Kayayyakin 5 don Binciken Sabar Linux don Malware da Rootkits
Akwai akai-akai matakin manyan hare-hare da bincikar tashar jiragen ruwa akan sabar Linux koyaushe, yayin da ingantaccen tsarin Tacewar zaɓi da sabunta tsarin tsaro na yau da kullun yana ƙara ƙarin Layer don kiyaye tsarin lafiya, amma kuma yakamata ku duba akai-akai idan kowa ya shiga. Hakanan yana taimakawa don tabbatar da cewa uwar garken ku ta kasance ba tare da kowane shirin da ke da nufin tarwatsa aikinsa na yau da kullun ba.
An ƙirƙiri kayan aikin da aka gabatar a cikin wannan labarin don waɗannan binciken tsaro kuma suna iya gano Virus, Malwares, Rootkits, da halayen ƙeta. Kuna iya amfani da waɗannan kayan aikin yin binciken tsarin akai-akai misali. kowane dare da rahoton wasiku zuwa adireshin imel ɗin ku.
1. Lynis - Tsaro Auditing da Rootkit Scanner
Lynis kyauta ne, buɗaɗɗen tushe, mai ƙarfi kuma sanannen binciken tsaro da kayan aikin dubawa don Unix/Linux kamar tsarin aiki. Yana da kayan aikin bincike na malware da rashin lahani wanda ke bincika tsarin don bayanan tsaro da batutuwa, amincin fayil, kurakuran sanyi; yana yin duba bangon bango, bincika software da aka shigar, izinin fayil/littafi da ƙari mai yawa.
Mahimmanci, ba ya yin kowane tsarin taurin kai ta atomatik, duk da haka, yana ba da shawarwari kawai waɗanda ke ba ku damar taurara uwar garken ku.
Za mu shigar da sabon sigar Lynis (watau 2.6.6) daga tushe, ta amfani da bin umarni.
# cd /opt/ # wget https://downloads.cisofy.com/lynis/lynis-2.6.6.tar.gz # tar xvzf lynis-2.6.6.tar.gz # mv lynis /usr/local/ # ln -s /usr/local/lynis/lynis /usr/local/bin/lynis
Yanzu zaku iya yin sikanin tsarin ku tare da umarnin da ke ƙasa.
# lynis audit system
Don yin gudu Lynis ta atomatik a kowane dare, ƙara shigarwar cron mai zuwa, wanda zai gudana da ƙarfe 3 na dare kuma aika rahotanni zuwa adireshin imel ɗin ku.
0 3 * * * /usr/local/bin/lynis --quick 2>&1 | mail -s "Lynis Reports of My Server" [email
2. Chkrootkit – A Linux Rootkit Scanners
Chkrootkit kuma wani kyauta ne, buɗaɗɗen tushen tushen tushen rootkit wanda a cikin gida yake bincika alamun rootkit akan tsarin Unix. Yana taimakawa gano ɓoyayyun ramukan tsaro. Kunshin chkrootkit ya ƙunshi rubutun harsashi wanda ke bincika tsarin binaries don gyare-gyaren rootkit da adadin shirye-shiryen da ke bincika batutuwan tsaro daban-daban.
Ana iya shigar da kayan aikin chkrootkit ta amfani da umarni mai zuwa akan tsarin tushen Debian.
$ sudo apt install chkrootkit
A kan tsarin tushen CentOS, kuna buƙatar shigar da shi daga tushe ta amfani da bin umarni.
# yum update # yum install wget gcc-c++ glibc-static # wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz # tar –xzf chkrootkit.tar.gz # mkdir /usr/local/chkrootkit # mv chkrootkit-0.52/* /usr/local/chkrootkit # cd /usr/local/chkrootkit # make sense
Don bincika uwar garken ku tare da Chkrootkit gudanar da umarni mai zuwa.
$ sudo chkrootkit OR # /usr/local/chkrootkit/chkrootkit
Da zarar an kunna, zai fara bincika tsarin ku don sanannun Malwares da Rootkits kuma bayan an gama aiwatar da shi, zaku iya ganin taƙaitaccen rahoto.
