RKhunter不执行所有检查

Question

有人能告诉我如何配置/强制rkhunter检查我的系统上的所有东西吗？即使我运行rkhunter --checkall，也跳过检查。

Performing malware checks
    Checking running processes for suspicious files          [ None found ]
    Checking for hidden processes                            [ Skipped ]

Applications checks...
    All checks skipped

Answer 1

由于任何原因，当我使用--校验修饰符时，我的应用程序扫描被忽略了，因为在我的/etc/rkhunter.conf文件中，“app”选项默认包括DISABLE_TESTS选项。删除它使我的应用程序能够扫描。

#
# These two options determine which tests are to be performed. The ENABLE_TESTS
# option can use the word 'ALL' to refer to all of the available tests. The
# DISABLE_TESTS option can use the word 'NONE' to mean that no tests are
# disabled. The list of disabled tests is applied to the list of enabled tests.
#
# Both options are space-separated lists of test names, and both options may
# be specified more than once. The currently available test names can be seen
# by using the command 'rkhunter --list tests'.
#
# The supplied configuration file has some tests already disabled, and these
# are tests that will be used only occasionally, can be considered 'advanced'
# or that are prone to produce more than the average number of false-positives.
#
# Please read the README file for more details about enabling and disabling
# tests, the test names, and how rkhunter behaves when these options are used.
#
# The default values are to enable all tests and to disable none. However, if
# either of the options below are specified, then they will override the
# program defaults.
#
ENABLE_TESTS=ALL
#DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps apps
DISABLE_TESTS=suspscan hidden_ports deleted_files packet_cap_apps ipc_shared_mem

对于任何其他的猎手“圈套”

https://sourceforge.net/ <--具有rkhunter的主要支持/信息

我还建议你：

(1) (#)在/etc/rkhunter.conf中注释掉DISABLE_TESTS

2.)使用virtualbox设置测试服务器(重复等效环境)并运行校验和以验证误报

3.)使用/etc/rkhunter.conf中各种形式的“白名单”清除所有警告

4.)安装一个名为"unhide“的linux应用程序，这样就可以扫描隐藏的端口和隐藏目录。