Ngwa 5 iji nyochaa sava Linux maka Malware na Rootkits

A na-enwe ọkwa dị elu nke ọgụ dị elu na nyocha ọdụ ụgbọ mmiri na sava Linux mgbe niile, ebe nchekwa ọkụ ahaziri nke ọma na mmelite sistemụ nchekwa mgbe niile na-agbakwunye akwa oyi akwa iji chekwaa sistemu ahụ, mana ị ga-elelekwa ugboro ugboro ma ọ bụrụ na onye ọ bụla batara. na-enyekwa aka ịhụ na ihe nkesa gị na-anọ n'efu na mmemme ọ bụla nke na-achọ imebi ọrụ ya.

Emepụtara ngwaọrụ ndị ewepụtara n'isiokwu a maka nyocha nchekwa ndị a ma nwee ike ịmata Nje Virus, Malwares, Rootkits na omume ọjọọ. Ị nwere ike iji ngwaọrụ ndị a na-eme nyocha usoro mgbe niile dịka. abalị ọ bụla na mail na-akọ na adreesị ozi-e gị.

1. Lynis - Nchekwa Auditing na Rootkit Scanner

Lynis bụ ihe efu, oghere mepere emepe, ngwa nyocha na nyocha nchekwa dị ike ma ama ama maka Unix/Linux dị ka sistemụ arụmọrụ. Ọ bụ ihe nleba anya malware na ngwa nchọpụta adịghị ike nke na-enyocha usoro maka ozi nchekwa na okwu, faịlụ faịlụ, njehie nhazi; na-eme nyocha nke firewall, na-enyocha sọftụwia arụnyere, ikike faịlụ/ndekọ na ọtụtụ ndị ọzọ.

N'ụzọ dị mkpa, ọ naghị arụ ọrụ siri ike nke sistemụ ọ bụla, agbanyeghị, ọ na-enye naanị aro ndị na-enyere gị aka ime ka ihe nkesa gị sie ike.

Anyị ga-wụnye ụdị Lynis kachasị ọhụrụ (ya bụ 2.6.6) site na isi mmalite, na-eji iwu ndị a.

# cd /opt/
# wget https://downloads.cisofy.com/lynis/lynis-2.6.6.tar.gz
# tar xvzf lynis-2.6.6.tar.gz
# mv lynis /usr/local/
# ln -s /usr/local/lynis/lynis /usr/local/bin/lynis

Ugbu a ị nwere ike ịme nyocha sistemụ gị site na iwu dị n'okpuru.

# lynis audit system

Iji mee ka Lynis na-agba ọsọ na-akpaghị aka n'abalị ọ bụla, tinye ntinye cron na-esonụ, nke ga-agba ọsọ n'elekere 3 nke abalị wee ziga akụkọ na adreesị ozi-e gị.

0 3 * * * /usr/local/bin/lynis --quick 2>&1 | mail -s "Lynis Reports of My Server" [email 

2. Chkrootkit – A Linux Rootkit Scanners

Chkrootkit bụkwa ihe nchọpụta rootkit ọzọ na-emepe emepe nke na-enyocha akara nke rootkit na sistemụ Unix. Ọ na-enyere aka ịchọpụta oghere nchekwa zoro ezo. Ihe ngwungwu chkrootkit nwere script shei na-enyocha ọnụọgụ sistemụ maka mgbanwe rootkit yana ọtụtụ mmemme na-elele nsogbu nchekwa dị iche iche.

Enwere ike itinye ngwa chkrootkit site na iji iwu na sistemụ dabere na Debian.

$ sudo apt install chkrootkit

Na sistemụ dabere na CentOS, ịkwesịrị ịwụnye ya site na isi mmalite site na iji iwu ndị a.

# yum update
# yum install wget gcc-c++ glibc-static
# wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
# tar –xzf chkrootkit.tar.gz
# mkdir /usr/local/chkrootkit
# mv chkrootkit-0.52/* /usr/local/chkrootkit
# cd /usr/local/chkrootkit
# make sense

Iji Chkrootkit lelee nkesa gị gbasoro iwu a.

$ sudo chkrootkit 
OR
# /usr/local/chkrootkit/chkrootkit

Ozugbo na-agba ọsọ, ọ ga-amalite ịlele usoro gị maka Malwares na Rootkits mara ma mgbe usoro ahụ mechara, ị nwere ike ịhụ nchịkọta akụkọ.

