変奏現実

パソコンやMMORPGのことなどを思いつくまま・・・記載されている会社名・製品名・システム名などは、各社の商標、または登録商標です。

この画面は、簡易表示です

CentOS6

CentOS6 ClamAVチェック ip-tables

clamscanを試してみる。
> clamscan –infected –remove –recursive .
./clamav/clamav-0.97.1/test/clam.mail: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.mail: Removed.
./clamav/clamav-0.97.1/test/clam.d64.zip: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.d64.zip: Removed.
LibClamAV Warning: cli_scanbzip: bzip2 support not compiled in
./clamav/clamav-0.97.1/test/.split/split.clam_IScab_ext.exeaa: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/.split/split.clam_IScab_ext.exeaa: Removed.
./clamav/clamav-0.97.1/test/.split/split.clam_IScab_int.exeaa: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/.split/split.clam_IScab_int.exeaa: Removed.
./clamav/clamav-0.97.1/test/clam-mew.exe: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam-mew.exe: Removed.
./clamav/clamav-0.97.1/test/clam_IScab_ext.exe: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam_IScab_ext.exe: Removed.
./clamav/clamav-0.97.1/test/clam.exe.szdd: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.exe.szdd: Removed.
./clamav/clamav-0.97.1/test/clam_IScab_int.exe: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam_IScab_int.exe: Removed.
./clamav/clamav-0.97.1/test/clam.odc.cpio: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.odc.cpio: Removed.
LibClamAV Warning: cli_scanbzip: bzip2 support not compiled in
./clamav/clamav-0.97.1/test/clam.exe.html: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.exe.html: Removed.
./clamav/clamav-0.97.1/test/clam-v2.rar: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam-v2.rar: Removed.
./clamav/clamav-0.97.1/test/clam-nsis.exe: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam-nsis.exe: Removed.
./clamav/clamav-0.97.1/test/clam_cache_emax.tgz: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam_cache_emax.tgz: Removed.
./clamav/clamav-0.97.1/test/clam-wwpack.exe: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam-wwpack.exe: Removed.
./clamav/clamav-0.97.1/test/clam.impl.zip: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.impl.zip: Removed.
./clamav/clamav-0.97.1/test/clam.tnef: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.tnef: Removed.
./clamav/clamav-0.97.1/test/clam.newc.cpio: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.newc.cpio: Removed.
./clamav/clamav-0.97.1/test/clam.chm: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.chm: Removed.
./clamav/clamav-0.97.1/test/clam.bin-be.cpio: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.bin-be.cpio: Removed.
./clamav/clamav-0.97.1/test/clam.sis: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.sis: Removed.
./clamav/clamav-0.97.1/test/clam.arj: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.arj: Removed.
./clamav/clamav-0.97.1/test/clam.cab: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.cab: Removed.
./clamav/clamav-0.97.1/test/clam.ea06.exe: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.ea06.exe: Removed.
./clamav/clamav-0.97.1/test/clam_ISmsi_ext.exe: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam_ISmsi_ext.exe: Removed.
./clamav/clamav-0.97.1/test/clam-fsg.exe: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam-fsg.exe: Removed.
./clamav/clamav-0.97.1/test/clam-v3.rar: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam-v3.rar: Removed.
./clamav/clamav-0.97.1/test/clam.exe.binhex: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.exe.binhex: Removed.
./clamav/clamav-0.97.1/test/clam.pdf: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.pdf: Removed.
./clamav/clamav-0.97.1/test/clam.exe.mbox.uu: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.exe.mbox.uu: Removed.
./clamav/clamav-0.97.1/test/clam.exe.rtf: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.exe.rtf: Removed.
./clamav/clamav-0.97.1/test/clam-pespin.exe: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam-pespin.exe: Removed.
./clamav/clamav-0.97.1/test/clam.bin-le.cpio: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.bin-le.cpio: Removed.
./clamav/clamav-0.97.1/test/clam-upx.exe: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam-upx.exe: Removed.
./clamav/clamav-0.97.1/test/clam_ISmsi_int.exe: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam_ISmsi_int.exe: Removed.
./clamav/clamav-0.97.1/test/clam.exe: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.exe: Removed.
./clamav/clamav-0.97.1/test/clam.exe.mbox.base64: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.exe.mbox.base64: Removed.
./clamav/clamav-0.97.1/test/clam-aspack.exe: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam-aspack.exe: Removed.
./clamav/clamav-0.97.1/test/clam-petite.exe: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam-petite.exe: Removed.
./clamav/clamav-0.97.1/test/clam.7z: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.7z: Removed.
./clamav/clamav-0.97.1/test/clam.ppt: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.ppt: Removed.
./clamav/clamav-0.97.1/test/clam-upack.exe: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam-upack.exe: Removed.
./clamav/clamav-0.97.1/test/clam.zip: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.zip: Removed.
./clamav/clamav-0.97.1/test/clam-yc.exe: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam-yc.exe: Removed.
./clamav/clamav-0.97.1/test/clam.ole.doc: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.ole.doc: Removed.
./clamav/clamav-0.97.1/test/clam.ea05.exe: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.ea05.exe: Removed.
./clamav/clamav-0.97.1/test/clam.tar.gz: ClamAV-Test-File FOUND
./clamav/clamav-0.97.1/test/clam.tar.gz: Removed.
LibClamAV Warning: cli_scanbzip: bzip2 support not compiled in
LibClamAV Warning: cli_scanbzip: bzip2 support not compiled in
LibClamAV Warning: cli_scanbzip: bzip2 support not compiled in
———– SCAN SUMMARY ———–
Known viruses: 1005932
Engine version: 0.97.1
Scanned directories: 230
Scanned files: 4587
Infected files: 46
Data scanned: 168.62 MB
Data read: 192.86 MB (ratio 0.87:1)
Time: 23.823 sec (0 m 23 s)

