服务器安全检查

gugong · 发表于 2003-1-28 14:10:53

http://twtelecom.dl.sourceforge.net/secheck/secheck-0.03.tgz

[root@gugonghcs root]# cat /etc/cron.daily/00-secheck
. /etc/sysconfig/i18n
. /etc/profile
. /root/.bashrc
todaysdate=`/bin/date '+%b %-d, %Y'`
PATH=/bin:/sbin:/usr/sbin:/usr/bin
# Please set this:
#MAIL=/path/to/your/'mail'.binary
mail=/bin/mail
#user=bram
user=root
/usr/local/etc/secheck/security.check | $mail -s "Nightly Security Check for  $todaysdate" $user > /dev/null

输出：

主题: Nightly Security Check for 1月 28, 2003

*** OPEN PORTS ***

sshd    541 root 3u  IPv4 1339    TCP *:ssh (LISTEN)
sendmail 564 root 4u  IPv4 1398    TCP *:smtp (LISTEN)
sendmail 564 root 5u  IPv4 1399    TCP *:submission (LISTEN)
privoxy 584 privoxy 3u  IPv4 1432    TCP localhost.localdomain:8118 (LISTEN)
miniserv.  723 root 3u  IPv4 1638    TCP *:37878 (LISTEN)
miniserv.  734 root 4u  IPv4 1691    TCP *:27878 (LISTEN)
X       753 root 1u  IPv4 1720    TCP *

11 (LISTEN)
gaim    941 root 14u  IPv4 11494    TCP *:32785 (LISTEN)
mysqld 2694 mysql 3u  IPv4 1146539    TCP *:mysql (LISTEN)
mysqld 2696 mysql 3u  IPv4 1146539    TCP *:mysql (LISTEN)
mysqld 2697 mysql 3u  IPv4 1146539    TCP *:mysql (LISTEN)

*** CURRENT USERS ***

10:38am  up  1:06,  4 users,  load average: 1.79, 2.02, 2.14
USER    TTY    FROM             LOGIN@ IDLE JCPU PCPU  WHAT
root    pts/0 -                9:34am 37.00s  0.52s  0.49s  -bash
root    pts/1 -                9:34am  1:03m  0.00s ?    -
root    pts/2 -             10:02am  2:50 1.58s  1.49s  ssh www
root    pts/3 -             10:29am  8:33 0.13s  0.13s  -bash

*** FREE DRIVE SPACE ***

Filesystem          Size  Used Avail Use% Mounted on
/dev/hda3          4.3G  3.9G  227M  95% /
/dev/hda7          4.8G  4.5G 83M  99% /mnt/Backup_RPM
/dev/hda1          2.7G  2.2G  588M  79% /mnt/dos-c
/dev/hda5          3.0G  1.5G  1.5G  49% /mnt/dos-d
/dev/hda6          3.4G  3.0G  468M  87% /mnt/dos-e
/dev/hda8          4.9G  4.6G  304M  94% /mnt/dos-f
/dev/hda9          5.0G  4.8G  182M  97% /mnt/Music_Play
/dev/hdc5          5.8G  5.2G  666M  89% /mnt/hdc5

*************************** BEGIN SECURITY *********************************************

*** Checking for users with UID of 0 ***

root

:0:0:root:/root:/bin/bash

*** Checking for passwordless acounts ***

ntp:!!:11962:0:99999:7:::
rpc:!!:11962:0:99999:7:::
vcsa:!!:11962:0:99999:7:::
nscd:!!:11962:0:99999:7:::
sshd:!!:11962:0:99999:7:::
rpm:!!:11962:0:99999:7:::
mailnull:!!:11962:0:99999:7:::
smmsp:!!:11962:0:99999:7:::
rpcuser:!!:11962:0:99999:7:::
nfsnobody:!!:11962:0:99999:7:::
pcap:!!:11962:0:99999:7:::
xfs:!!:11962:0:99999:7:::
named:!!:11962:0:99999:7:::
gdm:!!:11962:0:99999:7:::
desktop:!!:11962:0:99999:7:::
apache:!!:11962:0:99999:7:::
postfix:!!:11962:0:99999:7:::
squid:!!:11962:0:99999:7:::
webalizer:!!:11962:0:99999:7:::
mailman:!!:11962:0:99999:7:::
mysql:!!:11962:0:99999:7:::
netdump:!!:11962:0:99999:7:::
ldap:!!:11962:0:99999:7:::
ident:!!:11962:0:99999:7:::
privoxy:!!:11962:0:99999:7:::
pvm:!!:11962:0:99999:7:::
radvd:!!:11962:0:99999:7:::
gnunet:!!:12044::::::

