简单使用epel源来安装NTOP及使用和chkrootkit的安装应用
简单使用epel源来安装NTOP和chkrootkit首先来说一下epel源是什么:
如果既想获得 RHEL 的高质量、高性能、高可靠性,又需要方便易用(关键是免费)的软件包更新功能,那么 Fedora Project 推出的 EPEL(Extra Packages for Enterprise Linux)正好适合你。EPEL(http://fedoraproject.org/wiki/EPEL) 是由 Fedora 社区打造,为 RHEL 及衍生发行版如 CentOS、Scientific Linux 等提供高质量软件包的项目。
下面来配置一下epel源
所使用的系统是Centos 6.3 x86_64 ip 192.168.112.129
在安装之前要事先安装yum-priorities
[*]# yum install -y yum-priorities
安装完成后,便可以配置epel源了
由于使用的是64位的系统,所以选择安装相对应的rpm包
可以在http://dl.fedoraproject.org/pub/epel/6/x86_64/这里面到找,执行下面的命令安装
[*]# rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[*]Retrieving http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[*]warning: /var/tmp/rpm-tmp.KQrxb7: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
[*]Preparing... ###########################################
[*] 1:epel-release ###########################################
对于32位的系统则需要执行下面的命令:
[*]rpm -ivh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
安装完成后导入DAG的PGP Key
[*]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
然后再来设置/etc/yum.repos.d/epel.repo文件中源的级别,添加priority=11 (将其级别设置为较低级别,这样系统安装软件时会首先选择官方yum源,如果实在找不到它会选择epel源)/etc/yum.repos.d/epel.repo文件内容如下:
[*]# cat epel.repo
[*]
[*]name=Extra Packages for Enterprise Linux 6 - $basearch
[*]#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
[*]mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
[*]failovermethod=priority
[*]enabled=1
[*]gpgcheck=1
[*]gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[*]priority=11 \\设置优先级
[*]
[*]name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
[*]#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
[*]mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
[*]failovermethod=priority
[*]enabled=0
[*]gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[*]gpgcheck=1
[*]
[*]
[*]name=Extra Packages for Enterprise Linux 6 - $basearch - Source
[*]#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS
[*]mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
[*]failovermethod=priority
[*]enabled=0
[*]gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[*]gpgcheck=1
设置安装完成后就可以直接用yum安装NTOP了
[*]# yum install ntop
[*]Loaded plugins: fastestmirror, priorities
[*]Loading mirror speeds from cached hostfile
[*]epel/metalink | 4.0 kB 00:00
[*] * base: centos.ustc.edu.cn
[*] * epel: ftp.cuhk.edu.hk
[*] * extras: centos.ustc.edu.cn
[*] * updates: centos.ustc.edu.cn
[*]epel | 4.2 kB 00:00
[*]http://ftp.cuhk.edu.hk/pub/linux/fedora-epel/6/x86_64/repodata/e7f018b8041d9c4926b9587c3e1f50111f7d76a57335cc72a7106fb703eca514-primary.sqlite.bz2: PYCURL ERROR 7 - "couldn't connect to host"
[*]Trying other mirror.
[*]epel/primary_db | 5.0 MB 00:05
[*]73 packages excluded due to repository priority protections
[*]Setting up Install Process
[*]Resolving Dependencies
[*]--> Running transaction check
[*]---> Package ntop.x86_64 0:5.0-5.el6 will be installed
[*]--> Processing Dependency: graphviz for package: ntop-5.0-5.el6.x86_64
[*]--> Processing Dependency: libpcap.so.1()(64bit) for package: ntop-5.0-5.el6.x86_64
[*]--> Processing Dependency: libGeoIP.so.1()(64bit) for package: ntop-5.0-5.el6.x86_64
[*]--> Running transaction check
[*]---> Package GeoIP.x86_64 0:1.4.8-1.el6 will be installed
[*]---> Package graphviz.x86_64 0:2.26.0-10.el6 will be installed
[*]--> Processing Dependency: urw-fonts for package: graphviz-2.26.0-10.el6.x86_64
[*]--> Processing Dependency: libXmu.so.6()(64bit) for package: graphviz-2.26.0-10.el6.x86_64
[*]--> Processing Dependency: libXaw.so.7()(64bit) for package: graphviz-2.26.0-10.el6.x86_64
[*]---> Package libpcap.x86_64 14:1.0.0-6.20091201git117cb5.el6 will be installed
[*]--> Running transaction check
[*]---> Package libXaw.x86_64 0:1.0.11-2.el6 will be installed
[*]---> Package libXmu.x86_64 0:1.1.1-2.el6 will be installed
[*]---> Package urw-fonts.noarch 0:2.4-10.el6 will be installed
[*]--> Finished Dependency Resolution
[*]
[*]Dependencies Resolved
[*]
[*]=======================================================================================================================================================================
[*] Package Arch Version Repository Size
[*]=======================================================================================================================================================================
[*]Installing:
[*] ntop x86_64 5.0-5.el6 epel 12 M
[*]Installing for dependencies:
[*] GeoIP x86_64 1.4.8-1.el6 epel 620 k
[*] graphviz x86_64 2.26.0-10.el6 base 1.0 M
[*] libXaw x86_64 1.0.11-2.el6 base 178 k
[*] libXmu x86_64 1.1.1-2.el6 base 66 k
[*] libpcap x86_64 14:1.0.0-6.20091201git117cb5.el6 base 126 k
[*] urw-fonts noarch 2.4-10.el6 base 3.1 M
[*]
[*]Transaction Summary
[*]=======================================================================================================================================================================
安装完成后就可以启动NTOP了,启动过程会提示调置admin用户的密码。
[*]# ntop
[*]Sun Mar 24 04:09:27 2013Initializing gdbm databases
[*]Sun Mar 24 04:09:27 2013ntop will be started as user ntop
[*]Sun Mar 24 04:09:27 2013ntop v.5.0 Fedora RPM (64 bit)
[*]Sun Mar 24 04:09:27 2013Configured on Nov 26 20122:27:02, built on Nov 26 2012 02:27:07.
