rootkit
One of the plagues of a server getting hacked is not realizing there has been an intrusion. This can lead to savvy malicious intruders who leave hidden tools that can capture authentication data, damage critical system files and monitor/relay traffic through a compromised server, often without detection.
服务器被黑客入侵的祸害之一是没有意识到入侵。 这可能会导致精明的恶意入侵者留下隐藏的工具,这些工具可以捕获经过身份验证的服务器的身份验证数据,损坏关键的系统文件并监视/中继流量,而这些流量通常不会被检测到。
These threats often come in the form of rootkits.
这些威胁通常以rootkit的形式出现。
While checking after the fact is probably not the best method, it is one way in keeping tabs on the integrity of your servers. The best practice is to have tools in place such as well-configured firewalls, difficult root passwords and applications that prevent or alarm on binary and configuration file changes (such as Tripwire).
虽然事后检查可能不是最好的方法,但这是保持服务器完整性的一种方法。 最佳实践是使用适当的工具,例如配置良好的防火墙,困难的root密码以及阻止或警告二进制文件和配置文件更改的应用程序(例如Tripwire )。
That said, when an administrator is concerned that something may be amiss on a system, a tool called chkrootkit, authored by Nelson Murilo and Klaus Steding-Jessen, can detect up to 56 different root kits on numerous platform variants including FreeBSD, Linux, Solaris, HP UX and others.
就是说,当管理员担心系统上可能存在某些问题时,由Nelson Murilo和Klaus Steding-Jessen创作的名为chkrootkit的工具可以在多种平台变体(包括FreeBSD,Linux,Solaris)上检测多达56种不同的root套件。 ,HP UX等。
It is amazingly easy to install, simply untar in a directory of your choice on your server, su to root and type ‘make sense’ within the chkrootkit directory. You can then execute ‘./chkrootkit’ as root and receive an onscreen report of the results. My preference is to let this run from time to time in cron and output the results to a file I can review when checking logs and performing general admin on my servers.
它非常容易安装,只需将其解压缩到服务器上您选择的目录中,然后su即可启动并在chkrootkit目录中键入“有意义”。 然后,您可以以root用户身份执行“ ./chkrootkit”,并收到结果的屏幕报告。 我的喜好是让它不定期在cron中运行,并将结果输出到一个文件,在检查日志并在服务器上执行常规管理时可以查看该文件。
rootkit
扫一扫
1618
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
