{"id":93,"date":"2016-10-26T12:32:10","date_gmt":"2016-10-26T03:32:10","guid":{"rendered":"http:\/\/jook.pe.kr\/?p=93"},"modified":"2016-10-26T12:32:10","modified_gmt":"2016-10-26T03:32:10","slug":"chkrootkit-%ec%9d%84-%ec%82%ac%ec%9a%a9%ed%95%b4%ec%84%9c-rootkit-%ea%b2%80%ec%82%ac%ed%95%98%ea%b8%b0","status":"publish","type":"post","link":"http:\/\/jook.pe.kr\/?p=93","title":{"rendered":"chkrootkit \uc744 \uc0ac\uc6a9\ud574\uc11c rootkit \uac80\uc0ac\ud558\uae30"},"content":{"rendered":"

1. http:\/\/www.chkrootkit.org<\/a> \uc5d0\uc11c chkrootkit-0.43.tar.gz \uc744 \ub2e4\uc6b4\ub85c\ub4dc \ubc1b\ub294\ub2e4.<\/p>\n

2. \uc555\ucd95\uc744 \ud47c\ub2e4.
\n[root@localhost src]# tar xvfzp chkrootkit-0.43.tar.gz
\nchkrootkit-0.43\/
\nchkrootkit-0.43\/ACKNOWLEDGMENTS
\nchkrootkit-0.43\/chkproc.c
\nchkrootkit-0.43\/README
\nchkrootkit-0.43\/chklastlog.c
\nchkrootkit-0.43\/README.chkwtmp
\nchkrootkit-0.43\/COPYRIGHT
\nchkrootkit-0.43\/Makefile
\nchkrootkit-0.43\/check_wtmpx.c
\nchkrootkit-0.43\/strings.c
\nchkrootkit-0.43\/ifpromisc.c
\nchkrootkit-0.43\/chkdirs.c
\nchkrootkit-0.43\/chkrootkit.lsm
\nchkrootkit-0.43\/chkwtmp.c
\nchkrootkit-0.43\/chkrootkit
\nchkrootkit-0.43\/README.chklastlog<\/p>\n

3. make \uba85\ub839\uc73c\ub85c chkrootkit \uc124\uce58.
\n[root@localhost chkrootkit-0.43]# make
\n*** stopping make sense ***
\nmake[1]: Entering directory `\/usr\/local\/src\/chkrootkit-0.43′
\ngcc -DHAVE_LASTLOG_H -o chklastlog chklastlog.c
\ngcc -DHAVE_LASTLOG_H -o chkwtmp chkwtmp.c
\ngcc -DHAVE_LASTLOG_H -o ifpromisc ifpromisc.c
\ngcc -o chkproc chkproc.c
\ngcc -o chkdirs chkdirs.c
\ngcc -o check_wtmpx check_wtmpx.c
\ngcc -static -o strings-static strings.c
\nmake[1]: Leaving directory `\/usr\/local\/src\/chkrootkit-0.4<\/p>\n

