今天,我启动了 tiger,它确实报告了 root kit 警报。Chkrootkit 也同意了。
我该如何删除这个 root kit?我该如何找到它的安装方式,以便解决我的 Ubuntu 12.04 LTS 网络服务器中的漏洞?
老虎的报告:
# Performing check for rookits...
# Running chkrootkit (/usr/sbin/chkrootkit) to perform further checks...
--ALERT-- [rootkit005a] Chkrootkit has found a file which seems to be infected
because of a rootkit
--ALERT-- [rootkit009a] A rootkit seems to be installed in the system
INFECTED (PORTS: 465)
chkrootkit的报告:
Checking `bindshell'... INFECTED (PORTS: 465)
额外细节 :
$ netstat --all --numeric-ports --program |grep 465
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 2283/master
tcp6 0 0 :::465 :::* LISTEN 2283/master