相关工具

查杀Rootkit

chkrootkit

$ wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
$ tar zxvf chkrootkit.tar.gz
$ cd chkrootkit-0.52
$ make sense
$ ./chkrootkit

rkhunter

$ Wget https://nchc.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.4/rkhunter-1.4.4.tar.gz
$ tar -zxvf rkhunter-1.4.4.tar.gz
$ cd rkhunter-1.4.4
$ ./installer.sh --install
$ rkhunter -c

病毒查杀

clamav

安装方式一

$ yum install gcc
$ wget http://nchc.dl.sourceforge.net/project/libpng/zlib/1.2.7/zlib-1.2.7.tar.gz 
$ tar -zxvf  zlib-1.2.7.tar.gz
$ cd zlib-1.2.7
$ CFLAGS="-O3 -fPIC" ./configure --prefix= /usr/local/zlib/
$ make && make install 

# 添加用户
$ groupadd clamav
$ useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav

# 安装clamav
$ tar –zxvf clamav-0.97.6.tar.gz
$ cd clamav-0.97.6
$ ./configure --prefix=/opt/clamav --disable-clamav -with-zlib=/usr/local/zlib
$ make
$ make install

# 配置clamav
$ mkdir /opt/clamav/logs
$ mkdir /opt/clamav/updata
$ touch /opt/clamav/logs/freshclam.log
$ touch /opt/clamav/logs/clamd.log
$ cd /opt/clamav/logs
$ chown clamav:clamav clamd.log
$ chown clamav:clamav freshclam.log

安装方式二

$ yum install -y clamav
$ freshclam

使用

升级病毒库：

$ /opt/clamav/bin/freshclam

扫描所有用户的主目录：

$ ./clamscan -r /home

扫描bin目录并且显示有问题的文件的扫描结果：

$ ./clamscan -r --bell -i /bin

扫描：

$ clamscan -r /etc --max-dir-recursion=5 -l /root/etcclamav.log
$ clamscan -r /bin --max-dir-recursion=5 -l /root/binclamav.log
$ clamscan -r /usr --max-dir-recursion=5 -l /root/usrclamav.log

扫描并杀毒：

$ clamscan -r  --remove  /usr/bin/bsd-port
$ clamscan -r  --remove  /usr/bin/
$ clamscan -r --remove  /usr/local/zabbix/sbi

查看日志发现：

$ cat /root/usrclamav.log | grep FOUND

在线网址

https://x.threatbook.cn/
http://www.virscan.org
https://www.virustotal.com/
https://fireeye.ijinshan.com/