我們知道，要取得一部主機的所有權限，那就是需要取得該部主機的超級管理員 root 的權限！ 所以一般黑客都會想盡辦法去取得 root 的權限的。那麼該如何取得 root 的權限呢？ 最簡單的方法就是利用網路上流傳的 Root Kit 工具程式來進行入侵的動作了。

由於 Root Kit 工具的取得相當的容易，因此難保我們一般使用者的主機不會被低級的怪客所干擾， 所以我們當然要想辦法保護我們自己的主機啦！為了要偵測主機是否已經被 Root Kit 之類的程式所攻擊， 由自由軟體撰寫團體所開發的 Root Kit Hunter, rkhunter 這個套件，就能夠幫我們偵測囉！ 所以，底下我們就來談一談這個咚咚。

一先下載rkhunter.
到上下載最新的版本.
[root@TG-internet root]# wget
--13:38:18-- 
           => `rkhunter-1.1.9.tar.gz'
Resolving downloads.rootkit.nl... done.
Connecting to downloads.rootkit.nl[62.177.200.5]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 115,254 [application/x-tar]

100%[========================================================================================>] 115,254       11.40K/s    ETA 00:00

13:38:40 (11.40 KB/s) - `rkhunter-1.1.9.tar.gz' saved [115254/115254]
二. 開始安裝
[root@TG-internet root]# ls
anaconda-ks.cfg  rkhunter-1.1.9.tar.gz
[root@TG-internet root]# mv rkhunter-1.1.9.tar.gz /tmp
[root@TG-internet root]# cd /tmp
[root@TG-internet tmp]# ls
ed.DCp75y  install.log         orbit-root             ssh-XX0WNYpR  ssh-XXIlJViP  ssh-XXv4b0ZO     X-Test.log
ed.Lk3cvF  install.log.syslog  rkhunter-1.1.9.tar.gz  ssh-XXCWWzh1  ssh-XXNPJO1G  XF86Config.test
1.先解壓安裝程式
[root@TG-internet tmp]# tar xzvf rkhunter-1.1.9.tar.gz
./rkhunter/files/
./rkhunter/files/CHANGELOG
./rkhunter/files/LICENSE
./rkhunter/files/README
./rkhunter/files/WISHLIST
./rkhunter/files/backdoorports.dat
./rkhunter/files/check_modules.pl
./rkhunter/files/check_port.pl
./rkhunter/files/defaulthashes.dat
./rkhunter/files/filehashmd5.pl
./rkhunter/files/filehashsha1.pl
./rkhunter/files/mirrors.dat
./rkhunter/files/os.dat
./rkhunter/files/rkhunter
./rkhunter/files/rkhunter.conf
./rkhunter/files/rkhunter.spec
./rkhunter/files/showfiles.pl
./rkhunter/files/md5blacklist.dat
./rkhunter/files/tools/
./rkhunter/files/tools/update_server.sh
./rkhunter/files/tools/update_client.sh
./rkhunter/files/tools/README
./rkhunter/files/check_update.sh
./rkhunter/files/programs_bad.dat
./rkhunter/files/testing/
./rkhunter/files/testing/stringscanner.sh
./rkhunter/files/testing/rootkitinfo.txt
./rkhunter/files/testing/rkhunter.conf
./rkhunter/files/development/
./rkhunter/files/development/createfilehashes.pl
./rkhunter/files/development/createhashes.sh
./rkhunter/files/development/rpmhashes.sh
./rkhunter/files/development/rpmprelinkhashes.sh
./rkhunter/files/development/osinformation.sh
./rkhunter/files/development/rkhunter.8
./rkhunter/files/development/createhashesall.sh
./rkhunter/files/development/search_dead_sysmlinks.sh
./rkhunter/files/programs_good.dat
./rkhunter/installer.sh
[root@TG-internet tmp]# cd rkhunter
rkhunter               rkhunter-1.1.9.tar.gz  
[root@TG-internet tmp]# cd rkhunter
[root@TG-internet rkhunter]# ls
files  installer.sh
2.咝邪惭b腳本
[root@TG-internet rkhunter]# ./installer.sh

Rootkit Hunter installer 1.1.9 (Copyright 2003-2004, Michael Boelen)
---------------
Starting installation/update

Checking UID... OK
Checking  /usr/local... OK
Checking file retrieval tools... /usr/bin/wget
Checking installation directories...
- Checking /usr/local/rkhunter...Created
- Checking /usr/local/rkhunter/etc...Created
- Checking /usr/local/rkhunter/bin...Created
- Checking /usr/local/rkhunter/lib/rkhunter/db...Created
- Checking /usr/local/rkhunter/lib/rkhunter/docs...Created
- Checking /usr/local/rkhunter/lib/rkhunter/scripts...Created
- Checking /usr/local/rkhunter/lib/rkhunter/tmp...Created
- Checking /usr/local/etc...Exists
Checking system settings...
    - Perl... OK
Installing files...
Installing  Perl module checker... OK
Installing  Database updater... OK
Installing  Portscanner... OK
Installing  MD5 Digest generator... OK
Installing  SHA1 Digest generator... OK
Installing  Directory viewer... OK
Installing  Database Backdoor ports... OK
Installing  Database Update mirrors... OK
Installing  Database Operating Systems... OK
Installing  Database Program versions... OK
Installing  Database Program versions... OK
Installing  Database Default file hashes... OK
Installing  Database MD5 blacklisted files... OK
Installing  Changelog... OK
Installing  Readme and FAQ... OK
Installing  Wishlist and TODO... OK
Installing  RK Hunter configuration file... OK
Installing  RK Hunter binary... OK
Configuration updated with installation path (/usr/local/rkhunter)

Installation ready.
See /usr/local/rkhunter/lib/rkhunter/docs for more information. Run 'rkhunter' (/usr/local/bin/rkhunter)
至此安裝成功了.
 
使用方法
Usage:
rkhunter

--checkall (or -c)
Check the system, performs all tests.

--createlogfile*
Create a logfile (default /var/log/rkhunter.log)

--cronjob
Run as cronjob (removes colored layout)

--help (or -h)
Show help about usage

--nocolors*
Don't use colors for output (some terminals don't like colors or extended layout characters)

--report-mode*
Don't show uninteresting information for reports, like header/footer. Interesting when scanning from crontab or with usage of other applications.

--skip-keypress*
Don't wait after every test (makes it non-interactive)

--quick*
Perform quick scan (instead of full scan). Skips some tests and performs some enhanced tests (less suitable for normal scans).

--version
Show version and quit

--versioncheck
Check for latest version

---

Dynamic paths
--bindir *
Uses another directory when search for binaries (use instead of using default binaries)

--configfile *
Uses a different configuration file (instead of default one)

--dbdir *
Uses another directory for the databases (instead of the default one, often /usr/local/rkhunter/db)

--rootdir *
Uses another rootdirectory (normally '/'). So all binaries and tests will be performed on this directory instead of the default .

--tmpdir *
Uses another directory for temporary storage of files

Explicit scan options:
--disable-md5-check*
Disable MD5 checks
--disable-passwd-check*
Disable passwd/group checks
--scan-knownbad-files*
Perform besides 'known good' check a 'known bad' check