相关工具
查杀Rootkit
$ wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
$ tar zxvf chkrootkit.tar.gz
$ cd chkrootkit-0.52
$ make sense
$ ./chkrootkit$ Wget https://nchc.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.4/rkhunter-1.4.4.tar.gz
$ tar -zxvf rkhunter-1.4.4.tar.gz
$ cd rkhunter-1.4.4
$ ./installer.sh --install
$ rkhunter -c病毒查杀
安装方式一
$ yum install gcc
$ wget http://nchc.dl.sourceforge.net/project/libpng/zlib/1.2.7/zlib-1.2.7.tar.gz
$ tar -zxvf zlib-1.2.7.tar.gz
$ cd zlib-1.2.7
$ CFLAGS="-O3 -fPIC" ./configure --prefix= /usr/local/zlib/
$ make && make install
# 添加用户
$ groupadd clamav
$ useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
# 安装clamav
$ tar –zxvf clamav-0.97.6.tar.gz
$ cd clamav-0.97.6
$ ./configure --prefix=/opt/clamav --disable-clamav -with-zlib=/usr/local/zlib
$ make
$ make install
# 配置clamav
$ mkdir /opt/clamav/logs
$ mkdir /opt/clamav/updata
$ touch /opt/clamav/logs/freshclam.log
$ touch /opt/clamav/logs/clamd.log
$ cd /opt/clamav/logs
$ chown clamav:clamav clamd.log
$ chown clamav:clamav freshclam.log安装方式二
$ yum install -y clamav
$ freshclam使用
升级病毒库:
$ /opt/clamav/bin/freshclam扫描所有用户的主目录:
$ ./clamscan -r /home扫描bin目录并且显示有问题的文件的扫描结果:
$ ./clamscan -r --bell -i /bin扫描:
$ clamscan -r /etc --max-dir-recursion=5 -l /root/etcclamav.log
$ clamscan -r /bin --max-dir-recursion=5 -l /root/binclamav.log
$ clamscan -r /usr --max-dir-recursion=5 -l /root/usrclamav.log扫描并杀毒:
$ clamscan -r --remove /usr/bin/bsd-port
$ clamscan -r --remove /usr/bin/
$ clamscan -r --remove /usr/local/zabbix/sbi查看日志发现:
$ cat /root/usrclamav.log | grep FOUND在线网址
https://x.threatbook.cn/
http://www.virscan.org
https://www.virustotal.com/
https://fireeye.ijinshan.com/Last updated