*** Show system processes ***

USER    PID %CPU %MEM VSZ  RSS TTY    STAT START TIME COMMAND
root       1  0.1  0.1  1336  440 ?       S 09:32 0:05 init HOME=/ TERM=linux BOOT_IMAGE=linux
root       2  0.0  0.0    0 0 ?       SW 09:32 0:00 [keventd]
root       3  0.0  0.0    0 0 ?       SW 09:32 0:00 [kapmd]
root       4  0.0  0.0    0 0 ?       SWN  09:32 0:00 [ksoftirqd_CPU0]
root       5  0.0  0.0    0 0 ?       SW 09:32 0:00 [kswapd]
root       6  0.0  0.0    0 0 ?       SW 09:32 0:00 [bdflush]
root       7  0.0  0.0    0 0 ?       SW 09:32 0:00 [kupdated]
root       8  0.0  0.0    0 0 ?       SW 09:32 0:00 [mdrecoveryd]
root       12  0.0  0.0    0 0 ?       SW 09:32 0:00 [kjournald]
root       64  0.0  0.0    0 0 ?       SW 09:32 0:00 [khubd]
root    158  0.0  0.0    0 0 ?       SW 09:32 0:00 [kjournald]
root    491  0.0  0.1  1400  504 ?       S 09:32 0:00 syslogd -m 0 PWD=/ CONSOLE=/dev/console PREVLEVEL=N runlevel=5 SHLVL=
root    495  0.0  0.1  1336  412 ?       S 09:32 0:00 klogd -x PWD=/ CONSOLE=/dev/console PREVLEVEL=N runlevel=5 SHLVL=2 pr
root    528  0.0  0.1  1328  416 ?       S 09:32 0:00 /usr/sbin/apmd -p 10 -w 5 -W -P /etc/sysconfig/apm-scripts/apmscript
root    541  0.0  0.3  3276 1280 ?       S 09:32 0:00 /usr/sbin/sshd PWD=/ CONSOLE=/dev/console PREVLEVEL=N runlevel=5 SHLV
root    564  0.0  0.4  5596 1852 ?       S 09:32 0:00 sendmail: accepting connections ons
smmsp    574  0.0  0.4  4856 1640 ?       S 09:32 0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue ol/client
privoxy 584  0.0  0.1  1968  552 ?       S 09:32 0:00 /usr/sbin/privoxy --user privoxy privoxy --pidfile /var/run/privoxy.p
root    593  0.0  0.0  1372  372 ?       S 09:32 0:00 gpm -t imps2 -m /dev/mouse PWD=/ CONSOLE=/dev/console PREVLEVEL=N run
root    618  0.0  0.1  1512  572 ?       S 09:32 0:00 crond PWD=/ CONSOLE=/dev/console PREVLEVEL=N runlevel=5 SHLVL=2 previ
xfs       675  0.2  1.1 17420 4232 ?       S 09:32 0:10 xfs -droppriv -daemon PWD=/ CONSOLE=/dev/console PREVLEVEL=N runlevel
root    684  0.0  0.1  1404  636 ?       SN 09:32 0:00 anacron -s PWD=/ CONSOLE=/dev/console PREVLEVEL=N runlevel=5 SHLVL=2
daemon    693  0.0  0.1  1368  496 ?       S 09:32 0:00 /usr/sbin/atd PWD=/ CONSOLE=/dev/console PREVLEVEL=N runlevel=5 SHLVL
root    704  0.0  0.1  1724  656 ?       S 09:32 0:00 /usr/bin/portmon -d -c /etc/portmon.conf PWD=/ CONSOLE=/dev/console P
root    723  0.0  0.5  5576 2052 ?       S 09:32 0:00 /usr/bin/perl /usr/libexec/usermin/miniserv.pl /etc/usermin/miniserv.
root    734  0.0  0.5  6184 2156 ?       S 09:32 0:00 /usr/bin/perl /usr/libexec/webmin/miniserv.pl /etc/webmin/miniserv.co
root    739  0.0  0.0  1316  352 tty1    S 09:32 0:00 /sbin/mingetty tty1 HOME=/ TERM=linux BOOT_IMAGE=linux PATH=/usr/loca
root    740  0.0  0.0  1316  352 tty2    S 09:32 0:00 /sbin/mingetty tty2 HOME=/ TERM=linux BOOT_IMAGE=linux PATH=/usr/loca
root    741  0.0  0.0  1316  352 tty3    S 09:32 0:00 /sbin/mingetty tty3 HOME=/ TERM=linux BOOT_IMAGE=linux PATH=/usr/loca
root    742  0.0  0.0  1316  352 tty4    S 09:32 0:00 /sbin/mingetty tty4 HOME=/ TERM=linux BOOT_IMAGE=linux PATH=/usr/loca
root    743  0.0  0.0  1316  352 tty5    S 09:32 0:00 /sbin/mingetty tty5 HOME=/ TERM=linux BOOT_IMAGE=linux PATH=/usr/loca
root    744  0.0  0.0  1316  352 tty6    S 09:32 0:00 /sbin/mingetty tty6 HOME=/ TERM=linux BOOT_IMAGE=linux PATH=/usr/loca
root    745  0.0  0.1  2420  476 ?       S 09:32 0:00 /usr/bin/kdm -nodaemon PWD=/ CONSOLE=/dev/console PREVLEVEL=N LANGUAG
root    753 11.6 10.4 96064 40220 ?    S< 09:32 7:35 /usr/X11R6/bin/X -auth /var/run/xauth/A:0-mrXVQn PWD=/ CONSOLE=/dev/c
