1. 首頁
  2. 問答
  3. 如何理解看門狗日誌並修復問題?

如何理解看門狗日誌並修復問題?

2013-11-22 19 views
0

在我的plesk應用程序中,我開始了一個看門狗掃描,我收到了這個報告,但我無法理解它。你能幫我理解[沒有更新]和[警告]條目並解決它們嗎?我如何才能找到最後提到的可疑樹應用程序?如何理解看門狗日誌並修復問題?

我的系統是Debian的6.0.7,和Plesk 11.0.9:

[ Rootkit Hunter version 1.3.4 ] 

Checking rkhunter data files... 
Checking file mirrors.dat         [ No update ] 
Checking file programs_bad.dat        [ Updated ] 
Checking file backdoorports.dat       [ Updated ] 
Checking file suspscan.dat         [ Updated ] 
Checking file i18n/cn          [ No update ] 
Checking file i18n/de          [ Updated ] 
Checking file i18n/en          [ No update ] 
Checking file i18n/zh          [ No update ] 
Checking file i18n/zh.utf8         [ No update ] 
[ Rootkit Hunter version 1.3.4 ] 
File created: searched for 153 files, found 124 

Checking system commands... 

Performing 'strings' command checks 
Checking 'strings' command        [ OK ] 

Performing 'shared libraries' checks 
Checking for preloading variables      [ None found ] 
Checking for preload file        [ Not found ] 
Checking LD_LIBRARY_PATH variable      [ Not found ] 

