Realization of Linux backdoor intrusion detection

Rootkit from a superficial point of view is a self concealment of backdoor procedures, it is often an intruder as an intrusion tool. By Rootkit, intruders can secretly control the compromised computer, which is a huge hazard. Chkrootkit is a tool for searching the back door of a Linux system to detect rootkit. This article will introduce the installation and use method of Chkrootkit.

Chkrootkit is not included in the official CentOS or Debian source, so we will take the manual compilation method to install it, which is also more secure. Because you need to compile the source code, you also need to install the GCC compilation package in your system.

[root@linux-01 ~]# yum-y install gcc gcc-c++ make NTP

[Root@linux-01 ~]# ntpdate pool.ntp.org

3 Sep 12:03:49 ntpdate[4211]: Step time server 59.66.66.243 offset 6192510.670388 sec

[Root@linux-01 ~]# Date

September 03, 2013 Tuesday 12:03:56 CS

[Root@linux-01 ~]# wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

[root@linux-01 ~]# tar zxf chkrootkit.tar.gz

[Root@linux-01 ~]# CD chkrootkit-*

[Root@linux-01 chkrootkit-0.49]# make sense

Gcc-dhave_lastlog_h-o Chklastlog chklastlog.c

Gcc-dhave_lastlog_h-o chkwtmp chkwtmp.c

chkwtmp.c:in function ' main ':

CHKWTMP.C:95: Warning: Implicit declaration incompatible with built-in function ' exit '

Gcc-dhave_lastlog_h-d_file_offset_bits=64-o Ifpromisc IFPROMISC.C

Gcc-o Chkproc CHKPROC.C

Gcc-o Chkdirs CHKDIRS.C

Gcc-o check_wtmpx check_wtmpx.c

Gcc-static-o strings-static STRINGS.C

Gcc-o chkutmp chkutmp.c

[Root@linux-01 chkrootkit-0.49]# CD ...

[root@linux-01 ~]# cp-r chkrootkit-*/usr/local/chkrootkit

[Root@linux-01 ~]# RM-RF chkrootkit-*

[Root@linux-01 ~]#/usr/local/chkrootkit/chkrootkit

Author Signature: 51cto blog Imysql

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/OS/Linux/