root    754  0.0  0.2  3296  812 ?       S 09:32 0:00 -:0                   PWD=/ CONSOLE=/dev/console PREVLEVEL=N LANGUAG
root    776  0.0  0.2  5064  840 ?       S 09:33 0:00 /bin/sh /usr/bin/startkde PWD=/root HOSTNAME=gugonghcs.fruitron.com.c
root    838  0.0  0.0  1348  236 ?       S 09:33 0:00 /usr/bin/kpengine /usr/lib/ZWinPro/hzgb.dat PWD=/root LANGUAGE=zh_CN.
root    846  0.0  0.2  2916  896 ?       S 09:33 0:00 /usr/bin/ssh-agent /usr/share/apps/switchdesk/Xclients.kde PWD=/root
root    857  0.0  0.7 10180 2796 ?       S 09:33 0:03 chinput PWD=/root LANGUAGE=zh_CN.GB18030:zh_CN.GB2312:zh_CN USER=root
root    890  0.0  1.7 20400 6876 ?       S 09:33 0:00 kdeinit: Running...
root    893  0.0  1.8 23200 7200 ?       S 09:33 0:00 kdeinit: dcopserver --nosid d
root    896  0.0  2.1 24652 8232 ?       S 09:33 0:00 kdeinit: klauncher
root    898  0.0  2.5 35500 9808 ?       S 09:33 0:02 kdeinit: kded
root    909  2.9  1.0  7736 4016 ?       S 09:33 1:54 /usr/bin/artsd -F 10 -S 4096 -s 60 -m artsmessage -l 3 -f PWD=/root G
root    919  0.0  2.8 38648 11008 ?    S 09:33 0:02 kdeinit: knotify
root    920  0.0  0.0  1392  280 ?       S 09:33 0:00 kwrapper ksmserver --restore PWD=/root GS_LIB=/root/.kde/share/fonts
root    922  0.0  2.4 35296 9464 ?       S 09:33 0:00 kdeinit: ksmserver --restore re
root    923  0.5  3.1 37348 12140 ?    S 09:33 0:20 kdeinit: kwin
root    925  1.1  3.7 40128 14380 ?    S 09:33 0:45 kdeinit: kdesktop
root    927  1.0  3.9 39740 15148 ?    S 09:34 0:38 kdeinit: kicker
root    930  0.1  3.3 31180 13004 ?    S 09:34 0:05 /usr/bin/gnome-panel PWD=/root GS_LIB=/root/.kde/share/fonts HOSTNAME
root    931  3.5  3.5 75832 13620 ?    S 09:34 1:01 xmms PWD=/root GS_LIB=/root/.kde/share/fonts HOSTNAME=gugonghcs.fruit
root    932  0.0  0.8  9396 3360 ?       S 09:34 0:00 /usr/bin/LinPopUp -min PWD=/root GS_LIB=/root/.kde/share/fonts HOSTNA
root    933  0.0  0.3  3612 1484 ?       S 09:34 0:01 xnetload -interface eth0 PWD=/root GS_LIB=/root/.kde/share/fonts HOST
root    935  0.1  0.9  8272 3628 ?       S 09:34 0:05 rxvt -km gb -bg black -fg palegreen -ls -sl 10000 -name Gugong ---- ?
root    936  0.0  0.9  5520 3632 ?       S 09:34 0:01 wish8.0 /usr/bin/fr wish8.0 PWD=/root KDE_STARTUP_ENV=gugonghcs.fruit
root    938  0.0  0.6  7944 2596 ?       S 09:34 0:00 /usr/local/dic/stardic PWD=/root GS_LIB=/root/.kde/share/fonts HOSTNA
root    939  0.0  0.8  8944 3352 ?       S 09:34 0:00 /usr/bin/xnmap PWD=/root GS_LIB=/root/.kde/share/fonts HOSTNAME=gugon
root    940  2.5  2.4 19108 9424 ?       S 09:34 1:36 /usr/bin/gkrellm PWD=/root GS_LIB=/root/.kde/share/fonts HOSTNAME=gug
root    941  0.3  2.1 15540 8356 ?       S 09:34 0:11 gaim PWD=/root GS_LIB=/root/.kde/share/fonts HOSTNAME=gugonghcs.fruit
root    945  0.0  0.3  6168 1344 pts/0 S 09:34 0:00 -bash PWD=/root GS_LIB=/root/.kde/share/fonts HOSTNAME=gugonghcs.frui
root    961  0.0  1.1 11788 4428 ?       S 09:34 0:00 /opt/ymessenger/bin/ymessenger.bin PWD=/root KDE_STARTUP_ENV=gugonghc
root    1027  0.0  3.0 36168 11584 ?    S 09:34 0:00 kdeinit: kwrited
root    1028  0.0  1.0 12644 4200 ?       S 09:34 0:00 pam-panel-icon PWD=/root GS_LIB=/root/.kde/share/fonts HOSTNAME=gugon
root    1029  0.5  4.1 26644 16068 ?    S 09:34 0:21 /usr/bin/python /usr/bin/rhn-applet-gui PWD=/root GS_LIB=/root/.kde/s
root    1033  0.0  0.1  1364  472 ?       S 09:34 0:00 /sbin/pam_timestamp_check -d root PWD=/root GS_LIB=/root/.kde/share/f
root    1034  0.0  0.6  7464 2580 ?       S 09:34 0:00 /usr/libexec/bonobo-activation-server --ac-activate --ior-output-fd=1
root    1036  0.0  2.9 35332 11516 ?    S 09:34 0:00 kalarmd --login PWD=/root GS_LIB=/root/.kde/share/fonts HOSTNAME=gugo
