Peter Rosa wrote on 23.3.2016 18:48: >> Copak ti vypise >> >>> ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System >>> clean" || echo "System infected"
> System infected OK. To's pustil presne ten prikaz, co ten chrootkit pousti sam, kdyz se pokousi detekovat infekci. Jak je videt, test predpoklada, ze ssh option -G nezna a da to najevo textem obsahujicim slovo 'illegal' nebo 'unknown'. Tvoje ssh -G takove slovo nepouzije a chrootkit ho proto povazuje za infikovany. >> ssh -G > usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] > [-D [bind_address:]port] [-E log_file] [-e escape_char] > [-F configfile] [-I pkcs11] [-i identity_file] [-L address] > [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] > [-Q query_option] [-R address] [-S ctl_path] [-W host:port] > [-w local_tun[:remote_tun]] [user@]hostname [command] A to je odpoved - ssh teto verze option -G zna, tudiz ho za nespravny/neznamy option nepovazuje, ergo nevypisuje ocekavany test. Test, v te podobe v jake ho chrootkit provadi nelze s touto verzi ssh pouzit. Varovani chrootkitu o infekci neni podlozene. Asi nemusim vysvetlovat, ze dukaz nespravneho testu a nepodlozeneho varovani nelze zamemovat za dukaz, ze system neni necim infikovany Dan -- FreeBSD mailing list ([email protected]) http://www.freebsd.cz/listserv/listinfo/users-l
