{"id":3261,"date":"2023-03-17T08:00:47","date_gmt":"2023-03-16T23:00:47","guid":{"rendered":"https:\/\/www.kinryo.net\/?p=3261"},"modified":"2023-07-27T07:33:26","modified_gmt":"2023-07-26T22:33:26","slug":"chkrootkit-%e3%81%a7-infected-%e3%81%ab%e3%81%aa%e3%82%8b","status":"publish","type":"post","link":"https:\/\/www.kinryo.net\/?p=3261","title":{"rendered":"chkrootkit \u3067 INFECTED \u306b\u306a\u308b"},"content":{"rendered":"<p>OS\u306fAlmaLinux 9.1 \u3067\u3001\u3042\u308b\u6642chkrootkit\u304c<br \/>\n<span style=\"color: #ff6600;\">Searching for Linux.Xor.DDoS &#8230; INFECTED: Possible Malicious Linux.Xor.DDoS installed<br \/>\n<span style=\"color: #333333;\">\u6c5a\u67d3\u3055\u308c\u3066\u3044\u308b\u3068\u8a00\u3063\u3066\u3044\u308b\u3002\u65e9\u901f \/tmp\u306b\u5b9f\u884c\u30d5\u30a3\u30eb\u304c\u3042\u308b\u304b\u30c1\u30a7\u30c3\u30af\u3059\u308b<br \/>\n<span style=\"color: #ff6600;\"># <\/span><span style=\"color: #008000;\">find \/tmp -executable -type f<\/span><br \/>\n<\/span><\/span><span style=\"color: #ff6600;\"><span style=\"color: #333333;\">\u3059\u308b\u3068 \/tmp\/tAIOtkaU\/2023-02-11_04-41-01\/script.sh \u306b\u5b9f\u884c\u6a29\u9650\u304c\u4e0e\u3048\u3089\u308c\u3066\u3044\u308b\u3002<br \/>\n\u3053\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u898b\u308b\u3068\u3001timeshift \u3067restore\u3057\u305f\u6642\u306ersync\u306e\u30d5\u30a1\u30a4\u30eb\u3067\u3042\u3063\u305f\u306e\u3067\u3001\u3053\u3093\u306a\u30d5\u30a1\u30a4\u30eb\u306f\u3044\u3089\u306a\u3044\u306e\u3067\u524a\u9664\u3059\u308b\u3068<br \/>\n<\/span>#<\/span> <span style=\"color: #008000;\">chkrootkit | grep INFECTED<br \/>\n<span style=\"color: #333333;\">\u3068\u6253\u3061\u8fbc\u3093\u3067\u3082<span>INFECTED<\/span>\u306b\u306f\u6210\u3089\u306a\u3044\u3002<br \/>\n<span style=\"color: #ff0000;\"><\/span><\/span><\/span><\/p>\n<p>\uff0a \u5225\u306e\u65e5\u306bAlmaLinux\u306b\u4f5c\u3063\u305f\u30b5\u30d6\u30db\u30b9\u30c8\u3067chkrootkit\u3092\u5b9f\u884c\u3059\u308b\u3068<br \/>\n<span style=\"color: #ff6600;\">Checking `chsh&#8217;&#8230; INFECTED<\/span><br \/>\n\u3068\u8868\u793a\u304c\u51fa\u308b\u306e\u3067\u3001\u30b3\u30de\u30f3\u30c9\u306e\u69d8\u306a\u3093\u3067\u3069\u3053\u306b\u3042\u308b\u304b\u30c1\u30a7\u30c3\u30af\u3059\u308b<br \/>\n<span style=\"color: #ff6600;\">#<\/span> <span style=\"color: #008000;\">find \/ -name chsh -ls<\/span><br \/>\n<span style=\"color: #ff6600;\">19482653 4 -rw-r&#8211;r&#8211; 1 root root 192 10\u6708 16 05:14 \/etc\/pam.d\/chsh<\/span><br \/>\n<span style=\"color: #ff6600;\">38372077 28 -rws&#8211;x&#8211;x 1 root root 24936 10\u6708 16 05:15 \/usr\/bin\/chsh<\/span><br \/>\n<span style=\"color: #ff6600;\">53105243 4 -rw-r&#8211;r&#8211; 1 root root 504 2\u6708 3 2021 \/usr\/share\/bash-completion\/completions\/chsh<br \/>\n<span style=\"color: #333333;\">\u3067\u3053\u306echsh\u30b3\u30de\u30f3\u30c9\u3092\u8abf\u3079\u308b\u3068\u30ed\u30b0\u30a4\u30f3\u6642\u306e\u30b7\u30a7\u30eb\u3092\u5909\u66f4\u3059\u308b\u30b3\u30de\u30f3\u30c9\u3060\u3001\u79c1\u306f\u4f7f\u308f\u306a\u3044\u306e\u3067 \/usr\/bin\/chsh\u3092\u524a\u9664\u3057\u3001<br \/>\n<span style=\"color: #ff0000;\">\uff082023-7-27\u8ffd\u8a18\uff09\u3082\u3063\u3068\u3044\u3044\u65b9\u6cd5\u306b\u6c17\u304c\u4ed8\u3044\u305f\u3002chsh.bak\u306b\u30d5\u30a1\u30a4\u30eb\u540d\u3092\u5909\u66f4\u3057\u3001<\/span><br \/>\n<\/span><\/span><span style=\"color: #ff6600;\"><span style=\"color: #333333;\"><\/span><\/span><span style=\"color: #ff6600;\"><span style=\"color: #333333;\"><\/span># <\/span><span style=\"color: #008000;\">chkrootkit | grep INFECTED<br \/>\n<span style=\"color: #333333;\">\u4eca\u5ea6\u306f\u4f55\u4e8b\u3082\u306a\u304f\u30d7\u30ed\u30f3\u30d7\u30c8\u306b\u5e30\u3063\u3066\u304d\u305f\u3002<\/span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>OS\u306fAlmaLinux 9.1 \u3067\u3001\u3042\u308b\u6642chkrootkit\u304c Searching for Linux.Xor.DDoS &#8230; INFECTED: Possible Malicious Linux.Xor. &hellip; <a href=\"https:\/\/www.kinryo.net\/?p=3261\">\u7d9a\u304d\u3092\u8aad\u3080 <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"vkexunit_cta_each_option":"","footnotes":""},"categories":[10],"tags":[],"class_list":["post-3261","post","type-post","status-publish","format-standard","hentry","category-linux"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts\/3261","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3261"}],"version-history":[{"count":7,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts\/3261\/revisions"}],"predecessor-version":[{"id":3390,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts\/3261\/revisions\/3390"}],"wp:attachment":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3261"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3261"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3261"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}