root    1053  0.0  1.0 11680 3924 ?       S 09:34 0:00 /opt/ymessenger/bin/ymessenger.bin PWD=/root KDE_STARTUP_ENV=gugonghc
root    1054  0.0  1.0 11688 3956 ?       S 09:34 0:00 /opt/ymessenger/bin/ymessenger.bin PWD=/root KDE_STARTUP_ENV=gugonghc
root    1059  0.0  2.3 27960 9036 ?       S 09:34 0:00 /usr/libexec/tsclient-applet --oaf-activate-iid=OAFIID:GNOME_TSClient
root    1061  0.0  1.9 17144 7384 ?       S 09:34 0:01 /usr/libexec/drivemount_applet2 --oaf-activate-iid=OAFIID:GNOME_Drive
root    1063  0.0  1.8 17632 7292 ?       S 09:34 0:00 /usr/libexec/fish-applet-2 --oaf-activate-iid=OAFIID:GNOME_FishApplet
root    1065  0.0  1.8 17188 7164 ?       S 09:34 0:01 /usr/libexec/multiload-applet-2 --oaf-activate-iid=OAFIID:GNOME_Multi
root    1067  0.2  2.4 28516 9616 ?       S 09:34 0:08 /usr/libexec/netspeed_applet2 --oaf-activate-iid=OAFIID:GNOME_Netspee
root    1069  0.0  1.8 17008 7220 ?       S 09:34 0:02 /usr/libexec/geyes_applet2 --oaf-activate-iid=OAFIID:GNOME_GeyesApple
root    1071  0.0  1.8 16860 7124 ?       S 09:34 0:00 /usr/libexec/mixer_applet2 --oaf-activate-iid=OAFIID:GNOME_MixerApple
root    1455 39.6 11.9 66976 45796 ?    R 09:50  18:57 /usr/bin/galeon-bin PWD=/root KDE_STARTUP_ENV=gugonghcs.fruitron.com.
root    1459  0.0  0.4  6296 1804 ?       S 09:50 0:00 oafd --ac-activate --ior-output-fd=10 PWD=/root KDE_STARTUP_ENV=gugon
root    1465  0.4 11.9 66976 45892 ?    S 09:50 0:11 /usr/bin/galeon-bin PWD=/root KDE_STARTUP_ENV=gugonghcs.fruitron.com.
root    1474  0.0  0.0    0 0 ?       Z 09:52 0:00 [netstat <defunct>]
root    1616  0.7  1.5 16628 6116 ?       S 10:00 0:17 nt --minimized --info --speed PWD=/root GS_LIB=/root/.kde/share/fonts
root    1690  0.2  1.8 11740 7260 ?       S 10:02 0:04 rxvt -km gb -ls -sl 10000 -name Gugong ---- 古公中文终端 ---- RXVT -g
root    1691  0.0  0.5  6140 2084 pts/2 S 10:02 0:00 -bash PWD=/root GS_LIB=/root/.kde/share/fonts HOSTNAME=gugonghcs.frui
root    1762  0.0  0.4  3548 1780 pts/2 S 10:02 0:01 ssh www PWD=/root COLORFGBG=14;default;0 KDE_STARTUP_ENV=gugonghcs.fr
root    1771  0.9  6.4 43836 24636 ?    S 10:04 0:18 /usr/lib/mozilla-1.2.1/mozilla-bin PWD=/root KDE_STARTUP_ENV=gugonghc
root    2099  0.0  0.7  7832 2816 ?       S 10:13 0:00 /usr/libexec/gconfd-2 17 PWD=/root GS_LIB=/root/.kde/share/fonts HOST
root    2557  0.0  0.4  6368 1736 ?       S 10:29 0:00 rxvt -km gb -ls -sl 10000 -name Gugong ---- 古公中文终端 ---- RXVT -g
root    2558  0.0  0.5  6148 2112 pts/3 S 10:29 0:00 -bash PWD=/root GS_LIB=/root/.kde/share/fonts HOSTNAME=gugonghcs.frui
root    2658  0.0  0.2  5072  984 pts/0 S 10:29 0:00 /bin/sh /usr/bin/safe_mysqld --defaults-file=/etc/my.cnf PWD=/mnt/hdc
mysql    2694  0.0  0.3  2404 1228 pts/0 S 10:29 0:00 /usr/sbin/mysqld --defaults-file=/etc/my.cnf --basedir=/ --datadir=/v
root    2795  0.0 11.3 64668 43632 ?    S 10:35 0:00 /usr/bin/galeon-bin PWD=/root KDE_STARTUP_ENV=gugonghcs.fruitron.com.
root    2825  0.0  0.2  1924  864 ?       SN 10:37 0:00 /bin/bash /usr/bin/run-parts /etc/cron.daily PWD=/ CONSOLE=/dev/conso
root    2826  0.2  0.2  1988  956 ?       SN 10:37 0:00 /bin/bash /usr/bin/run-parts /etc/cron.daily PWD=/ CONSOLE=/dev/conso
root    2827  0.0  0.1  1776  624 ?       SN 10:37 0:00 awk -v progname=/etc/cron.daily/00-secheck progname {????? print pr
root    2869  0.0  0.2  5044  920 ?       SN 10:37 0:00 /bin/sh /usr/local/etc/secheck/security.check PWD=/ HOSTNAME=gugonghc
root    2870  0.0  0.1  1420  496 ?       SN 10:37 0:00 /bin/mail -s Nightly Security Check for  1月 28, 2003 root PWD=/ HOST
root    2881  0.0  0.2  2788  876 ?       RN 10:38 0:00 ps eauxw PWD=/ HOSTNAME=gugonghcs.fruitron.com.cn G_BROKEN_FILENAMES=

