簡單使用epel源來安裝NTOP和chkrootkit
首先來說一下epel源是什麼:
如果既想獲得 RHEL 的高品質、高性能、高可靠性,又需要友善易用(關鍵是免費)的軟體包更新功能,那麼 Fedora Project 推出的 EPEL(Extra Packages for Enterprise Linux)正好适合你。EPEL(http://fedoraproject.org/wiki/EPEL) 是由 Fedora 社群打造,為 RHEL 及衍生發行版如 CentOS、Scientific Linux 等提供高品質軟體包的項目。
下面來配置一下epel源
所使用的系統是Centos 6.3 x86_64 ip 192.168.112.129
在安裝之前要事先安裝yum-priorities
# yum install -y yum-priorities
安裝完成後,便可以配置epel源了
由于使用的是64位的系統,是以選擇安裝相對應的rpm包
可以在http://dl.fedoraproject.org/pub/epel/6/x86_64/這裡面到找,執行下面的指令安裝
[root@www yum.repos.d]# rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Retrieving http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
warning: /var/tmp/rpm-tmp.KQrxb7: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing... ########################################### [100%]
1:epel-release ########################################### [100%]
對于32位的系統則需要執行下面的指令:
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
安裝完成後導入DAG的PGP Key
[root@www yum.repos.d]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
然後再來設定/etc/yum.repos.d/epel.repo檔案中源的級别,添加priority=11 (将其級别設定為較低級别,這樣系統安裝軟體時會首先選擇官方yum源,如果實在找不到它會選擇epel源)/etc/yum.repos.d/epel.repo檔案内容如下:
[root@www yum.repos.d]# cat epel.repo
[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
priority=11 \\設定優先級
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
enabled=0
[epel-source]
name=Extra Packages for Enterprise Linux 6 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
設定安裝完成後就可以直接用yum安裝NTOP了
[root@www yum.repos.d]# yum install ntop
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
epel/metalink | 4.0 kB 00:00
* base: centos.ustc.edu.cn
* epel: ftp.cuhk.edu.hk
* extras: centos.ustc.edu.cn
* updates: centos.ustc.edu.cn
epel | 4.2 kB 00:00
http://ftp.cuhk.edu.hk/pub/linux/fedora-epel/6/x86_64/repodata/e7f018b8041d9c4926b9587c3e1f50111f7d76a57335cc72a7106fb703eca514-primary.sqlite.bz2: [Errno 14] PYCURL ERROR 7 - "couldn't connect to host"
Trying other mirror.
epel/primary_db | 5.0 MB 00:05
73 packages excluded due to repository priority protections
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package ntop.x86_64 0:5.0-5.el6 will be installed
--> Processing Dependency: graphviz for package: ntop-5.0-5.el6.x86_64
--> Processing Dependency: libpcap.so.1()(64bit) for package: ntop-5.0-5.el6.x86_64
--> Processing Dependency: libGeoIP.so.1()(64bit) for package: ntop-5.0-5.el6.x86_64
---> Package GeoIP.x86_64 0:1.4.8-1.el6 will be installed
---> Package graphviz.x86_64 0:2.26.0-10.el6 will be installed
--> Processing Dependency: urw-fonts for package: graphviz-2.26.0-10.el6.x86_64
--> Processing Dependency: libXmu.so.6()(64bit) for package: graphviz-2.26.0-10.el6.x86_64
--> Processing Dependency: libXaw.so.7()(64bit) for package: graphviz-2.26.0-10.el6.x86_64
---> Package libpcap.x86_64 14:1.0.0-6.20091201git117cb5.el6 will be installed
---> Package libXaw.x86_64 0:1.0.11-2.el6 will be installed
---> Package libXmu.x86_64 0:1.1.1-2.el6 will be installed
---> Package urw-fonts.noarch 0:2.4-10.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=======================================================================================================================================================================
Package Arch Version Repository Size
Installing:
ntop x86_64 5.0-5.el6 epel 12 M
Installing for dependencies:
GeoIP x86_64 1.4.8-1.el6 epel 620 k
graphviz x86_64 2.26.0-10.el6 base 1.0 M
libXaw x86_64 1.0.11-2.el6 base 178 k
libXmu x86_64 1.1.1-2.el6 base 66 k
libpcap x86_64 14:1.0.0-6.20091201git117cb5.el6 base 126 k
urw-fonts noarch 2.4-10.el6 base 3.1 M
Transaction Summary
安裝完成後就可以啟動NTOP了,啟動過程會提示調置admin使用者的密碼。
[root@www yum.repos.d]# ntop
Sun Mar 24 04:09:27 2013 Initializing gdbm databases
Sun Mar 24 04:09:27 2013 ntop will be started as user ntop
Sun Mar 24 04:09:27 2013 ntop v.5.0 Fedora RPM (64 bit)
Sun Mar 24 04:09:27 2013 Configured on Nov 26 2012 2:27:02, built on Nov 26 2012 02:27:07.
