Windows system >> Linux system Tutorial >> Linux Tutorial

Ways to determine if the Linux system is hacked

The guys, commonly known as "script devils", belong to the kind of bad hackers, because basically many of them and most of them are so skillless. It can be said that if you install all the correct patches, have a tested firewall, and activate advanced intrusion detection systems at multiple levels, then in only one case you will be hacked, that is, you Too lazy to do what to do, for example, to install the latest patch for BIND. It’s really embarrassing to be unknowingly stunned. What’s more, some scripting demons also download some well-known “root kits” or popular spying tools that take up your CPU, memory, data and bandwidth. Where did these bad guys start from there? This starts with the root kit. A root kit is actually a package that hackers use to provide themselves with root-level access to your machine. Once the hacker can access your machine as root, everything is done. The only thing you can do is back up your data with the fastest efficiency, clean the hard drive, and reinstall the operating system. In any case, once your machine is taken over by someone, recovery is not an easy task. Can you trust your ps command?
The first trick to find out the root kit is to run the ps command. It may be normal for you to see everything. The illustration is an example of a ps command output. The real question is, "Is everything really normal?" One trick that hackers often use is to replace the ps command, and the ps on this replacement will not show the illegal programs that are running on your machine. In order to test, you should check the size of your ps file, which is usually located at /bin/ps. It has about 60kB on our Linux machine. I recently encountered a ps program that was replaced by a root kit. This thing is only about 12kB in size. Another obvious scam is to link the root command history file to /dev/null. This command history file is used to track and record the commands used by a user after logging in to a Linux machine. The purpose of hackers redirecting your history files to /dev/null is that you can't see the commands they have entered. You can access your history file by typing history at the shell prompt. If you find yourself using the history command and it does not appear in the list of commands you have used before, you should take a look at your ~/.bash_history file. If the file is empty, execute an ls -l ~/.bash_history command. After you execute the above command you will see output similar to the following:
-rw------- 1 jd jd 13829 Oct 10 17:06 /home/jd/.bash_history or maybe, you may You will see output similar to the following:
lrwxrwxrwx 1 jd jd 9 Oct 10 19:40 /home/jd/.bash_history -> /dev/null If you see the second, it means this .bash_history The file has been redirected to /dev/null. This is a fatal message, immediately disconnect your machine from the Internet, back up your data as much as possible, and start reinstalling the system. Finding Unknown User Accounts
When you plan to do a test on your Linux machine, it's wise to first check if there are unknown user accounts. The next time you log in to your Linux machine, type the following command:
grep :x:0: /etc/passwd has only one line, I emphasize again, in a standard Linux installation, the grep command should only Return a line, similar to the following:
root:x:0:0:root:/root:/bin/bash If your system returns more than one line after typing the previous grep command, there may be a problem. . There should be only one user whose UID is 0, and if the grep command returns more than one line, it means more than one user. Seriously, although these are some good basic methods for discovering hacking behavior. But these techniques alone do not constitute sufficient security, and their depth and breadth are far worse than the intrusion detection systems mentioned in the article. My advice is that if you suspect that your system is really out of order, call a Linux security expert and refer to his comments. After all, Linux security can be done right away.

Method of installing Linux (CentOS) system through the network

Modify IP, DNS and other network configurations under Linux operating system

Linux Tutorial

Windows system

Microsoft's release of Windows8 makes the Linux desktop operating system a step closer to us.
Computer Store News Microsoft released Windows8 RTM for PC OEMs and manufacturer partners on August

Linux (with CentOS as an example) Network configuration considerations
First time when the basic network configuration is 1. Check the network mac address first[root@cento

How to make Linux support ASP/ASP.NET diagram detailed tutorial
The most popular Linux operating system distribution is Ubuntu. But this time we are running ASP.N

How to use magent to build a memcached cluster
First, download the magent download address: http://pan.baidu.com/s/1eRygtEUmkdir -p /usr/local/mag

What is the difference between Linux process priority NI and PR?
Why should there be process priority? This does not seem to require too much explanation. After all,

Win7 resource manager unsightly icon tips
The icons in the upper left corner of Windows 7 Explorer are Favorites, Desktops, and various Librar

Linux system FAQ

Linux Tutorial

About Linux

Windows articles

Win7 resource manager unsightly icon tips

How to install fcitx Wubi

Several ways to configure IP under Linux

Linux system management and maintenance - scp command

Unreasonable "soft" method for solving Linux disk space partitioning

LVS ipvsadm Command Reference Guide

The principle of file deletion under linux

Deploy SSH application on Linux operating system

Network card cannot be detected after Linux starts

Clearing the record of operation information under Linux system

Linux multi-threaded model

Using XFS file system in Linux environment

Windows knowledge

Clear the Win7 system to play the game to generate the cache file

Vista system does not recognize hard disk during installation

U disk in Win8 can not stop the "universal volume" five methods

All aspects of Windows XP operating strategy

System security: Win XP SP2 configuration and troubleshooting techniques revealed

Windows XP System Taboo: Turn on Default Sharing and Remote Assistance

How to check the system version number (Win8.1 as an example)

Solve the trouble after the server reinstallation

Detailed explanation of the Find command in Linux

Win10 how to add a local account Win10 add a local account tutorial

Windows system

Windows XP System Tutorial

Windows 7 System Tutorial

Windows 8 System Tutorial

Windows 10 System Tutorial

Windows 2003 System Tutorial

Windows 2008 System Tutorial

Windows Vista System Tutorial

Windows tutorial synthesis

Windows Server System Tutorial

Linux system Tutorial

Computer software Tutorial

Windows NT Tutorial