*** Who has su'd to root today? ***

*** SUID Files ***

/var/www/cgi-bin/changepassword.cgi
/usr/bin/chage
/usr/bin/gpasswd
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/newgrp
/usr/bin/at
/usr/bin/passwd
/usr/bin/uml_net
/usr/bin/rcp
/usr/bin/rlogin
/usr/bin/rsh
/usr/bin/sudo
/usr/bin/crontab
/usr/bin/lppasswd
/usr/bin/desktop-create-kmenu
/usr/bin/kcheckpass
/usr/bin/nwsfind
/usr/bin/suidperl
/usr/bin/sperl5.8.0
/usr/bin/cu
/usr/bin/uucp
/usr/bin/uuname
/usr/bin/uustat
/usr/bin/uux
/usr/bin/kv4lsetup
/usr/lib/news/bin/inndstart
/usr/lib/news/bin/rnews
/usr/lib/news/bin/startinnfeed
/usr/lib/mc/bin/cons.saver
/usr/libexec/pt_chown
/usr/libexec/openssh/ssh-keysign
/usr/sbin/ping6
/usr/sbin/traceroute6
/usr/sbin/usernetctl
/usr/sbin/userhelper
/usr/sbin/userisdnctl
/usr/sbin/traceroute
/usr/sbin/suexec
/usr/sbin/uucico
/usr/sbin/uuxqt
/usr/X11R6/bin/XFree86
/usr/X11R6/bin/cxterm
/usr/local/bin/zhcon
/usr/local/bin/wbxl
/usr/local/bin/zgv
/usr/local/bin/restorefont
/usr/local/bin/restorepalette
/usr/local/bin/dumpreg
/usr/local/bin/restoretextmode
/bin/ping
/bin/mount
/bin/umount
/bin/su
/sbin/pam_timestamp_check
/sbin/pwdb_chkpwd
/sbin/unix_chkpwd

*** SGID Files ***

/usr/bin/wall
/usr/bin/write
/usr/bin/lockfile
/usr/bin/slocate
/usr/bin/gnuchess
/usr/bin/gnome-stones
/usr/bin/Maelstrom
/usr/bin/freecell
/usr/bin/gataxx
/usr/bin/glines
/usr/bin/gnibbles
/usr/bin/gnobots2
/usr/bin/gnotravex
/usr/bin/gnomine
/usr/bin/mahjongg
/usr/bin/gnotski
/usr/bin/gtali
/usr/bin/iagno
/usr/bin/same-gnome
/usr/bin/sol
/usr/bin/kdesud
/usr/bin/slrnpull
/usr/bin/cu
/usr/bin/uuname
/usr/bin/lbreakout2
/usr/bin/lbreakout2server
/usr/bin/ltris
/usr/bin/marbles
/usr/sbin/utempter
/usr/sbin/gnome-pty-helper
/usr/sbin/lockdev
/usr/sbin/sendmail.sendmail
/usr/sbin/postdrop
/usr/sbin/postqueue
/usr/sbin/uucico
/usr/sbin/uuxqt
/usr/games/armagetron/armagetron
/sbin/netreport

*** Finding all files with no owner/group ***

/mnt/Backup_RPM/系统备份/www-backup/etc/php.ini.Zend

*** Finding all .rhosts files ***

*** Checking for changes in /etc/passwd ***
32d31
< postgres

:26:26

ostgreSQL Server:/var/lib/pgsql:/bin/bash
45a45
> gnunet

:100:11::/var/lib/GNUnet:/bin/bash

*** Check for changes in /etc/shadow ***

32d31
< postgres:!!:11962:0:99999:7:::
45c44,45
< gugong:$1$yfAZdBZR$bwE1bjvcK8HMhMaeNlOKs.:11962:0:99999:7:::
---
> gugong:$1$72Rz/MGy$FlxrhwMfFrtIIvWkZjLp5.:12076:0:99999:7:::
> gnunet:!!:12044::::::

