Saddex qalab oo lagu baaro Rootkit iyo Malware-ka Linux

Isaac

Daqiiqado 2

rootkit

Furin-jabinta ayaa kusii kordheysa Linux iyo rootkits waa dhibaato loogu talagalay * nix nidaamyada muddo dheer. Run maahan in * nix systems aysan aheyn inay leeyihiin antivirus ama ay dayacaan amniga, kaasoo u maleynaya inay tani aad u qaldan tahay. In kasta oo ay ka badbaado iyo suurtogalnimada qaabeynta ayaa noo oggolaaneysa inaan uga difaacno si ka wanaagsan, haddana waa inaanan dayacin amniga, maxaa yeelay tani waxay naga dhigeysaa kuwo nugul.

Sababtaas awgeed, waxaan kuu soo bandhigeynaa saddex aaladood oo wanaagsan oo ka saaraya malware iyo rootkit ka Linuxro distro. Kuwani saddex mashruuc ayaa naga caawin doona inaan nadaafadeena ka nadiifino hanjabaadaha. Mid ka mid ah mashaariicdani waa chkrootkit, aalad xariiq amar ah oo naga caawin doonta inaan ogaanno rootkits. Mid kale waa Lynis, oo ah aalad wanaagsan oo loogu talagalay hubinta amniga waxayna sidoo kale u shaqaysaa sidii iskaanka rootkit. Ugu dambeyntiina waxaan arki doonnaa ISPProject, iskaan loogu talagalay server-yada websaydhka oo naga caawin doona inaannu iskaanno malware.

para rakibi chkrootkit waxaan qabanaa waxyaabaha soo socda:

wget --pasive-ftp ftp://ftp.pangeia.com/br/pub/seg/pac/chkrootkit.tar.gz

tar xvfz chkrootkit.tar.gz

cd chkrootkit-*/

make sense

cd ..

mv chkrootkit-<version>/ /usr/local/chrootkit
ln -s /usr/local/chkrootkit/chkrootkit /usr/local/bin/chkrootkit

para adeegso, kaliya:

chkrootkit

Qalabka kale waa Lynis sidii aan soo sheegnay, si loo rakibo:

cd /tmp

wget https://cisofy.com/files/lynis-2.1.1.tar.gz

tar xvfz lynis-2.1.1.tar.gz

mv lynis /usr/local/

ln -s /usr/local/lynis/lynis /usr/local/bin/lynis

lynis update info

Hadda, waan awoodnaa u isticmaal si aad ula socoto nidaamkayaga:

lynis audit system

Ugu dambeyntii aaladda internetka ee 'ISPProtect', inaad ubaahantahay inaad horey PHP uguxirato kumbuyuutarkayaga, hadaanan horey u haysan, horay usii rakib:

mkdir -p /usr/local/ispprotect

chown -R root:root /usr/local/ispprotect

chmod -R 750 /usr/local/ispprotect

cd /usr/local/ispprotect

wget http://www.ispprotect.com/download/ispp_scan.tar.gz

tar xzf ispp_scan.tar.gz

rm -f ispp_scan.tar.gz

ln -s /usr/local/ispprotect/ispp_scan /usr/local/bin/ispp_scan

Qalabkan ugu dambeeya ayaa si gaar ah ugufiican iskaan sita kombiyuutarada u shaqeeya sidii server. Iyo inaad u isticmaasho:

ispp_scan

Ka tag faalladaada

cinwaanka email aan la daabacin doonaa. Beeraha loo baahan yahay waxaa lagu calaamadeeyay la *

*

*

  1. Ka mas'uul ah xogta: AB Internet Networks 2008 SL
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.

  1.   federico dijo
    samee 8 sano

    Rkhunter aad buu uga sareeyaa Chkrootkit. Ka taxaddar Chkrootkit, badiyaa waxay bixisaa wax been abuur ah, soo gelintu aad ayey u wanaagsan tahay gaar ahaanna qoraalka si aad u abuurto qalad aad adigu leedahay. : D

    Ku jawaab feederico
    1.    Isaaq PE dijo
      samee 8 sano

      Waad salaaman tahay, dabcan, waxaa jira in kabadan kuwa aan ku qoray maqaalka ... Oo sidaad uhadashay, waan ilaaway inaan kahadlo fikradaha beenta ah ee been abuurka ah, laakiin waa runtaa in mararka qaar ay ogaato feylal shaki leh oo aan ahayn rootkits.