Performing file properties checks 
Checking for prerequisites        [ Warning ] 
/bin/bash            [ OK ] 
/bin/cat             [ OK ] 
/bin/chmod            [ OK ] 
/bin/chown            [ OK ] 
/bin/cp             [ OK ] 
/bin/date            [ OK ] 
/bin/df             [ OK ] 
/bin/dmesg            [ OK ] 
/bin/echo            [ OK ] 
/bin/egrep            [ OK ] 
/bin/fgrep            [ OK ] 
/bin/fuser            [ OK ] 
/bin/grep            [ OK ] 
/bin/ip             [ OK ] 
/bin/kill            [ OK ] 
/bin/less            [ OK ] 
/bin/login            [ OK ] 
/bin/ls             [ OK ] 
/bin/lsmod            [ OK ] 
/bin/mktemp            [ OK ] 
/bin/more            [ OK ] 
/bin/mount            [ OK ] 
/bin/mv             [ OK ] 
/bin/netstat            [ OK ] 
/bin/ps             [ OK ] 
/bin/pwd             [ OK ] 
/bin/readlink           [ OK ] 
/bin/sed             [ OK ] 
/bin/sh             [ OK ] 
/bin/su             [ OK ] 
/bin/touch            [ OK ] 
/bin/uname            [ OK ] 
/bin/which            [ OK ] 
/bin/dash            [ OK ] 
/usr/bin/awk            [ OK ] 
/usr/bin/basename          [ OK ] 
/usr/bin/chattr           [ OK ] 
/usr/bin/curl           [ OK ] 
/usr/bin/cut            [ OK ] 
/usr/bin/diff           [ OK ] 
/usr/bin/dirname           [ OK ] 
/usr/bin/dpkg           [ OK ] 
/usr/bin/dpkg-query          [ OK ] 
/usr/bin/du            [ OK ] 
/usr/bin/env            [ OK ] 
/usr/bin/file           [ OK ] 
/usr/bin/find           [ OK ] 
/usr/bin/GET            [ OK ] 
/usr/bin/groups           [ OK ] 
/usr/bin/head           [ OK ] 
/usr/bin/id            [ OK ] 
/usr/bin/killall           [ OK ] 
/usr/bin/last           [ OK ] 
/usr/bin/lastlog           [ OK ] 
/usr/bin/ldd            [ OK ] 
/usr/bin/less           [ OK ] 
/usr/bin/locate           [ OK ] 
/usr/bin/logger           [ OK ] 
/usr/bin/lsattr           [ OK ] 
/usr/bin/lsof           [ OK ] 
/usr/bin/mail           [ OK ] 
/usr/bin/md5sum           [ OK ] 
/usr/bin/mlocate           [ OK ] 
/usr/bin/newgrp           [ OK ] 
/usr/bin/passwd           [ OK ] 
/usr/bin/perl           [ OK ] 
/usr/bin/pstree           [ OK ] 
/usr/bin/runcon           [ OK ] 
/usr/bin/sha1sum           [ OK ] 
/usr/bin/size           [ OK ] 
/usr/bin/sort           [ OK ] 
/usr/bin/stat           [ OK ] 
/usr/bin/strings           [ OK ] 
/usr/bin/tail           [ OK ] 
/usr/bin/test           [ OK ] 
/usr/bin/top            [ OK ] 
/usr/bin/touch           [ OK ] 
/usr/bin/tr            [ OK ] 
/usr/bin/uniq           [ OK ] 
/usr/bin/users           [ OK ] 
/usr/bin/vmstat           [ OK ] 
/usr/bin/w            [ OK ] 
/usr/bin/watch           [ OK ] 
/usr/bin/wc            [ OK ] 
/usr/bin/wget           [ OK ] 
/usr/bin/whatis           [ OK ] 
/usr/bin/whereis           [ OK ] 
/usr/bin/which           [ OK ] 
/usr/bin/who            [ OK ] 
/usr/bin/whoami           [ OK ] 
/usr/bin/gawk           [ OK ] 
/usr/bin/lwp-request          [ OK ] 
/usr/bin/bsd-mailx          [ OK ] 
/usr/bin/w.procps          [ OK ] 
/sbin/depmod            [ OK ] 
/sbin/ifconfig           [ OK ] 
/sbin/ifdown            [ OK ] 
/sbin/ifup            [ OK ] 
/sbin/init            [ OK ] 
/sbin/insmod            [ OK ] 
/sbin/ip             [ OK ] 
/sbin/lsmod            [ OK ] 
/sbin/modinfo           [ OK ] 
/sbin/modprobe           [ OK ] 
/sbin/rmmod            [ OK ] 
/sbin/runlevel           [ OK ] 
/sbin/sulogin           [ OK ] 
/sbin/sysctl            [ OK ] 
/usr/sbin/adduser          [ OK ] 
/usr/sbin/chroot           [ OK ] 
/usr/sbin/cron           [ OK ] 
/usr/sbin/groupadd          [ OK ] 
/usr/sbin/groupdel          [ OK ] 
/usr/sbin/groupmod          [ OK ] 
/usr/sbin/grpck           [ OK ] 
/usr/sbin/nologin          [ OK ] 
/usr/sbin/pwck           [ OK ] 
/usr/sbin/rsyslogd          [ OK ] 
/usr/sbin/tcpd           [ OK ] 
/usr/sbin/useradd          [ OK ] 
/usr/sbin/userdel          [ OK ] 
/usr/sbin/usermod          [ OK ] 
/usr/sbin/vipw           [ OK ] 
/usr/sbin/xinetd           [ OK ] 

Checking for rootkits... 

