Izixhobo zokulwa nesoftware yasimahla kunye nezixhobo zokulwa nengcambu

I-Linux ihlala isetyenziselwa ukuhlangula ukufakwa kweWindows ... Yintoni indida, ngokuchanekileyo, kukho izixhobo ezininzi zasimahla zokususa i-malware kunye neengcambu. Makhe sibone ezinye zazo.

ikhrootkit

I-Chkrootkit okanye i-Check Rootkit yinkqubo yemithombo evulekileyo edumileyo, sisixhobo esisetyenziselwa ukwenziwa kweekhomputha, i-botnets, i-malware, njl njl kwiseva yakho okanye kwinkqubo ye-Unix / Linux. Ivavanywa kwi: Linux 2.0.x, 2.2.x, 2.4.x, 2.6.x, kunye 3.xx, FreeBSD 2.2.x, 3.x, 4.x, 5.x kunye 7.x, OpenBSD 2 .x, 3.x kunye 4.x, 1.6.x NetBSD, Solaris 2.5.1, 2.6, 8.0 kunye 9.0, HP-UX 11, Tru64, BSDI kunye neMac OS X. Esi sixhobo sifakwe kwangaphambili kwi-BackTrack 5 kwi Icandelo lezixhobo zoPhando kunye nentsholongwane.

Ukufaka i-chkrootkit kwi-Ubuntu okanye kwi-distro esekwe kwi-Debian, unokuchwetheza:

Sudo apt-fumana ukufaka i-chkrootkit

Ukuqala ukukhangela inkqubo ye-rootkits kunye ne-backdoors, thayipha umyalelo:

sudo chkrootkit

Ingcambu Hunter

I-Rootkit Hunter okanye i-rkhunter ngumthombo ovulekileyo we-rootkit scanner ofana ne-chkrootkit nayo efakwe ngaphambili kwi-BackTrack 5 phantsi kwe-Forensic kunye ne-Anti-Virus Tools. Esi sixhobo sihlalutya i-rootkits, i-backdoors kunye nokusetyenziswa kwendawo ngokusebenzisa iimvavanyo ezifana nokuthelekisa i-MD5 hash, khangela iifayile ezingagqibekanga ezisetyenziselwa i-rootkits, iimvume ezingalunganga zeefayile, ukukhangela iintambo ezikrokrayo kwiimodyuli ze-LKM kunye ne-KLD, ukukhangela iifayile ezifihliweyo, kunye ukuskena ngokuzithandela ngaphakathi kokubhaliweyo kunye neefayile zokubini.

Ukufaka i-rkhunter kwi-Ubuntu okanye kwi-distro esekwe kwi-Debian, unokuchwetheza:

Sudo apt-fumana ukufaka i-rkhunter

Ukuqala ukuskena kwenkqubo yefayile, chwetheza lo myalelo:

Isudo rkhunter-khangela

Kwaye ukuba ufuna ukukhangela uhlaziyo, sebenzisa lo myalelo:

Isudo rkhunter-hlaziya

Emva kokuba i-rkhunter igqibile ukuskena inkqubo yakho yeefayile, zonke iziphumo zingene kwi /var/log/rkhunter.log.

ClamAV

IClamAV sisoftware eyaziwayo yokulwa intsholongwane. Yeyona antivirus yeLinux idumileyo inenguqulo ye-GUI eyilelwe ukufumanisa ngokulula iiTrojans, ii-virus, i-malware kunye nezinye izoyikiso ezinobungozi. I-ClamAV inokufakwa kwiWindows, BSD, Solaris, nakwiMacOSX. Umntu woPhando loKhuseleko uDejan de Lucas une isifundo icacisiwe kwiphepha leZiko leZibonelelo ze-InfoSec ngendlela yokufaka iClamAV kunye nendlela yokusebenza nesinxibelelanisi sayo kwilayini yomyalelo.

BotHunter

I-BotHunter yinkqubo esekwe kwinethiwekhi ye-botnet elandela indlela yokuhamba konxibelelwano phakathi kwekhompyuter kunye ne-Intanethi. Iphuhlisiwe kwaye igcinwe yiLabhoratri yeNzululwazi yeKhompyuter, i-SRI International, kwaye iyafumaneka kwiLinux kunye neUnix, kodwa ngoku bakhuphe ingxelo yolingo lwabucala kunye nokukhululwa kwangaphambili kweWindows.

