Into yokuqala okumele siyazi ukuthi yini i-heck eyi-Rootkit? Ngakho-ke impendulo siyishiya ku-Wikipedia:
I-rootkit wuhlelo oluvumela ukufinyelela okuqhubekayo okunamandla kwikhompyutha kepha kugcina ukusebenza kwayo kufihliwe ekuphathweni kwabaphathi ngokonakalisa ukusebenza okujwayelekile kohlelo lokusebenza noma ezinye izinhlelo zokusebenza. Leli gama livela ekuhlanganisweni kwegama lesiNgisi "impande" elisho impande (igama lendabuko le-akhawunti eyilungelo ezinhlelweni ezisebenzayo ze-Unix) nasegameni lesiNgisi elithi "kit" elisho isethi yamathuluzi (ngokubhekisele ezintweni zesoftware abenza lolu hlelo). Igama elithi "rootkit" linezincazelo ezingezinhle njengoba lihlotshaniswa ne-malware.
Ngamanye amagama, imvamisa ihlotshaniswa ne-malware, ezifihla kanye nezinye izinhlelo, izinqubo, amafayela, izinkomba, okhiye berejista, namachweba avumela umuntu ongenayo ukuthi agcine ukufinyelela kuzinhlelo eziningi zokusebenza ezifana I-GNU / Linux, i-Solaris noma i-Microsoft Windows ukuyala kude izenzo noma ukukhipha imininingwane ebucayi.
Yebo, incazelo enhle kakhulu kepha ngizivikela kanjani? Yebo, kulokhu okuthunyelwe ngeke ngikhulume ngokuthi singazivikela kanjani, kodwa nokuthi sizokwazi kanjani ukuthi sine-Rootkit ku-Operating System yethu. Ngikushiya kuzakwethu mayelana nokuvikelwa 😀
Into yokuqala esiyenzayo ukufaka iphakheji rkhunter. Kokunye ukusatshalaliswa ngicabanga ukuthi uyazi ukuthi ungakwenza kanjani, ku Debian:
$ sudo aptitude install rkhunter
Ukubuyekeza
Kufayela / etc / default / rkhunter Kuchazwa ukuthi izibuyekezo ze-database zenziwa masonto onke, ukuthi ukuqinisekiswa kwe- izimpande yansuku zonke nokuthi imiphumela ithunyelwa nge-imeyili kumlawuli wesistimu (izimpande).
Kodwa-ke, uma sifuna ukuqiniseka, singabuyekeza i-database ngomyalo olandelayo:
root@server:~# rkhunter --propupd
Ungayisebenzisa kanjani?
Ukuhlola ukuthi isistimu yethu ayinazo lezi "bugs" simane sisebenzise:
$ sudo rkhunter --check
Isicelo sizoqala ukwenza uchungechunge lwamasheke futhi ngokuhamba kwesikhathi sizosicela ukuthi sicindezele ukhiye we-ENTER ukuze uqhubeke. Yonke imiphumela kungaboniswana ngayo kufayela /var/log/rkhunter.log
Kunginika okuthile emuva kanje.
Futhi uma kutholakala "Izixwayiso", zisuswa kanjani? =)
Kufayela /var/log/rkhunter.log bakunikeza incazelo yokuthi kungani Isexwayiso, ezimweni eziningi kunganakwa.
Ozithobayo.
Ngiyabonga wanginika isifinyezo into efana naleyo, lapho ngathola khona Isexwayiso
Isifinyezo sokuhlolwa kwesistimu
=====================
Ukuhlolwa kwezakhiwo zefayela ...
Amafayela ahloliwe: 133
Amafayili okusolwa: 1
I-Rootkit ihlola ...
Ama-Rootkits ahloliwe: 242
Izimpande ezingaba khona: 0
Izicelo zihlola…
Konke amasheke kweqiwe
Ukuhlolwa kwesistimu kuthathe: iminithi eli-1 namasekhondi angu-46
Yonke imiphumela ibhalelwe ifayela le-log (/var/log/rkhunter.log)
Siyabonga ngethiphu, ihlolwe, umphumela we-RootKit.
Anginalo ulwazi oluningi lwe-bash kepha nge-arch yami ngenze okulandelayo njll / cron.dayli / rkhunter
#! / bin / sh
RKHUNTER = »/ usr / bin / rkhunter»
USUKU = »echo -e '\ n ############### # ## '»
I-DIR = »/ var / log / rkhunter.daily.log»
$ {DATE} >> $ {DIR}; $ {RKHUNTER} –ukubuyekeza; $ {RKHUNTER} –cronjob –report-ixwayiso-kuphela >> $ {DIR}; thekelisa BONISA =: 0 && yazisa-thumela "RKhunter ihlolwe"
Lokho ekwenzayo ukubuyekeza futhi kubheke i-rootkits ngokuyisisekelo bese kungishiya ngiye kufayela
Kuhloliwe, 0 i-RootKit, ngiyabonga ngokufaka.
Isifinyezo sokuhlolwa kwesistimu
=====================
Ukuhlolwa kwezakhiwo zefayela ...
Amafayela ahloliwe: 131
Amafayili okusolwa: 0
I-Rootkit ihlola ...
Ama-Rootkits ahloliwe: 242
Izimpande ezingaba khona: 2
Amagama eRootkit: Xzibit Rootkit, Xzibit Rootkit
I-Xzibit Rootkit… yini le ??? Kufanele ngiyisuse. Ngiyabonga kusengaphambili ngosizo. Sanibonani.
Bheka lesi sixhumanisi: http://www.esdebian.org/foro/46255/posible-rootkit-xzibit-rootkit
mhlawumbe isixazululo senkinga yakho.