[root@localhost chkrootkit-0.43]# ll
\ntotal 604
\n-r–r–r– 1 1000 1000 3966 Dec 27 03:02 ACKNOWLEDGMENTS
\n-rwxr-xr-x 1 root root 2704 Jun 3 13:21 check_wtmpx
\n-r–r–r– 1 1000 wheel 7195 Dec 27 03:26 check_wtmpx.c
\n-rwxr-xr-x 1 root root 6052 Jun 3 13:21 chkdirs
\n-r–r–r– 1 1000 wheel 6781 Dec 27 03:27 chkdirs.c
\n-rwxr-xr-x 1 root root 6640 Jun 3 13:21 chklastlog
\n-r–r–r– 1 1000 wheel 7729 Dec 27 03:30 chklastlog.c
\n-rwxr-xr-x 1 root root 6488 Jun 3 13:21 chkproc
\n-r–r–r– 1 1000 wheel 6676 Dec 27 03:35 chkproc.c
\n-rwxr-xr-x 1 1000 1000 67736 Dec 29 01:48 chkrootkit
\n-r–r–r– 1 1000 1000 565 Dec 27 21:35 chkrootkit.lsm
\n-rwxr-xr-x 1 root root 3936 Jun 3 13:21 chkwtmp
\n-r–r–r– 1 1000 1000 1945 Dec 25 02:37 chkwtmp.c
\n-r–r–r– 1 1000 1000 1343 Dec 25 02:37 COPYRIGHT
\n-rwxr-xr-x 1 root root 6836 Jun 3 13:21 ifpromisc
\n-r–r–r– 1 1000 1000 8771 Dec 27 09:09 ifpromisc.c
\n-r–r–r– 1 1000 1000 1448 Dec 27 06:34 Makefile
\n-r–r–r– 1 1000 1000 12387 Dec 27 21:40 README
\n-r–r–r– 1 1000 1000 1323 Dec 25 02:37 README.chklastlog
\n-r–r–r– 1 1000 1000 1292 Dec 25 02:37 README.chkwtmp
\n-r–r–r– 1 1000 1000 2437 Dec 25 02:38 strings.c
\n-rwxr-xr-x 1 root root 402496 Jun 3 13:21 strings-static
\nYou have new mail in \/var\/spool\/mail\/root<\/p>\n

4. chkrootlit \uba85\ub839\uc73c\ub85c \ub8e8\ud2b8\ud0b7 \uccb4\ud06c<\/p>\n

[root@localhost chkrootkit-0.43]# .\/chkrootkit
\nROOTDIR is `\/’
\nChecking `amd’… not found
\nChecking `basename’… not infected
\nChecking `biff’… not found
\nChecking `chfn’… not infected
\nChecking `chsh’… not infected
\nChecking `cron’… not infected
\nChecking `date’… not infected
\nChecking `du’… not infected
\nChecking `dirname’… not infected
\nChecking `echo’… not infected
\nChecking `egrep’… not infected
\nChecking `env’… not infected
\nChecking `find’… not infected
\nChecking `fingerd’… not infected
\nChecking `gpm’… not infected
\nChecking `grep’… not infected
\nChecking `hdparm’… not infected
\nChecking `su’… not infected
\nChecking `ifconfig’… not infected
\nChecking `inetd’… not tested
\nChecking `inetdconf’… not found
\nChecking `identd’… not found
\nChecking `init’… not infected
\nChecking `killall’… not infected
\nChecking `ldsopreload’… not infected
\nChecking `login’… not infected
\n.
\n.<\/p>\n

5. \ud2b9\uc815 \ud30c\uc77c\uac80\uc0ac.
\n[root@localhost chkrootkit-0.43]# .\/chkrootkit ps ls netstat
\nROOTDIR is `\/’
\nChecking `ps’… not infected
\nChecking `ls’… not infected
\nChecking `netstat’… not infected<\/p>\n","protected":false},"excerpt":{"rendered":"

1. http:\/\/www.chkrootkit.org \uc5d0\uc11c chkrootkit-0.43.tar.gz \uc744 \ub2e4\uc6b4\ub85c\ub4dc \ubc1b\ub294\ub2e4. 2. \uc555\ucd95\uc744 \ud47c\ub2e4. [root@localhost src]# tar xvfzp chkrootkit-0.43.tar.gz chkrootkit-0.43\/ chkrootkit-0.43\/ACKNOWLEDGMENTS chkrootkit-0.43\/chkproc.c chkrootkit-0.43\/README chkrootkit-0.43\/chklastlog.c<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,7],"tags":[],"_links":{"self":[{"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/posts\/93"}],"collection":[{"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=93"}],"version-history":[{"count":0,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=\/wp\/v2\/posts\/93\/revisions"}],"wp:attachment":[{"href":"http:\/\/jook.pe.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=93"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=93"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/jook.pe.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=93"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}