I-Linux ivame ukusetshenziselwa ukutakula ukufakwa kweWindows ... noma yebo. Kuyindida enkulu, ngokunembile, kukhona amathuluzi amaningi wamahhala okususa i-malware nama-rootkits. Ake sibone ezinye zazo. |
I-Chkrootkit
I-Chkrootkit noma i-Check Rootkit wuhlelo oludumile lomthombo ovulekile, iyithuluzi elisetshenziselwa ukwenziwa kwamakhompiyutha ama-rootkits, ama-botnets, i-malware, njll kuseva yakho noma uhlelo lwe-Unix / Linux. Ihlolwe ku: Linux 2.0.x, 2.2.x, 2.4.x, 2.6.x, ne-3.xx, FreeBSD 2.2.x, 3.x, 4.x, 5.x kanye 7.x, OpenBSD 2.x , 3.x no-4.x, 1.6.x NetBSD, Solaris 2.5.1, 2.6, 8.0 and 9.0, HP-UX 11, Tru64, BSDI ne-Mac OS X. Leli thuluzi lifakwe kuqala ku-BackTrack 5 engxenyeni yamathuluzi we-Forensic kanye ne-anti-virus.
Ukufaka i-chkrootkit ku-Ubuntu noma i-Debian based distro, ungathayipha:
sudo apt-get ukufaka chkrootkit
Ukuqala ukubheka isistimu ngama-rootkits nangenxa yangemuva, thayipha umyalo:
sudo chkrootkit
I-Rootkit Hunter
I-Rootkit Hunter noma i-rkhunter iyisithwebuli somthombo ovulekile esifana ne-chkrootkit nayo efakwe ngaphambili ku-BackTrack 5 ngaphansi kwamathuluzi we-Forensic ne-Anti-Virus. Leli thuluzi lihlaziya ama-rootkits, ama-backdoors kanye nokuxhashazwa kwasendaweni ngokwenza izivivinyo ezinjengalezi: ukuqhathanisa i-MD5 hash, cinga amafayela azenzakalelayo asetshenziswa ama-rootkits, izimvume zefayela ezingalungile zama-binaries, cinga izintambo ezisolisayo kumamojula we-LKM kanye I-KLD, ukusesha kwefayela okufihliwe, nokuskena okungakhethwa ngaphakathi kombhalo namafayela kanambambili.
Ukufaka i-rkhunter ku-Ubuntu noma i-Debian based distro, ungathayipha:
sudo apt-get ukufaka i-rkhunter
Ukuze uqale ukuskena kohlelo lwefayela, thayipha umyalo:
Sudo rkhunter - hlola
Futhi uma ufuna ukubuyekeza izibuyekezo, sebenzisa umyalo:
sudo rkhunter –ubuyekeza
Ngemuva kokuthi i-rkhunter isiqedile ukuskena isistimu yakho yefayela, yonke imiphumela ingene ngemvume /var/log/rkhunter.log.
I-ClamAV
I-ClamAV iyisoftware eyaziwayo ye-Linux anti-virus. I-antivirus edume kakhulu ye-Linux enenguqulo ye-GUI eyenzelwe ukutholakala kalula kwamaTrojans, amagciwane, i-malware nezinye izinsongo ezinobungozi. IClamAV nayo ingafakwa kwiWindows, BSD, Solaris, nakuMacOSX. Ocwaninga Ngezokuphepha uDejan de Lucas une okokufundisa okuningiliziwe ekhasini le-InfoSec Resource Institute lokuthi ungayifaka kanjani i-ClamAV nokuthi ungasebenza kanjani nesibonisi sayo kulayini womyalo.
I-BotHunter
IBotHunter uhlelo olususelwa kunethiwekhi lwe-botnet olulandela indlela yokugeleza kokuxhumana okubili phakathi kwekhompyutha yomuntu siqu ne-Intanethi. Ithuthukiswa futhi inakekelwa yiComputer Science Laboratory, i-SRI International, futhi iyatholakala ngeLinux ne-Unix, kepha manje sebekhiphe inguqulo eyimfihlo kanye ne-pre-release yeWindows.
Uma ufuna ukulanda lolu hlelo ungakwenza kusuka ku- lapha . Amaphrofayli wokutheleleka ngeBotHunter ajwayelekile atholakala ku- ~ cta-bh / BotHunter / LIVEPIPE / botHunterResults.txt.
Isibonelo sokusetshenziswa seBotHunter2Web.pl:
perl BotHunter2Web.pl [usuku YYYY-MM-DD] -i sampleresults.txt
avast! I-Linux Home Edition
avast! I-Linux Home Edition injini ye-antivirus enikezwa mahhala, kodwa kuphela ukusetshenziswa kwasekhaya hhayi ukusetshenziswa kwezebhizinisi. Ifaka isithwebuli somugqa womyalo futhi ngokuya ngesipiliyoni sombhali wenothi yoqobo, ithola amanye ama-Perl IRC bots aqukethe imisebenzi enobungozi efana nemisebenzi ye-udpflood ne-tcpflood, futhi ivumela umphathi wayo noma isilawuli se-bot ukuthi sisebenze Imiyalo engenakuphikiswa nokusetshenziswa kwesistimu () komsebenzi kaPerl.
