MiracleLinux8.8 ; chkrootkit , Logwatch Install

chkrootkit Install

chkrootkit Download and installation

Create /root/bin directory and move chkrootkit command to that directory

Check chkrootkit.

Searching for Linux.Xor.DDoS … INFECTED: Possible Malicious Linux.Xor.DDoS installed
If you see the above, there may be an executable fill under /tmp.
I checked the files under /tmp and found the file "ks-script-xxx", so I deleted it and re-ran the program.
INFECTED disappeared.

④Create chkrootkit periodic execution script and change permissions
Create chkrootkit execution script in a directory where it is automatically executed daily

Contents of chkrootkit

Add execution permission to chkrootkit execution script

Backup commands used by chkrootkit
If the commands used by chkrootkit are tampered with, rootkit will not be detected.
Back up these commands.
If necessary, run chkrootkit with the backed up command

chkrootkit use command save destination directory creation

Copy chkrootkit commands to the destination directory

Execute chkrootkit using the saved chkrootkit use command

chkrootkit use command save destination directory compressed and deleted

cSend hkrootkit use command (compressed version) to root by e-mail

chkrootkit use command (compressed version) removed



②Edit configuration file

Output Logwatch reports

It will appear as follows

④Test to see if the report arrives at the address you set. Check if you receive a log report email like the one above.

Copied title and URL