Tema: Re: Problema
Autorius: arulis
Data: 2010-10-15 14:20:03
taigi:

1. skyles - siuo atveju matyt php puslapiai . galima gal disable_functions
israsyti to ko tau tikrai nereikia  (exec visokius).  jeigu negali itakoti
puslapiu (pvz klientai hostinasi) 
2. /tmp/ ; /var/tmp mountinami noexec, nosuid flagais. jei /tmp bendram
kataloge, darai koki tmpfaila, ir ji mountini
3.firewallas
4. kitos priemones is kernelio puses - Apparmor pas SUSE, Selinux
Redhate/centose




arulis wrote:

> tai vat sitas shudas /var/tmp/vi.recover/sshd
> 
> ir yra tavo zombis/trojanas ar kaip pavadinsi. o jo pavadinimas sshd - tik
> klaidinimas.  jei tai ELF binary failas ne koks perlo skriptas, tai chrien
> zino ka jis ten daro.
> 
> paprastai patenkama per visokius php bugovus saitus.
> problemos nepasalinsi taip tik istrynes ir perkroves serveri, vel ikis tau
> ja. reikia iskoti skyliu.
> 
> 
> 
> Idomu wrote:
> 
>> Na va "Aruli"
>>> ls -l /proc/9858/exe
>> lrwxrwxrwx  1 apache apache 0 Oct 15 12:58 /proc/9858/exe ->
>> /var/tmp/vi.recover/sshd:
>> bet cia susikuria faila, kai bando jungtis, taip juk ir turi buti mano
>> nuomone...?"arulis" <aruliss@gmail.com> wrote in message
>> news:i995d5$9bt$1@trimpas.omnitel.net...> na pvz
>>> ls -l /proc/2761/exe
>>> lrwxrwxrwx 1 root root 0 2010-10-15 12:33 /proc/2761/exe ->
>>> /sbin/mingetty
>>>
>>>
>>> gali buti kad failas paleistas, o jo pacio jau nebera (istrintas), bet
>>> linka
>>> turi rodyti (bus deleted uzrasas)
>>>
>>> taip pat cwd linkas, is kurios dir paleista pamatysi
>>>
>>>
>>>
>>>
>>>
>>> Idomu wrote:
>>>
>>>> na uzejau i /proc ten susiradau pagal 27784 ir matau exe stoviu, o
>>>> linko negaliu paziureti, nes ssh neveikia, cia is serveriai.lt per
>>>> webmina ziuriu file manager ir command shell, tik jei naudojuosi, o ssh
>>>> netinka slaptazodis, tai nezinau kaip linka paziureti..... :(
>>>> o /tmp nestovi sshd zinok.. cia tik .ICE-unix ir .webmin....
>>>> pasiklydes as problemos issprendime, gal Jus "Aruli" galite dar kazka
>>>> man galite pagelbeti...?
>>>>
>>>> "arulis" <aruliss@gmail.com> wrote in message
>>>> news:i994iu$7uq$1@trimpas.omnitel.net...
>>>>> arulis wrote:
>>>>>
>>>>>>> tcp 0 1 www.xxx.xxx:42836 www.irrp.org.ua:ircd
>>>>>>> SYN_SENT 20227/sshd:
>>>>>
>>>>> eini i /proc/20227 - ten ieskai koks linkas veda i "exe" ,  kas cia
>>>>> per sshd - greiciausiai koks skriptas paleistas per apachiu . sshd cia
>>>>> matyt neprieko , bus koks /tmp/sshd pakistas per apachiu .