*** Checking for editited /etc/inetd.conf ***

5a6,14
> #defaults
> #{
> #       instances             = 60
> #       log_type             = SYSLOG authpriv
> #       log_on_success             = HOST PID
> #       log_on_failure             = HOST
> #       cps                      = 25 30
> #}
>
8,12c17,25
<       instances             = 60
<       log_type             = SYSLOG authpriv
<       log_on_success             = HOST PID
<       log_on_failure             = HOST
<       cps                      = 25 30
---
> #       log_type       = SYSLOG local7 info authpriv
> #       log_type       = SYSLOG authpriv
> #             SYSLOG 与 FILE 二者只能选其一 !
>       log_type       = FILE /var/log/xinetd.log
>       log_on_success       = PID HOST USERID EXIT DURATION
>       log_on_failure       = HOST USERID ATTEMPT RECORD
>       only_from       = 0.0.0.0
> #       only_from       = 211.148.130 192.168.10 127.0.0.1
>       instances       = 60
14a28
>

*** Checking for changes to /etc/group ***

41d40
< postgres

:26:
55c54
< wine

:66:
---
> nogroup

:65534:
56a56
> gnunet

:11:

Thanks for playing!

gugong · 发表于 2003-1-28 17:05:05

http://www.chkrootkit.org/

ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

2003年01月28日下午17时04分02秒[root@www root]# cat /etc/cron.d/chkrootkit
# 每天早上 3点钟（3：00 AM）执行这个脚本：
0 3 * * * root (cd /usr/local/chkrootkit-0.38; ./chkrootkit 2>&1 | mail -s "chkrootkit output" root)

输出：

ROOTDIR is `/'
Checking `amd'... not infected
Checking `basename'... not infected
Checking `biff'... not infected
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not infected
Checking `gpm'... not infected
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not tested
Checking `inetdconf'... not found
Checking `identd'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... can't exec ./strings-static, not tested
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not infected
Checking `rshd'... not infected
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `top'... not infected
Checking `telnetd'... not infected
Checking `timed'... not found
Checking `traceroute'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/site_perl/5.6.1/i386-linux/auto/RRDp/.packlist /usr/lib/perl5/site_perl/5.6.1/i386-linux/auto/RRDs/.packlist /usr/lib/perl5/site_perl/5.6.0/i386-linux/auto/NKF/.packlist /usr/lib/perl5/5.6.1/i386-linux/.packlist /usr/lib/netscape/plugins/java2/bin/.java_wrapper /usr/lib/netscape-6.22/plugins/java2/bin/.java_wrapper /usr/lib/qt-3.0.5/etc/settings/.qtrc.lock /usr/lib/qt-3.0.5/etc/settings/.qt_plugins_3.0rc.lock

Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... not tested: can't exec ./chkproc
Checking `rexedcs'... not found
Checking `sniffer'... not tested: can't exec ./ifpromisc
Checking `wted'... not tested: can't exec ./chkwtmp
Checking `z2'... not tested: can't exec ./chklastlog

jackey · 发表于 2003-1-28 22:33:20

干吗不用snort呢?
我的snort运行的不错,可惜ACID不工作!没办法图形化!

gugong · 发表于 2003-1-29 08:25:01

snort 占用的资源太大了，是不？

jackey · 发表于 2003-1-29 10:49:17

是的,我的机器还好不慢!

gugong · 发表于 2003-1-29 10:58:54

而且 snort （入侵检测）同我所说的上面的工具的性质还是不一样的。

gugong · 发表于 2003-1-29 11:08:09

http://download.sf.net/usat/lsat-0.5.9.tgz

2003年01月29日上午10时13分18秒[root@gugonghcs root]# lsat
Starting LSAT...
Getting system information...
Running modules...
Running checkpkgs module...
Running checkinetd module...
Running checkhostsfiles module...
Running checkset module...
Running checkwrite module...
Running checkdotfiles module...
Running checkpasswd module...
Running checkfiles module...
Running checkumask module...
Running checkftpusers module...
Running checkrc module...
Running checkkbd module...
Running checklimits module...
Running checknet module...
Running checknetforward module...
Running checkcfg module...
Finished.
Check lsat.out for details.
Don't forget to check your umask or file perms
when modifying files on the system.

在当前目录下面生成这个文件 lsat.out

其内容如下（我省略、剪辑了很多的。）：

****************************************
Please consider removing these packages.

kdebindings-kdejava-3.0.3-1
kdebindings-kdec-3.0.3-1
kdebindings-3.0.3-1
bind-utils-9.2.1-9
bind-9.2.1-9
kdebindings-qtc-3.0.3-1
portmap-4.0-46
sendmail-devel-8.12.5-7
sendmail-cf-8.12.5-7
nfs-utils-1.0.1-2
ypbind-1.11-2
ypbind-1.11-2
webmin-1.050-1
pidentd-3.0.14-8
sendmail-8.12.5-7
kdebindings-devel-3.0.3-1
kdebindings-kmozilla-3.0.3-1
redhat-config-bind-1.8.1-18
routed-0.17-12
kdebindings-qtjava-3.0.3-1
bind-devel-9.2.1-9
redhat-config-nfs-1.0.1-3

