今晚跑了 rkhunter,我得到了这个结果:
[04:17:34] System checks summary
[04:17:34] =====================
[04:17:34]
[04:17:34] File properties checks...
[04:17:34] Files checked: 133
[04:17:34] Suspect files: 16
[04:17:34]
[04:17:34] Rootkit checks...
[04:17:34] Rootkits checked : 245
[04:17:34] Possible rootkits: 1
[04:17:34] Rootkit names : Slapper Worm
[04:17:34]
[04:17:34] Applications checks...
[04:17:34] All checks skipped
[04:17:34]
[04:17:34] The system checks took: 2 minutes and 27 seconds
[04:17:34]
[04:17:34] Info: End date is Sat Jul 12 04:17:34 UTC 2014
说可能的 rootkit “Slapper Worm”,它指向这个文件:
[04:16:42] Checking for Slapper Worm...
[04:16:42] Checking for file '/tmp/.bugtraq' [ Not found ]
[04:16:42] Checking for file '/tmp/.uubugtraq' [ Not found ]
[04:16:42] Checking for file '/tmp/.bugtraq.c' [ Not found ]
[04:16:42] Checking for file '/tmp/httpd' [ Not found ]
[04:16:42] Checking for file '/tmp/.unlock' [ Not found ]
[04:16:42] Checking for file '/tmp/update' [ Found ]
[04:16:42] Checking for file '/tmp/.cinik' [ Not found ]
[04:16:43] Checking for file '/tmp/.b' [ Not found ]
[04:16:43] Warning: Slapper Worm [ Warning ]
[04:16:43] File '/tmp/update' found
我删除了这个文件,但它似乎没有什么严重的?我应该担心我可能有一个rootkit吗?删除此文件会解决问题吗?
在这种情况下,我不会太担心,因为它只检测到存在的文件名,由于单词的共同性质,该文件名不太可能由完全不相关的东西创建
update。更重要的文件如/tmp/.bugtraq丢失。此外,Slapper 已经 12 岁,并且使用了一个早已关闭的漏洞。如果你是
rkhunter因为怀疑感染而跑,你可以进一步调查,但如果是例行操作,就结案。