Don gudanar da Chkrootkit ta atomatik a kowane dare, ƙara shigarwar cron mai zuwa, wanda zai gudana da ƙarfe 3 na dare kuma aika rahotanni zuwa adireshin imel ɗin ku.
0 3 * * * /usr/sbin/chkrootkit 2>&1 | mail -s "chkrootkit Reports of My Server" [email
Rkhunter – A Linux Rootkit Scanners
RKH (RootKit Hunter) kyauta ne, buɗaɗɗen tushe, mai ƙarfi, mai sauƙi don amfani da sanannen kayan aiki don bincika bayan gida, rootkits da fa'idodin gida akan tsarin yarda da POSIX kamar Linux. Kamar yadda sunan ke nunawa, mafarauci ne na rootkit, sa ido kan tsaro da kuma nazartar kayan aiki wanda ke bincikar tsarin sosai don gano ramukan tsaro na ɓoye.
Ana iya shigar da kayan aikin rkhunter ta amfani da umarni mai zuwa akan tsarin tushen Ubuntu da CentOS.
$ sudo apt install rkhunter # yum install epel-release # yum install rkhunter
Don duba uwar garken ku tare da rkhunter gudanar da umarni mai zuwa.
# rkhunter -c
Don yin rkhunter ta atomatik a kowane dare, ƙara shigarwar cron mai zuwa, wanda zai gudana da ƙarfe 3 na dare kuma aika rahotanni zuwa adireshin imel ɗin ku.
0 3 * * * /usr/sbin/rkhunter -c 2>&1 | mail -s "rkhunter Reports of My Server" [email
4. ClamAV - Kayan aikin Software na Antivirus
ClamAV buɗaɗɗen tushe ne, madaidaici, mashahuri kuma injin riga-kafi don gano ƙwayoyin cuta, malware, trojans da sauran shirye-shirye na ƙeta akan kwamfuta. Yana ɗaya daga cikin mafi kyawun shirye-shiryen rigakafin ƙwayoyin cuta kyauta don Linux kuma buɗaɗɗen ma'auni don software na bincika ƙofar wasiku wanda ke goyan bayan kusan duk tsarin fayil ɗin wasiƙa.
Yana goyan bayan sabunta bayanai na ƙwayoyin cuta akan duk tsarin da kuma bincika shiga akan Linux kawai. Bugu da ƙari, yana iya yin bincike a cikin ma'ajin ajiya da fayilolin da aka matsa da kuma goyon bayan nau'i kamar Zip, Tar, 7Zip, Rar da sauransu.
Ana iya shigar da ClamAV ta amfani da umarni mai zuwa akan tsarin tushen Debian.
$ sudo apt-get install clamav
Ana iya shigar da ClamAV ta amfani da umarni mai zuwa akan tsarin tushen CentOS.
# yum -y update # yum -y install clamav
Da zarar an shigar, zaku iya sabunta sa hannu kuma ku duba kundin adireshi tare da umarni masu zuwa.
# freshclam # clamscan -r -i DIRECTORY
Inda DIRECTORY shine wurin da za a duba. Zaɓuɓɓukan -r, na nufin yin bincike akai-akai kuma -i na nufin kawai nuna fayilolin da suka kamu da cutar.
5. LMD – Linux Malware Ganewa
LMD (Linux Malware Detect) buɗaɗɗen tushe ne, mai ƙarfi da cikakken fasalin na'urar daukar hotan takardu don Linux musamman ƙira da niyya a wuraren da aka raba, amma ana iya amfani da ita don gano barazanar akan kowane tsarin Linux. Ana iya haɗa shi tare da injin na'urar daukar hotan takardu na ClamAV don ingantaccen aiki.
Yana ba da cikakken tsarin rahoto don duba sakamakon binciken na yanzu da na baya, yana goyan bayan rahoton faɗakarwar imel bayan kowane aiwatar da binciken da sauran abubuwa masu amfani.
Don shigarwa da amfani da LMD, karanta labarinmu Yadda ake Shigarwa da Amfani da Linux Malware Detect (LMD) tare da ClamAV azaman Injin Antivirus.
Wannan ke nan a yanzu! A cikin wannan labarin, mun raba jerin kayan aikin 5 don bincika uwar garken Linux don malware da rootkits. Bari mu san ra'ayoyin ku a cikin sashin sharhi.