bzip2をインストしたほうがいいのかな?
> yum list bzip2 –disablerepo=* –enablerepo=local
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Installed Packages
bzip2.i686         1.0.5-6.1.el6          @anaconda-centos-201106051823.i386/6.0
あるみたいだ。
> yum -y install bzip2 –disablerepo=* –enablerepo=local
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Setting up Install Process
Package bzip2-1.0.5-6.1.el6.i686 already installed and latest version
Nothing to do
インスト済みらしい。


IP-TABLESの設定は、ココ
> chmod +x /etc/cron.daily/iplist_check
> sh iptables.sh
iptables: ファイアウォールルールを消去中:                  [  OK  ]
iptables: チェインをポリシー ACCEPT へ設定中filter         [  OK  ]
iptables: モジュールを取り外し中:                          [  OK  ]
iptables: ファイアウォールのルールを /etc/sysconfig/iptable[  OK  ]中:
iptables: ファイアウォールルールを適用中:                  [  OK  ]
> chkconfig iptables on



CentOS6 Clam AntiVirusインスト

さて、Clam AntiVirusインストールをインストするかな。
> cd
> wget http://。。。
-bash: wget: コマンドが見つかりません
と云う訳で wget からですね。
> yum -y install wget –disablerepo=* –enablerepo=local
・・・
Installed:
wget.i686 0:1.12-1.4.el6
Complete!
> wget  http://sourceforge.net/projects/clamav/files/clamav/0.97.1/clamav-0.97.1.tar.gz/download
・・・
jaist.dl.sourceforge.net|150.65.7.130|:80 に接続しています… 接続しました。
HTTP による接続要求を送信しました、応答を待っています… 200 OK
長さ: 43913867 (42M) [application/x-gzip]
`clamav-0.97.1.tar.gz’ に保存中
・・・
100%[======================================>] 43,913,867   215K/s 時間 3m 23s
2011-07-21 22:36:53 (211 KB/s) – `clamav-0.97.1.tar.gz’ へ保存完了 [43913867/43913867]
> tar  zxvf  clamav-0.97.1.tar.gz
(長いので全略)
> cd  clamav-0.97.1
ではチェック&ビルド

> ./configure && make && make install
・・・
configure: error: in `/root/clamav-0.97.1':
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details
Cコンパイラと一緒にC++コンパイラも入れる。
> yum -y install gcc gcc-c++ --disablerepo=* --enablerepo=local
Installed:
  gcc.i686 0:4.4.4-13.el6              gcc-c++.i686 0:4.4.4-13.el6
Dependency Installed:
  cloog-ppl.i686 0:0.15.7-1.2.el6         cpp.i686 0:4.4.4-13.el6
  glibc-devel.i686 0:2.12-1.7.el6         glibc-headers.i686 0:2.12-1.7.el6
  kernel-headers.i686 0:2.6.32-71.el6     libgomp.i686 0:4.4.4-13.el6
  libstdc++-devel.i686 0:4.4.4-13.el6     mpfr.i686 0:2.4.1-6.el6
  ppl.i686 0:0.10.2-11.el6
Complete!
再びチェック&ビルド
configure: error: Please install zlib and zlib-devel packages
> yum -y install zlib-devel  --disablerepo=* --enablerepo=local
Installed:
  zlib-devel.i686 0:1.2.3-25.el6
Dependency Installed:
  pkgconfig.i686 1:0.23-9.1.el6
Complete!