Ukuba ufuna ukukhuphela le nkqubo ungayenza ukusuka apha . Iiprofayili zosulelo lweBotHunter zihlala zifumaneka kwi ~ cta-bh / BotHunter / LIVEPIPE / botHunterResults.txt.

Umzekelo wokusebenzisa iBotHunter2Web.pl:

perl BotHunter2Web.pl [umhla YYYY-MM-DD] -iisampuluziphumo.txt

avast! Ushicilelo lwasekhaya lweLinux

avast! Ushicilelo lweKhaya leLinux yinjini ye-antivirus enikezelwa simahla, kodwa yenzela kuphela ikhaya hayi ukusetyenziswa kwezorhwebo. Ibandakanya iskena somgca wokuyalela kwaye isekwe kumava ombhali wenqaku lokuqala, ifumanisa ezinye zeebhodi zePerl IRC ezinemisebenzi enobungozi efana ne-udpflood kunye nemisebenzi ye-tcpflood, kwaye ivumela inkosi yayo okanye umlawuli we-bot ukuba ibaleke Imiyalelo engenakuphikiswa ngokusetyenziswa kwenkqubo () yokusebenza kwePerl.

Unokuzikhuphelela le software ye-antivirus apha .

NeoPI

I-NeoPI sisicatshulwa esisebenzayo sePython ekufumaneni umxholo okhohlakeleyo kunye nobhaliweyo ngaphakathi kweefayile zombhalo okanye kwizikripthi. Injongo yeNeoPI kukunceda ekufumaneni ikhowudi efihliweyo kwigobolondo lewebhu. Ukugxila kuphuhliso lweNeoPI yayikukudala isixhobo esinokusetyenziswa ngokudibeneyo kunye nesiginitsha eqhelekileyo- okanye iindlela zokujonga ezisekwe kwigama elingundoqo. Iskripthi somnqamlezo weqonga leWindows kunye neLinux. Ayincedi kuphela abasebenzisi ukuba bafumane iingcango zangasemva ezinokubakho, kodwa nezikripthi ezinobungozi ezinje ngeebhotile ze-IRC, iiglfflood shells, izikripthi ezisengozini kunye nezixhobo ezinobungozi.

Sebenzisa lo mbhalo wePython, khuphela ngokulula ikhowudi kwindawo yayo esemthethweni ye-github kwaye uzulazule kulawulo lwayo:

Ilitye le-git https://github.com/Neohapsis/NeoPI.git cd NeoPI

Eyethu inyanga

I-Ourmon ngumthombo ovulekileyo we-Unix-based based and a common network packet sniffing tool kwi-FreeBSD, kodwa inokusetyenziselwa ukufumanisa i-botnet njengoko u-Ashis Dash echaza kwinqaku lakhe elinesihloko 'Isixhobo sokufumanisa i-Botnet: I-Ourmon' kwiClubhack okanye iphephancwadi iChmag.

Grep

Kwaye okokugqibela kodwa kungaphelelanga apho, sinomyalelo we-grep, sisixhobo esinamandla somgca wokuyalela kwi-Unix nakwiLinux. Kusetyenziselwe ukufumana kunye nokuvavanya iiseti zedatha yokuvavanywa kwemigca ehambelana nentetho eqhelekileyo. Ngamafutshane, le nto ibhalwe ikhowudi nguKen Thompson ngo-Matshi 3, 1973 kwi-Unix. Namhlanje, i-Grep yaziwa ngokukhangela kunye nokukhangela iigobolondo zangasemva ezinobungozi kunye nezikripthi ezinobungozi ngokunjalo.

I-Grep inokusetyenziselwa ukukhangela izikripthi ezisengozini (umzekelo, i-PHP's shell_exec function eyingozi PHP umsebenzi ovumela ukwenziwa kwekhowudi ekude okanye ukwenziwa komyalelo). Singawusebenzisa umyalelo we-grep ukukhangela i-Shell_exec () ukulungiselela i / var / www isikhombisi ukukhangela iifayile ze-PHP ezinokuba sengozini kwi-ICE okanye ngenaliti yokuyalela. Nanku lo myalelo:

grep-Rn "iqokobhe_exec * (" / var / www

I-Grep sisixhobo esihle sokuchongwa kwesandla kunye nohlalutyo lwasenkundleni.

Umthombo: I-Linuxaria & Taringa