我发现我的系统有两种 rootkit:SHV4 / SHV5。(我要在这里添加日志)我试图删除它,但做不到。
有人可以推荐我任何方法吗?
[ Rootkit Hunter version 1.3.8 ]
Checking system commands...
/usr/bin/md5sum [ Warning ]
/usr/bin/pstree [ Warning ]
/usr/bin/top [ Warning ]
/usr/bin/unhide.rb [ Warning ]
/sbin/ifconfig [ Warning ]
/bin/ls [ Warning ]
/bin/ps [ Warning ]
/bin/netstat [ Warning ]
Checking for rootkits...
cb Rootkit [ Warning ]
SHV4 Rootkit [ Warning ]
SHV5 Rootkit [ Warning ]
Checking for possible rootkit strings [ Warning ]
Checking the local host...
Checking for root equivalent (UID 0) accounts [ Warning ]
Checking for passwd file changes [ Warning ]
Checking for group file changes [ Warning ]
Checking if SSH root access is allowed [ Warning ]
Checking for running syslog daemon [ Warning ]
Checking the local host...
Checking for root equivalent (UID 0) accounts [ Warning ]
Checking for passwd file changes [ Warning ]
Checking for group file changes [ Warning ]
Checking if SSH root access is allowed [ Warning ]
Checking for running syslog daemon [ Warning ]
您需要其他类型的日志文件吗?
提前致谢
答案1
您的系统现已被入侵。从轨道上摧毁它并从受信任状态(备份)恢复。
如果您的系统已被入侵,除了恢复上次已知的良好备份并修补攻击者最初利用进入您系统的漏洞之外,没有安全的方法来删除 rootkit。