Paylaşımlı hosting sunucularınıza izinsiz şekilde atılan sheller ile siteniz , Sanal sunucunuz veya tüm sunucunuz hacklenerek kötü durumlara düşmemeniz için suucuda genel shell taraması ve hesaplara özel shell taraması yapmanızı sağlayan maldet size tanıtacağım.
maldet ile Sunucunuzda shell taraması yapabilir c99 , r57 basit lamer shelleri testpit eder ve ortadan kaldırır.
maldet kullanımı oldukça kolay olmakla birlikte sanal sunucunuza hiç bir olumsuz etkisi olmaz
maldet kurulumuna geçelim ;
1.Adım
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
2.Adım
tar zxvf maldetect-current.tar.gz
3.Adım
cd maldet*
4.Adım
sh install.sh
kurulumu bu kadar..
5.Adım
maldet -a /home/?/public_html
İle tüm sunucunuzu shell taramasından geçirebilir tarma sonrası size sonuçları verecektir.
Aşağıda sunucu üzerinde yapılan shell taramasının örneğine bakabilirsiniz.
1.Komut
[root@server ~]# wget http://rfxn.com/downloads/maldetect-current.tar.gz
--2015-12-13 01:36:10-- http://rfxn.com/downloads/maldetect-current.tar.gz
Resolving rfxn.com... 129.121.132.46
Connecting to rfxn.com|129.121.132.46|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1135265 (1.1M) [application/x-gzip]
Saving to: `maldetect-current.tar.gz'
Resolving rfxn.com... 129.121.132.46
Connecting to rfxn.com|129.121.132.46|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1135265 (1.1M) [application/x-gzip]
Saving to: `maldetect-current.tar.gz'
100%[======================================>] 1,135,265 776K/s in 1.4s
2015-12-13 01:36:12 (776 KB/s) - `maldetect-current.tar.gz' saved [1135265/11352 65]
2.Komut
[root@server ~]# tar zxvf maldetect-current.tar.gz
maldetect-1.5/
maldetect-1.5/CHANGELOG
maldetect-1.5/cron.daily
maldetect-1.5/CHANGELOG.VARIABLES
maldetect-1.5/README
maldetect-1.5/files/
maldetect-1.5/files/uninstall.sh
maldetect-1.5/files/hookscan.sh
maldetect-1.5/files/ignore_file_ext
maldetect-1.5/files/sigs/
maldetect-1.5/files/sigs/md5v2.dat
maldetect-1.5/files/sigs/rfxn.ndb
maldetect-1.5/files/sigs/appver/
maldetect-1.5/files/sigs/appver/wordpress.ver
maldetect-1.5/files/sigs/md5.dat
maldetect-1.5/files/sigs/hex.dat
maldetect-1.5/files/sigs/maldet.sigs.ver
maldetect-1.5/files/sigs/rfxn.hdb
maldetect-1.5/files/internals/
maldetect-1.5/files/internals/functions
maldetect-1.5/files/internals/hexstring.pl
maldetect-1.5/files/internals/tlog
maldetect-1.5/files/internals/scan.etpl
maldetect-1.5/files/internals/internals.conf
maldetect-1.5/files/internals/hexfifo.pl
maldetect-1.5/files/VERSION.hash
maldetect-1.5/files/ignore_inotify
maldetect-1.5/files/maldet
maldetect-1.5/files/conf.maldet
maldetect-1.5/files/clean/
maldetect-1.5/files/clean/js.inject.VisitorTracker
maldetect-1.5/files/clean/gzbase64.inject.unclassed
maldetect-1.5/files/clean/base64.inject.unclassed
maldetect-1.5/files/clean/php.brute.bf1lic
maldetect-1.5/files/service/
maldetect-1.5/files/service/maldet.sysconfig
maldetect-1.5/files/service/maldet.sh
maldetect-1.5/files/service/maldet.service
maldetect-1.5/files/sess/
maldetect-1.5/files/monitor_paths
maldetect-1.5/files/ignore_paths
maldetect-1.5/files/ignore_sigs
maldetect-1.5/files/modsec.sh
maldetect-1.5/cron.d.pub
maldetect-1.5/COPYING.GPL
maldetect-1.5/CHANGELOG.RELEASE
maldetect-1.5/.ca.def
maldetect-1.5/install.sh
maldetect-1.5/CHANGELOG
maldetect-1.5/cron.daily
maldetect-1.5/CHANGELOG.VARIABLES
maldetect-1.5/README
maldetect-1.5/files/
maldetect-1.5/files/uninstall.sh
maldetect-1.5/files/hookscan.sh
maldetect-1.5/files/ignore_file_ext
maldetect-1.5/files/sigs/
maldetect-1.5/files/sigs/md5v2.dat
maldetect-1.5/files/sigs/rfxn.ndb
maldetect-1.5/files/sigs/appver/
maldetect-1.5/files/sigs/appver/wordpress.ver
maldetect-1.5/files/sigs/md5.dat
maldetect-1.5/files/sigs/hex.dat
maldetect-1.5/files/sigs/maldet.sigs.ver
maldetect-1.5/files/sigs/rfxn.hdb
maldetect-1.5/files/internals/
maldetect-1.5/files/internals/functions
maldetect-1.5/files/internals/hexstring.pl
maldetect-1.5/files/internals/tlog
maldetect-1.5/files/internals/scan.etpl
maldetect-1.5/files/internals/internals.conf
maldetect-1.5/files/internals/hexfifo.pl
maldetect-1.5/files/VERSION.hash
maldetect-1.5/files/ignore_inotify
maldetect-1.5/files/maldet
maldetect-1.5/files/conf.maldet
maldetect-1.5/files/clean/
maldetect-1.5/files/clean/js.inject.VisitorTracker
maldetect-1.5/files/clean/gzbase64.inject.unclassed
maldetect-1.5/files/clean/base64.inject.unclassed
maldetect-1.5/files/clean/php.brute.bf1lic
maldetect-1.5/files/service/
maldetect-1.5/files/service/maldet.sysconfig
maldetect-1.5/files/service/maldet.sh
maldetect-1.5/files/service/maldet.service
maldetect-1.5/files/sess/
maldetect-1.5/files/monitor_paths
maldetect-1.5/files/ignore_paths
maldetect-1.5/files/ignore_sigs
maldetect-1.5/files/modsec.sh
maldetect-1.5/cron.d.pub
maldetect-1.5/COPYING.GPL
maldetect-1.5/CHANGELOG.RELEASE
maldetect-1.5/.ca.def
maldetect-1.5/install.sh
3.Komut
[root@server ~]# cd maldet*
4.Komut
[root@server maldetect-1.5]# sh install.sh
Linux Malware Detect v1.5
(C) 2002-2015, R-fx Networks <proj@r-fx.org>
(C) 2015, Ryan MacDonald <ryan@r-fx.org>
This program may be freely redistributed under the terms of the GNU GPL
installation completed to /usr/local/maldetect
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
maldet(24440): {sigup} performing signature update check...
