Amathuluzi wamahhala wokulwa ne-malware ne-anti-rootkit

I-Linux ivame ukusetshenziselwa ukutakula ukufakwa kweWindows ... noma yebo. Kuyindida enkulu, ngokunembile, kukhona amathuluzi amaningi wamahhala okususa i-malware nama-rootkits. Ake sibone ezinye zazo.

I-Chkrootkit

I-Chkrootkit noma i-Check Rootkit wuhlelo oludumile lomthombo ovulekile, iyithuluzi elisetshenziselwa ukwenziwa kwamakhompiyutha ama-rootkits, ama-botnets, i-malware, njll kuseva yakho noma uhlelo lwe-Unix / Linux. Ihlolwe ku: Linux 2.0.x, 2.2.x, 2.4.x, 2.6.x, ne-3.xx, FreeBSD 2.2.x, 3.x, 4.x, 5.x kanye 7.x, OpenBSD 2.x , 3.x no-4.x, 1.6.x NetBSD, Solaris 2.5.1, 2.6, 8.0 and 9.0, HP-UX 11, Tru64, BSDI ne-Mac OS X. Leli thuluzi lifakwe kuqala ku-BackTrack 5 engxenyeni yamathuluzi we-Forensic kanye ne-anti-virus.

Ukufaka i-chkrootkit ku-Ubuntu noma i-Debian based distro, ungathayipha:

sudo apt-get ukufaka chkrootkit

Ukuqala ukubheka isistimu ngama-rootkits nangenxa yangemuva, thayipha umyalo:

sudo chkrootkit

I-Rootkit Hunter

I-Rootkit Hunter noma i-rkhunter iyisithwebuli somthombo ovulekile esifana ne-chkrootkit nayo efakwe ngaphambili ku-BackTrack 5 ngaphansi kwamathuluzi we-Forensic ne-Anti-Virus. Leli thuluzi lihlaziya ama-rootkits, ama-backdoors kanye nokuxhashazwa kwasendaweni ngokwenza izivivinyo ezinjengalezi: ukuqhathanisa i-MD5 hash, cinga amafayela azenzakalelayo asetshenziswa ama-rootkits, izimvume zefayela ezingalungile zama-binaries, cinga izintambo ezisolisayo kumamojula we-LKM kanye I-KLD, ukusesha kwefayela okufihliwe, nokuskena okungakhethwa ngaphakathi kombhalo namafayela kanambambili.

Ukufaka i-rkhunter ku-Ubuntu noma i-Debian based distro, ungathayipha:

sudo apt-get ukufaka i-rkhunter

Ukuze uqale ukuskena kohlelo lwefayela, thayipha umyalo:

Sudo rkhunter - hlola

Futhi uma ufuna ukubuyekeza izibuyekezo, sebenzisa umyalo:

sudo rkhunter –ubuyekeza

Ngemuva kokuthi i-rkhunter isiqedile ukuskena isistimu yakho yefayela, yonke imiphumela ingene ngemvume /var/log/rkhunter.log.

I-ClamAV

I-ClamAV iyisoftware eyaziwayo ye-Linux anti-virus. I-antivirus edume kakhulu ye-Linux enenguqulo ye-GUI eyenzelwe ukutholakala kalula kwamaTrojans, amagciwane, i-malware nezinye izinsongo ezinobungozi. IClamAV nayo ingafakwa kwiWindows, BSD, Solaris, nakuMacOSX. Ocwaninga Ngezokuphepha uDejan de Lucas une okokufundisa okuningiliziwe ekhasini le-InfoSec Resource Institute lokuthi ungayifaka kanjani i-ClamAV nokuthi ungasebenza kanjani nesibonisi sayo kulayini womyalo.

I-BotHunter

IBotHunter uhlelo olususelwa kunethiwekhi lwe-botnet olulandela indlela yokugeleza kokuxhumana okubili phakathi kwekhompyutha yomuntu siqu ne-Intanethi. Ithuthukiswa futhi inakekelwa yiComputer Science Laboratory, i-SRI International, futhi iyatholakala ngeLinux ne-Unix, kepha manje sebekhiphe inguqulo eyimfihlo kanye ne-pre-release yeWindows.

Uma ufuna ukulanda lolu hlelo ungakwenza kusuka ku- lapha . Amaphrofayli wokutheleleka ngeBotHunter ajwayelekile atholakala ku- ~ cta-bh / BotHunter / LIVEPIPE / botHunterResults.txt.

Isibonelo sokusetshenziswa seBotHunter2Web.pl:

perl BotHunter2Web.pl [usuku YYYY-MM-DD] -i sampleresults.txt

avast! I-Linux Home Edition

avast! I-Linux Home Edition injini ye-antivirus enikezwa mahhala, kodwa kuphela ukusetshenziswa kwasekhaya hhayi ukusetshenziswa kwezebhizinisi. Ifaka isithwebuli somugqa womyalo futhi ngokuya ngesipiliyoni sombhali wenothi yoqobo, ithola amanye ama-Perl IRC bots aqukethe imisebenzi enobungozi efana nemisebenzi ye-udpflood ne-tcpflood, futhi ivumela umphathi wayo noma isilawuli se-bot ukuthi sisebenze Imiyalo engenakuphikiswa nokusetshenziswa kwesistimu () komsebenzi kaPerl.

Ungalanda le software unqulo wesi arab lapha .

