°øÁö»çÇ×
º¸¾ÈÆÐÄ¡
°áÁ¦¹æ¹ý¾È³»
¼­ºñ½º ÀÌ¿ë¾à°ü
°³ÀÎÁ¤º¸Ãë±Þ¹æÄ§
ÀÚÁÖ¹¯´ÂÁú¹®
±â¼ú°¡À̵å
¹®ÀÇÇϱâ
Á¦ ¸ñ ¸®´ª½º ÇØÅ· ¿©ºÎ Á¡°Ë ¹æ¹ý
ÀÛ¼ºÀÚ Çϳª·ÎÈ£½ºÆÃ(ÁÖ) ( help@hhosting.co.kr ) µî·ÏÁ¤º¸ 2012-08-14 16:39:10 Á¶È¸¼ö 6025
¸®´ª½º ½Ã½ºÅÛ ÇØÅ· ¿©ºÎ¸¦ ÆÇ´ÜÇϱâ À§ÇÑ °£´ÜÇÑ Á¡°Ë ¹æ¹ýÀÔ´Ï´Ù.

Àý´ëÀûÀº ¾Æ´ÏÁö¸¸ ¼­¹ö°¡ ÇØÅ· µÇ¾ú´ÂÁö¸¦ Á¡°Ë½Ã Ȱ¿ë ÇϽøé ÁÁÀ¸½Ç°Å °°½À´Ï´Ù.

1. ±âº» ÆÐŰÁö º¯°æ À¯¹« È®ÀÎ

¼­¹ö ÇØÅ·½Ã ÇØÄ¿´Â ¸í·É¾îµé(ÇÁ·Î±×·¥)À» º¯Á¶Çϰ¡ ³ª°¡¹Ç·Î ¼­¹ö Á¡°ËÀ» À§Çؼ­ °¡Àå ¿ì¼±ÀûÀ¸·Î ½ÃÇà µÇ¾ß ÇÏ´Â ºÎºÐ

rpm -V fileutils --> ls Æ÷ÇÔµÈ ÇÁ·Î±×·¥
rpm -V findutils --> find
rpm -V procps --> ps , top
rpm -V net-tools --> netstat , ifconfig
rpm -V passwd --> passwd
rpm -V SysVinit --> pidof
rpm -V psmisc --> killall
rpm -V sysklogd --> syslogd
rpm -V tcp_wrappers --> tcpd

Á¡°Ë °á°ú ¾Æ¹«°Íµµ ³ª¿ÀÁö ¾ÊÀ¸¸é Á¤»ó

¾Æ·¡¿Í °°ÀÌ ³ª¿À¸é º¯Á¶ ÀǽÉ
¿¹ )SM5....T /bin/ls

S : ÇÁ·Î±×·¥ÀÇ »çÀÌÁî°¡ º¯°æ
M : ÆÛ¹Ì¼Ç º¯°æ
5 : md5 chechsum °ªÀÌ º¯°æ
T : ÆÄÀÏÀÇ mtime °ªÀÌ º¯°æ

* º¯Á¶µÈ ÇÁ·Î±×·¥ »ç¿ë½Ã Á¤È®ÇÑ °ªÀ» ¾òÁö ¸øÇÔ,
´Ù¸¥ ¼­¹ö¿¡¼­ ÇÁ·Î±×·¥À» º¹»çÇØ ¿Í »ç¿ë ÇÏ´øÁö , ÇÁ·Î±×·¥À» À缳ġ ÇØ¾ß ÇÔ



2. ls -alR /tmp ³ª ls -alR /var/tmp·Î /tmp ¹Ø ¼û±è µð·ºÅ丮¹× ÆÄÀÏ °Ë»ö

3. netstat -nl
* ¿­·Á ÀÖ´Â Æ÷Æ® È®ÀÎ, »ç¿ëÇÏÁö ¾Ê´Â Æ÷Æ®°¡ ¿­·Á ÀÖÀ»¶§ ÀǽÉ.

