Linux服务器被黑以后的详细处理步骤

2024-08-28 00:02:01

字体：大中小

来源：转载

供稿：网友

随着开源产品的越来越盛行，作为一个Linux运维工程师，能够清晰地鉴别异常机器是否已经被入侵了显得至关重要，个人结合自己的工作经历，整理了几种常见的机器被黑情况供参考

背景信息：以下情况是在CentOS 6.9的系统中查看的，其它Linux发行版类似

1.入侵者可能会删除机器的日志信息，可以查看日志信息是否还存在或者是否被清空，相关命令示例：

[<a href="/cdn-cgi/l/email-protection" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" data-cfemail="98eaf7f7ecd8f0f4f5fbfdf6aea1f6ab">[email protected]</a> ~]# ll -h /var/log/*-rw-------. 1 root root 2.6K Jul 7 18:31 /var/log/anaconda.ifcfg.log-rw-------. 1 root root 23K Jul 7 18:31 /var/log/anaconda.log-rw-------. 1 root root 26K Jul 7 18:31 /var/log/anaconda.program.log-rw-------. 1 root root 63K Jul 7 18:31 /var/log/anaconda.storage.log[<a href="/cdn-cgi/l/email-protection" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" data-cfemail="493b26263d092125242a2c277f70277a">[email protected]</a> ~]# du -sh /var/log/*8.0K /var/log/anaconda4.0K /var/log/anaconda.ifcfg.log24K /var/log/anaconda.log28K /var/log/anaconda.program.log64K /var/log/anaconda.storage.log

2.入侵者可能创建一个新的存放用户名及密码文件，可以查看/etc/passwd及/etc/shadow文件，相关命令示例：

[<a href="/cdn-cgi/l/email-protection" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" data-cfemail="80f2efeff4c0e8ecede3e5eeb6b9eeb3">[email protected]</a> ~]# ll /etc/pass*-rw-r--r--. 1 root root 1373 Sep 15 11:36 /etc/passwd-rw-r--r--. 1 root root 1373 Sep 15 11:36 /etc/passwd-[<a href="/cdn-cgi/l/email-protection" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" data-cfemail="c8baa7a7bc88a0a4a5abada6fef1a6fb">[email protected]</a> ~]# ll /etc/sha*----------. 1 root root 816 Sep 15 11:36 /etc/shadow----------. 1 root root 718 Sep 15 11:36 /etc/shadow-

上一篇：Android在linux下刷机教程

下一篇：Linux系列教程之虚拟机中安装Centos7.0