>>>>>
>>>>>
>>>
3Dastronomyagricultureaudioautosautos.audiautos.audioautos.binariesautos.bmwautos.clubautos.fordautos.hondacrxautos.japanautos.mercedesautos.opelautos.sportautos.volvoautos.vwaviaavia.binariesbankcardsbinariesbooksbuildingcinemacommercecomp.hardwarecomp.softwarecomp.lietuvinimascomp.networksculturedarbas.ieskaudarbas.siulaudesigneconomicselectronicsfaunafauna.aquafauna.binariesfishingflorafotofoto.binariesgamesgames.csgames.onlinegsmgurmanaihumourhumour.binariesinternetlawmicrosoftmotomusicmusic.binariesmusic.instrumentsmusic.LT.binariesnavigacijaphppoliticsprogrammingrpgsportstudyingsveikatatalktesttranslationtransportationtraveltravel.binariestvunixvideovideo.binarieswatersportswwwwww.flashpdaautos.supermama.ltmobiledarbasretro.3Dretro.agricultureretro.astronomyretro.audioretro.autosretro.autos.audiretro.autos.audioretro.autos.binariesretro.autos.bmwretro.autos.clubretro.autos.fordretro.autos.hondacrxretro.autos.japanretro.autos.mercedesretro.autos.opelretro.autos.sportretro.autos.supermamaretro.autos.supermama.ltretro.autos.volvoretro.autos.vwretro.aviaretro.avia.binariesretro.bankcardsretro.beosretro.binariesretro.booksretro.buildingretro.cinemaretro.commerceretro.compretro.comp.hardwareretro.comp.lietuvinimasretro.comp.networksretro.comp.softwareretro.cultureretro.darbasretro.darbas.ieskauretro.darbas.siulauretro.designretro.economicsretro.electronicsretro.e-vejasretro.faunaretro.fauna.aquaretro.fauna.binariesretro.fishingretro.floraretro.fotoretro.foto.binariesretro.gamesretro.games.csretro.games.onlineretro.games.rpgretro.genealogijaretro.gsmretro.gurmanairetro.humourretro.humour.binariesretro.internetretro.YZFretro.YZF.nebukretro.YZF.nebuk.netikintisretro.YZF.nebuk.netikintis.bukretro.YZF.nebuk.netikintis.buk.tikintisretro.lawretro.microsoftretro.mobileretro.motoretro.musicretro.music.binariesretro.music.instrumentsretro.music.LTretro.music.LT.binariesretro.navigacijaretro.newsretro.news.taisyklesretro.newuserretro.pdaretro.phpretro.politicsretro.programmingretro.rpgretro.sportretro.studyingretro.sveikataretro.talkretro.translationretro.transportationretro.travelretro.travel.binariesretro.tvretro.unixretro.videoretro.video.binariesretro.watersportsretro.wwwretro.www.flashdiylt.rkm.news.announcelt.rkm.news.newuser
+bsd: dovanelemix2010-11-22 21:05
+file securitymykolas2010-11-22 19:20
+Xen triukasbertas2010-11-21 20:05
+LINUX ir Bites VMC. Padekit laimetinews-omni2010-11-19 20:56
+VirtualizacijaLiu2010-11-19 01:01
+HDD ERR UNCVilius Jakas2010-11-18 19:10
+Bacula ir TS2900lingus2010-11-17 12:58
+Q: .htaccessbambukas2010-11-17 12:56
+openvzatlaikes antanas2010-11-11 23:04
dell vostro 1500 ir vidinis IRDAhangover2010-11-09 23:34
+Interneto srauto stebejimasccc2010-11-09 10:27
+mceditGiedrius2010-11-05 17:48
+Failų apsauga nuo kopijavimoFlycat2010-11-05 10:23
+hosting control panelmix2010-11-04 09:23
+ext4 suformatuotos particijos atstatymasvytjon2010-11-02 13:31
+Web serveris ir rašymo teisės į diskąbullka2010-11-02 10:36
+debian raid installerisandrws2010-10-27 18:12
