Awọn irinṣẹ 5 lati Ọlọjẹ Olupin Linux kan fun Malware ati Rootkits

Ipele igbagbogbo ti awọn ikọlu giga ati awọn iwoye ibudo lori awọn olupin Linux ni gbogbo igba, lakoko ti ogiri ogiri ti a tunto daradara ati awọn imudojuiwọn eto aabo deede ṣe afikun Layer afikun lati tọju eto naa lailewu, ṣugbọn o yẹ ki o tun wo nigbagbogbo ti ẹnikẹni ba wọle. tun ṣe iranlọwọ lati rii daju pe olupin rẹ duro lainidii eyikeyi eto ti o ni ero lati dabaru iṣẹ ṣiṣe deede rẹ.

Awọn irinṣẹ ti a gbekalẹ ninu nkan yii ni a ṣẹda fun awọn ọlọjẹ aabo wọnyi ati pe wọn ni anfani lati ṣe idanimọ Iwoye, Malwares, Rootkits, ati awọn ihuwasi irira. O le lo awọn irinṣẹ wọnyi ṣe awọn ọlọjẹ eto nigbagbogbo fun apẹẹrẹ. ni gbogbo oru ati awọn ijabọ meeli si adirẹsi imeeli rẹ.

1. Lynis - Ṣiṣayẹwo Aabo ati Iwoye Rootkit

Lynis jẹ ọfẹ, orisun ṣiṣi, agbara ati iṣayẹwo aabo aabo olokiki ati irinṣẹ ọlọjẹ fun Unix/Linux bii awọn ọna ṣiṣe. O jẹ ọlọjẹ malware ati ẹrọ wiwa ailagbara ti o ṣe awari awọn eto fun alaye aabo ati awọn ọran, iduroṣinṣin faili, awọn aṣiṣe iṣeto; ṣe iṣatunwo ogiriina, sọwedowo sọfitiwia ti a fi sii, awọn igbanilaaye faili/itọsọna ati pupọ diẹ sii.

Ni pataki, ko ṣe aifọwọyi eto eyikeyi laifọwọyi, sibẹsibẹ, o nfunni ni awọn imọran ti o jẹ ki o le mu olupin rẹ le.

A yoo fi sori ẹrọ ẹya tuntun ti Lynis (bii 2.6.6) lati awọn orisun, ni lilo awọn ofin atẹle.

# cd /opt/
# wget https://downloads.cisofy.com/lynis/lynis-2.6.6.tar.gz
# tar xvzf lynis-2.6.6.tar.gz
# mv lynis /usr/local/
# ln -s /usr/local/lynis/lynis /usr/local/bin/lynis

Bayi o le ṣe ọlọjẹ eto rẹ pẹlu aṣẹ ni isalẹ.

# lynis audit system

Lati ṣe ṣiṣe Lynis laifọwọyi ni gbogbo oru, ṣafikun titẹsi cron atẹle, eyi ti yoo ṣiṣẹ ni 3 owurọ alẹ ati firanṣẹ awọn ijabọ si adirẹsi imeeli rẹ.

0 3 * * * /usr/local/bin/lynis --quick 2>&1 | mail -s "Lynis Reports of My Server" [email 

2. Chkrootkit - Awọn Linux Scanners Rootkit kan

Chkrootkit tun jẹ ọfẹ ọfẹ, aṣawari orisun orisun rootkit ti o ṣayẹwo ni agbegbe fun awọn ami ti rootkit lori awọn eto bii Unix. O ṣe iranlọwọ lati ri awọn ihò aabo ti o farasin. Apakan chkrootkit naa ni iwe afọwọkọ ikarahun kan ti o ṣayẹwo awọn binaries eto fun iyipada rootkit ati nọmba awọn eto ti o ṣayẹwo ọpọlọpọ awọn ọran aabo.

A le fi ohun elo chkrootkit sori ẹrọ nipa lilo pipaṣẹ atẹle lori awọn eto orisun Debian.

$ sudo apt install chkrootkit

Lori awọn eto orisun CentOS, o nilo lati fi sii lati awọn orisun nipa lilo awọn ofin atẹle.

# yum update
# yum install wget gcc-c++ glibc-static
# wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
# tar –xzf chkrootkit.tar.gz
# mkdir /usr/local/chkrootkit
# mv chkrootkit-0.52/* /usr/local/chkrootkit
# cd /usr/local/chkrootkit
# make sense

Lati ṣayẹwo olupin rẹ pẹlu Chkrootkit ṣiṣe aṣẹ wọnyi.

$ sudo chkrootkit 
OR
# /usr/local/chkrootkit/chkrootkit

Lọgan ti ṣiṣe, yoo bẹrẹ ṣayẹwo eto rẹ fun Malwares ti a mọ ati Rootkits ati lẹhin ilana naa ti pari, o le wo akopọ iroyin.

Lati ṣe ṣiṣe Chkrootkit laifọwọyi ni gbogbo oru, ṣafikun titẹsi cron atẹle, eyi ti yoo ṣiṣẹ ni 3 owurọ alẹ ati firanṣẹ awọn ijabọ si adirẹsi imeeli rẹ.

