문서의 이전 판입니다!
#!/bin/bash echo "SHV Rootkit checker by alex [at] evilcoder.net" if [ $# -ne 1 ] then echo "This is a SHV5 rootkit remover" echo "This script is released as it is and i can't be held responsable for any damages" echo "This script has been tested on Debian , Ubuntu and CentOS servers " echo "You must agree with that" echo "Usage : $0 yes" exit 1 fi if [ "$1" != "yes" ]; then echo "You should agree" exit 1 elif [ "$1" == "yes" ]; then echo "Thanks" fi #checking Linux type OS=`cat /etc/issue|cut -d " " -f 1 | head -1` if [ -d "/usr/lib/libsh" ]; then echo "We have SHV rootkit" else echo "You don't have shv5 installed" exit 1 fi echo "System Check" if [ "$OS" == "Debian" ]; then echo "We have Debian" echo "Removing immutable from infected files" chattr -sia /bin/dir chattr -sia /usr/bin/find chattr -sia /sbin/ifconfig chattr -sia /bin/ls chattr -sia /usr/bin/lsof chattr -sia /usr/bin/md5sum chattr -sia /bin/netstat chattr -sia /bin/ps chattr -sia /usr/bin/pstree chattr -sia /usr/bin/top chattr -sia /lib/libsh.so chattr -sia /usr/lib/libsh chattr -sia /usr/lib/libsh/* chattr -sia /etc/sh.conf chattr -sia /sbin/ttymon chattr -sia /sbin/ttyload echo "Deleting rootkit folders" rm -rf /lib/libsh.so rm -rf /usr/lib/libsh/ rm -rf /etc/sh.conf rm -rf /sbin/ttyload rm -rf /sbin/ttymon echo "Reinstall new files" apt-get update >>/dev/null apt-get -y install --reinstall coreutils binutils net-tools psmisc lsof procps findutils >>/dev/null echo "Killing Rootkit" killall -9 ttymon echo "You should reboot to finish cleaning" elif [ "$OS" == "Ubuntu" ];then echo "We have Ubuntu" echo "Removing immutable from Ubuntu known infected files" chattr -sia /bin/dir chattr -sia /usr/bin/find chattr -sia /sbin/ifconfig chattr -sia /bin/ls chattr -sia /usr/bin/lsof chattr -sia /usr/bin/md5sum chattr -sia /bin/netstat chattr -sia /bin/ps chattr -sia /usr/bin/pstree chattr -sia /usr/bin/top chattr -sia /lib/libsh.so chattr -sia /usr/lib/libsh chattr -sia /usr/lib/libsh/* chattr -sia /etc/sh.conf chattr -sia /sbin/ttymon chattr -sia /sbin/ttyload echo "Deleting rootkit folders" rm -rf /lib/libsh.so rm -rf /usr/lib/libsh/ rm -rf /etc/sh.conf rm -rf /sbin/ttyload rm -rf /sbin/ttymon echo "Reinstall new files" apt-get update >>/dev/null apt-get -y install --reinstall coreutils binutils net-tools psmisc lsof procps findutils >>/dev/null echo "Killing Rootkit" killall -9 ttymon echo "You should reboot to finish cleaning" elif [ "$OS" == "CentOS" ];then echo "We got CentOS" echo "Removing immutable flag from CentOS known infected files" chattr -sia /usr/bin/dir chattr -sia /usr/bin/find chattr -sia /sbin/ifconfig chattr -sia /bin/ls chattr -sia /usr/sbin/lsof chattr -sia /usr/bin/md5sum chattr -sia /bin/netstat chattr -sia /bin/ps chattr -sia /usr/bin/pstree chattr -sia /usr/bin/top chattr -sia /lib/libsh.so chattr -sia /usr/lib/libsh chattr -sia /usr/lib/libsh/* chattr -sia /etc/sh.conf chattr -sia /sbin/ttymon chattr -sia /sbin/ttyload echo "Deleting rootkit folders" rm -rf /lib/libsh.so rm -rf /usr/lib/libsh/ rm -rf /etc/sh.conf rm -rf /sbin/ttyload rm -rf /sbin/ttymon echo "Reinstall new files" yum -y reinstall coreutils binutils net-tools psmisc lsof procps findutils >>/dev/null echo "Killing Rootkit" killall -9 ttymon echo "You should reboot to finish cleaning" fi fi