Iji mee ka Chkrootkit na-agba ọsọ na-akpaghị aka n'abalị ọ bụla, tinye ntinye cron na-esonụ, nke ga-agba ọsọ n'elekere atọ nke abalị wee ziga akụkọ na adreesị ozi-e gị.

0 3 * * * /usr/sbin/chkrootkit 2>&1 | mail -s "chkrootkit Reports of My Server" [email 

Rkhunter – Ihe nyocha Linux Rootkit

RKH (RootKit Hunter) bụ ihe efu, oghere mepere emepe, dị ike, dị mfe iji yana ngwa ama ama maka nyocha azụ azụ, rootkits na nrigbu mpaghara na sistemụ nnabata POSIX dị ka Linux. Dị ka aha ahụ pụtara, ọ bụ dinta rootkit, ihe nleba anya na nyocha nke na-enyocha usoro nke ọma iji chọpụta oghere nchekwa zoro ezo.

Enwere ike ịwụnye ngwa rkhunter site na iji iwu na-esote Ubuntu na sistemụ CentOS.

$ sudo apt install rkhunter
# yum install epel-release
# yum install rkhunter

Iji lelee ihe nkesa gị na rkhunter gbaa iwu a.

# rkhunter -c

Iji mee ka ịgba ọsọ rkhunter na-akpaghị aka n'abalị ọ bụla, tinye ntinye cron na-esonụ, nke ga-agba ọsọ n'elekere 3 nke abalị wee ziga akụkọ na adreesị ozi-e gị.

0 3 * * * /usr/sbin/rkhunter -c 2>&1 | mail -s "rkhunter Reports of My Server" [email 

4. ClamAV - Ngwa ngwa ngwa ngwa nje

ClamAV bụ ihe mepere emepe, ngwa ngwa, nke ewu ewu na nke na-agafe agafe iji chọpụta nje, malware, trojans na mmemme ọjọọ ndị ọzọ na kọmputa. Ọ bụ otu n'ime mmemme mgbochi nje n'efu maka Linux yana ọkọlọtọ mepere emepe maka ngwa nyocha ọnụ ụzọ mail na-akwado ihe fọrọ nke nta ka ọ bụrụ ụdị faịlụ ozi niile.

Ọ na-akwado mmelite nchekwa data nje na sistemụ niile yana nyocha nnweta na Linux naanị. Na mgbakwunye, ọ nwere ike iṅomi n'ime ebe nchekwa na faịlụ abịakọrọ na-akwado usoro dị ka Zip, Tar, 7Zip, Rar n'etiti ndị ọzọ na ndị ọzọ atụmatụ.

Enwere ike itinye ClamAV site na iji iwu na sistemụ dabere na Debian.

$ sudo apt-get install clamav

Enwere ike itinye ClamAV site na iji iwu na sistemụ dabere na CentOS.

# yum -y update
# yum -y install clamav

Ozugbo arụnyere, ị nwere ike imelite mbinye aka wee nyochaa ndekọ site na iwu ndị a.

# freshclam
# clamscan -r -i DIRECTORY

Ebe DIRECTORY bụ ebe a ga-enyocha. Nhọrọ -r, pụtara nyocha ugboro ugboro yana -i pụtara naanị igosi faịlụ ndị butere.

5. LMD – Linux Malware Chọpụta

LMD (Linux Malware Detect) bụ isi mmalite mepere emepe, dị ike ma gosipụta ya nke ọma malware nyocha maka Linux emebere ya ma lekwasịrị anya na gburugburu akwadoro, mana enwere ike iji chọpụta ihe iyi egwu na sistemụ Linux ọ bụla. Enwere ike ijikọ ya na igwe nyocha ClamAV maka ịrụ ọrụ ka mma.

Ọ na-enye usoro mkpesa zuru oke iji lelee nsonaazụ nyocha ugbu a na nke gara aga, na-akwado mkpesa njikere e-mail mgbe emechara nyocha ọ bụla yana ọtụtụ atụmatụ ndị ọzọ bara uru.

Maka nrụnye na ojiji LMD, gụọ akụkọ anyị Otu esi wụnye ma jiri Linux Malware Detect (LMD) yana ClamAV dị ka Ngi Antivirus.

Nke ahụ bụ ihe niile ugbu a! N'isiokwu a, anyị kesara ndepụta nke ngwaọrụ 5 iji nyochaa ihe nkesa Linux maka malware na rootkits. Mee ka anyị mara echiche gị na ngalaba nkọwa.