0 3 * * * /usr/sbin/chkrootkit 2>&1 | mail -s "chkrootkit Reports of My Server" [email 

Rkhunter - Awọn ọlọjẹ Rootkit Linux kan

RKH (RootKit Hunter) jẹ ọfẹ, orisun ṣiṣi, alagbara, rọrun lati lo ati irinṣẹ ti o mọ daradara fun ṣiṣayẹwo awọn ẹhin ita, awọn rootkits ati awọn iṣamulo agbegbe lori awọn ọna ṣiṣe ibamu POSIX bii Lainos. Bi orukọ rẹ ṣe tumọ si, o jẹ ọdẹ rootkit, ibojuwo aabo ati irinṣẹ itupalẹ ti o ṣayẹwo ayewo daradara lati rii awọn iho aabo ti o farasin.

A le fi ohun elo rkhunter sori ẹrọ nipa lilo pipaṣẹ atẹle lori Ubuntu ati awọn eto orisun CentOS.

$ sudo apt install rkhunter
# yum install epel-release
# yum install rkhunter

Lati ṣayẹwo olupin rẹ pẹlu rkhunter ṣiṣe aṣẹ atẹle.

# rkhunter -c

Lati ṣe ṣiṣe rkhunter laifọwọyi ni gbogbo oru, ṣafikun titẹsi cron atẹle, eyi ti yoo ṣiṣẹ ni 3 owurọ alẹ ati firanṣẹ awọn ijabọ si adirẹsi imeeli rẹ.

0 3 * * * /usr/sbin/rkhunter -c 2>&1 | mail -s "rkhunter Reports of My Server" [email 

4. ClamAV - Ohun elo irinṣẹ sọfitiwia Antivirus

ClamAV jẹ orisun ṣiṣi, wapọ, olokiki ati ẹrọ agbelebu-pẹpẹ ẹrọ antivirus lati wa awọn ọlọjẹ, malware, trojans ati awọn eto irira miiran lori kọnputa kan. O jẹ ọkan ninu awọn eto egboogi-ọfẹ ọfẹ ọfẹ ti o dara julọ fun Lainos ati boṣewa orisun orisun fun sọwedowo ẹnu-ọna meeli ti o ṣe atilẹyin fere gbogbo awọn ọna kika faili meeli.

O ṣe atilẹyin awọn imudojuiwọn ibi ipamọ data ọlọjẹ lori gbogbo awọn ọna ṣiṣe ati wíwo iwọle lori Linux nikan. Ni afikun, o le ṣe ọlọjẹ laarin awọn iwe-ipamọ ati awọn faili fisinuirindigbindigbin ati awọn ọna kika atilẹyin bi Zip, oda, 7Zip, Rar laarin awọn miiran ati awọn ẹya miiran diẹ sii.

ClamAV le fi sori ẹrọ ni lilo pipaṣẹ atẹle lori awọn eto orisun Debian.

$ sudo apt-get install clamav

ClamAV le fi sori ẹrọ ni lilo pipaṣẹ atẹle lori awọn eto orisun CentOS.

# yum -y update
# yum -y install clamav

Lọgan ti o ti fi sii, o le mu awọn ibuwọlu wọle ki o ṣayẹwo itọsọna kan pẹlu awọn ofin wọnyi.

# freshclam
# clamscan -r -i DIRECTORY

Nibiti Itọsọna jẹ ipo lati ọlọjẹ. Awọn aṣayan -r , tumọ si ọlọjẹ recursively ati -i tumọ si lati fihan awọn faili ti o ni arun nikan.

5. LMD - Linux Malware Ṣawari

LMD (Linux Malware Detect) jẹ orisun ṣiṣi, alagbara ati ẹya-ara ọlọjẹ malware ni kikun fun Lainos ti a ṣe apẹrẹ pataki ati fojusi ni awọn agbegbe ti o gbalejo pin, ṣugbọn o le lo lati ṣe awari awọn irokeke lori eyikeyi eto Linux. O le ṣepọ pẹlu ẹrọ ọlọjẹ ClamAV fun iṣẹ ti o dara julọ.

O pese eto eto iroyin ni kikun lati wo lọwọlọwọ ati awọn abajade ọlọjẹ iṣaaju, ṣe atilẹyin ijabọ itaniji imeeli lẹhin gbogbo ipaniyan ọlọjẹ ati ọpọlọpọ awọn ẹya ti o wulo.

Fun fifi sori LMD ati lilo, ka nkan wa Bawo ni lati Fi sii ati Lo Lainos Malware Detect (LMD) pẹlu ClamAV bi Ẹrọ Antivirus.

Iyẹn ni gbogbo fun bayi! Ninu nkan yii, a pin atokọ ti awọn irinṣẹ 5 lati ṣe ọlọjẹ olupin Linux kan fun malware ati rootkits. Jẹ ki a mọ ti awọn ero rẹ ninu apakan awọn ọrọ.