http://www.hackerschool.org/HS_Boards/zboard.php?id=QNA_system&no=532 [º¹»ç]
[root@www bin]# nmap localhost
Starting Nmap 3.95 ( http://www.insecure.org/nmap/ ) at 2006-01-19 21:35 KST
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1640 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
1/tcp open tcpmux
11/tcp open systat
15/tcp open netstat
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
79/tcp open finger
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
119/tcp open nntp
143/tcp open imap
540/tcp open uucp
635/tcp open unknown
783/tcp open spamassassin
1080/tcp open socks
1524/tcp open ingreslock
2000/tcp open callbook
3306/tcp open mysql
6667/tcp open irc
8009/tcp open ajp13
8080/tcp open http-proxy
12345/tcp open NetBus
12346/tcp open NetBus
31337/tcp open Elite
32771/tcp open sometimes-rpc5
32772/tcp open sometimes-rpc7
32773/tcp open sometimes-rpc9
32774/tcp open sometimes-rpc11
54320/tcp open bo2k
Nmap finished: 1 IP address (1 host up) scanned in 0.116 seconds
===netbus,bo2k ÀÌ°Å ÇØÅ· °°Àºµ¥
[root@www rootcheck]# ./ossec-rootcheck -c rootcheck.conf
Starting rootcheck (http://www.ossec.net/rootcheck)
Be patient, it may take a few minutes to complete...
[OK]: No presence of public rootkits detected. Analized 206 files.
[FAILED]: Trojaned version of file '/usr/sbin/tcpd' detected. Signature used: 'bash|^/bin/sh|proc\.h|p1r0c4|hack|/dev/'
[OK]: No problem detected on the /dev directory. Analized 18497 files
[OK]: No problem found on the system. Analized 66477 files.
[OK]: No hidden process by Kernel-level rootkits.
/bin/ps is not trojaned. Analized 32768 processes.
[OK]: No kernel-level rootkit hiding any port.
Netstat is acting correctly. Analized 131072 ports.
[OK]: No problem detected on ifconfig/ifs. Analized 3 interfaces.
rootchechk ½ÇÇà °á°úÀε¥
ÀÌÇØ°¡ ¾È°¡³×¿ä
iptables ¿¡¼ INPUT ±âº»Á¤Ã¥À» DROP À¸·Î Çسù°í,
portsentry °¡µ¿Áß ÀÔ´Ï´Ù.
portsentry.conf ¿¡¼ 12345,6, 54320 Æ÷Æ®¸¦ Áö¿ì¸é netbus,bo2k °¡ ¾ø¾îÁö°í
/usr/sbin/tcpd ÆÄÀÏÀ» »èÁ¦ÇÏ°í ´Ù¸¥ »õ ÆÄÀÏ·Î ´ëüÇصµ rootcheck °á°ú´Â
º¯ÇÔÀÌ ¾ø½À´Ï´Ù.root ºñ¹øµµ º¯°æ Çß½À´Ï´Ù.
ÀÌ°Å ¾î¶»°Ô ÇØ°á ÇØ¾ß ÇÏ´ÂÁö Áöµµ ¹Ù¶ø´Ï´Ù. |
Hit : 4228 Date : 2006/01/20 02:57
|