I-NeoPI

INeoPI ngumbhalo wePython owusizo ekutholeni okuqukethwe okonakele nokubethelwe ngaphakathi kwamafayela ombhalo noma imibhalo. Inhloso yeNeoPI ukusiza ekutholeni ikhodi efihliwe kugobolondo lewebhu. Ukugxila kokuthuthuka kweNeoPI bekuwukwakha ithuluzi elingasetshenziswa ngokuhlangana nezinye izindlela ezijwayelekile zokusayina ezisayinwayo noma amagama asemqoka. Ungumbhalo we-cross-platform weWindows neLinux. Akusizi nje kuphela abasebenzisi ukuthola iminyango engemuva, kodwa futhi nemibhalo enobungozi efana namabhodlela e-IRC, amagobolondo e-udpflood, imibhalo esengozini, namathuluzi anonya.

Ukuze usebenzise lo mbhalo wePython, mane nje ulande ikhodi esizeni sayo esisemthethweni se-github bese uzulazula kusiqondisi sayo:

i-git clone https://github.com/Neohapsis/NeoPI.git cd NeoPI

I-Ourmon

I-Ourmon wuhlelo oluvulekile lwe-Unix-based and a common network packet sniffing tool ku-FreeBSD, kepha futhi ingasetshenziselwa ukuthola i-botnet njengoba u-Ashis Dash echaza ku-athikili yakhe enesihloko Ithuluzi Lokuthola I-Botnet: I-Ourmon ' kumagazini weClubhack noma weChmag.

Gweba

Futhi okokugcina, sinomyalo we-grep, oyithuluzi lomugqa womyalo onamandla ku-Unix neLinux. Kusetshenziselwe ukuthola nokuhlola amasethi wedatha yokuhlola imigqa efana nesisho esijwayelekile. Ngamafuphi, le nsiza yabhalwa nguKen Thompson ngoMashi 3, 1973 nge-Unix. Namuhla, i-Grep yaziwa ngokuthola nokusesha amagobolondo angaphandle anezinkinga nemibhalo enonya.

I-Grep nayo ingasetshenziselwa ukuthola imibhalo esengozini (ngokwesibonelo, umsebenzi we-PHP's shell_exec okuwumsebenzi onobungozi we-PHP ovumela ukwenziwa kwekhodi ekude noma ukwenziwa komyalo). Singawusebenzisa umyalo we-grep ukubheka i-Shell_exec () ukuze sizuze kumkhombandlela wethu / var / www ukubheka ukuthi kungenzeka yini amafayela we-PHP asengozini ye-ICE noma umjovo womyalo. Nanku umyalo:

grep-Rn "igobolondo_exec * (" / var / www

I-Grep iyithuluzi elihle lokuthola ngesandla nokuhlaziywa kwe-forensic.

Umthombo: I-Linuxaria & UTaringa


Okuqukethwe yi-athikili kunamathela ezimisweni zethu ze izimiso zokuhlelela. Ukubika iphutha chofoza lapha.

Amazwana ayi-9, shiya okwakho

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe.

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   lucascordobes kusho

    Mayelana ne- # Avast kuyesabeka… ngiyifakile futhi ayisebenzi nhlobo.
    Indatshana enhle kakhulu… Kumele ngizame amanye amathuluzi!

  2.   U-LE Oripmav kusho

    Hewu! amathuluzi amahle kakhulu kepha i-avast ayingisebenzelanga ibambezela i-pc futhi ithathe ama-20 min. ukuqala

  3.   UGaius baltar kusho

    Ukukhuluma, Pablo 😀

  4.   Omar kusho

    Usuku oluhle,,

    I-athikili iyathakazelisa, ngingu-newbie kulesi sihloko, ngakho-ke ngiyabuza, kunketho yokuqala uthi ungayifaka kanjani i-chkrootkit, bese umyalo wokuhlola ama-rootkits kanye neminyango engemuva ohlelweni, bese ngenzani? Ngiyazisusa, ngiyazikhansela, ngiyazivimba futhi uma kunjalo, ngizisusa noma ngizivimbe kanjani?

    Gracias

  5.   jorge kusho

    I-athikili enhle

  6.   frederico kusho

    Sawubona, nginguFede, ngisekhasini lakho eliwusizo kakhulu, i-Linux ebukhoma ende nesoftware yamahhala ngenxa yezinkulungwane zabahleli nabaduni abavela emhlabeni wonke. ngiyabonga uLINUS TOORVALD, RICHARD STALLMAN, ERICK RAIMOND nabanye abaningi, sizokubona maduze futhi ngiyaxolisa ngamaphutha asemagameni athi NGIYABONGA.

  7.   Acm1pt kusho

    Angiqondi lutho umama we-fucking!

    1.    UClau kusho

      Bheka, nami angiqondi okuningi, kodwa okunye ukuphawula kuthi bekukuhle.Clam av ngaphandle kokuthi inesifundo, ngicabanga ukuthi kungcono ukuzama lokho, akunjalo? XD

  8.   U-Elmar stellnberger kusho

    i-debcheckroot (https://www.elstel.org/debcheckroot/) kusuka ku-elstel.org ayitholakali kulolu hlu. Okwamanje iyithuluzi elihle kakhulu laphaya ukubona ama-rootkits. Iningi lezinhlelo ezifana ne-rkhunter ne-chkrootkit ngeke zisakwazi ukuthola i-rootkit ngokushesha nje lapho iguqulwe kancane. i-debcheckroot yehlukile. Iqhathanisa i-sha256sum yawo wonke amafayili afakiwe ngokumelene nesihloko sephakeji.