백도어가 검출되었다고 합니다. 처리를 어떻게 ...
작성자 정보
- 문종남 작성
- 작성일
컨텐츠 정보
- 1,837 조회
- 0 추천
- 목록
본문
슈퍼유저에서 무료제공하는 서버 관리 프로그램을 사용하고 있습니다.
어제 부터 제 root 메일로 아래와 같은 보고 사항이 접수가 되었습니다.
아직 초보라 어떻게 대처를 해야 할련지 난감하네요.
아시는 분 좀 알려주시기 바랍니다.
백도어 검출
-rwxr-xr-x 1 root root 20553 Apr 11 2002 /dev/MAKEDEV
-rwxr-xr-x 1 root root 20553 Apr 11 2002 /dev/MAKEDEV
-rw-r--r-- 1 root root 0 Mar 22 07:04 /dev/logs/tcp.log
-rw-r--r-- 1 root root 147 Feb 19 00:01 /dev/logs/.dos/em.txt
-rw-r--r-- 1 root root 708 Feb 19 00:01 /dev/logs/.dos/em.htm
-rw-r--r-- 1 root root 338 Feb 19 00:01 /dev/logs/.dos/em
-rw-r--r-- 1 root root 112 Feb 19 00:01 /dev/logs/.dos/file000.txt
-rw-r--r-- 1 root root 641 Feb 19 00:01 /dev/logs/.dos/file001.htm
-rwxr-xr-x 1 root root 15593 Feb 19 00:01 /dev/logs/.dos/bang
-rw-r--r-- 1 root root 281633 Feb 19 00:01 /dev/logs/.dos/bang.txt
-rwxr-xr-x 1 root root 17654 Mar 11 2003 /dev/logs/apache/scan
-rw-r--r-- 1 root root 0 Mar 23 02:49 /dev/logs/apache/ip
-rwxr-xr-x 1 root root 14272 Sep 20 2002 /dev/logs/apache/verify2
-rw-r--r-- 1 root root 4766 Mar 11 2003 /dev/logs/apache/scan.c
-rwxr-xr-x 1 root root 119648 Feb 25 2003 /dev/logs/apache/op
-rwxr-xr-x 1 root root 6008 Sep 20 2002 /dev/logs/apache/host2ip
-rwxr-xr-x 1 root root 3776 Sep 20 2002 /dev/logs/apache/numip
-rwxr-xr-x 1 root root 30656 Sep 20 2002 /dev/logs/apache/synscan
-rwxr-xr-x 1 root root 28295 Sep 20 2002 /dev/logs/apache/upscan
-rwxr-xr-x 1 root root 323 Apr 5 2003 /dev/logs/apache/probe
-rw-r--r-- 1 root root 2322 Mar 3 2000 /dev/logs/apache/ports.c
-rwxr-xr-x 1 root root 127912 Oct 5 2002 /dev/logs/apache/ssl3
-rwxr-xr-x 1 root root 17330 Aug 18 2002 /dev/logs/apache/scanA
-rwxr-xr-x 1 root root 36865 Mar 28 2003 /dev/logs/apache/a
-rwxr-xr-x 1 root root 55 Sep 20 2002 /dev/logs/apache/check
-rwxr-xr-x 1 root root 55 Oct 7 2002 /dev/logs/apache/probe.2
-rwxr-xr-x 1 root root 396 Oct 7 2002 /dev/logs/apache/test3
-rwxr-xr-x 1 root root 9196 Aug 18 2002 /dev/logs/apache/prob
-rwxr-xr-x 1 root root 184 Oct 7 2002 /dev/logs/apache/probe.3
-rwxr-xr-x 1 root root 23 Dec 3 2002 /dev/logs/apache/test
-rwxr-xr-x 1 root root 346 Mar 28 2003 /dev/logs/apache/probe.old
-rw-r--r-- 1 root root 8659 Apr 25 2003 /dev/logs/apache/ip2
-rwxr-xr-x 1 root root 737 Apr 5 2003 /dev/logs/apache/lpd
-rw-r--r-- 1 507 users 628 May 13 2004 /dev/logs/clean/ebay.php
-rw-r--r-- 1 507 users 724 Mar 31 2003 /dev/logs/clean/ini.inc
-rw-r--r-- 1 507 users 4504 Mar 23 23:17 /dev/logs/clean/test.txt
-rwxr-xr-x 1 507 users 291 Jun 16 2004 /dev/logs/clean/patchsend
-rw-r--r-- 1 root root 312277 Mar 24 00:45 /dev/logs/clean/list.txt
-rwxr-xr-x 1 root root 1634993 Mar 23 23:35 /dev/logs/clean/php
-rw-r--r-- 1 root root 155 Mar 22 07:04 /dev/ttyop
-rw-r--r-- 1 root root 32 Mar 22 07:04 /dev/ttyoa
-rw-r--r-- 1 root root 126 Mar 22 07:04 /dev/ttyof
-rw-r--r-- 1 root root 68 Mar 22 07:04 /dev/ttyos
-rwxr-xr-x 1 root root 16501 May 17 2002 /dev/killall
Root 소유 SetUid 추가 발견
07시 00분 : ** 수상한 프로세스 발견
0:00
TIME
** init.d 에 수상한 프로그램 발견
1368 syslog
1369 syslog
** rc.sysinit 에 수상한 프로그램 발견
wait
중요파일점검에 문제가 있습니다.
36692 /bin/ls
17992 /bin/mkdir
15560 /bin/mknod
44328 /bin/mv
30640 /bin/netstat
32756 /bin/ps
26344 /bin/rm
10888 /bin/rmdir
19116 /bin/su
24040 /bin/touch
46888 /bin/ls
17992 /bin/mkdir
15560 /bin/mknod
44328 /bin/mv
100173 /bin/netstat
63304 /bin/ps
26344 /bin/rm
10888 /bin/rmdir
19116 /bin/su
24040 /bin/touch
26920 /sbin/telinit
4 /sbin/telinit
55744 /usr/bin/find
62182 /usr/bin/find
220124 /usr/bin/ssh
34728 /usr/bin/top
8432 /usr/bin/w
185531 /usr/bin/wget
13896 /usr/bin/who
82812 /usr/sbin/lsof
529780 /usr/sbin/sendmail
114076 /bin/grep
4 /bin/awk
922303 /usr/bin/ssh
48856 /usr/bin/top
8432 /usr/bin/w
185531 /usr/bin/wget
13896 /usr/bin/who
82812 /usr/sbin/lsof
529780 /usr/sbin/sendmail
114076 /bin/grep
4 /bin/awk
관련자료
-
이전
-
다음
