首先来说一下epel源是什么:
如果既想获得 RHEL 的高质量、高性能、高可靠性,又需要方便易用(关键是免费)的软件包更新功能,那么 Fedora Project 推出的 EPEL(Extra Packages for Enterprise Linux)正好适合你。EPEL(http://fedoraproject.org/wiki/EPEL) 是由 Fedora 社区打造,为 RHEL 及衍生发行版如 CentOS、Scientific Linux 等提供高质量软件包的项目。
下面来配置一下epel源
所使用的系统是Centos 6.3 x86_64 ip 192.168.112.129
在安装之前要事先安装yum-priorities
#yuminstall-yyum-priorities
安装完成后,便可以配置epel源了
由于使用的是64位的系统,所以选择安装相对应的rpm包
可以在http://dl.fedoraproject.org/pub/epel/6/x86_64/这里面到找,执行下面的命令安装
[root@wwwyum.repos.d]#rpm-ivhhttp://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpmRetrievinghttp://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpmwarning:/var/tmp/rpm-tmp.KQrxb7:HeaderV3RSA/SHA256Signature,keyID0608b895:NOKEYPreparing...###########################################[100%]1:epel-release###########################################[100%]
对于32位的系统则需要执行下面的命令:
rpm-ivhhttp://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
安装完成后导入DAG的PGP Key
[root@wwwyum.repos.d]#rpm--import/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
然后再来设置/etc/yum.repos.d/epel.repo文件中源的级别,添加priority=11 (将其级别设置为较低级别,这样系统安装软件时会首先选择官方yum源,如果实在找不到它会选择epel源)/etc/yum.repos.d/epel.repo文件内容如下:
[root@wwwyum.repos.d]#catepel.repo[epel]name=ExtraPackagesforEnterpriseLinux6-$basearch#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearchmirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6 arch=$basearchfailovermethod=priorityenabled=1gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6priority=11\\设置优先级[epel-debuginfo]name=ExtraPackagesforEnterpriseLinux6-$basearch-Debug#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debugmirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6 arch=$basearchfailovermethod=priorityenabled=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6gpgcheck=1[epel-source]name=ExtraPackagesforEnterpriseLinux6-$basearch-Source#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMSmirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6 arch=$basearchfailovermethod=priorityenabled=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6gpgcheck=1
设置安装完成后就可以直接用yum安装NTOP了
[root@wwwyum.repos.d]#yuminstallntopLoadedplugins:fastestmirror,prioritiesLoadingmirrorspeedsfromcachedhostfileepel/metalink|4.0kB00:00*base:centos.ustc.edu.cn*epel:ftp.cuhk.edu.hk*extras:centos.ustc.edu.cn*updates:centos.ustc.edu.cnepel|4.2kB00:00http://ftp.cuhk.edu.hk/pub/linux/fedora-epel/6/x86_64/repodata/e7f018b8041d9c4926b9587c3e1f50111f7d76a57335cc72a7106fb703eca514-primary.sqlite.bz2:[Errno14]PYCURLERROR7- couldn'tconnecttohost Tryingothermirror.epel/primary_db|5.0MB00:0573packagesexcludedduetorepositorypriorityprotectionsSettingupInstallProcessResolvingDependencies-- Runningtransactioncheck--- Packagentop.x86_640:5.0-5.el6willbeinstalled-- ProcessingDependency:graphvizforpackage:ntop-5.0-5.el6.x86_64-- ProcessingDependency:libpcap.so.1()(64bit)forpackage:ntop-5.0-5.el6.x86_64-- ProcessingDependency:libGeoIP.so.1()(64bit)forpackage:ntop-5.0-5.el6.x86_64-- Runningtransactioncheck--- PackageGeoIP.x86_640:1.4.8-1.el6willbeinstalled--- Packagegraphviz.x86_640:2.26.0-10.el6willbeinstalled-- ProcessingDependency:urw-fontsforpackage:graphviz-2.26.0-10.el6.x86_64-- ProcessingDependency:libXmu.so.6()(64bit)forpackage:graphviz-2.26.0-10.el6.x86_64-- ProcessingDependency:libXaw.so.7()(64bit)forpackage:graphviz-2.26.0-10.el6.x86_64--- Packagelibpcap.x86_6414:1.0.0-6.20091201git117cb5.el6willbeinstalled-- Runningtransactioncheck--- PackagelibXaw.x86_640:1.0.11-2.el6willbeinstalled--- PackagelibXmu.x86_640:1.1.1-2.el6willbeinstalled--- Packageurw-fonts.noarch0:2.4-10.el6willbeinstalled-- FinishedDependencyResolutionDependenciesResolved=======================================================================================================================================================================PackageArchVersionRepositorySize=======================================================================================================================================================================Installing:ntopx86_645.0-5.el6epel12MInstallingfordependencies:GeoIPx86_641.4.8-1.el6epel620kgraphvizx86_642.26.0-10.el6base1.0MlibXawx86_641.0.11-2.el6base178klibXmux86_641.1.1-2.el6base66klibpcapx86_6414:1.0.0-6.20091201git117cb5.el6base126kurw-fontsnoarch2.4-10.el6base3.1MTransactionSummary=======================================================================================================================================================================
安装完成后就可以启动NTOP了,启动过程会提示调置admin用户的密码。
[root@wwwyum.repos.d]#ntopSunMar2404:09:272013InitializinggdbmdatabasesSunMar2404:09:272013ntopwillbestartedasuserntopSunMar2404:09:272013ntopv.5.0FedoraRPM(64bit)SunMar2404:09:272013ConfiguredonNov2620122:27:02,builtonNov26201202:27:07. ntopstartup-waitingforuserresponse!Pleaseenterthepasswordfortheadminuser:
最后就可以在浏览器中访问了 http://192.168.112.129:3000
如图所示工作界面:
到此 使用epel源安装NTOP就完成了,具体关于NTOP的使用,还在熟悉过程中。
下面来说一下chkrootkit的安装
先来认识一下chkrootkit。Rootkit检测工具Chkrootkit
Rootkit是单个或一组软件,它针对一个或者多个弱点进行获取正式权限的攻击,或者对目标主机进行其他任何类型的攻击。很多Rootkit不仅仅是发起一个攻击以获得root权限,其同时还试图掩藏和清除攻击的行为。为了达到掩盖的目的,它们删除日志文件、安装特洛伊木马或采取其他的掩盖方法。就像网络中别的攻击一样,Rootkit通常也具有特征并且会留下一些蛛丝马迹,这些都是可以用来识别出它们。我们这里有专门的软件可对Rootkit的踪迹和特征进行查找,其中之一就是chkrootkit
Chkrootkit的安装
Chkrootkit目前的最新版本是0.49,而epel源中的Chkrootkit正好的就是最新版本。由于前面已经配置好了epel源就可以直接安装了:
#yuminstall-ychkrootkit
成功安装后,再用rpm命令来检查一下,如下所示:
[root@www~]#rpm-qlchkrootkit/etc/pam.d/chkrootkit/etc/security/console.apps/chkrootkit/usr/bin/chkrootkit/usr/bin/chkrootkitX/usr/lib64/chkrootkit-0.49/usr/lib64/chkrootkit-0.49/check_wtmpx/usr/lib64/chkrootkit-0.49/chkdirs/usr/lib64/chkrootkit-0.49/chklastlog/usr/lib64/chkrootkit-0.49/chkproc/usr/lib64/chkrootkit-0.49/chkrootkit/usr/lib64/chkrootkit-0.49/chkutmp/usr/lib64/chkrootkit-0.49/chkwtmp/usr/lib64/chkrootkit-0.49/ifpromisc/usr/lib64/chkrootkit-0.49/strings/usr/lib64/chkrootkit-0.49/strings-static/usr/sbin/chkrootkit/usr/share/applications/fedora-chkrootkit.desktop/usr/share/doc/chkrootkit-0.49/usr/share/doc/chkrootkit-0.49/ACKNOWLEDGMENTS/usr/share/doc/chkrootkit-0.49/COPYRIGHT/usr/share/doc/chkrootkit-0.49/README/usr/share/doc/chkrootkit-0.49/README.chklastlog/usr/share/doc/chkrootkit-0.49/README.chkwtmp/usr/share/doc/chkrootkit-0.49/README.false_positives/usr/share/doc/chkrootkit-0.49/chkrootkit.lsm/usr/share/pixmaps/chkrootkit.png
这里显示的是成功安装后Chkrootkit后的相关文件。运行相关命令可以查看版本号:
[root@www~]#chkrootkit-Vchkrootkitversion0.49
安装后就可以运行了
[root@www~]#chkrootkit-Vchkrootkitversion0.49[root@www~]#chkrootkitROOTDIRis`/'Checking`amd'...notfoundChecking`basename'...notinfectedChecking`biff'...notfoundChecking`chfn'...notinfectedChecking`chsh'...notinfectedChecking`cron'...notinfectedChecking`crontab'...notinfectedChecking`date'...notinfectedChecking`du'...notinfectedChecking`dirname'...notinfectedChecking`echo'...notinfectedChecking`egrep'...notinfectedChecking`env'...notinfectedChecking`find'...notinfectedChecking`fingerd'...notfoundChecking`gpm'...notfoundChecking`grep'...notinfectedChecking`hdparm'...notfoundChecking`su'...notinfectedChecking`ifconfig'...notinfectedChecking`inetd'...notfoundChecking`inetdconf'...notfoundChecking`identd'...notfoundChecking`