部署病毒及恶意脚本检测程序 Rkhunter / ClamAV / LMD

部署三个检测工具rkhunter，ClamAV及Linux Malware Detect （LMD）。分别用于rootkit和恶意脚本检测。

1.ClamAV

yum install clamav clamav-update clamav-scanner-systemd clamav-server-systemd
或
yum install clamav
sudo sed -i -e “s/^Example/#Example/” /etc/freshclam.conf
sudo sed -i -e “s/^Example/#Example/” /etc/clamd.d/scan.conf
freshclam
clamscan -r -i /var/www/html

2.Rkhunter

yum install rkhunter
rkhunter –propupd
rkhunter -u
rkhunter –checkall
cat /var/log/rkhunter/rkhunter.log | grep -i warning

3.LMD

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xvf maldetect-current.tar.gz
cd maldetect-1.4.2
./install.sh
vim /usr/local/maldetect/conf.maldet

/usr/local/maldetect/conf.maldet 典型配置：

email_alert=1
email_addr=youremail@localhost
email_subj=”Malware alerts for $HOSTNAME – $(date +%Y-%m-%d)”
quar_hits=1
quar_clean=1
clam_av=1

maldet -u
maldet –scan-all /var/www/html

后续：日常检查 / crontab设置

maldet -u
freshclam
rkhunter -u
rkhunter –propupd
rkhunter –sk –checkall
maldet –scan-all /var/www/html

Related Posts:

发表回复取消回复