江苏龙网

  1. 主页 > 生活百科 > >

Linux 应急响应入门:入侵排查应该这样做( 四 )

入侵排查

Jul 10 00:14:17 localhost userdel[2393]: removed shadow group 'kali' owned by 'kali'# grep "userdel" /var/log/secure5、su切换用户:Jul 10 00:38:13 localhost su: pam_unix(su-l:session): session opened for user good by root(uid=0)sudo授权执行:sudo -lJul 10 00:43:09 localhost sudo: good : TTY=pts/4 ; PWD=/home/good ; USER=root ; COMMAND=/sbin/shutdown -r nowwebshell查杀:
河马 WebShell 查杀:
http://www.shellpub.comLinux安全检查脚本:
https://github.com/grayddq/GScan
https://github.com/ppabc/security_check
https://github.com/T0xst/linux
来源:
https://www.jianshu.com/p/afc845cf9cc9




推荐阅读


上一篇:数据库:我都快爆了,你为什么还不分库分表?

下一篇:一秒批量删除Excel表格中间的40000行数据,我用名称搞定