Furin-jabinta ayaa kusii kordheysa Linux iyo rootkits waa dhibaato loogu talagalay * nix nidaamyada muddo dheer. Run maahan in * nix systems aysan aheyn inay leeyihiin antivirus ama ay dayacaan amniga, kaasoo u maleynaya inay tani aad u qaldan tahay. In kasta oo ay ka badbaado iyo suurtogalnimada qaabeynta ayaa noo oggolaaneysa inaan uga difaacno si ka wanaagsan, haddana waa inaanan dayacin amniga, maxaa yeelay tani waxay naga dhigeysaa kuwo nugul.
Sababtaas awgeed, waxaan kuu soo bandhigeynaa saddex aaladood oo wanaagsan oo ka saaraya malware iyo rootkit ka Linuxro distro. Kuwani saddex mashruuc ayaa naga caawin doona inaan nadaafadeena ka nadiifino hanjabaadaha. Mid ka mid ah mashaariicdani waa chkrootkit, aalad xariiq amar ah oo naga caawin doonta inaan ogaanno rootkits. Mid kale waa Lynis, oo ah aalad wanaagsan oo loogu talagalay hubinta amniga waxayna sidoo kale u shaqaysaa sidii iskaanka rootkit. Ugu dambeyntiina waxaan arki doonnaa ISPProject, iskaan loogu talagalay server-yada websaydhka oo naga caawin doona inaannu iskaanno malware.
para rakibi chkrootkit waxaan qabanaa waxyaabaha soo socda:
wget --pasive-ftp ftp://ftp.pangeia.com/br/pub/seg/pac/chkrootkit.tar.gz tar xvfz chkrootkit.tar.gz cd chkrootkit-*/ make sense cd .. mv chkrootkit-<version>/ /usr/local/chrootkit ln -s /usr/local/chkrootkit/chkrootkit /usr/local/bin/chkrootkit
para adeegso, kaliya:
chkrootkit
Qalabka kale waa Lynis sidii aan soo sheegnay, si loo rakibo:
cd /tmp wget https://cisofy.com/files/lynis-2.1.1.tar.gz tar xvfz lynis-2.1.1.tar.gz mv lynis /usr/local/ ln -s /usr/local/lynis/lynis /usr/local/bin/lynis lynis update info
Hadda, waan awoodnaa u isticmaal si aad ula socoto nidaamkayaga:
lynis audit system
Ugu dambeyntii aaladda internetka ee 'ISPProtect', inaad ubaahantahay inaad horey PHP uguxirato kumbuyuutarkayaga, hadaanan horey u haysan, horay usii rakib:
mkdir -p /usr/local/ispprotect chown -R root:root /usr/local/ispprotect chmod -R 750 /usr/local/ispprotect cd /usr/local/ispprotect wget http://www.ispprotect.com/download/ispp_scan.tar.gz tar xzf ispp_scan.tar.gz rm -f ispp_scan.tar.gz ln -s /usr/local/ispprotect/ispp_scan /usr/local/bin/ispp_scan
Qalabkan ugu dambeeya ayaa si gaar ah ugufiican iskaan sita kombiyuutarada u shaqeeya sidii server. Iyo inaad u isticmaasho:
ispp_scan
Rkhunter aad buu uga sareeyaa Chkrootkit. Ka taxaddar Chkrootkit, badiyaa waxay bixisaa wax been abuur ah, soo gelintu aad ayey u wanaagsan tahay gaar ahaanna qoraalka si aad u abuurto qalad aad adigu leedahay. : D
Waad salaaman tahay, dabcan, waxaa jira in kabadan kuwa aan ku qoray maqaalka ... Oo sidaad uhadashay, waan ilaaway inaan kahadlo fikradaha beenta ah ee been abuurka ah, laakiin waa runtaa in mararka qaar ay ogaato feylal shaki leh oo aan ahayn rootkits.
Mahadsanid!
Waxaan kula joogaa in Rkhunter uu ka sareeyo, mowduuca been abuurka ah. Sikastaba xaalku ha ahaadee, waxaa fiicnaan laheyd inaad kahadasho waxa la sameynayo haddii ay dhacdo in malware laga helo labada barnaamij ee Chkrootkit ama Rkhunter, iyo haddii barnaamijyadan loo adeegsado bug ama malware-ka aan lagu baabi'in karin deegaanka unix ama Linux, tillaabooyinka la raacayo xiga. Waxaan sidoo kale jeclaan lahaa inaan ogaado haddii deegaanadan Antimalware ee loogu talagalay unix labadaba barnaamijka Rkhunter ama Chkrootkit ay yihiin illaa heerka la isku halleyn karo iyo haddii cusbooneysiintu ay joogto u tahay sharraxaadda malware, maxaa yeelay inta aan ogahay, cusbooneysiintooda barnaamijyadan si dhakhso leh ayaa loo cusbooneysiiyaa Had iyo jeer, bilooyin xitaa way dhaafi karaan inta udhaxeysa cusbooneysiinta.
Waxaan sidoo kale doonayay inaan ogaado haddii Clamav antivirus loogu talagalay deegaanka unix iyo Linux halkaas oo cusbooneysiinta amniga ay ka joogto badan tahay Rkhunter iyo Chkrootkit haddii ay u adeegto oo kaliya in la ogaado oo la baabi'iyo hanjabaadaha daaqadaha aagga unix, ama waxay baabi'ineysaa labada hanjabaad ee daaqadaha iyo sidoo kale unix bay'adaha isku mar. Mahadsanid
Waxaan qabaa shaki lamid ah sida José. Laakiin haye, waxaan u maleynayaa in hadda oo ay "na weerarayaan" inbadan ay ka soo bixi doonaan macluumaad dheeraad ah oo ku saabsan sida loo ilaaliyo Linux.
Wararkii ugu dambeeyay ee Linux ee ku saabsan amnigaaga:
http://www.redeszone.net/2016/02/17/un-fallo-en-la-libreria-c-de-gnu-expone-la-seguridad-de-miles-de-aplicaciones-y-dispositivos-linux/
Wararkii ugu dambeeyay ee khataraha amniga:
http://www.redeszone.net/2016/02/17/wajam-un-adware-que-se-utiliza-para-distribuir-troyanos-y-exploits/
Sidee loo saaraa Wajam:
https://www.bugsfighter.com/es/remove-wajam-ads/
Maxaan ugala soo baxayaa chkrootkit wget –pasive-ftp aan la garanayn oo shaki ku jiro ftp://ftp.pangeia.com/br/pub/seg/pac/chkrootkit.tar.gz, haddii aan ku haysto bakhaarrada Ubuntu.