linux系统是否被植入木马的排查流程梳理

《linux系统是否被植入木马的排查流程梳理》由会员上传分享，免费在线阅读，更多相关内容在工程资料-天天文库。

1、Linux系统是否被植入木马的排査流程梳理为保障系统安全要定期对系统进行安全检杳，此文档旨在检斉系统里是否存在未知进程及木马和病毒。一、是否入侵检查1）检查系统日志检查系统错误登陆日志，统计IP重试次数（last命令是查看系统登陆日志，比如系统被reboot或登陆情况）lastlastb[root@gswebdata]#rootrootrootrootrootrootrootrootrootrootrootrootrootroopts/1pts/1pts/3pts/2pts/1pts/1pts/1pts/1pts/1p

2、ts/1pts/3pts/1pts/3pts/2lastcommlastloglast192.168.1.198wedMar192.168.1.198ThuJar192.168.1.193wed〕ar192.168.1.198wedJar192.168.1.198wedJan192.168.1.198MonJar192.168.1.198MonJar192.168.1.198MonJar192.168.1.198Thu3an192.168.1.198TueJan192.168.1.198ThuDec192.168.1.

3、198ThuDec192.168.0.122wedDec92.168.1.193wedD41000815133227045135222314:28195753n1253358:357:032:020:501556222222492）检查系统用户杳看是否有异常的系统用户cat/etc/passwd[root^gswebdata]#cat/etc/passwdroot:x:0:0:root:/root:/bin>bin:x:l:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbi

4、n:/sbin/nologinadn:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinsync:x:5:0:sync:/sbin:/bin/syncshutdown:x:6:0:shutdown:/sbin:/sb1n/shutdownhalt:x:7:0:halt:/sbin:/sbin/haltmail:x:8:l2:ma11:/var/spool/mai1:/sbin/noluucp:x:10:14:uucp:/var

5、/spool/uu

6、113:usbmuxduser:/:/sb1n/nologin69:virtualconsolememoryowner:/dev:/sbin/nologinx:32:32:RpcbindDaemon:/var/cache/rpcbind:/sbin/nologint:x:499:497:RealtimeKit:/proc:/sbin/nologinavahi-autoipd:x:170:170:Avahiipv4llStack:/var/1ib/avahi-autoipd:/sbin/nologinabrt:x:173

7、:173::/etc/abrt:/sbin/nologinsaslauth:x:498:76:saslauthduser:/var/empty/saslauth:/sbin/nologiipostfix:x:89:89::/var/spool/postfix:/sbin/noloain11:/sbin/nologinucp:/sb1n/nologin:/sbin/nologinvc5a:x:69postrix:x：89：89：:/var/spooi/postrix:/SDin/noioginrpcuser:x:29:2

8、9：rpcServiceuser:/var/1ib/nfs:/sbin/nologinnrsnobody:x:65534:65534:AnonymousNFSuser:/var/1ib/nfs:/sbin/nologinhaldaemon:x:68:68:HALdaemon’:/:/sbin/nologingdn:x:42:42: