Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

A small plan for emergency response of linux

2025-03-30 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Earlier, another customer said that his linux machine has the characteristics of a large number of active links and high CPU. Customer preliminary disposal: disconnected, offline, restart. I suggested a step to deal with them, and as a result, there was no more information.

The recommendations are as follows:

(0) View the history command and recently open the file.

(1) confirm the daily application of the server, application process name, file path, process open port.

(2) View active processes, process open files, memory string information, privileged users.

(3) View the network link, establish the link network situation, and monitor the network situation.

(4) check the user login situation, recent login log, login user name, login IP.

(5) check boot startup, the virus will often start itself in order to start the resident system multiple times.

(6) Planning task, a kind of self-starting technique, is more common in mining viruses.

(7) key directory troubleshooting, system tmp directory, var and other virus resident path under suspicious files troubleshooting.

(8) Open ports, check open ports to see if there are any abnormal ports, which are often used for virus communication.

(9) queries such as security log, system log and application log to find anomalies from log files.

(10) Export all files and use antivirus software to scan and kill them.

(11) use MD5 value comparison, compare the file export calculation hash with the normal system file hash, and check out the problematic files.

(12) Review applications and patches to see if vulnerabilities have caused server problems, and look for other possible traces.

(13) Audit account information, existing account situation, privileged account.

(14) rootkit check, some malicious code is not easy to be detected by hidden means such as process, so use rootkit check tool.

(14) detailed analysis of the abnormal samples after obtaining them.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report