rootkitÀº ºñÁ¤»óÀûÀ¸·Î ¼¹ö¸¦ °ø°ÝÇÏ¿© ÇØÅ·À» ÇÏ¿´À» ¶§ ÀÌÈÄ¿¡ º¸´Ù ½±°Ô Á¢¼ÓÀ» Çϱâ À§ÇØ ¹éµµ¾î³ª Æ®·ÎÀÌÀÜ ¸ñ¸¶ ÇÁ·Î±×·¥À» ¼³Ä¡ÇÏ¿© ½Ã½ºÅÛ¿¡ ¼û°Ü³õÀº ÇÁ·Î±×·¥À» ÀǹÌÇÑ´Ù.
´ëºÎºÐÀÇ ÇØÅ· »ç°í°¡ ¹ß»ýÇÏ¿´´Ù¸é ¹«Á¶°Ç À缳ġ°¡ ¿ì¼±µÇ¾î¾ß ÇÏÁö¸¸ ´Ù¾çÇÑ ÆÄÀÏ ¹«°á¼º °Ë»ç³ª ¶Ç´Â ·çƮŶ üŷ ÇÁ·Î±×·¥(chkrootkit)À» ÀÌ¿ëÇÏ¿© °Ë»çÇÒ ¼ö ÀÖ´Ù.
±×·¯³ª °¡Àå ¸¹ÀÌ »ç¿ëµÇ´Â ¸í·É¾î³ª ÇÙ½É ÇÁ·Î±×·¥ÀÇ ³»¿ëÀ» ÀϺθ¸ º¯°æÇÏ¿© Á¤»óÀûÀÎ ÆÄÀÏ·Î º¸ÀÌ°Ô ¸¸µé±â ¶§¹®¿¡ Àâ¾Æ³»±â ¸Å¿ì Èûµé¸ç ¶ÇÇÑ º¸¾ÈÀ» À§Çؼ´Â À缳ġ¸¦ ÇØ¾ß ÇÑ´Ù.
±×·¯³ª ¹®Á¦´Â ÇØÅ· »ç°í°¡ ¹ß»ýÇÏ¿´´ÂÁö Á¶Â÷ ÆľÇÇÏÁö ¸øÇÏ´Â °æ¿ì°¡ Àִµ¥ À̶§´Â ÁÖ±âÀûÀ¸·Î ·çƮŶ ŽÁö ÇÁ·Î±×·¥À» »ç¿ëÇϰųª ÆÄÀÏ ¹«°á¼º °Ë»ç·Î ÆÄ¾Ç ÇÒ ¼ö ÀÖ´Ù.
chkrootkit ¼³Ä¡¸¦ ÅëÇؼ ÇöÀç ³»°¡ ¿î¿µÇÏ°í ÀÖ´Â ½Ã½ºÅÛ¿¡ ÆÄÀϹ«°á¼º¿¡ ¹®Á¦´Â ¾ø´ÂÁö È®ÀÎÇغ¸ÀÚ.
1.´Ù¿î·Îµå ¹× ¾ÐÃàÇØÁ¦
http://www.chkrootkit.org ·Î Á¢¼ÓÇÏ¿© ÇöÀç ¸±¸®ÁîµÈ ¼Ò½º¸¦ ´Ù¿î·ÎµåÇÏ°í md5sumÀ» ½ÇÇàÇÏ¿© ¼Ò½ºÀÇ º¯°æ À¯¹«¸¦ °Ë»çÇÏ°í ¾ÐÃàÀ» ÇØÁ¦ÇÑ´Ù.
2007. 05. 30.ÀÏ ÇöÀç ¾Æ·¡¹öÀüÀÌ ÃÖ±Ù¿¡ ³ª¿Â¼Ò½ºÀÌ´Ù.
chkrootkit 0.47 is now available! (Release Date: Tue Oct 10 2006)
2. ȯ°æ¼³Á¤ ¹× ¼³Ä¡
´Ù¿î¹ÞÀº ÆÄÀÏ ¾ÐÃàÀ» Ç®°í µé¾î°¡º¸¸é README ÆÄÀÏÀÌ º¸ÀδÙ.