[*]……
[*]……
[*]……
[*]ntop startup - waiting for user response!
[*]
[*]
[*]Please enter the password for the admin user:
最后就可以在浏览器中访问了 http://192.168.112.129:3000
如图所示工作界面:
http://blog.运维网.com/attachment/201304/231549987.jpg
到此 使用epel源安装NTOP就完成了,具体关于NTOP的使用,还在熟悉过程中。
下面来说一下chkrootkit的安装
先来认识一下chkrootkit。Rootkit检测工具Chkrootkit
Rootkit是单个或一组软件,它针对一个或者多个弱点进行获取正式权限的***,或者对目标主机进行其他任何类型的***。很多Rootkit不仅仅是发起一个***以获得root权限,其同时还试图掩藏和清除***的行为。为了达到掩盖的目的,它们删除日志文件、安装特洛伊***或采取其他的掩盖方法。就像网络中别的***一样,Rootkit通常也具有特征并且会留下一些蛛丝马迹,这些都是可以用来识别出它们。我们这里有专门的软件可对Rootkit的踪迹和特征进行查找,其中之一就是chkrootkit
Chkrootkit的安装
Chkrootkit目前的最新版本是0.49,而epel源中的Chkrootkit正好的就是最新版本。由于前面已经配置好了epel源就可以直接安装了:
[*]# yum install -y chkrootkit
成功安装后,再用rpm命令来检查一下,如下所示:
[*]# rpm -ql chkrootkit
[*]/etc/pam.d/chkrootkit
[*]/etc/security/console.apps/chkrootkit
[*]/usr/bin/chkrootkit
[*]/usr/bin/chkrootkitX
[*]/usr/lib64/chkrootkit-0.49
[*]/usr/lib64/chkrootkit-0.49/check_wtmpx
[*]/usr/lib64/chkrootkit-0.49/chkdirs
[*]/usr/lib64/chkrootkit-0.49/chklastlog
[*]/usr/lib64/chkrootkit-0.49/chkproc
[*]/usr/lib64/chkrootkit-0.49/chkrootkit
[*]/usr/lib64/chkrootkit-0.49/chkutmp
[*]/usr/lib64/chkrootkit-0.49/chkwtmp
[*]/usr/lib64/chkrootkit-0.49/ifpromisc
[*]/usr/lib64/chkrootkit-0.49/strings
[*]/usr/lib64/chkrootkit-0.49/strings-static
[*]/usr/sbin/chkrootkit
[*]/usr/share/applications/fedora-chkrootkit.desktop
[*]/usr/share/doc/chkrootkit-0.49
[*]/usr/share/doc/chkrootkit-0.49/ACKNOWLEDGMENTS
[*]/usr/share/doc/chkrootkit-0.49/COPYRIGHT
[*]/usr/share/doc/chkrootkit-0.49/README
[*]/usr/share/doc/chkrootkit-0.49/README.chklastlog
[*]/usr/share/doc/chkrootkit-0.49/README.chkwtmp
[*]/usr/share/doc/chkrootkit-0.49/README.false_positives
[*]/usr/share/doc/chkrootkit-0.49/chkrootkit.lsm
[*]/usr/share/pixmaps/chkrootkit.png
这里显示的是成功安装后Chkrootkit后的相关文件。运行相关命令可以查看版本号:
[*]# chkrootkit -V
[*]chkrootkit version 0.49
安装后就可以运行了
[*]# chkrootkit -V
[*]chkrootkit version 0.49
[*]# chkrootkit
[*]ROOTDIR is `/'
[*]Checking `amd'... not found
[*]Checking `basename'... not infected
[*]Checking `biff'... not found
[*]Checking `chfn'... not infected
[*]Checking `chsh'... not infected
[*]Checking `cron'... not infected
[*]Checking `crontab'... not infected
[*]Checking `date'... not infected
[*]Checking `du'... not infected
[*]Checking `dirname'... not infected
[*]Checking `echo'... not infected
[*]Checking `egrep'... not infected
[*]Checking `env'... not infected
[*]Checking `find'... not infected
[*]Checking `fingerd'... not found
[*]Checking `gpm'... not found
[*]Checking `grep'... not infected
[*]Checking `hdparm'... not found
[*]Checking `su'... not infected
[*]Checking `ifconfig'... not infected
[*]Checking `inetd'... not found
[*]Checking `inetdconf'... not found
[*]Checking `identd'... not found
[*]Checking `init'... not infected
[*]Checking `killall'... not infected
[*]Checking `ldsopreload'... not infected
[*]Checking `login'... not infected
[*]Checking `ls'... not infected
[*]Checking `lsof'... not found
[*]Checking `mail'... not found
[*]Checking `mingetty'... not infected
[*]Checking `netstat'... not infected
[*]Checking `named'... not found
[*]Checking `passwd'... not infected
[*]Checking `pidof'... not infected
[*]Checking `pop2'... not found
[*]Checking `pop3'... not found
[*]Checking `ps'... not infected
[*]Checking `pstree'... not infected
[*]Checking `rpcinfo'... not found
[*]Checking `rlogind'... not found
[*]Checking `rshd'... not found
[*]Checking `slogin'... not found
[*]Checking `sendmail'... not infected
[*]Checking `sshd'... not infected
[*]Checking `syslogd'... not tested