4. ps auxwwwwwww
* ½ÇÇà ÁßÀÎ ÇÁ·Î¼¼½º °Ë»ö, ÀÌ»ó ÇÁ·Î¼¼½º °Ë»ö

5. rkhunter ¼³Ä¡, °Ë»ç
* rkhunter ´Â ¹éµµ¾î³ª ·çƮŶÀ» ŽÁöÇÏ¿© ÁÖ´Â ÇÁ·Î±×·¥ÀÔ´Ï´Ù.

ÀÏ´Ü ·çƮŶ(rootkit)¿¡ ´ëÇØ ¸ÕÀú ¾Ë°í ³Ñ¾î °¡ÀÚ
·çƮŶÀ̶õ ¾î¶² ½Ã½ºÅÛÀÇ °ü¸®ÀÚ ±ÇÇÑÀ» °ü¸®ÀÚÀÇ Çã¶ô¾øÀÌ ¾ò±â À§ÇÑ ÇÁ·Î±×·¥ÀÌ´Ù.
º¸Åë ÇØÄ¿µéÀÌ ·çƮŶÀ» ¼³Ä¡ÇÏ¿© ½Ã½ºÅÛ¿¡ µé¾î ¿Í¼­ ¸í·É¾î¸¦ º¯Á¶ ½Ã۱⠶§¹®¿¡
·çƮŶ °Ë»ç°¡ Èûµé´Ù.

5.1 ¼³Ä¡
# wget http://downloads.sourceforge.net/rkhunter/rkhunter-1.4.0.tar.gz (8¿ù 14ÀÏ ÇöÀç ÃֽŹöÀü)
# tar xvfzp rkhunter-1.4.0.tar.gz
# cd rkhunter-1.4.0
# ./installer.sh --layout /usr/local --install

5.2 ½ÇÇà
# /usr/local/bin/rkhunter --update

# /usr/local/bin/rkhunter --check

*½ÇÇà ¼ø¼­
* ÀÏ´Ü ¸ðµÎ ¿£ÅÍħ.

1. Checking binaries
- 'known good'¸Þ½ÃÁö¿Í ÇÔ²² ¸ðµçÇ׸ñÀÌ [OK] ·Î Ãâ·ÂµÇ¸é [ENTER]¸¦ ÀÔ·ÂÇÕ´Ï´Ù.
¹ÙÀÌ·¯¸® ÆÄÀÏ¿¡ ¿À·ù°¡ °¨ÁöµÇ¸é [BAD] ¸Þ½ÃÁö¸¦ Ãâ·ÂÇÕ´Ï´Ù.
2. Check rootkits
- rootkit ¸ðµçÇ׸ñÀÌ [OK]·Î Ç¥½ÃµÇ¸é [ENTER]¸¦ ÀÔ·ÂÇÕ´Ï´Ù.
3. Networking
- Networking ¸ðµçÇ׸ñÀÌ [OK]·Î Ç¥½ÃµÇ¸é [ENTER]¸¦ ÀÔ·ÂÇÕ´Ï´Ù.
4. System checks
- System checks ¸ðµçÇ׸ñÀÌ [Net found] [OK]·Î Ç¥½ÃµÇ¸é [ENTER]¸¦ ÀÔ·ÂÇÕ´Ï´Ù.
5. Application advisories
- Application advisories Ç׸ñÀº ÀÀ¿ëÇÁ·Î±×·¥ÀÇ ¹öÀüÀ» ÃøÁ¤ÇÏ´Â Ç׸ñÀ¸·Î ¿À·¡µÈ ¹öÀüÀ» »ç¿ëÇÒ °æ¿ì
ÇØ´çÇÁ·Î±×·¥¿¡ [Old or patched version]ÀÌ Ãâ·ÆµË´Ï´Ù.
6. Scan results
- °¢ Ç׸ñÀÇ °Ë»ç°á°ú¸¦ °£·«È÷ º¸¿©ÁÖ´Â È­¸éÀÔ´Ï´Ù.

