{"id":1421,"date":"2019-02-11T17:03:50","date_gmt":"2019-02-11T08:03:50","guid":{"rendered":"https:\/\/curecode.jp\/tech\/?p=1421"},"modified":"2023-12-24T18:05:01","modified_gmt":"2023-12-24T09:05:01","slug":"rkhunter-detect-wp-cli-as-rh-sharpes-rootkit","status":"publish","type":"post","link":"https:\/\/curecode.jp\/tech\/rkhunter-detect-wp-cli-as-rh-sharpes-rootkit\/","title":{"rendered":"wp-cli \u3092\u5165\u308c\u308b\u3068 rkhunter \u3067 RH-Sharpe&#8217;s Rootkit  \u304c\u691c\u51fa\u3055\u308c\u308b"},"content":{"rendered":"<p>\n  WordPress \u3092\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u304b\u3089\u7ba1\u7406\u3001\u64cd\u4f5c\u3067\u304d\u308b\u30c4\u30fc\u30eb <a href=\"https:\/\/wp-cli.org\/\" rel=\"noopener\" target=\"_blank\">wp-cli<\/a> \u306f\u4fbf\u5229\u3067\u3059\u3002\n<\/p>\n<p>\n  \u3057\u304b\u3057\u3001CentOS \u306b wp-cli \u3092\u5165\u308c\u305f\u5f8c\u3001\u30eb\u30fc\u30c8\u30ad\u30c3\u30c8\u691c\u51fa\u30c4\u30fc\u30eb\u306e RootKit Hunter (rkhunter) \u3067 Warning \u304c\u51fa\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3057\u305f\u3002\n<\/p>\n<pre><code class=\"bash\">\r\n\t\u8b66\u544a: RH-Sharpe's Rootkit                       [ \u8b66\u544a ]\r\n\t\u30d5\u30a1\u30a4\u30eb\u300c \/usr\/bin\/wp \u300d\u304c\u898b\u3064\u304b\u308a\u307e\u3057\u305f\u3002\r\n<\/code><\/pre>\n<p>\n  \u3053\u308c\u306f rkhunter \u304c \/usr\/bin\/wp \u3068\u3044\u3046\u30d1\u30b9\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u3042\u308b\u304b\u3069\u3046\u304b\u3060\u3051\u3067\u5224\u5b9a\u3057\u3066\u3044\u308b\u305f\u3081\u306b\u8d77\u3053\u308a\u307e\u3059\u3002\u8a66\u3057\u306b touch \u30b3\u30de\u30f3\u30c9\u3067\u7a7a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u308b\u3060\u3051\u3067\u3082\u5f15\u3063\u304b\u304b\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002\u306a\u306e\u3067 False Positive \u3068\u8003\u3048\u3066\u826f\u3044\u3067\u3057\u3087\u3046\u3002\n<\/p>\n<h3>\u56de\u907f\u65b9\u6cd5<\/h3>\n<p>\n  \u65b9\u6cd5\u306e\u4e00\u3064\u306f wp-cli \u3092 \/usr\/bin\/ \u4ee5\u5916\u306e\u5834\u6240\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3053\u3068\u3002 \u305f\u3068\u3048\u3070 \/bin\/wp \u3068\u3059\u308b\u304b\u3001 \/usr\/local\/bin\/wp \u3068\u3057\u3066\u3057\u307e\u3048\u3070\u3053\u306e\u554f\u984c\u306f\u3042\u308a\u307e\u305b\u3093\u3002\u3057\u304b\u3057 RPM \u304b\u3089\u5165\u308c\u3066\u3044\u305f\u308a\u3059\u308b\u3068\u3053\u306e\u3088\u3046\u306a\u56de\u907f\u65b9\u6cd5\u3067\u306f\u904b\u7528\u4e0a\u306e\u90fd\u5408\u304c\u60aa\u3044\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002\n<\/p>\n<p>\n  \u3082\u3046\u4e00\u3064\u306f \/etc\/rkhunter.conf \u3067\u30db\u30ef\u30a4\u30c8\u30ea\u30b9\u30c8\u306b\u8ffd\u52a0\u3059\u308b\u3053\u3068\u3067\u3059\u3002\n<\/p>\n<pre><code