maldet(24440): {sigup} local signature set is version 2015112028602
maldet(24440): {sigup} latest signature set already installed
config file: /usr/local/maldetect/conf.maldet
exec file: /usr/local/maldetect/maldet
exec link: /usr/local/sbin/maldet
exec link: /usr/local/sbin/lmd
cron.daily: /etc/cron.daily/maldet
maldet(24440): {sigup} performing signature update check...
maldet(24440): {sigup} local signature set is version 2015112028602
maldet(24440): {sigup} latest signature set already installed
5.Komut ("CD /home" komutu isteğe bağlı)
[root@server maldetect-1.5]# cd /home/
5.1.Komut
[root@server home]# maldet -a /home/?/public_html
Linux Malware Detect v1.5
(C) 2002-2015, R-fx Networks <proj@rfxn.com>
(C) 2015, Ryan MacDonald <ryan@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2
(C) 2002-2015, R-fx Networks <proj@rfxn.com>
(C) 2015, Ryan MacDonald <ryan@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2
maldet(24737): {scan} signatures loaded: 10822 (8908 MD5 / 1914 HEX / 0 USER)
maldet(24737): {scan} building file list for /home/*/public_html, this might tak e awhile...
maldet(24737): {scan} setting nice scheduler priorities for all operations: cpun ice 19 , ionice 6
maldet(24737): {scan} file list completed in 0s, found 350 files...
maldet(24737): {scan} scan of /home/*/public_html (350 files) in progress...
maldet(24737): {scan} 350/350 files scanned: 0 hits 0 cleaned
maldet(24737): {scan} scan completed on /home/*/public_html: files 350, malware hits 0, cleaned hits 0, time 12s
maldet(24737): {scan} scan report saved, to view run: maldet --report 151213-014 1.24737
maldet(24737): {scan} building file list for /home/*/public_html, this might tak e awhile...
maldet(24737): {scan} setting nice scheduler priorities for all operations: cpun ice 19 , ionice 6
maldet(24737): {scan} file list completed in 0s, found 350 files...
maldet(24737): {scan} scan of /home/*/public_html (350 files) in progress...
maldet(24737): {scan} 350/350 files scanned: 0 hits 0 cleaned
maldet(24737): {scan} scan completed on /home/*/public_html: files 350, malware hits 0, cleaned hits 0, time 12s
maldet(24737): {scan} scan report saved, to view run: maldet --report 151213-014 1.24737
6.Komut
[root@server home]# maldet --report 151213-0141.24737
Linux Malware Detect v1.5
(C) 2002-2015, R-fx Networks <proj@rfxn.com>
(C) 2015, Ryan MacDonald <ryan@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2
GNU nano 2.0.9 File: /usr/local/maldetect/sess/session.151213-0141.24737
(C) 2002-2015, R-fx Networks <proj@rfxn.com>
(C) 2015, Ryan MacDonald <ryan@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2
GNU nano 2.0.9 File: /usr/local/maldetect/sess/session.151213-0141.24737
HOST: server.domain.com
SCAN ID: 151213-0141.24737
STARTED: Dec 13 2015 01:41:06 +0200
COMPLETED: Dec 13 2015 01:41:18 +0200
ELAPSED: 12s [find: 0s]
SCAN ID: 151213-0141.24737
STARTED: Dec 13 2015 01:41:06 +0200
COMPLETED: Dec 13 2015 01:41:18 +0200
ELAPSED: 12s [find: 0s]
PATH: /home/*/public_html
TOTAL FILES: 350
TOTAL HITS: 0
TOTAL CLEANED: 0
TOTAL FILES: 350
TOTAL HITS: 0
TOTAL CLEANED: 0
===============================================
Linux Malware Detect v1.5 < proj@rfxn.com >
Kaynak: http://aklinagelen.com/sunucuda-shell-taramasi-maldet/
Linux Malware Detect v1.5 < proj@rfxn.com >
Kaynak: http://aklinagelen.com/sunucuda-shell-taramasi-maldet/
Hiç yorum yok:
Yorum Gönder