Á¡°Ë ¿Ï·á µÇ¸é /var/log/rkhunter.log ¸¦ ¿­¾î È®ÀÎ

ÀÌ»ó °£´ÜÇÏ ¸®´ª½º ¼­¹ö ÇØÅ· Á¡°Ë ¹ýÀ̾ú½À´Ï´Ù.
¿äÁòÀº À¥½©À» ÀÌ¿ëÇÑ ÇØÅ·ÀÌ Áõ°¡ÇÏ´Â Ãß¼¼ÀÔ´Ï´Ù.
À¥½© °Ë»ç ÇÁ·Î±×·¥ÀÎ ÈÖ½½¿¡ ´ëÇØ¼± ÃßÈÄ ´Ù½Ã ¿Ã¸®°Ú½À´Ï´Ù.
ÃÑ 49 °Ç
¹øÈ£ Á¦¸ñ µî·ÏÀÏ Á¶È¸¼ö
49 ½ºÆÔºí·¢¸®½ºÆ®(SBL) µî·Ï È®ÀÎ ¹ý ¹× ÇØÁ¦ ¹æ¹ý 2016-04-13 3583
48 [linux] ¸Þ¸ð¸® ¸¹ÀÌ Àâ¾Æ ¸Ô´Â ÇÁ·Î¼¼¼­ ã´Â ¸í·É¾î 2012-09-13 5192
47 IIS 6 ¼³Á¤ ¹é¾÷ ¹× º¹¿ø 2012-09-13 4556
46 ÆÄÀÏ Áú¶ó ¼³Á¤¹ý 2012-09-13 4366
45 MSSQL version È®Àιý 2012-08-16 3630
=> ¸®´ª½º ÇØÅ· ¿©ºÎ Á¡°Ë ¹æ¹ý 2012-08-14 6025
43 [PHP] php upload ¿ë·® º¯°æ ¼³Á¤ 2012-08-14 5512
42 [¸®´ª½ºÆÁ] php ÇÑ±Û ±úÁü Çö»ó 2009-12-31 7471
41 [ÇÁ·Î±×·¥] ¸®´ª½º Çѱ۱úÁö´Â Çö»ó 2009-12-30 5754
40 [ÇÁ·Î±×·¥] [KIHA]º¸¾È¼­¹ö ±¸Ãà °¡À̵å ver2.0 2008-07-22 5759
39 [À©µµ¿ìÆÁ] IIS6 ƯÁ¤ È®ÀåÀÚ ´Ù¿î·Îµå ¾ÈµÇ´Â ¹®Á¦ 2007-08-23 5944
38 [¸®´ª½ºÆÁ] µ¥¸óÀ̶õ? 2007-07-31 6532
37 [¸®´ª½ºÆÁ] MySQL processlist ½Ç½Ã°£ º¸±â ÆÁ 2007-07-31 6668
36 [ÇÁ·Î±×·¥] [À©µµ¿ì] HDD¼Óµµ Å×½ºÆ® À¯Æ¿ HD Tune 2007-07-31 6162
35 [¸®´ª½ºÆÁ] yum À¸·Î ÆÐŰÁö±×·ì´ÜÀ§·Î °ü¸®Çϱâ 2007-07-30 5529
34 [¸®´ª½ºÆÁ] atd µ¥¸ó »ç¿ë¹ý 2007-07-30 6378
33 [¸®´ª½ºÆÁ] ÆÄÀÏÀ» À¯ÁöÇÑä ÆÄÀÏ ³»¿ëÀ» ºñ¿ì±â 2007-07-27 5979
32 [±âŸ] »ç¼³¾ÆÀÌÇǴ뿪 2007-07-27 6370
  [1] [2] [3]  
1