……
ntop startup - waiting for user response!
Please enter the password for the admin user:
最後就可以在浏覽器中通路了 http://192.168.112.129:3000
如圖所示工作界面:
<a href="http://blog.51cto.com/attachment/201304/231549987.jpg" target="_blank"></a>
到此 使用epel源安裝NTOP就完成了,具體關于NTOP的使用,還在熟悉過程中。
下面來說一下chkrootkit的安裝
先來認識一下chkrootkit。Rootkit檢測工具Chkrootkit
Rootkit是單個或一組軟體,它針對一個或者多個弱點進行擷取正式權限的攻擊,或者對目标主機進行其他任何類型的攻擊。很多Rootkit不僅僅是發起一個攻擊以獲得root權限,其同時還試圖掩藏和清除攻擊的行為。為了達到掩蓋的目的,它們删除日志檔案、安裝特洛伊木馬或采取其他的掩蓋方法。就像網絡中别的攻擊一樣,Rootkit通常也具有特征并且會留下一些蛛絲馬迹,這些都是可以用來識别出它們。我們這裡有專門的軟體可對Rootkit的蹤迹和特征進行查找,其中之一就是chkrootkit
Chkrootkit的安裝
Chkrootkit目前的最新版本是0.49,而epel源中的Chkrootkit正好的就是最新版本。由于前面已經配置好了epel源就可以直接安裝了:
# yum install -y chkrootkit
成功安裝後,再用rpm指令來檢查一下,如下所示:
[root@www ~]# rpm -ql chkrootkit
/etc/pam.d/chkrootkit
/etc/security/console.apps/chkrootkit
/usr/bin/chkrootkit
/usr/bin/chkrootkitX
/usr/lib64/chkrootkit-0.49
/usr/lib64/chkrootkit-0.49/check_wtmpx
/usr/lib64/chkrootkit-0.49/chkdirs
/usr/lib64/chkrootkit-0.49/chklastlog
/usr/lib64/chkrootkit-0.49/chkproc
/usr/lib64/chkrootkit-0.49/chkrootkit
/usr/lib64/chkrootkit-0.49/chkutmp
/usr/lib64/chkrootkit-0.49/chkwtmp
/usr/lib64/chkrootkit-0.49/ifpromisc
/usr/lib64/chkrootkit-0.49/strings
/usr/lib64/chkrootkit-0.49/strings-static
/usr/sbin/chkrootkit
/usr/share/applications/fedora-chkrootkit.desktop
/usr/share/doc/chkrootkit-0.49
/usr/share/doc/chkrootkit-0.49/ACKNOWLEDGMENTS
/usr/share/doc/chkrootkit-0.49/COPYRIGHT
/usr/share/doc/chkrootkit-0.49/README
/usr/share/doc/chkrootkit-0.49/README.chklastlog
/usr/share/doc/chkrootkit-0.49/README.chkwtmp
/usr/share/doc/chkrootkit-0.49/README.false_positives
/usr/share/doc/chkrootkit-0.49/chkrootkit.lsm
/usr/share/pixmaps/chkrootkit.png
這裡顯示的是成功安裝後Chkrootkit後的相關檔案。運作相關指令可以檢視版本号:
[root@www ~]# chkrootkit -V
chkrootkit version 0.49
安裝後就可以運作了
[root@www ~]# chkrootkit
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not found
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not found
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not found
Checking `mail'... not found
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not found
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not found
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not found
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not tested
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not found
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while... nothing found
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for HKRK rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... chkproc: nothing detected
chkdirs: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient, /usr/sbin/ntop)
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'... chkutmp: nothing deleted
Checking `OSX_RSPLUG'... not infected
Chkrootkit會對系統上的重要檔案進行掃描,以上結果顯示是正常的,一般是沒有檔案感染,如果Chkrootkit顯示有檔案感染,請認真檢視是否是誤報,如果有檔案感染了Rootkit,請立即從網絡上斷開你的服務,同時采取措施進行Rootkit的清理。
好了,到此關于epel源的配置和使用epel源安裝軟體介紹完畢。
不對之處請大家指出,謝謝關注。
本文轉自 ZhouLS 51CTO部落格,原文連結:http://blog.51cto.com/zhou123/1181062