class=\"php\">\r\n# rkhunter.conf\r\nRTKT_FILE_WHITELIST=\/usr\/bin\/wp\r\n<\/code><\/pre>\n<p>\n  \u3053\u306e\u3068\u304d\u3001EXISTWHITELIST \u3084 SCRIPTWHITELIST \u3067\u306f\u306a\u304f\u3001RTKT_FILE_WHITELIST \u306b\u66f8\u304f\u3053\u3068\u304c\u30dd\u30a4\u30f3\u30c8\u3067\u3059\u3002\n<\/p>\n<p>\n  rkhunter.conf \u3092\u5909\u66f4\u3057\u305f\u3089 <code>rkhunter --propupd<\/code> \u3092\u3057\u307e\u3057\u3087\u3046\u3002\n<\/p>\n<h3>\u8ffd\u8a18(2019-03-23)<\/h3>\n<p>\n  CentOS 6 \u306e EPEL \u306e wp-cli-2.1.0-1.el6 \u3067\u306f\u3001\u30b3\u30de\u30f3\u30c9\u306e\u30d1\u30b9\u304c \/usr\/bin\/wp-cli \u306b\u5909\u66f4\u3055\u308c\u307e\u3057\u305f\u3002\u305d\u306e\u305f\u3081 rkhunter \u306e\u8aa4\u691c\u51fa\u306f\u8d77\u304d\u306a\u304f\u306a\u308a\u307e\u3057\u305f\u3002 <var>RTKT_FILE_WHITELIST<\/var> \u306b\u8a2d\u5b9a\u3092\u66f8\u3044\u3066\u3044\u305f\u5834\u5408\u306f\u524a\u9664\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\n<\/p>\n<h3>\u8ffd\u8a18(2022-12-24)<\/h3>\n<p>\n  CentOS 7 \u3067\u306f EPEL \u306e wp-cli \u3067\u306f\u3001\u518d\u3073\u30b3\u30de\u30f3\u30c9\u306e\u30d1\u30b9\u304c \/usr\/bin\/wp \u3068\u306a\u3063\u3066\u3044\u308b\u305f\u3081\u4e0a\u8a18\u306e\u8a2d\u5b9a\u304c\u5fc5\u8981\u3067\u3057\u305f\u3002\n<\/p>\n<h3>IT\u30a8\u30f3\u30b8\u30cb\u30a2\u52df\u96c6\u4e2d\uff01<\/h3>\n<p>\u30ad\u30e5\u30a2\u30b3\u30fc\u30c9\u682a\u5f0f\u4f1a\u793e\u306fIT\u30a8\u30f3\u30b8\u30cb\u30a2\u3092\u52df\u96c6\u3057\u3066\u304a\u308a\u307e\u3059\u3002\u5c11\u4eba\u6570\u306e\u8077\u5834\u306a\u306e\u3067\u3001\u4e0a\u6d41\u30fb\u4e0b\u6d41\u3084\u30b5\u30fc\u30d0\u30fc\u30fb\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5bfe\u5fdc\u306e\u57a3\u6839\u306a\u304f\u3001\u3042\u306a\u305f\u306e\u5f37\u307f\u3092\u6d3b\u304b\u3057\u306a\u304c\u3089 \u3044\u308d\u3044\u308d\u306a\u3053\u3068\u306b\u30c1\u30e3\u30ec\u30f3\u30b8\u53ef\u80fd\u3067\u3059\u3002\u30a8\u30f3\u30b8\u30cb\u30a2\u3068\u3057\u3066\u306e\u672a\u7d4c\u9a13\u306e\u65b9\u3001\u7d4c\u9a13\u304c\u5c11\u306a\u3044\u65b9\u3082\u6b53\u8fce\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u4e0b\u8a18\u3088\u308aIT\u30a8\u30f3\u30b8\u30cb\u30a2\u52df\u96c6\u306e\u63a1\u7528\u60c5\u5831\u3092\u3054\u89a7\u3044\u305f\u3060\u3051\u307e\u3059\u3002<\/p>\n<div class=\"curecode_recruit_bn\">\n\t\t\t\t<a href=\"https:\/\/curecode.jp\/recruit\/itengineer\/\" target=\"_blank\" rel=\"noopener noreferrer\"><br \/>\n\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/curecode.jp\/tech\/wp-content\/themes\/tech\/images\/it_recruit.png?20241220\" alt=\"\u4e8b\u696d\u62e1\u5927\u306b\u4f34\u3044\u65b0\u3057\u3044\u9818\u57df\u306b\u4e00\u7dd2\u306b\u53d6\u308a\u7d44\u3093\u3067\u3044\u304f\u30e1\u30f3\u30d0\u30fc\u3092\u52df\u96c6\u3057\u307e\u3059\u3002\"  