再びチェック&ビルド
configure: error: User clamav (and/or group clamav) doesn’t exist. Please read the documentation !
悪いが、ドキュメントを読まずにユーザを作らせてもらう。
> useradd -s /sbin/nologin clamav -m -d /usr/local/share/clamav -k /dev/null
再びチェック&ビルド
-bash: make: コマンドが見つかりません
※ボクの勝ち! しかし、続く。
> yum -y install make –disablerepo=* –enablerepo=local
Installed:
  make.i686 1:3.81-19.el6
Complete!
再びチェック&ビルド
(かなり長い)
make[2]: ディレクトリ `/root/clamav-0.97.1′ から出ます
make[1]: ディレクトリ `/root/clamav-0.97.1′ から出ます
なのでビルド完了。
/usr/local/etc/clamd.confを設定する。
以下、差分。
8c8
< #Example

> Example
15d14
< LogFile /var/log/clamd.log
36d34
< LogTime yes
83d80
< LocalSocket /tmp/clamd.socket
96d92
< FixStaleSocket yes
/usr/local/etc/freshclam.confを設定する。
以下、差分。
8c8
< #Example

> Example
18d17
< UpdateLogFile /var/log/freshclam.log
75,76c74
< #DatabaseMirror database.clamav.net
< DatabaseMirror db.jp.clamav.net

> DatabaseMirror database.clamav.net
124d121
< NotifyClamd /usr/local/etc/clamd.conf
ログ用に空ファイルを作る

touch /var/log/freshclam.log
chown clamav:clamav /var/log/freshclam.log
走らせて見る。

> freshclam
-bash: freshclam : コマンドが見つかりません
何ぃ~!
> find / -name freshclam -print
> ls /usr/local/bin/
clamav-config  clambc  clamconf  clamdscan  clamscan  freshclam  sigtool
> echo $PATH
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
変だな。
こう云う時は、もう一回。
> freshclam
ClamAV update process started at Thu Jul 21 23:12:26 2011
main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
WARNING: getfile: daily-13172.cdiff not found on remote server (IP: 211.10.155.48)
WARNING: getpatch: Can’t download daily-13172.cdiff from db.jp.clamav.net
WARNING: getfile: daily-13172.cdiff not found on remote server (IP: 120.29.176.126)
WARNING: getpatch: Can’t download daily-13172.cdiff from db.jp.clamav.net
WARNING: getfile: daily-13172.cdiff not found on remote server (IP: 219.106.242.51)
WARNING: getpatch: Can’t download daily-13172.cdiff from db.jp.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 13344, sigs: 161057, f-level: 60, builder: neo)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 144, sigs: 41, f-level: 60, builder: edwin)
Database updated (1007312 signatures) from db.jp.clamav.net (IP: 219.94.128.99)
WARNING: Clamd was NOT notified: Can’t connect to clamd through /tmp/clamd.socket
connect(): No such file or directory
> とりあえずcrom化。
> vi freshclam

#!/bin/sh /usr/local/bin/freshclam --quiet

> chmod 700 freshclam
> mv freshclam /etc/cron.hourly/
ログローテート設定もする。

vi /etc/logrotate.d/clamd
/var/log/clamd.log { sharedscripts postrotate /etc/rc.d/init.d/clamd restart > /dev/null || true endscript }
vi /etc/logrotate.d/freshclam
/var/log/freshclam.log { missingok notifempty create 644 clamav clamav }

> cp /root/clamav-0.97.1/clamd/clamd /etc/rc.d/init.d/
> /etc/rc.d/init.d/clamd start
Bytecode: Security mode set to “TrustSigned”.
> chkconfig –add clamd
サービス clamd は、chkconfig をサポートしていません。
なので、CentOS5.6を参考に、clamdの2行目に
# chkconfig: – 61 39
を差し込む。
> chkconfig  –add  clamd
> chkconfig  clamd  on
> chkconfig  –list  clamd
clamd           0:off   1:off   2:on    3:on    4:on    5:on    6:off

> vi /etc/cron.daily/clamav.sh  Clam AntiVirus実行スクリプト作成

#!/bin/bash
PATH=/bin:/usr/local/bin
# excludelist
excludelist=/root/clamscan.exclude

# make excludelist
if [ -s $excludelist ]; then
    for i in `cat $excludelist`
    do
        if [ $(echo “$i”|grep \/$) ]; then
            i=`echo $i|sed -e ‘s/^\([^ ]*\)\/$/\1/p’ -e d`
            excludeopt=”${excludeopt} –exclude-dir=^$i”
        else
            excludeopt=”${excludeopt} –exclude=^$i”
        fi
    done
fi