Performing check of known rootkit files and directories 
55808 Trojan - Variant A         [ Not found ] 
ADM Worm             [ Not found ] 
AjaKit Rootkit           [ Not found ] 
aPa Kit             [ Not found ] 
Apache Worm            [ Not found ] 
Ambient (ark) Rootkit         [ Not found ] 
Balaur Rootkit           [ Not found ] 
BeastKit Rootkit           [ Not found ] 
beX2 Rootkit            [ Not found ] 
BOBKit Rootkit           [ Not found ] 
CiNIK Worm (Slapper.B variant)       [ Not found ] 
Danny-Boy's Abuse Kit         [ Not found ] 
Devil RootKit           [ Not found ] 
Dica-Kit Rootkit           [ Not found ] 
Dreams Rootkit           [ Not found ] 
Duarawkz Rootkit           [ Not found ] 
Enye LKM             [ Not found ] 
Flea Linux Rootkit          [ Not found ] 
FreeBSD Rootkit           [ Not found ] 
Fuck`it Rootkit           [ Not found ] 
GasKit Rootkit           [ Not found ] 
Heroin LKM            [ Not found ] 
HjC Kit             [ Not found ] 
ignoKit Rootkit           [ Not found ] 
ImperalsS-FBRK Rootkit         [ Not found ] 
IntoXonia-NG Rootkit          [ Not found ] 
Irix Rootkit            [ Not found ] 
Kitko Rootkit           [ Not found ] 
Knark Rootkit           [ Not found ] 
Li0n Worm            [ Not found ] 
Lockit/LJK2 Rootkit         [ Not found ] 
Mood-NT Rootkit           [ Not found ] 
MRK Rootkit            [ Not found ] 
Ni0 Rootkit            [ Not found ] 
Ohhara Rootkit           [ Not found ] 
Optic Kit (Tux) Worm          [ Not found ] 
Oz Rootkit            [ Not found ] 
Phalanx Rootkit           [ Not found ] 
Phalanx Rootkit (strings)        [ Not found ] 
Phalanx2 Rootkit           [ Not found ] 
Phalanx2 Rootkit (extended tests)      [ Not found ] 
Portacelo Rootkit          [ Not found ] 
R3dstorm Toolkit           [ Not found ] 
RH-Sharpe's Rootkit          [ Not found ] 
RSHA's Rootkit           [ Not found ] 
Scalper Worm            [ Not found ] 
Sebek LKM            [ Not found ] 
Shutdown Rootkit           [ Not found ] 
SHV4 Rootkit            [ Not found ] 
SHV5 Rootkit            [ Not found ] 
Sin Rootkit            [ Not found ] 
Slapper Worm            [ Not found ] 
Sneakin Rootkit           [ Not found ] 
Suckit Rootkit           [ Not found ] 
SunOS Rootkit           [ Not found ] 
SunOS/NSDAP Rootkit         [ Not found ] 
Superkit Rootkit           [ Not found ] 
TBD (Telnet BackDoor)         [ Not found ] 
TeLeKiT Rootkit           [ Not found ] 
T0rn Rootkit            [ Not found ] 
Trojanit Kit            [ Not found ] 
Tuxtendo Rootkit           [ Not found ] 
URK Rootkit            [ Not found ] 
Vampire Rootkit           [ Not found ] 
VcKit Rootkit           [ Not found ] 
Volc Rootkit            [ Not found ] 
X-Org SunOS Rootkit          [ Not found ] 
zaRwT.KiT Rootkit          [ Not found ] 

Performing additional rootkit checks 
Suckit Rookit additional checks       [ OK ] 
Checking for possible rootkit files and directories  [ None found ] 
Checking for possible rootkit strings     [ None found ] 

Performing malware checks 
Checking running processes for suspicious files   [ None found ] 
Checking for login backdoors        [ None found ] 
Checking for suspicious directories      [ None found ] 
Checking for sniffer log files       [ None found ] 

Performing trojan specific checks 
Checking for enabled xinetd services      [ Warning ] 
Checking for Apache backdoor        [ Not found ] 

Performing Linux specific checks 
Checking loaded kernel modules       [ OK ] 
Checking kernel module names        [ OK ] 


    Checking the network... 