´ëºÎºÐ¿¡ ¼Ò½ºÆÄÀÏ¿¡´Â Ä£ÀýÇÏ°Ôµµ README ÆÄÀϾȿ¡ ÇØ´ç ¼Ò½º°¡ ¹«¾ùÀÎÁö, ¾î¶»°Ô ¼³Ä¡ÇÏ´ÂÁö, »ç¿ëµÇ´Â ¿É¼Ç¹× ±âŸµîµî ÀÚ¼¼È÷ ³ª¿ÍÀÖ´Ù.
´Ù¸¸ ¿µ¾î¶ó´Â°Ô ¹®Á¦Áö¸¸;;;;;;;;
¾ÆÁÖ ¿µ¾î¿¡ XXX°¡ ¾Æ´Ï¶ó¸é ÀÌÁ¤µµ °£´ÜÇÑ ´Ü¾î ¿¬°áÀÌ¾ß ¹«½¼¸»ÀÎÁö ÀÌÇØ°¡ °¥°ÍÀÌ´Ù.
[root@mojily src]# cd chkrootkit-0.47
[root@mojily src]# ls
ACKNOWLEDGMENTS README check_wtmpx chkdirs.c chkproc chkrootkit.lsm chkwtmp ifpromisc.c
COPYRIGHT README.chklastlog check_wtmpx.c chklastlog chkproc.c chkutmp chkwtmp.c strings-static
Makefile README.chkwtmp chkdirs chklastlog.c chkrootkit chkutmp.c ifpromisc strings.c
[root@mojily src]# cat README
.................................................
.................................................
.................................................
5. Installation
---------------
To compile the C programs type:
# make sense
After that it is ready to use and you can simply type:
# ./chkrootkit
3.chkrootkit Å×½ºÆ®
¾Æ·¡¿Í °°ÀÌ ½ÇÇàÇÏ¸é ¸Ó°¡ ÈÄ´Ù´Ú Áö³ª°£´Ù.
[root@mojily chkrootkit-0.47]# pwd
/usr/local/src/chkrootkit-0.47
[root@smileserv chkrootkit-0.47]# ./chkrootkit
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
...........................................
...........................................
ÀÌÁ¦ ¸ÕÁö¸ð¸¦°ÍµéÀÌ Áö³ª°¬´Âµ¥ À̰͵éÀÌ ÀǹÌÇϴ°ÍÀÌ ¹«¾ùÀÎÁö ¾Ë¾Æº¸ÀÚ.
infected : rootkit¿¡ ÀÇÇØ º¯ÇüÀÌ µÊ not infected : ¾î¶² ·çƮŶÀÇ ÁõÈĸ¦ ¹ß°ßÇÏÁö ¸øÇÔ / ÀÌ»ó¾øÀ½ not tested : Á¡°ËÀ» ½ÇÇàÇÏÁö ¸øÇÔ not found : Á¡°ËÇÑ command°¡ ¾ø´Ù. |
¡Ø °Ë»ç°á°ú¿¡¼ infected°¡ Ãâ·ÂµÇ¾ú´Ù¸é rootkit¿¡ ÀÇÇØ º¯ÇüµÈ ÆÄÀÏÀÌ Á¸ÀçÇÑ´Ù´Â ÀǹÌÀ̹ǷΠ¹Ýµå½Ã ¼¼ºÎÀûÀÎ °Ë»ç°¡ ÇÊ¿äÇÏ¸ç ¶§¿¡ µû¶ó¼´Â OS¸¦ À缳ġÇØ¾ß ÇÑ´Ù.
