u51fa\u529b cat $TMPLOG | logger -t chkrootkit\r\n\r\n# SMTPS\u306ebindshell\u8aa4\u691c\u77e5\u5bfe\u5fdc\r\nif [ ! -z \"$(grep 465 $TMPLOG)\" ] &amp;&amp; [ -z $(\/usr\/sbin\/lsof -i:465|grep bindshell) ]; then\r\n      sed -i '\/465\/d' $TMPLOG\r\nfi\r\n\r\n# upstart\u30d1\u30c3\u30b1\u30fc\u30b8\u66f4\u65b0\u6642\u306eSuckit\u8aa4\u691c\u77e5\u5bfe\u5fdc\r\nif [ ! -z \"$(grep Suckit $TMPLOG)\" ] &amp;&amp; [ -z $(rpm -V `rpm -qf \/sbin\/init`) ]; then\r\n       sed -i '\/Suckit\/d' $TMPLOG\r\nfi\r\n\r\n# rootkit\u691c\u77e5\u6642\u306e\u307froot\u5b9b\u30e1\u30fc\u30eb\u9001\u4fe1\r\n[ ! -z \"$(grep INFECTED $TMPLOG)\" ] &amp;&amp; grep INFECTED $TMPLOG | mail -s \"chkrootkit report in `hostname`\" root\r\n\r\nrm -f $TMPLOG<\/span><\/code><\/pre>\n<\/div>\n<p><span style=\"color: #ff6600;\">#<\/span><span style=\"color: #008000;\"> chmod 700 chkrootkit<\/span><br \/>\n<span style=\"color: #ff6600;\">#<\/span><span style=\"color: #008000;\"> mv chkrootkit \/etc\/cron.daily\/<\/span><br \/>\n\u305d\u306e\u5f8c\u3001<a href=\"http:\/\/centossrv.com\/chkrootkit.shtml\" target=\"_blank\">http:\/\/centossrv.com\/chkrootkit.shtml<\/a>\u3092\u53c2\u8003\u306b\u201dchkrootkit\u3067\u4f7f\u7528\u3059\u308b\u5b89\u5168\u306a\u30b3\u30de\u30f3\u30c9\u306e\u78ba\u4fdd\u201d\u3092\u3084\u3063\u3066\u304a\u304f<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u53c2\u8003URL\uff1ahttp:\/\/centossrv.com\/chkrootkit.shtml # yum -y install chkrootkit EPEL\u30ec\u30dd\u30b8\u30c8\u30ea\u30fc\u3092\u6709\u52b9\u306b\u3057\u3066\u3044\u306a\u3044\u3068\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u51fa\u6765\u306a\u3044 # chkro &hellip; <a href=\"https:\/\/www.kinryo.net\/?p=1092\">\u7d9a\u304d\u3092\u8aad\u3080 <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"vkexunit_cta_each_option":"","footnotes":""},"categories":[8],"tags":[],"class_list":["post-1092","post","type-post","status-publish","format-standard","hentry","category-server"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts\/1092","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1092"}],"version-history":[{"count":3,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts\/1092\/revisions"}],"predecessor-version":[{"id":1095,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts\/1092\/revisions\/1095"}],"wp:attachment":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1092"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1092"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1092"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}