I-Linux ihlala isetyenziselwa ukuhlangula ukufakwa kweWindows ... Yintoni indida, ngokuchanekileyo, kukho izixhobo ezininzi zasimahla zokususa i-malware kunye neengcambu. Makhe sibone ezinye zazo. |
ikhrootkit
I-Chkrootkit okanye i-Check Rootkit yinkqubo yemithombo evulekileyo edumileyo, sisixhobo esisetyenziselwa ukwenziwa kweekhomputha, i-botnets, i-malware, njl njl kwiseva yakho okanye kwinkqubo ye-Unix / Linux. Ivavanywa kwi: Linux 2.0.x, 2.2.x, 2.4.x, 2.6.x, kunye 3.xx, FreeBSD 2.2.x, 3.x, 4.x, 5.x kunye 7.x, OpenBSD 2 .x, 3.x kunye 4.x, 1.6.x NetBSD, Solaris 2.5.1, 2.6, 8.0 kunye 9.0, HP-UX 11, Tru64, BSDI kunye neMac OS X. Esi sixhobo sifakwe kwangaphambili kwi-BackTrack 5 kwi Icandelo lezixhobo zoPhando kunye nentsholongwane.
Ukufaka i-chkrootkit kwi-Ubuntu okanye kwi-distro esekwe kwi-Debian, unokuchwetheza:
Sudo apt-fumana ukufaka i-chkrootkit
Ukuqala ukukhangela inkqubo ye-rootkits kunye ne-backdoors, thayipha umyalelo:
sudo chkrootkit
Ingcambu Hunter
I-Rootkit Hunter okanye i-rkhunter ngumthombo ovulekileyo we-rootkit scanner ofana ne-chkrootkit nayo efakwe ngaphambili kwi-BackTrack 5 phantsi kwe-Forensic kunye ne-Anti-Virus Tools. Esi sixhobo sihlalutya i-rootkits, i-backdoors kunye nokusetyenziswa kwendawo ngokusebenzisa iimvavanyo ezifana nokuthelekisa i-MD5 hash, khangela iifayile ezingagqibekanga ezisetyenziselwa i-rootkits, iimvume ezingalunganga zeefayile, ukukhangela iintambo ezikrokrayo kwiimodyuli ze-LKM kunye ne-KLD, ukukhangela iifayile ezifihliweyo, kunye ukuskena ngokuzithandela ngaphakathi kokubhaliweyo kunye neefayile zokubini.
Ukufaka i-rkhunter kwi-Ubuntu okanye kwi-distro esekwe kwi-Debian, unokuchwetheza:
Sudo apt-fumana ukufaka i-rkhunter
Ukuqala ukuskena kwenkqubo yefayile, chwetheza lo myalelo:
Isudo rkhunter-khangela
Kwaye ukuba ufuna ukukhangela uhlaziyo, sebenzisa lo myalelo:
Isudo rkhunter-hlaziya
Emva kokuba i-rkhunter igqibile ukuskena inkqubo yakho yeefayile, zonke iziphumo zingene kwi /var/log/rkhunter.log.
ClamAV
IClamAV sisoftware eyaziwayo yokulwa intsholongwane. Yeyona antivirus yeLinux idumileyo inenguqulo ye-GUI eyilelwe ukufumanisa ngokulula iiTrojans, ii-virus, i-malware kunye nezinye izoyikiso ezinobungozi. I-ClamAV inokufakwa kwiWindows, BSD, Solaris, nakwiMacOSX. Umntu woPhando loKhuseleko uDejan de Lucas une isifundo icacisiwe kwiphepha leZiko leZibonelelo ze-InfoSec ngendlela yokufaka iClamAV kunye nendlela yokusebenza nesinxibelelanisi sayo kwilayini yomyalelo.
BotHunter
I-BotHunter yinkqubo esekwe kwinethiwekhi ye-botnet elandela indlela yokuhamba konxibelelwano phakathi kwekhompyuter kunye ne-Intanethi. Iphuhlisiwe kwaye igcinwe yiLabhoratri yeNzululwazi yeKhompyuter, i-SRI International, kwaye iyafumaneka kwiLinux kunye neUnix, kodwa ngoku bakhuphe ingxelo yolingo lwabucala kunye nokukhululwa kwangaphambili kweWindows.
Ukuba ufuna ukukhuphela le nkqubo ungayenza ukusuka apha . Iiprofayili zosulelo lweBotHunter zihlala zifumaneka kwi ~ cta-bh / BotHunter / LIVEPIPE / botHunterResults.txt.
Umzekelo wokusebenzisa iBotHunter2Web.pl:
perl BotHunter2Web.pl [umhla YYYY-MM-DD] -iisampuluziphumo.txt
avast! Ushicilelo lwasekhaya lweLinux
avast! Ushicilelo lweKhaya leLinux yinjini ye-antivirus enikezelwa simahla, kodwa yenzela kuphela ikhaya hayi ukusetyenziswa kwezorhwebo. Ibandakanya iskena somgca wokuyalela kwaye isekwe kumava ombhali wenqaku lokuqala, ifumanisa ezinye zeebhodi zePerl IRC ezinemisebenzi enobungozi efana ne-udpflood kunye nemisebenzi ye-tcpflood, kwaye ivumela inkosi yayo okanye umlawuli we-bot ukuba ibaleke Imiyalelo engenakuphikiswa ngokusetyenziswa kwenkqubo () yokusebenza kwePerl.
