내용으로 건너뛰기
마인테크WIKI
사용자 도구
로그인
사이트 도구
도구
문서 보기
이전 판
백링크
최근 바뀜
미디어 관리
사이트맵
로그인
최근 바뀜
미디어 관리
사이트맵
추적:
secu002
이 문서는 읽기 전용입니다. 원본을 볼 수는 있지만 바꿀 수는 없습니다. 문제가 있다고 생각하면 관리자에게 문의하세요.
<file> #!/bin/bash echo "SHV Rootkit checker by alex [at] evilcoder.net" if [ $# -ne 1 ] then echo "This is a SHV5 rootkit remover" echo "This script is released as it is and i can't be held responsable for any damages" echo "This script has been tested on Debian , Ubuntu and CentOS servers " echo "You must agree with that" echo "Usage : $0 yes" exit 1 fi if [ "$1" != "yes" ]; then echo "You should agree" exit 1 elif [ "$1" == "yes" ]; then echo "Thanks" fi #checking Linux type OS=`cat /etc/issue|cut -d " " -f 1 | head -1` if [ -d "/usr/lib/libsh" ]; then echo "We have SHV rootkit" else echo "You don't have shv5 installed" exit 1 fi echo "System Check" if [ "$OS" == "Debian" ]; then echo "We have Debian" echo "Removing immutable from infected files" chattr -sia /bin/dir chattr -sia /usr/bin/find chattr -sia /sbin/ifconfig chattr -sia /bin/ls chattr -sia /usr/bin/lsof chattr -sia /usr/bin/md5sum chattr -sia /bin/netstat chattr -sia /bin/ps chattr -sia /usr/bin/pstree chattr -sia /usr/bin/top chattr -sia /lib/libsh.so chattr -sia /usr/lib/libsh chattr -sia /usr/lib/libsh/* chattr -sia /etc/sh.conf chattr -sia /sbin/ttymon chattr -sia /sbin/ttyload echo "Deleting rootkit folders" rm -rf /lib/libsh.so rm -rf /usr/lib/libsh/ rm -rf /etc/sh.conf rm -rf /sbin/ttyload rm -rf /sbin/ttymon echo "Reinstall new files" apt-get update >>/dev/null apt-get -y install --reinstall coreutils binutils net-tools psmisc lsof procps findutils >>/dev/null echo "Killing Rootkit" killall -9 ttymon echo "You should reboot to finish cleaning" elif [ "$OS" == "Ubuntu" ];then echo "We have Ubuntu" echo "Removing immutable from Ubuntu known infected files" chattr -sia /bin/dir chattr -sia /usr/bin/find chattr -sia /sbin/ifconfig chattr -sia /bin/ls chattr -sia /usr/bin/lsof chattr -sia /usr/bin/md5sum chattr -sia /bin/netstat chattr -sia /bin/ps chattr -sia /usr/bin/pstree chattr -sia /usr/bin/top chattr -sia /lib/libsh.so chattr -sia /usr/lib/libsh chattr -sia /usr/lib/libsh/* chattr -sia /etc/sh.conf chattr -sia /sbin/ttymon chattr -sia /sbin/ttyload echo "Deleting rootkit folders" rm -rf /lib/libsh.so rm -rf /usr/lib/libsh/ rm -rf /etc/sh.conf rm -rf /sbin/ttyload rm -rf /sbin/ttymon echo "Reinstall new files" apt-get update >>/dev/null apt-get -y install --reinstall coreutils binutils net-tools psmisc lsof procps findutils >>/dev/null echo "Killing Rootkit" killall -9 ttymon echo "You should reboot to finish cleaning" elif [ "$OS" == "CentOS" ];then echo "We got CentOS" echo "Removing immutable flag from CentOS known infected files" chattr -sia /usr/bin/dir chattr -sia /usr/bin/find chattr -sia /sbin/ifconfig chattr -sia /bin/ls chattr -sia /usr/sbin/lsof chattr -sia /usr/bin/md5sum chattr -sia /bin/netstat chattr -sia /bin/ps chattr -sia /usr/bin/pstree chattr -sia /usr/bin/top chattr -sia /lib/libsh.so chattr -sia /usr/lib/libsh chattr -sia /usr/lib/libsh/* chattr -sia /etc/sh.conf chattr -sia /sbin/ttymon chattr -sia /sbin/ttyload echo "Deleting rootkit folders" rm -rf /lib/libsh.so rm -rf /usr/lib/libsh/ rm -rf /etc/sh.conf rm -rf /sbin/ttyload rm -rf /sbin/ttymon echo "Reinstall new files" yum -y reinstall coreutils binutils net-tools psmisc lsof procps findutils >>/dev/null echo "Killing Rootkit" killall -9 ttymon echo "You should reboot to finish cleaning" fi fi </file>
secu002.1421996235.txt.gz
· 마지막으로 수정됨: 2015/01/23 15:57 저자
minetech
문서 도구
문서 보기
이전 판
백링크
맨 위로