Usually have some friends met the problem server is black, through collecting and collating relevant materials related to where I found a Linux server for everyone to be black solution, hope that we will see a lot of post-harvest. If you install all the correct patches, Yong You tested the firewall, and are activated at multiple levels of advanced intrusion detection system, then only in case you would be black, that is, you are too lazy to the Yi Zhi do not do that, for example, BIND install the latest patches.
In an unguarded moment was indeed black people feel embarrassed, even more serious is that some script kid will download some well-known "root kits" or a popular gathering tools, which are taking up your CPU, memory, data and bandwidth. These bad guys are from there started it? This from a root kit to begin with.
In fact, a root kit is a package that hackers use it to provide your own machine with root-level access. Once the root of the identity of hackers can access your machine, it was all over. Can do is to use the efficiency of the fastest backup your data, clearing the hard disk, then reinstall the operating system. In any case, if your machine has been taken over in order to recover someone is not an easy thing.
Can you trust your ps commands?
Identify the root kit's first trick is to run the ps command. Possible for you, everything seems normal. Icon is a ps command output example. The real question is, "do everything normal?" Hacker used a trick is to replace the ps command, and this replaced the ps will not show you the machines that are running on illegal program. To test one, should check your ps file size, it is usually located in / bin / ps. In our Linux machine where it is about 60kB. I recently met a root kit has been replaced ps program, this thing is only about 12kB in size.
Another obvious scam is to root the command history file to link to / dev / null. The command history file is used to track and record a user logging on a Linux machine used after the command. Hackers to redirect your history file to / dev / null The purpose is to make you can not see that they have entered the command.
You can shell prompt by typing in the history to access your history file. If you find that you are using the history command, but it does not appear in the list of commands used before, you have to look at your ~ /. Bash_history file. If this file is empty, on the implementation of an ls-l ~ /. Bash_history command. The implementation of the above in your command you will see output similar to the following:
-Rw ------- 1 jd jd 13829 Oct 10 17:06 / home / jd / .bash_history
Or, you may see output similar to the following: lrwxrwxrwx 1 jd jd 9 Oct 10 19:40 / home / jd / .bash_history -> / dev / null
If you see a second, it shows that this. Bash_history file has been redirected to / dev / null. This is a fatal message, now immediately on your machine from the Internet, broken, back up your data as much as possible and begin to re-install the system.
Linux server solution is black, need to find unknown user account:
You intend to do on your Linux machine, when the first test, first check whether there is an unknown user account is undoubtedly wise. The next time you log on to your Linux server, typing the following command:
grep: x: 0: / etc / passwd
Only one line, I say it again, in a standard Linux installation where, grep command should only return a line similar to the following:
root: x: 0:0: root: / root: / bin / bash
If in typing the grep command before the system returns the results you more than a line, that might have a problem. Should be only one user's UID is 0, and if the grep command to return the results over a line, it means more than one user. Strictly speaking, although the discovery hacking, These are some good basic approach. However, these techniques can not by itself constitute sufficient security, and its depth and breadth and first mentioned in the article, intrusion detection systems are far behind compared.
Over to you on that a little knowledge points, on the linux server is black solution.