作者sheshark (sheshark)
看板Linux
標題[問題] 用rkhunter後門檢測得到的結果
時間Thu Sep 6 09:33:16 2012
有幾個warning
281 [09:17:35] /usr/bin/unhide.rb [ Warning ]
282 [09:17:35] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text
287 [09:17:35] /sbin/chkconfig [ Warning ]
288 [09:17:35] Warning: The command '/sbin/chkconfig' has been replaced by a sc ript: /sbin/chkconfig: a /usr/bin/perl script, ASCII text executable
1660 [09:22:28] Checking for enabled inetd services [ Warning ]
1661 [09:22:28] Warning: Found enabled inetd service: gds_db
1752 [09:23:22] Checking for hidden files and directories [ Warning ]
1753 [09:23:22] Warning: Hidden directory found: /dev/.udev
1754 [09:23:22] Warning: Hidden file found: /dev/.initramfs: symbolic link to `/ run/initramfs'
我中木馬了嗎?我的電腦現在只有53端口是開的,我還是感覺到我電腦上有木馬。
--
心情不好,做做瑜伽吧,伸伸懶腰,心情會變好的。
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 171.112.144.243
→ sheshark:那么說是沒問題了? 09/07 08:08
→ sheshark:只看懂部分內容 09/07 08:12
推 SunMoonLake:其實指令的部份不見得寫warning就一定有問題 09/08 02:01
→ SunMoonLake:像我朋友的機器su的權限都會自己改過 然後每次rkhunt 09/08 02:02
→ SunMoonLake:-er去檢查su的時候都會寫warning 但是實際上su根本不 09/08 02:02
→ SunMoonLake:會被一般使用者啟動 所以其實是沒有問題的 09/08 02:03
→ SunMoonLake:推測rkhunter對指令有一個檢驗的機制 看是否warning 09/08 02:03
→ SunMoonLake:但就指令的這個部份就算測了結果是warning也不見得一 09/08 02:03
→ SunMoonLake:定有必要性的問題 09/08 02:04