****************************************
No enabled xinetd.d services. Good.

****************************************
Lines found in hosts.allow
Make sure you wish to allow the following:

****************************************
Did not find ALL:ALL in hosts.deny.
Lines found in hosts.deny:

****************************************
This is a list of SUID files on the system:

/var/www/cgi-bin/changepassword.cgi
/usr/bin/chage
/usr/bin/gpasswd
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/newgrp
/usr/bin/at
/usr/bin/passwd
/usr/bin/uml_net
/usr/bin/rcp
/usr/bin/rlogin
/usr/bin/rsh
/usr/bin/sudo
/usr/bin/crontab
/usr/bin/lppasswd
/usr/bin/desktop-create-kmenu
/usr/bin/kcheckpass
/usr/bin/nwsfind
/usr/bin/suidperl
/usr/bin/sperl5.8.0
/usr/bin/cu
/usr/bin/uucp
/usr/bin/uuname
/usr/bin/uustat
/usr/bin/uux
/usr/bin/kv4lsetup
/usr/lib/news/bin/inndstart
/usr/lib/news/bin/rnews
/usr/lib/news/bin/startinnfeed
/usr/lib/mc/bin/cons.saver
/usr/libexec/pt_chown
/usr/libexec/openssh/ssh-keysign
/usr/sbin/ping6
/usr/sbin/traceroute6
/usr/sbin/usernetctl
/usr/sbin/userhelper
/usr/sbin/userisdnctl
/usr/sbin/traceroute
/usr/sbin/suexec
/usr/sbin/uucico
/usr/sbin/uuxqt
/usr/X11R6/bin/XFree86
/usr/X11R6/bin/cxterm
/usr/local/bin/zhcon
/usr/local/bin/wbxl
/usr/local/bin/zgv
/usr/local/bin/restorefont
/usr/local/bin/restorepalette
/usr/local/bin/dumpreg
/usr/local/bin/restoretextmode
/bin/ping
/bin/mount
/bin/umount
/bin/su
/sbin/pam_timestamp_check
/sbin/pwdb_chkpwd
/sbin/unix_chkpwd

****************************************
This is a list of SGID files/directories on the system:

/var/spool/slrnpull/out.going
/usr/bin/wall
/usr/bin/write
/usr/bin/lockfile
/usr/bin/slocate
/usr/bin/gnuchess
/usr/bin/gnome-stones
/usr/bin/Maelstrom
/usr/bin/freecell
/usr/bin/gataxx
/usr/bin/glines
/usr/bin/gnibbles
/usr/bin/gnobots2
/usr/bin/gnotravex
/usr/bin/gnomine
/usr/bin/mahjongg
/usr/bin/gnotski
/usr/bin/gtali
/usr/bin/iagno
/usr/bin/same-gnome
/usr/bin/sol
/usr/bin/kdesud
/usr/bin/slrnpull
/usr/bin/cu
/usr/bin/uuname
/usr/bin/lbreakout2
/usr/bin/lbreakout2server
/usr/bin/ltris
/usr/bin/marbles
/usr/sbin/utempter
/usr/sbin/gnome-pty-helper
/usr/sbin/lockdev
/usr/sbin/sendmail.sendmail
/usr/sbin/postdrop
/usr/sbin/postqueue
/usr/sbin/uucico
/usr/sbin/uuxqt
/usr/games/armagetron/armagetron
/sbin/netreport

****************************************
List of normal files in /dev. MAKEDEV is ok, but there
should be no other files:

/dev/MAKEDEV
/dev/vcsa00
/dev/vcsa01

****************************************
This is a list of world/group writable files

/var/lib/menu/kde/Applications/Applications/gflashplayer.desktop
/var/lib/linpopup/messages.dat
/var/log/wtmp
/var/log/news/news.notice
/var/log/news/news.crit
/var/log/news/news.err
/var/run/utmp
/var/spool/mail/gugong
/var/spool/clientmqueue/Qfh0A0SDEa019088
/var/spool/clientmqueue/dfh0A0SDEa019088
/etc/dumpdates
/etc/.java/.systemPrefs/.systemRootModFile
/etc/.java/.systemPrefs/.system.lock
/etc/diskcheck.conf
/etc/squirrelmail/config.php
/etc/squirrelmail/config.php.gugong