init'...notinfectedChecking`killall'...notinfectedChecking`ldsopreload'...notinfectedChecking`login'...notinfectedChecking`ls'...notinfectedChecking`lsof'...notfoundChecking`mail'...notfoundChecking`mingetty'...notinfectedChecking`netstat'...notinfectedChecking`named'...notfoundChecking`passwd'...notinfectedChecking`pidof'...notinfectedChecking`pop2'...notfoundChecking`pop3'...notfoundChecking`ps'...notinfectedChecking`pstree'...notinfectedChecking`rpcinfo'...notfoundChecking`rlogind'...notfoundChecking`rshd'...notfoundChecking`slogin'...notfoundChecking`sendmail'...notinfectedChecking`sshd'...notinfectedChecking`syslogd'...nottestedChecking`tar'...notinfectedChecking`tcpd'...notinfectedChecking`tcpdump'...notinfectedChecking`top'...notinfectedChecking`telnetd'...notfoundChecking`timed'...notfoundChecking`traceroute'...notfoundChecking`vdir'...notinfectedChecking`w'...notinfectedChecking`write'...notinfectedChecking`aliens'...nosuspectfilesSearchingforsniffer'slogs,itmaytakeawhile...nothingfoundSearchingforHiDrootkit'sdefaultdir...nothingfoundSearchingfort0rn'sdefaultfilesanddirs...nothingfoundSearchingfort0rn'sv8defaults...nothingfoundSearchingforLionWormdefaultfilesanddirs...nothingfoundSearchingforRSHA'sdefaultfilesanddir...nothingfoundSearchingforRH-Sharpe'sdefaultfiles...nothingfoundSearchingforAmbient'srootkit(ark)defaultfilesanddirs...nothingfoundSearchingforsuspiciousfilesanddirs,itmaytakeawhile...nothingfoundSearchingforLPDWormfilesanddirs...nothingfoundSearchingforRamenWormfilesanddirs...nothingfoundSearchingforManiacfilesanddirs...nothingfoundSearchingforRK17filesanddirs...nothingfoundSearchingforDucocirootkit...nothingfoundSearchingforAdoreWorm...nothingfoundSearchingforShitCWorm...nothingfoundSearchingforOmegaWorm...nothingfoundSearchingforSadmind/IISWorm...nothingfoundSearchingforMonKit...nothingfoundSearchingforShowtee...nothingfoundSearchingforOpticKit...nothingfoundSearchingforT.R.K...nothingfoundSearchingforMithra...nothingfoundSearchingforLOCrootkit...nothingfoundSearchingforRomanianrootkit...nothingfoundSearchingforHKRKrootkit...nothingfoundSearchingforSuckitrootkit...nothingfoundSearchingforVolcrootkit...nothingfoundSearchingforGold2rootkit...nothingfoundSearchingforTC2Wormdefaultfilesanddirs...nothingfoundSearchingforAnonoyingrootkitdefaultfilesanddirs...nothingfoundSearchingforZKrootkitdefaultfilesanddirs...nothingfoundSearchingforShKitrootkitdefaultfilesanddirs...nothingfoundSearchingforAjaKitrootkitdefaultfilesanddirs...nothingfoundSearchingforzaRwTrootkitdefaultfilesanddirs...nothingfoundSearchingforMadalinrootkitdefaultfiles...nothingfoundSearchingforFurootkitdefaultfiles...nothingfoundSearchingforESRKrootkitdefaultfiles...nothingfoundSearchingforrootedoor...nothingfoundSearchingforENYELKMrootkitdefaultfiles...nothingfoundSearchingforcommonssh-scannersdefaultfiles...nothingfoundSearchingforanomaliesinshellhistoryfiles...nothingfoundChecking`asp'...notinfectedChecking`bindshell'...notinfectedChecking`lkm'...chkproc:nothingdetectedchkdirs:nothingdetectedChecking`rexedcs'...notfoundChecking`sniffer'...eth0:PF_PACKET(/sbin/dhclient,/usr/sbin/ntop)Checking`w55808'...notinfectedChecking`wted'...chkwtmp:nothingdeletedChecking`scalper'...notinfectedChecking`slapper'...notinfectedChecking`z2'...chklastlog:nothingdeletedChecking`chkutmp'...chkutmp:nothingdeletedChecking`OSX_RSPLUG'...notinfected
Chkrootkit会对系统上的重要文件进行扫描,以上结果显示是正常的,一般是没有文件感染,如果Chkrootkit显示有文件感染,请认真查看是否是误报,如果有文件感染了Rootkit,请立即从网络上断开你的服务,同时采取措施进行Rootkit的清理。
好了,到此关于epel源的配置和使用epel源安装软件介绍完毕。
不对之处请大家指出,谢谢关注。
我知道按攻略去旅行的人往往玩得过于按步就班,