Ungalanda le software unqulo wesi arab lapha .
I-NeoPI
INeoPI ngumbhalo wePython owusizo ekutholeni okuqukethwe okonakele nokubethelwe ngaphakathi kwamafayela ombhalo noma imibhalo. Inhloso yeNeoPI ukusiza ekutholeni ikhodi efihliwe kugobolondo lewebhu. Ukugxila kokuthuthuka kweNeoPI bekuwukwakha ithuluzi elingasetshenziswa ngokuhlangana nezinye izindlela ezijwayelekile zokusayina ezisayinwayo noma amagama asemqoka. Ungumbhalo we-cross-platform weWindows neLinux. Akusizi nje kuphela abasebenzisi ukuthola iminyango engemuva, kodwa futhi nemibhalo enobungozi efana namabhodlela e-IRC, amagobolondo e-udpflood, imibhalo esengozini, namathuluzi anonya.
Ukuze usebenzise lo mbhalo wePython, mane nje ulande ikhodi esizeni sayo esisemthethweni se-github bese uzulazula kusiqondisi sayo:
i-git clone https://github.com/Neohapsis/NeoPI.git cd NeoPI
I-Ourmon
I-Ourmon wuhlelo oluvulekile lwe-Unix-based and a common network packet sniffing tool ku-FreeBSD, kepha futhi ingasetshenziselwa ukuthola i-botnet njengoba u-Ashis Dash echaza ku-athikili yakhe enesihloko Ithuluzi Lokuthola I-Botnet: I-Ourmon ' kumagazini weClubhack noma weChmag.
Gweba
Futhi okokugcina, sinomyalo we-grep, oyithuluzi lomugqa womyalo onamandla ku-Unix neLinux. Kusetshenziselwe ukuthola nokuhlola amasethi wedatha yokuhlola imigqa efana nesisho esijwayelekile. Ngamafuphi, le nsiza yabhalwa nguKen Thompson ngoMashi 3, 1973 nge-Unix. Namuhla, i-Grep yaziwa ngokuthola nokusesha amagobolondo angaphandle anezinkinga nemibhalo enonya.
I-Grep nayo ingasetshenziselwa ukuthola imibhalo esengozini (ngokwesibonelo, umsebenzi we-PHP's shell_exec okuwumsebenzi onobungozi we-PHP ovumela ukwenziwa kwekhodi ekude noma ukwenziwa komyalo). Singawusebenzisa umyalo we-grep ukubheka i-Shell_exec () ukuze sizuze kumkhombandlela wethu / var / www ukubheka ukuthi kungenzeka yini amafayela we-PHP asengozini ye-ICE noma umjovo womyalo. Nanku umyalo:
grep-Rn "igobolondo_exec * (" / var / www
I-Grep iyithuluzi elihle lokuthola ngesandla nokuhlaziywa kwe-forensic.
Umthombo: I-Linuxaria & UTaringa
Mayelana ne- # Avast kuyesabeka… ngiyifakile futhi ayisebenzi nhlobo.
Indatshana enhle kakhulu… Kumele ngizame amanye amathuluzi!
Hewu! amathuluzi amahle kakhulu kepha i-avast ayingisebenzelanga ibambezela i-pc futhi ithathe ama-20 min. ukuqala
Ukukhuluma, Pablo 😀
Usuku oluhle,,
I-athikili iyathakazelisa, ngingu-newbie kulesi sihloko, ngakho-ke ngiyabuza, kunketho yokuqala uthi ungayifaka kanjani i-chkrootkit, bese umyalo wokuhlola ama-rootkits kanye neminyango engemuva ohlelweni, bese ngenzani? Ngiyazisusa, ngiyazikhansela, ngiyazivimba futhi uma kunjalo, ngizisusa noma ngizivimbe kanjani?
Gracias
I-athikili enhle
Sawubona, nginguFede, ngisekhasini lakho eliwusizo kakhulu, i-Linux ebukhoma ende nesoftware yamahhala ngenxa yezinkulungwane zabahleli nabaduni abavela emhlabeni wonke. ngiyabonga uLINUS TOORVALD, RICHARD STALLMAN, ERICK RAIMOND nabanye abaningi, sizokubona maduze futhi ngiyaxolisa ngamaphutha asemagameni athi NGIYABONGA.
Angiqondi lutho umama we-fucking!
Bheka, nami angiqondi okuningi, kodwa okunye ukuphawula kuthi bekukuhle.Clam av ngaphandle kokuthi inesifundo, ngicabanga ukuthi kungcono ukuzama lokho, akunjalo? XD
i-debcheckroot (https://www.elstel.org/debcheckroot/) kusuka ku-elstel.org ayitholakali kulolu hlu. Okwamanje iyithuluzi elihle kakhulu laphaya ukubona ama-rootkits. Iningi lezinhlelo ezifana ne-rkhunter ne-chkrootkit ngeke zisakwazi ukuthola i-rootkit ngokushesha nje lapho iguqulwe kancane. i-debcheckroot yehlukile. Iqhathanisa i-sha256sum yawo wonke amafayili afakiwe ngokumelene nesihloko sephakeji.