Unokuzikhuphelela le software ye-antivirus apha .
NeoPI
I-NeoPI sisicatshulwa esisebenzayo sePython ekufumaneni umxholo okhohlakeleyo kunye nobhaliweyo ngaphakathi kweefayile zombhalo okanye kwizikripthi. Injongo yeNeoPI kukunceda ekufumaneni ikhowudi efihliweyo kwigobolondo lewebhu. Ukugxila kuphuhliso lweNeoPI yayikukudala isixhobo esinokusetyenziswa ngokudibeneyo kunye nesiginitsha eqhelekileyo- okanye iindlela zokujonga ezisekwe kwigama elingundoqo. Iskripthi somnqamlezo weqonga leWindows kunye neLinux. Ayincedi kuphela abasebenzisi ukuba bafumane iingcango zangasemva ezinokubakho, kodwa nezikripthi ezinobungozi ezinje ngeebhotile ze-IRC, iiglfflood shells, izikripthi ezisengozini kunye nezixhobo ezinobungozi.
Sebenzisa lo mbhalo wePython, khuphela ngokulula ikhowudi kwindawo yayo esemthethweni ye-github kwaye uzulazule kulawulo lwayo:
Ilitye le-git https://github.com/Neohapsis/NeoPI.git cd NeoPI
Eyethu inyanga
I-Ourmon ngumthombo ovulekileyo we-Unix-based based and a common network packet sniffing tool kwi-FreeBSD, kodwa inokusetyenziselwa ukufumanisa i-botnet njengoko u-Ashis Dash echaza kwinqaku lakhe elinesihloko 'Isixhobo sokufumanisa i-Botnet: I-Ourmon' kwiClubhack okanye iphephancwadi iChmag.
Grep
Kwaye okokugqibela kodwa kungaphelelanga apho, sinomyalelo we-grep, sisixhobo esinamandla somgca wokuyalela kwi-Unix nakwiLinux. Kusetyenziselwe ukufumana kunye nokuvavanya iiseti zedatha yokuvavanywa kwemigca ehambelana nentetho eqhelekileyo. Ngamafutshane, le nto ibhalwe ikhowudi nguKen Thompson ngo-Matshi 3, 1973 kwi-Unix. Namhlanje, i-Grep yaziwa ngokukhangela kunye nokukhangela iigobolondo zangasemva ezinobungozi kunye nezikripthi ezinobungozi ngokunjalo.
I-Grep inokusetyenziselwa ukukhangela izikripthi ezisengozini (umzekelo, i-PHP's shell_exec function eyingozi PHP umsebenzi ovumela ukwenziwa kwekhowudi ekude okanye ukwenziwa komyalelo). Singawusebenzisa umyalelo we-grep ukukhangela i-Shell_exec () ukulungiselela i / var / www isikhombisi ukukhangela iifayile ze-PHP ezinokuba sengozini kwi-ICE okanye ngenaliti yokuyalela. Nanku lo myalelo:
grep-Rn "iqokobhe_exec * (" / var / www
I-Grep sisixhobo esihle sokuchongwa kwesandla kunye nohlalutyo lwasenkundleni.
Umthombo: I-Linuxaria & Taringa
Malunga #Avast iyoyikeka… ndiyifakile kwaye ayisebenzi kwaphela.
Inqaku elibalaseleyo… Kufuneka ndizame ezinye izixhobo!
Wowu! izixhobo ezibalaseleyo kodwa i-avast khange isebenze kum iyacothisa i-pc kwaye ithathe imizuzu engama-20. ukuqala
UArticulazo, uPablo 😀
Usuku olumnwandi,,
Inqaku linomdla, ndingu-newbie kwesi sihloko, ke ndiyabuza, kukhetho lokuqala utsho ukuba ungayifaka njani i-chkrootkit, kwaye ke umyalelo wokujonga i-rootkits kunye neengcango zangasemva kwinkqubo, emva koko ndenze ntoni ? Ndiyazicima, ndizirhoxise, ndizibhloke, kwaye ukuba kunjalo, ndizicima njani okanye ndizibhloke?
Gracias
Inqaku elilungileyo
Molo, ndinguFede, ndikwiphepha lakho eliluncedo kakhulu, iLinux ende kunye nesoftware yasimahla enkosi kumawakawaka wabadwelisi kunye nabaduni abavela kwihlabathi liphela. enkosi u-LINUS TOORVALD, u-RICHARD STALLMAN, u-ERICK RAIMOND nabanye abaninzi, ndikubone kungekudala kwaye uxolise ngeempazamo kumagama ENKOSI.
Andiqondi nantoni na umama ogezayo!
Jonga, nam andiqondi kakhulu, kodwa elinye izimvo lathi lilungile.I-Clam av ngaphandle ukuba inesifundo. XD
iqhekeza (https://www.elstel.org/debcheckroot/Ukusuka elstel.org ilahlekile kolu luhlu. Okwangoku sesona sixhobo silungileyo phaya sokubona iingcambu. Uninzi lweenkqubo ezinje nge-rkhunter kunye ne-chkrootkit azinakuphinda zibone i-rootkit kwakamsinya nje ukuba iguqulwe kancinane. debcheckroot yahlukile. Ithelekisa i-sha256sum yazo zonke iifayile ezifakiweyo ngokuchasene nentloko yephakheji.