+Priėjimo kontrolėHyperlink2010-10-26 12:38
+Nelabai unix, bet : ar yra normalus ext3 supportas po windowsais?meska2010-10-22 09:00
Iceweasel + lietuvybėSigun2010-10-20 14:43
+Ubuntu 10.10 Netbook editionVasaris2010-10-15 21:29
-Problemapaprastas2010-10-14 21:46
Re: ProblemaDidzkis2010-10-18 14:26
Re: ProblemaIdomu2010-10-21 12:35
Re: Problemapaprastas2010-10-14 22:05
Re: ProblemaDidzkis2010-10-15 09:28
Re: Problemaarulis2010-10-15 09:43
Re: Problemabertas2010-10-15 10:25
Re: ProblemaDunduk@s2010-10-15 10:42
Re: ProblemaIdomu2010-10-15 10:49
Re: ProblemaDunduk@s2010-10-15 10:59
Re: ProblemaIdomu2010-10-15 11:12
Re: ProblemaIdomu2010-10-15 10:37
Re: ProblemaNicMC2010-10-17 23:19
Re: ProblemaDidzkis2010-10-15 14:36
Re: Problemaejs2010-10-15 13:02
Re: ProblemaIdomu2010-10-15 13:07
Re: ProblemaTadas2010-10-15 18:06
Re: Problemaejs2010-10-15 13:24
Re: Problemanews-omni2010-10-15 12:11
Re: Problemaarulis2010-10-15 14:12
Re: Problemaejs2010-10-15 12:45
Re: ProblemaIdomu2010-10-15 12:53
Re: ProblemaDidzkis2010-10-15 14:44
Re: Problemaarulis2010-10-15 10:57
Re: Problemaarulis2010-10-15 11:49
Re: ProblemaIdomu2010-10-15 11:58
Re: Problemaarulis2010-10-15 12:03
Re: ProblemaIdomu2010-10-15 13:00
Re: Problemaarulis2010-10-15 14:00
Re: Problemaarulis2010-10-15 14:20
Re: Problemaejs2010-10-15 14:25
Re: Problemaarulis2010-10-15 14:35
Re: Problemaejs2010-10-15 14:45
Re: Problemaarulis2010-10-15 14:55
Re: Problemaejs2010-10-15 13:03
Re: ProblemaIdomu2010-10-15 11:02
Re: ProblemaBilibobas2010-10-15 11:15
Re: ProblemaIdomu2010-10-15 11:26
Re: ProblemaBilibobas2010-10-15 11:31
Re: ProblemaIdomu2010-10-15 11:44
Re: ProblemaLevas2010-10-15 17:17
Re: ProblemaBilibobas2010-10-15 11:39
Re: Problemahangover2010-10-15 12:45
Re: ProblemaLevas2010-10-15 17:16
Re: ProblemaBilibobas2010-10-15 10:40
Re: ProblemaIdomu2010-10-15 10:45
Re: Problemanews-omni2010-10-15 11:54
+Ubuntu 64 bitai ir vaizdasno2010-10-11 14:32
Dilma Roussefnão acredita em DEUS 74697Dilma Roussef2010-10-09 05:31
+Q: LINUX -> senam pc P3/256/8mgvideoJohn Smith2010-10-04 13:24
+gedit shortcut'asMaug Lee2010-10-02 14:30
+Q: freebsd timebambukas2010-09-30 12:01
+xbmc live cd problemadonisg2010-09-28 23:50
Rosetta Stone Language CDklwn2010-09-28 08:33
+tinklinio disko mountmonaxas2010-09-20 20:27
+blogai, portalai apie linux administravimamykolas2010-09-18 16:14
+xfce4 ir LTbambukas2010-09-15 08:14
+Kaip nustatyt kas istrina failus serveryje?klausiu2010-09-13 10:59
+Mac OSX DVD kopijavimas i hdd per windowsm.k.2010-09-13 10:14
+smtp serveris namuosemykolas2010-09-12 12:03
+Linux perkelimas i esxiValierka2010-09-10 14:08
+Klausimas naujokoAlgirdas2010-09-08 13:48
+OT Linux distribucija....Mr.T2010-09-03 18:18
+Ubuntu 10.04 ekranasVitas2010-09-02 11:38
+Mokyklos intranetuiS.2010-09-01 17:50
+xfce rezoliucijabambukas2010-09-01 16:08
+Freebsd +assp, subject perasymo problemaRamunas A.2010-09-01 12:45
+FIREWALLIdomu2010-08-30 14:53
autocad electrical 2010 autodesk full download crack torrent j.couDo_ieecm2001 winols cpwin rapidshare torrent<ecm2001.winols@free-downloads.com>2010-08-25 23:45