# update virus databases & ClamAV
freshclam > /dev/null 2>&1

# scan virus
CLAMSCANTMP=`mktemp`
clamscan –recursive –remove ${excludeopt} / > $CLAMSCANTMP 2>&1

# virus detect message send
[ ! -z “$(grep FOUND$ $CLAMSCANTMP)” ] && \
grep FOUND$ $CLAMSCANTMP | mail -s “Virus Found in `hostname`” root
rm -f $CLAMSCANTMP

mod 700 /etc/cron.daily/clamav.sh
次はアップデータ
http://sourceforge.jp/projects/clamav-update/releases/ を見てみる。
wgetで取れなかったのでFTPで/rootにコピー >
tar zxvf clamav-update-2.2.7.tar.gz > cd clamav-update-2.2.7
> ./install.sh

vi /usr/local/etc/freshclam.conf 少し修正
DatabaseOwner root
OnOutdatedExecute /usr/local/bin/clamav-update.pl --config /usr/local/etc/clamav-update.conf

 
 



CentOS6.0 NTPDインスト

起動する前に、CD-ROMの設定画面で接続済み、起動時に接続のチェックを入れて起動。
> mount /dev/cdrom /mnt/cdrom
mount: ブロックデバイス /dev/sr0 は書き込み禁止です、読込み専用でマウントします
どうやら、こうしないと、DVDイメージをうまくマウントできないようです。
さて、ntpdのインスト状況をチェックしてみましょう。
# yum list ntp –disablerepo=* –enablerepo=local
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
file:///mnt/cdrom/repodata/repomd.xml: [Errno 14] Could not open/read file:///mnt/cdrom/repodata/repomd.xml
Trying other mirror.
Available Packages
ntp.i686                           4.2.4p8-2.el6                           local
あるみたいなのでntpdをインストしてみます。
# yum -y install  ntp –disablerepo=* –enablerepo=local
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
local                                                    | 3.7 kB     00:00 …
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package ntp.i686 0:4.2.4p8-2.el6 set to be updated
–> Processing Dependency: ntpdate = 4.2.4p8-2.el6 for package: ntp-4.2.4p8-2.el6.i686
–> Processing Dependency: libedit.so.0 for package: ntp-4.2.4p8-2.el6.i686
–> Running transaction check
—> Package libedit.i686 0:2.11-4.20080712cvs.1.el6 set to be updated
—> Package ntpdate.i686 0:4.2.4p8-2.el6 set to be updated
–> Finished Dependency Resolution
Dependencies Resolved
================================================================================
 Package        Arch        Version                          Repository    Size
================================================================================
Installing:
 ntp            i686        4.2.4p8-2.el6                    local        437 k
Installing for dependencies:
 libedit        i686        2.11-4.20080712cvs.1.el6         local         73 k
 ntpdate        i686        4.2.4p8-2.el6                    local         57 k
Transaction Summary
================================================================================
Install       3 Package(s)
Upgrade       0 Package(s)
Total download size: 567 k
Installed size: 1.3 M
Downloading Packages:
——————————————————————————–
Total                                           3.3 MB/s | 567 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : ntpdate-4.2.4p8-2.el6.i686                               1/3
  Installing     : libedit-2.11-4.20080712cvs.1.el6.i686                    2/3
  Installing     : ntp-4.2.4p8-2.el6.i686                                   3/3
Installed:
  ntp.i686 0:4.2.4p8-2.el6
Dependency Installed:
  libedit.i686 0:2.11-4.20080712cvs.1.el6      ntpdate.i686 0:4.2.4p8-2.el6
Complete!
/etc/ntpd.conf を編集
##server 0.rhel.pool.ntp.org
##server 1.rhel.pool.ntp.org
##server 2.rhel.pool.ntp.org
server -4 ntp.nict.jp # 日本標準時を提供しているNTPサーバー(stratum 1)
server -4 ntp.jst.mfeed.ad.jp # 上記サーバーと直接同期しているNTPサーバー(stratum 2)
server プロバイダのNTPサーバー名 # プロバイダのNTPサーバー
ちょっと調整してみよう。
# ntpdate ntp.nict.jp
Name server cannot be used, exiting20 Jul 22:01:03 ntpdate[1632]: name server cannot be used, reason: Temporary failure in name resolution
あれれ、
# nslookup ntp.nict.jp
-bash: nslookup: コマンドが見つかりません
むむむ。
CentOS5で、
rpm -qf $(which nslookup)
bind-utils-9.3.6-16.P1.el5
# yum -y  install bind-utils –disablerepo=* –enablerepo=local
・・・
Installed:
  bind-utils.i686 32:9.7.0-5.P2.el6
Dependency Installed:
  bind-libs.i686 32:9.7.0-5.P2.el6
# nslookup ntp.nict.jp
21 Jul 22:22:36 ntpdate[1275]: adjust time server 133.243.238.243 offset 0.000682 sec
 
 
 
 
 
 




top