怀疑是rootkit,以前ssh密码太弱中过招,把我的grep, ls, top, md5sum, pstree, netstat, ps 这些查看系统状态的bin都替换了
2015-07-28 22:37 GMT+08:00 Ray Song <[email protected]>: > 方便的话找几个静态链接的程序供下载吧 > > On 2015-07-28, Charlie Brown wrote: > >> 实验室有个机器坏了,他们怀疑是被黑了,因为ip访问有从埃及来用git登录的。可以认为0防护,而且密码超简单。 >> >> 那个机器,动态链接的程序都可以执行,静态链接的全挂了(我试了df, >> grep。通过ldd确认是静态链接的)(他图形界面都能起来,动态链接的应该都没问题)。 >> >> 当然,也有可能是有选择性地毁坏了一些binary。不过bash可以起(是动态链接的),我觉得要黑应该把bash也挂掉吧。 >> ----------------------------比如readelf -a >> grep------------------------------------ >> readelf: Error: Section headers are not available! >> >> ------------------------------------------------------------------------------------------- >> >> 有人见过类似的事情吗? >> >> Sincerely, >> 王文鑫 >> Wenxin Wang >> Department of Electronic Engineering, >> Tsinghua University, >> Beijing 100084, P. R. China >> (+86)18811369901 >> Email:[email protected] >> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "TUNA 主邮件列表" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > 宋方睿 (SONG Fangrui) > Website: http://maskray.me > > -- > > --- You received this message because you are subscribed to the Google > Groups "TUNA 主邮件列表" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "TUNA 主邮件列表" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