      Mahadsanid!

      Jawaab Isaaq PE
  2.   JOSE dijo
    samee 8 sano

    Waxaan kula joogaa in Rkhunter uu ka sareeyo, mowduuca been abuurka ah. Sikastaba xaalku ha ahaadee, waxaa fiicnaan laheyd inaad kahadasho waxa la sameynayo haddii ay dhacdo in malware laga helo labada barnaamij ee Chkrootkit ama Rkhunter, iyo haddii barnaamijyadan loo adeegsado bug ama malware-ka aan lagu baabi'in karin deegaanka unix ama Linux, tillaabooyinka la raacayo xiga. Waxaan sidoo kale jeclaan lahaa inaan ogaado haddii deegaanadan Antimalware ee loogu talagalay unix labadaba barnaamijka Rkhunter ama Chkrootkit ay yihiin illaa heerka la isku halleyn karo iyo haddii cusbooneysiintu ay joogto u tahay sharraxaadda malware, maxaa yeelay inta aan ogahay, cusbooneysiintooda barnaamijyadan si dhakhso leh ayaa loo cusbooneysiiyaa Had iyo jeer, bilooyin xitaa way dhaafi karaan inta udhaxeysa cusbooneysiinta.
    Waxaan sidoo kale doonayay inaan ogaado haddii Clamav antivirus loogu talagalay deegaanka unix iyo Linux halkaas oo cusbooneysiinta amniga ay ka joogto badan tahay Rkhunter iyo Chkrootkit haddii ay u adeegto oo kaliya in la ogaado oo la baabi'iyo hanjabaadaha daaqadaha aagga unix, ama waxay baabi'ineysaa labada hanjabaad ee daaqadaha iyo sidoo kale unix bay'adaha isku mar. Mahadsanid

    Kujawaab JOSE
  3.   Ruben dijo
    samee 8 sano

    Waxaan qabaa shaki lamid ah sida José. Laakiin haye, waxaan u maleynayaa in hadda oo ay "na weerarayaan" inbadan ay ka soo bixi doonaan macluumaad dheeraad ah oo ku saabsan sida loo ilaaliyo Linux.

    Ku jawaab Rubén
  4.   JOSE dijo
    samee 8 sano

    Wararkii ugu dambeeyay ee Linux ee ku saabsan amnigaaga:
    http://www.redeszone.net/2016/02/17/un-fallo-en-la-libreria-c-de-gnu-expone-la-seguridad-de-miles-de-aplicaciones-y-dispositivos-linux/

    Kujawaab JOSE
  5.   JOSE dijo
    samee 8 sano

    Wararkii ugu dambeeyay ee khataraha amniga:
    http://www.redeszone.net/2016/02/17/wajam-un-adware-que-se-utiliza-para-distribuir-troyanos-y-exploits/

    Kujawaab JOSE
  6.   JOSE dijo
    samee 8 sano

    Sidee loo saaraa Wajam:
    https://www.bugsfighter.com/es/remove-wajam-ads/

    Kujawaab JOSE
  7.   juanjp2012 dijo
    samee 8 sano

    Maxaan ugala soo baxayaa chkrootkit wget –pasive-ftp aan la garanayn oo shaki ku jiro ftp://ftp.pangeia.com/br/pub/seg/pac/chkrootkit.tar.gz, haddii aan ku haysto bakhaarrada Ubuntu.

    Jawaab juanjp2012