width=\"500\" height=\"180\"\/><br \/>\n\t\t\t\t<\/a>\n\t\t<\/div>\n<h3>\u30ad\u30e5\u30a2\u30b3\u30fc\u30c9\u516c\u5f0f\u30a4\u30f3\u30b9\u30bf\u30b0\u30e9\u30e0<\/h3>\n<p>\u30ad\u30e5\u30a2\u30b3\u30fc\u30c9\u682a\u5f0f\u4f1a\u793e\u306e\u65b0\u30b5\u30fc\u30d3\u30b9\u60c5\u5831\u3084\u3001\u30aa\u30d5\u30a3\u30b9\u30e9\u30a4\u30d5\u306e\u7d20\u6575\u306a\u77ac\u9593\u307e\u3067\u3002\u79c1\u305f\u3061\u306e\u65e5\u3005\u306e\u55b6\u307f\u3092\u3054\u7d39\u4ecb\u3057\u307e\u3059\u3002<\/p>\n<div class=\"curecode_recruit_bn\">\n\t\t\t\t<a href=\"https:\/\/www.instagram.com\/curecode\/\" target=\"_blank\" rel=\"noopener noreferrer\"><br \/>\n\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/curecode.jp\/tech\/wp-content\/themes\/tech\/images\/insta_bn.png?20241220\" alt=\"\u4e8b\u696d\u62e1\u5927\u306b\u4f34\u3044\u65b0\u3057\u3044\u9818\u57df\u306b\u4e00\u7dd2\u306b\u53d6\u308a\u7d44\u3093\u3067\u3044\u304f\u30e1\u30f3\u30d0\u30fc\u3092\u52df\u96c6\u3057\u307e\u3059\u3002\"  width=\"500\" height=\"180\"\/><br \/>\n\t\t\t\t<\/a>\n\t\t<\/div>\n","protected":false},"excerpt":{"rendered":"<p>WordPress \u3092\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u304b\u3089\u7ba1\u7406\u3001\u64cd\u4f5c\u3067\u304d\u308b\u30c4\u30fc\u30eb wp-cli \u306f\u4fbf\u5229\u3067\u3059\u3002 \u3057\u304b\u3057\u3001 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":592,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[117,22,154],"class_list":["post-1421","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-rkhunter","tag-wordpress","tag-wp-cli"],"_links":{"self":[{"href":"https:\/\/curecode.jp\/tech\/wp-json\/wp\/v2\/posts\/1421","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/curecode.jp\/tech\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/curecode.jp\/tech\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/curecode.jp\/tech\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/curecode.jp\/tech\/wp-json\/wp\/v2\/comments?post=1421"}],"version-history":[{"count":6,"href":"https:\/\/curecode.jp\/tech\/wp-json\/wp\/v2\/posts\/1421\/revisions"}],"predecessor-version":[{"id":1638,"href":"https:\/\/curecode.jp\/tech\/wp-json\/wp\/v2\/posts\/1421\/revisions\/1638"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/curecode.jp\/tech\/wp-json\/wp\/v2\/media\/592"}],"wp:attachment":[{"href":"https:\/\/curecode.jp\/tech\/wp-json\/wp\/v2\/media?parent=1421"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/curecode.jp\/tech\/wp-json\/wp\/v2\/categories?post=1421"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/curecode.jp\/tech\/wp-json\/wp\/v2\/tags?post=1421"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}