Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

A small plan for emergency response of linux

2025-03-30 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Earlier, another customer said that his linux machine has the characteristics of a large number of active links and high CPU. Customer preliminary disposal: disconnected, offline, restart. I suggested a step to deal with them, and as a result, there was no more information.

The recommendations are as follows:

(0) View the history command and recently open the file.

(1) confirm the daily application of the server, application process name, file path, process open port.

(2) View active processes, process open files, memory string information, privileged users.

(3) View the network link, establish the link network situation, and monitor the network situation.

(4) check the user login situation, recent login log, login user name, login IP.

(5) check boot startup, the virus will often start itself in order to start the resident system multiple times.

(6) Planning task, a kind of self-starting technique, is more common in mining viruses.

(7) key directory troubleshooting, system tmp directory, var and other virus resident path under suspicious files troubleshooting.

(8) Open ports, check open ports to see if there are any abnormal ports, which are often used for virus communication.

(9) queries such as security log, system log and application log to find anomalies from log files.

(10) Export all files and use antivirus software to scan and kill them.

(11) use MD5 value comparison, compare the file export calculation hash with the normal system file hash, and check out the problematic files.

(12) Review applications and patches to see if vulnerabilities have caused server problems, and look for other possible traces.

(13) Audit account information, existing account situation, privileged account.

(14) rootkit check, some malicious code is not easy to be detected by hidden means such as process, so use rootkit check tool.

(14) detailed analysis of the abnormal samples after obtaining them.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: File situation log process virus port system application check login account user network link open information client server sample privilege vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Xiaomi Shulou Information Linux Redmi Shulou Technology Apple OPPO Reno vpn MySQL NVidia Microsoft Huawei Shulou Tech Info MariaDB macOS Docker Xiaomi Shulou Information Linux Redmi Shulou Technology Apple OPPO Reno vpn MySQL NVidia Microsoft Huawei Shulou Tech Info MariaDB macOS Docker

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report