部署病毒及恶意脚本检测程序 Rkhunter / ClamAV / LMD

部署三个检测工具rkhunter,ClamAV及Linux Malware Detect (LMD)。分别用于rootkit和恶意脚本检测。
1.ClamAV
yum install clamav clamav-update clamav-scanner-systemd clamav-server-systemd
yum install clamav
sudo sed -i -e “s/^Example/#Example/” /etc/freshclam.conf
sudo sed -i -e “s/^Example/#Example/” /etc/clamd.d/scan.conf
freshclam
clamscan -r -i /var/www/html
2.Rkhunter
yum install rkhunter
rkhunter –propupd
rkhunter -u
rkhunter –checkall
cat /var/log/rkhunter/rkhunter.log | grep -i warning
3.LMD
tar -xvf maldetect-current.tar.gz
cd maldetect-1.4.2
./install.sh
vim /usr/local/maldetect/conf.maldet
/usr/local/maldetect/conf.maldet 典型配置:
email_alert=1
email_subj=”Malware alerts for $HOSTNAME – $(date +%Y-%m-%d)”
quar_hits=1
quar_clean=1
clam_av=1
maldet -u
maldet –scan-all /var/www/html

后续:日常检查 / crontab设置

maldet -u
freshclam
rkhunter -u
rkhunter –propupd
rkhunter –sk –checkall
maldet –scan-all /var/www/html

发表评论

电子邮件地址不会被公开。

Time limit is exhausted. Please reload CAPTCHA.