当前位置: 首页 > 图文教程 > 操作系统 > Unix/Linux > 1.网友文章:一Linux系统的入侵分析 (2002年6月11日)

Unix/Linux
vi的命令
如何判断Zend Optimizer安装成功
Linux常用的日志文件和常用命令
linux如何修改主机名
linux如何删除非空文件夹|linux怎么删除非空文件夹
gzip: stdin: unexpected end of file tar: Unexpected EOF in archive tar: Unexpect
vsftpd 配置例子
vsftpd 配置
vsftpd如何配置虚拟用户:PAM + PgSQL + FreeBSD-4
vsftp中文说明
VSFTP配置实例
vsftpd 配置(中)
怎么使用户能访问ftp,但不能远程登录
httpd: Could not determine the servers fully qualified domain name, using 127.0.
测试apache是否安装成功
apache 80端口无法打开|连接
make_sock: could not bind to address 0.0.0.0:443
kernel-headers下载
kernel-headers-2.2.1-4
找不到config.inc.php 没有config.inc.php这个文件

Unix/Linux 中的 1.网友文章:一Linux系统的入侵分析 (2002年6月11日)


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-11-01   浏览: 55 ::
收藏到网摘: n/a

/DownloadFiles\2005september\2005-09-13\(br> 我的一次入侵分析 /DownloadFiles\2005september\2005-09-13\(br> /DownloadFiles\2005september\2005-09-13\(br> /DownloadFiles\2005september\2005-09-13\(br>本来也不知道自己的机器有人进来了,因为放在内部,能经过NAT进来的几乎是 /DownloadFiles\2005september\2005-09-13\(br>不可能的,但无意登陆机器随便看看,发现有个glibc的动态库不见了,立刻到 /DownloadFiles\2005september\2005-09-13\(br>message /DownloadFiles\2005september\2005-09-13\(br>那看看,什么都没有。FT,立刻启动备份机器,把硬盘拔出来,插到我的其他服务 /DownloadFiles\2005september\2005-09-13\(br>器上检查。唉,果然。。。 /DownloadFiles\2005september\2005-09-13\(br> /DownloadFiles\2005september\2005-09-13\(br>[root@mail a]# la- la /DownloadFiles\2005september\2005-09-13\(br>bash: la-: command not found /DownloadFiles\2005september\2005-09-13\(br>[root@mail a]# ls -la /DownloadFiles\2005september\2005-09-13\(br>total 704 /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 23 root root 4096 Feb 2 08:08 . /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 7 root root 4096 Feb 5 18:15 .. /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 2 root root 4096 Oct 27 1999 .automount /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 2 root root 4096 Nov 23 20:26 CVS /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 2 root root 4096 Feb 2 08:08 bin /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 2 root root 4096 Feb 3 17:55 boot /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 2 root root 4096 Nov 23 22:04 command /DownloadFiles\2005september\2005-09-13\(br>-rw------- 1 root root 241664 Jan 28 23:01 core /DownloadFiles\2005september\2005-09-13\(br>就是这里溢出啦,看来是FTP或者SSH的问题,内部实验机器,内部IP /DownloadFiles\2005september\2005-09-13\(br>就懒得升级,结果。。。等下再gdm你好了。 /DownloadFiles\2005september\2005-09-13\(br> /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 7 root root 36864 Feb 2 08:08 dev /DownloadFiles\2005september\2005-09-13\(br>-rw-r--r-- 1 root root 330646 Feb 2 08:08 eddyrk.tar.gz /DownloadFiles\2005september\2005-09-13\(br>真要命,直接放,搞不懂是高手失误还是只会用别人的程序。 /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 38 root root 4096 Feb 4 23:23 etc /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 2 root root 4096 Nov 23 20:20 home /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 4 root root 4096 Nov 23 20:30 lib /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 2 root root 16384 Nov 23 20:20 lost+found /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 2 root root 4096 Oct 31 1999 misc /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 4 root root 4096 Nov 23 20:26 mnt /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-t 3 root root 4096 Nov 23 22:03 package /DownloadFiles\2005september\2005-09-13\(br>dr-xr-xr-x 2 root root 4096 Feb 7 1996 proc /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 2 qmails 507 4096 Dec 14 21:40 rk /DownloadFiles\2005september\2005-09-13\(br>就是这个rootkit!看来很多人用这个呢 /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 6 root root 4096 Feb 2 23:46 root /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 3 root root 4096 Feb 2 08:08 sbin /DownloadFiles\2005september\2005-09-13\(br> 看到这2个目录没有,已经给改动过了,不可信任。 /DownloadFiles\2005september\2005-09-13\(br> /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 2 root root 4096 Nov 23 21:40 service /DownloadFiles\2005september\2005-09-13\(br>drwxrwxrwt 3 root root 4096 Feb 4 23:01 tmp /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 16 root root 4096 Nov 23 20:29 usr /DownloadFiles\2005september\2005-09-13\(br>drwxr-xr-x 2 root root 4096 Nov 23 20:20 var /DownloadFiles\2005september\2005-09-13\(br>[root@mail a]# date /DownloadFiles\2005september\2005-09-13\(br>星期二 02 5 18:28:17 CST 2002 /DownloadFiles\2005september\2005-09-13\(br> /DownloadFiles\2005september\2005-09-13\(br> /DownloadFiles\2005september\2005-09-13\(br> /DownloadFiles\2005september\2005-09-13\(br> /DownloadFiles\2005september\2005-09-13\(br