Linux后门入侵检测工具,附bash漏洞解决方法
作者:网络转载 发布时间:[ 2015/1/13 13:24:24 ] 推荐标签:软件开发 Linux 操作系统
#下面是第四部分,主要对网络、系统端口、系统启动文件、系统用户和组配置、SSH配置、文件系统等进行检测
Checking the network...
Performing checks on the network ports
Checking for backdoor ports [ None found ]
Performing checks on the network interfaces
Checking for promiscuous interfaces [ None found ]
Checking the local host...
Performing system boot checks
Checking for local host name [ Found ]
Checking for system startup files [ Found ]
Checking system startup files for malware [ None found ]
Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
....(略)....
[Press <ENTER> to continue]
#下面是第五部分,主要是对应用程序版本进行检测
Checking application versions...
Checking version of GnuPG[ OK ]
Checking version of OpenSSL [ Warning ]
Checking version of OpenSSH [ OK ]
#下面是后一部分,这个部分其实是上面输出的一个总结,通过这个总结,可以大概了解服务器目录的安全状态。
System checks summary
=====================
File properties checks...
Required commands check failed
Files checked: 137
Suspect files: 4
Rootkit checks...
Rootkits checked : 311
Possible rootkits: 0
Applications checks...
Applications checked: 3
Suspect applications: 1
The system checks took: 6 minutes and 41 seconds
在Linux终端使用rkhunter来检测,大的好处在于每项的检测结果都有不同的颜色显示,如果是绿色的表示没有问题,如果是红色的,那要引起关注了。另外,在上面执行检测的过程中,在每个部分检测完成后,需要以Enter键来继续。如果要让程序自动运行,可以执行如下命令:
[root@server ~]# /usr/local/bin/rkhunter –check –skip-keypress
同时,如果想让检测程序每天定时运行,那么可以在/etc/crontab中加入如下内容:
30 09 * * * root /usr/local/bin/rkhunter –check –cronjob
这样,rkhunter检测程序会在每天的9:30分运行一次。
安全更新:
刚刚爆出Bash安全漏洞,SSH bash紧急安全补丁!重要!
测试是否存在漏洞,执行以下命令:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
如果显示如上,那么,很遗憾,必须立即打上安全补丁修复,
临时解决办法为:
yum -y update bash
升级bash后,执行测试:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
如果显示如上,表示已经修补了漏洞。
sales@spasvo.com