有时候服务器出现莫名其妙的情况,怀疑机器是否被***,可以使用这个chkrootkig工具:

chkrootkit是一个开放源代码的安全检测工具他的官方网站是 www.chkrootkit.org

下载地址: http://pkgs.repoforge.org/chkrootkit/


根据OS版本下载对应的包:

wget http://pkgs.repoforge.org/chkrootkit/chkrootkit-0.49-1.el5.rf.x86_64.rpm

开始检测:

         运行 chkrootkit

[root@iZ287cdnylrZ ~]# chkrootkit  -r 

ROOTDIR is `/'

Checking `amd'... not found

Checking `basename'... not infected

Checking `biff'... not found

Checking `chfn'... not infected

Checking `chsh'... not infected

Checking `cron'... not infected

Checking `crontab'... not infected

Checking `date'... not infected

Checking `du'... not infected

Checking `dirname'... not infected

Checking `echo'... not infected

Checking `egrep'... not infected

Checking `env'... not infected

Checking `find'... not infected

Checking `fingerd'... not found

Checking `gpm'... not found

如果有warning字段就需要注意是否中招了!