Siyabonga ngesixhumanisi, u-Oscar. Ixazulule inkinga yami ngokuphelele. Angikholwa, isiphazamiso esitebeleni sami seDebian. I-apocalypse iyeza: oP Sanibonani.
0 izimpande 😀
Ngikuthola kuhlekisa ukuthi ngiphume ekuxwayiseni ifolda efihliwe eyenziwe nguJava (/etc/.java).
hahaha
Ukufaka okuhle, ngiyabonga.
Ukubingelela
Sawubona Elav. Sekuyisikhathi eside ngingaphawuli lapha, yize njalo lapho ngikwazi ngifunda ezinye izindatshana.
Namuhla nje bengibukeza izingqinamba zokuphepha futhi ngize ku-<inux
Ngigijime i-rkhunter ngathola ama-alamu:
/usr/bin/unhide.rb [Isexwayiso]
Isexwayiso: Umyalo '/usr/bin/unhide.rb' ungene esikhundleni sombhalo: /usr/bin/unhide.rb: Isikripthi seRuby, umbhalo we-ASCII
Ihlolela ushintsho lwefayela le-passwd [Isexwayiso]
Isexwayiso: I-postfix yomsebenzisi ingeziwe kufayela le-passwd.
Ihlolela izinguquko zefayela leqembu [Isexwayiso]
Isexwayiso: I-postfix yeqembu ingeziwe kufayela leqembu.
Isexwayiso: 'I-postdrop' yeqembu ingeziwe kufayela leqembu.
Ihlolela amafayela nezikhombisi ezifihliwe [Isexwayiso]
Isexwayiso: Kutholakale inkomba efihliwe: /etc/.java
Isexwayiso: Kutholakale inkomba efihliwe: /dev/.udev
Isexwayiso: Kutholwe ifayili elifihliwe: /dev/.initramfs: isixhumanisi esingokomfanekiso ku-`/ run / initramfs '
Isexwayiso: Ifayela elifihliwe litholakele: /usr/bin/android-sdk-linux/extras/android/support/v7/gridlayout/src/.readme: umbhalo we-ASCII
Isexwayiso: Kutholwe ifayili elifihliwe: /usr/bin/android-sdk-linux/extras/android/support/v7/gridlayout/.classpath: umbhalo wombhalo weXML
Isexwayiso: Kutholakale ifayela elifihliwe: /usr/bin/android-sdk-linux/extras/android/support/v7/gridlayout/.project: umbhalo wombhalo weXML
Ngifanele ngibachaze kanjani futhi yini okufanele ngiyenze ukuxazulula lezi zixwayiso?
Qaphela: Ngiyabona ukuthi owokugcina uhlobene ne-sdk-Android, engisanda kuyifaka ukuhlola uhlelo lokusebenza (singasusa uhlangothi lwayo lwe-rootkit bese siqhubeka silisebenzisa noma kungcono ukukwenza ngaphandle kwalo?).
Ngiyabingelela futhi ngiyaphinda ngiyakubongela ku-KZKG ^ Gaara, kini, nakubo bonke abanye abahlanganyeli (ngiyabona ukuthi iqembu selikhulile).
Uxolo ngiyafaka kepha okwamanje lapho ngisebenzisa lo myalo ngithola lokhu
umyalo:
ukhunter -c
iphutha:
Inketho yokumisa ye-BINDIR engavumelekile: Kutholwe umkhombandlela ongavumelekile: Java_HOME = / usr / lib / jvm / java-7-oracle
Futhi angiskene lutho, luhlala kanjena nje ayikho enye into engingayenza noma ngiyixazulula kanjani? Ngiyabonga ???
sawubona ngithole lo mphumela, ungangisiza ... ngiyabonga
Ihlola inethiwekhi ...
Ukwenza amasheke emachwebeni enethiwekhi
Ihlolela amachweba angaphandle [Akukho okutholakele]
Ihlolela amachweba afihliwe [Kweqiwe]
Ukwenza amasheke kuzindawo zokuxhumana zenethiwekhi
Ihlolela izixhumi ezibonakalayo zokuziphatha okuxekethile [Akukho okutholakele]
Ihlola umphathi wendawo ...
Yenza ukuhlolwa kwesistimu yokuqalisa
Ihlolela igama lomethuli wendawo [Kutholakele]
Ihlolela amafayela okuqalisa wesistimu [Kutholakele]
Ihlola amafayela okuqalisa wesistimu we-malware [Akukho okutholakele]
Ukwenza iqembu nokuhlolwa kwe-akhawunti
Ihlolela ifayela le-passwd [Kutholakele]
Ihlolela ama-akhawunti alingana nezimpande (i-UID 0) [Akukho okutholakele]
Ihlolela ama-akhawunti angenama-password [Akukho okutholakele]
Ihlolela ushintsho lwefayela le-passwd [Isexwayiso]
Ihlolela izinguquko zefayela leqembu [Isexwayiso]
Ihlola izimpendulo zomlando wegobolondo le-akhawunti [Akukho okutholakele]
Yenza amasheke wefayela lokumiswa kohlelo
Ihlolela ifayela lokumiswa kwe-SSH [Akutholakali]
Ihlolela ukusebenzisa i-syslog daemon [Kutholakele]
Ihlolela ifayela lokumiswa kwe-syslog [Kutholakele]
Ukuhlola ukuthi ukungena ngemvume okukude kwe-syslog kuvunyelwe [Akuvunyelwe]
Yenza ukuhlolwa kwesistimu yefayela
Ukuhlola / ukuhlela izinhlobo zamafayela ezisolisayo [Isexwayiso]
Ihlolela amafayela nezikhombisi ezifihliwe [Isexwayiso]