Performing check for backdoor ports 
Checking for TCP port 1524        [ Not found ] 
Checking for TCP port 1984        [ Not found ] 
Checking for UDP port 2001        [ Not found ] 
Checking for TCP port 2006        [ Not found ] 
Checking for TCP port 2128        [ Not found ] 
Checking for TCP port 6666        [ Not found ] 
Checking for TCP port 6667        [ Not found ] 
Checking for TCP port 6668        [ Not found ] 
Checking for TCP port 6669        [ Not found ] 
Checking for TCP port 7000        [ Not found ] 
Checking for TCP port 13000        [ Not found ] 
Checking for TCP port 14856        [ Not found ] 
Checking for TCP port 25000        [ Not found ] 
Checking for TCP port 29812        [ Not found ] 
Checking for TCP port 31337        [ Not found ] 
Checking for TCP port 32982        [ Not found ] 
Checking for TCP port 33369        [ Not found ] 
Checking for TCP port 47107        [ Not found ] 
Checking for TCP port 47018        [ Not found ] 
Checking for TCP port 60922        [ Not found ] 
Checking for TCP port 62883        [ Not found ] 
Checking for TCP port 65535        [ Not found ] 

Performing checks on the network interfaces 
Checking for promiscuous interfaces      [ None found ] 

Checking the local host... 

Performing system boot checks 
Checking for local host name        [ Found ] 
Checking for system startup files      [ Found ] 
Checking system startup files for malware    [ None found ] 

    Performing group and account checks 
Checking for passwd file         [ Found ] 
Checking for root equivalent (UID 0) accounts   [ None found ] 
Checking for passwordless accounts      [ None found ] 
Checking for passwd file changes       [ Warning ] 
Checking for group file changes       [ Warning ] 
Checking root account shell history files    [ OK ] 

Performing system configuration file checks 
Checking for SSH configuration file      [ Found ] 
Checking if SSH root access is allowed     [ Warning ] 
Checking if SSH protocol v1 is allowed     [ Not allowed ] 
Checking for running syslog daemon      [ Found ] 
Checking for syslog configuration file     [ Found ] 
Checking if syslog remote logging is allowed    [ Not allowed ] 

    Performing filesystem checks 
Checking /dev for suspicious file types     [ None found ] 
Checking for hidden files and directories    [ Warning ] 


    Checking application versions... 

Checking version of GnuPG        [ Warning ] 
Checking version of Bind DNS        [ OK ] 
Checking version of OpenSSL        [ Warning ] 
Checking version of PHP         [ OK ] 
Checking version of Procmail MTA       [ OK ] 
Checking version of ProFTPd        [ Skipped ] 
Checking version of OpenSSH        [ Warning ] 


System checks summary 
    ===================== 

    File properties checks... 
Required commands check failed 
Files checked: 124 
Suspect files: 0 

    Rootkit checks... 
Rootkits checked : 112 
Possible rootkits: 0 

    Applications checks... 
Applications checked: 7 
Suspect applications: 3 

    The system checks took: 36 seconds 



     One or more warnings have been found while checking the system. 
     Please check the log file (/var/log/***.log)

來源

2013-11-22 user1842136

回答

1

搜索關於rkhunter更多信息。閱讀手冊等幫助你瞭解它是如何工作的。 Plesk稱這個系統監督,但實際上它是rkhunter。

Rkhunter掃描文件並保存/記住它們的外觀。所以如果一個文件改變了,rkhunter會顯示一個警告。如果這個警告是正確的,由於更新或預期的改變,你將不得不告訴rkhunter文件已經被改變並且可以在這個狀態下被記住。因此,您可以運行rkhunter --propupd命令或類似命令:/ opt/psa/admin/bin/modules/watchdog/rkhunter --propupd。但請注意!只有當你確信你的系統是乾淨的時候纔給出這個命令。

一個很好的常見做法是在新的乾淨安裝上運行rkhunter --propupd。在更新之前運行rkhunter -c --rwo(僅報告警告)並檢查警告。運行更新,例如apt-get升級,然後再運行rkhunter --propupd。當然這需要時間和精力!

這三個版本的警告可能並不重要。 Debian不是快速升級/更新的發行版,因爲它們廣泛地進行審閱,因此也非常穩定和安全。根據rkhunter的說法,您經常會發現Debian系統上的版本已經過時。

來源

2014-03-20 21:51:10 Jeff

相關問題

 相關問題