4. chkrootkit ¿É¼Ç
´ÙÀ½Àº "chkrootkit" ¸í·É¾î¿¡¼ Á¦°øÇÏ´Â ¿É¼ÇÀÌ´Ù.
Çϳª¾¿ ½ÇÇàÇؼ Â÷ÀÌÁ¡ÀÌ ¹«¾ùÀÎÁö ºñ±³ÇØ º¸¸é ¾î¶»°Ô ´Ù¸¥Áö ±Ý¹æ ´«¿¡ º¸ÀÏ°ÍÀÌ´Ù.
-d : debug °Ë»ç Á¤º¸¸¦ Ãâ·Â -n : ¿É¼ÇÀ» Ãâ·Â -l : °Ë»çÇÒ¶§ »ç¿ëÇÒ ¸®½ºÆ®¸¦ Ãâ·Â -q : ÀϹÝÀûÀÎ °Ë»ç³»¿ëÀº »ý·«ÇÏ¸ç °Ë»ç Á¤º¸¸¸ Ãâ·Â -r,p : ÁöÁ¤ÇÑ µð·ºÅ丮¸¦ ÃÖ»óÀ§ µð·ºÅ丮·Î ¼³Á¤ÇÏ¿© °Ë»çÇÏ¸ç ¿©·¯°³¸¦ ÁöÁ¤ÇÏ°íÀÚ ÇÒ¶§´Â -p ¿É¼ÇÀ» »ç¿ëÇÒ¼ö ÀÖÀ¸³ª ÀϹÝÀûÀΠȯ°æ¿¡¼´Â »ç¿ëµÇÁö ¾ÊÀ½ -x : Àü¹®°¡ ¸ðµå·Î Ãâ·Â -V : ¹öÀü Á¤º¸¸¦ Ãâ·Â |
5. ½ºÅ©¸³Æ®¸¦ ÅëÇÑ ¸ÞÀÏÀü¼Û
´ëÃæ chkrootkitÀÌ ¹«¾ùÀÎÁö ¾Ë¾ÒÀ»°ÍÀÌ´Ù.
ÀÌÁ¦´Â ¸ÅÀϸ¶´Ù µé¾î°¡¼ üũÇϱⰡ ±ÍÂúÀ»°ÍÀÌ´Ù...
¸®´ª½º¿¡´Â cron µ¥¸óÀ̶ó´Â ¾ÆÁÖ À¯¿ëÇÑ ³à¼®ÀÌ ½Ã°£¿¡ ¸¶Ãç¼ ¸í·É¾î¸¦ ½ÇÇàÇØÁØ´Ù.
°£´ÜÇÏ°Ô ½ºÅ©¸³Æ®¸¦ ÀÌ¿ëÇؼ ÇÏ·ç¿¡ Çѹø ¸ÞÀÏÀ» ÅëÇؼ Á¡°Ë°á°ú¸¦ ÀÚµ¿Àü¼ÛÇÒ¼ö ÀÖ°Ô±Ý ¼³Á¤Çغ¸ÀÚ.
[root@mojily chkrootkit-0.47]# cd /etc/cron.daily
[root@mojily chkrootkit-0.47]# cat smileserv.chkrootkit_ckeck
#!/bin/bash
BASE=/usr/local/src/chkrootkit-0.47
cd $BASE
chk=`./chkrootkit`
if [ -n "$chk" ] ;then
echo $chk | mail -s "My SYSTEM Chkrootkit Result " »ç¿ëID@»ç¿ëµµ¸ÞÀÎ
echo Finished
fi
À§¿Í °°ÀÌ ½ºÅ©¸³Æ® ÆÄÀÏÀ» ¸¸µé°í Å×½ºÆ®»ï¾Æ µ¹·ÁÁÖ¸é Àڽſ¡ MAIL·Î 1Åë¿¡ ¹Ý°¡¿î¸ÞÀÏÀÌ ¼ö½ÅµÈ°É È®ÀÎÇÏ¸é ³¡...........