[*]Checking `tar'... not infected
[*]Checking `tcpd'... not infected
[*]Checking `tcpdump'... not infected
[*]Checking `top'... not infected
[*]Checking `telnetd'... not found
[*]Checking `timed'... not found
[*]Checking `traceroute'... not found
[*]Checking `vdir'... not infected
[*]Checking `w'... not infected
[*]Checking `write'... not infected
[*]Checking `aliens'... no suspect files
[*]Searching for sniffer's logs, it may take a while... nothing found
[*]Searching for HiDrootkit's default dir... nothing found
[*]Searching for t0rn's default files and dirs... nothing found
[*]Searching for t0rn's v8 defaults... nothing found
[*]Searching for Lion Worm default files and dirs... nothing found
[*]Searching for RSHA's default files and dir... nothing found
[*]Searching for RH-Sharpe's default files... nothing found
[*]Searching for Ambient's rootkit (ark) default files and dirs... nothing found
[*]Searching for suspicious files and dirs, it may take a while... nothing found
[*]Searching for LPD Worm files and dirs... nothing found
[*]Searching for Ramen Worm files and dirs... nothing found
[*]Searching for Maniac files and dirs... nothing found
[*]Searching for RK17 files and dirs... nothing found
[*]Searching for Ducoci rootkit... nothing found
[*]Searching for Adore Worm... nothing found
[*]Searching for ShitC Worm... nothing found
[*]Searching for Omega Worm... nothing found
[*]Searching for Sadmind/IIS Worm... nothing found
[*]Searching for MonKit... nothing found
[*]Searching for Showtee... nothing found
[*]Searching for OpticKit... nothing found
[*]Searching for T.R.K... nothing found
[*]Searching for Mithra... nothing found
[*]Searching for LOC rootkit... nothing found
[*]Searching for Romanian rootkit... nothing found
[*]Searching for HKRK rootkit... nothing found
[*]Searching for Suckit rootkit... nothing found
[*]Searching for Volc rootkit... nothing found
[*]Searching for Gold2 rootkit... nothing found
[*]Searching for TC2 Worm default files and dirs... nothing found
[*]Searching for Anonoying rootkit default files and dirs... nothing found
[*]Searching for ZK rootkit default files and dirs... nothing found
[*]Searching for ShKit rootkit default files and dirs... nothing found
[*]Searching for AjaKit rootkit default files and dirs... nothing found
[*]Searching for zaRwT rootkit default files and dirs... nothing found
[*]Searching for Madalin rootkit default files... nothing found
[*]Searching for Fu rootkit default files... nothing found
[*]Searching for ESRK rootkit default files... nothing found
[*]Searching for rootedoor... nothing found
[*]Searching for ENYELKM rootkit default files... nothing found
[*]Searching for common ssh-scanners default files... nothing found
[*]Searching for anomalies in shell history files... nothing found
[*]Checking `asp'... not infected
[*]Checking `bindshell'... not infected
[*]Checking `lkm'... chkproc: nothing detected
[*]chkdirs: nothing detected
[*]Checking `rexedcs'... not found
[*]Checking `sniffer'... eth0: PF_PACKET(/sbin/dhclient, /usr/sbin/ntop)
[*]Checking `w55808'... not infected
[*]Checking `wted'... chkwtmp: nothing deleted
[*]Checking `scalper'... not infected
[*]Checking `slapper'... not infected
[*]Checking `z2'... chklastlog: nothing deleted
[*]Checking `chkutmp'... chkutmp: nothing deleted
[*]Checking `OSX_RSPLUG'... not infected
Chkrootkit会对系统上的重要文件进行扫描,以上结果显示是正常的,一般是没有文件感染,如果Chkrootkit显示有文件感染,请认真查看是否是误报,如果有文件感染了Rootkit,请立即从网络上断开你的服务,同时采取措施进行Rootkit的清理。
好了,到此关于epel源的配置和使用epel源安装软件介绍完毕。
不对之处请大家指出,谢谢关注。
页:
[1]