Linux后门系列之adore(3)

Trying to detect hidden processes …Done.
Scanning /dev/mem for signatures. This may take a while …
Did not find any sign of a LKM rootkit.
我们隐藏一个进程看看
[root@RHEL4 determine]# ava i 1557
Checking for adore 0.12 or higher …
Adore 1.54 installed. Good luck.
Made PID 1557 invisible.

再检查
[root@RHEL4 determine]# ./determine
deter-mine LKM rootkit detector. (C) 2004 Stealth
Trying to detect hidden processes …
Process with PID 1557 does not have a appropriate /proc entry. Hidden?Done.
Scanning /dev/mem for signatures. This may take a while …
Unusual behaivior has been detected. Please consult the removal chapter of the README-file. <–发现了

2、chkrootkit
chkrootkit-0.46a这个可以发现隐藏了一个进程

3、rkhunter
rkhunter-1.2.8这个东西连隐藏进程都不去检查,还叫什么hunter….不过他在其他方面到是做的挺细心的。

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/wwsxyx.html