****************************************
List of group/world writable directories:

/dev/shm
/var/lib/GNUnet
/var/tmp
/var/cache/man/X11R6
/var/cache/man/X11R6/cat1
/var/cache/man/X11R6/cat2
/var/cache/man/X11R6/cat3
/var/cache/man/X11R6/cat4
/var/cache/man/X11R6/cat5
/var/cache/man/X11R6/cat6
/var/cache/man/X11R6/cat7
/var/cache/man/X11R6/cat8
/var/cache/man/X11R6/cat9
/var/cache/man/X11R6/catn
/var/cache/man/cat1
/var/cache/man/cat2
/var/cache/man/cat3
/var/cache/man/cat4
/var/cache/man/cat5
/var/cache/man/cat6
/var/cache/man/cat7
/var/cache/man/cat8
/var/cache/man/cat9
/var/cache/man/catn
/var/cache/man/local
/var/cache/man/local/cat1
/var/cache/man/local/cat2
/var/cache/man/local/cat3
/var/cache/man/local/cat4
/var/cache/man/local/cat5
/var/cache/man/local/cat6
/var/cache/man/local/cat7
/var/cache/man/local/cat8
/var/cache/man/local/cat9
/var/cache/man/local/catn
/var/lock
/var/run/netreport
/var/spool/mail
/var/spool/vbox
/var/spool/clientmqueue
/var/spool/postfix/maildrop
/var/spool/samba
/var/spool/fax/outgoing
/var/spool/fax/outgoing/locks
/var/spool/slrnpull
/var/spool/slrnpull/out.going
/var/ftp/uploads
/var/ftp/in-coming
/var/ftp/in-coming/tmp
/var/catman/zh_CN.GB2312
/tmp
/tmp/.font-unix
/tmp/.X11-unix
/tmp/.ICE-unix
/usr/share/icons/hicolor
/usr/share/icons/hicolor/16x16
/usr/share/icons/hicolor/16x16/apps
/usr/share/icons/hicolor/16x16/mimetypes
/usr/share/icons/hicolor/22x22
/usr/share/icons/hicolor/22x22/apps
/usr/share/icons/hicolor/22x22/mimetypes
/usr/share/icons/hicolor/32x32
/usr/share/icons/hicolor/32x32/mimetypes
/usr/share/icons/hicolor/32x32/apps
/usr/share/icons/hicolor/48x48
/usr/share/icons/hicolor/48x48/mimetypes
/usr/share/icons/hicolor/48x48/apps
/usr/games/Maelstrom
/home/gugong/.mc

****************************************
This is a list of .exrc files found

****************************************
This is a list of .forward files found on the system:

****************************************
This is a list of .rhosts files found on the system:

****************************************
This is a list of .netrc files on the system

****************************************
Please consider removing these system accounts.

uucp

****************************************
Remove any non root account with SUID=0

****************************************
Checks for sticky bits on tmp files

/var/run/utmp is not chmod 644.
/var/log/wtmp is not chmod 644.
/var/run/syslogd.pid is not chmod 644.
/boot/2.2.16/vmlinuz is not chmod 644.
/boot/TurboLinux-60-origin/vmlinuz is not chmod 644.
/boot/vmlinuz is not chmod 644.
Check above files for chmod 644.

****************************************
List of files with no user or group:

/var/log/pgsql
/usr/local/bin/testgimvmplayer.REAME
/usr/local/etc/sysmon.conf.dist
/usr/local/share/pixmaps/asmon-mask.xbm
/usr/local/doc/termim-0.9.0/arabic.txt
/usr/local/doc/termim-0.9.0/cyrillic.txt
/usr/local/doc/termim-0.9.0/greek.txt
/usr/local/doc/termim-0.9.0/hangul.txt
/usr/local/doc/termim-0.9.0/hebrew.txt
/usr/local/doc/termim-0.9.0/japanese.txt
/usr/local/doc/termim-0.9.0/korean.txt
/usr/local/doc/termim-0.9.0/thai.txt
/usr/local/doc/termim-0.9.0/tonepy.txt
/usr/local/doc/termim-0.9.0/western.txt
/usr/local/doc/termim-0.9.0/INSTALL
/usr/local/doc/termim-0.9.0/README
/mnt/Backup_RPM/Origin/TurboLinux/etc/named/master
/mnt/Backup_RPM/Origin/TurboLinux/etc/named/slave
/mnt/Backup_RPM/Origin/TurboLinux/65/etc/amanda
/mnt/Backup_RPM/Origin/TurboLinux/65/etc/amanda/DailySet1
/TurboLinux/65/etc/amanda/crontab.sample
/mnt/Backup_RPM/Origin/TurboLinux/65/etc/amandates
/mnt/Backup_RPM/系统备份/RH7.3/系统备份/root/.gtkhxrc
/mnt/Backup_RPM/系统备份/RH7.3/系统备份/root/.gtkrc-kde

****************************************
Checking default umask on system:

Default umask should be 022, 027
or 077. 002 is ok for RedHat.
Check these for compliance.

file /etc/bashrc:, umask 002
file /etc/bashrc:, umask 022
file /etc/csh.cshrc:, umask 022
file /etc/csh.cshrc:, umask 002
file /etc/ltrace.conf

ctal, umask (octal);
file /etc/ltrace.conf

ctal, umask SYS_(octal);

****************************************
These accounts are NOT in /etc/ftpusers.
Ensure that these accounts are in /etc/ftpusers
or that they _really_ do not need to be restricted.

games
ftp
nfsnobody
gugong
gnunet

****************************************
Checking rc startup scripts:

These services were found in /etc/rc.d/init.d
Consider removing or disabling unneeded services.
****************************************

****************************************
Default limits hashed out in limits.conf.
Check /etc/security/limits.conf for the default entry.
Make sure to set hard and soft limits for default "*",
or for individual users.

****************************************
sshd config file entries
Make sure these are commented out.

****************************************
PermitRootLogin yes found in sshd config.

****************************************
X11 Forwarding is enabled in ssh config.

****************************************
Check these ports in /etc/services to see what they are.
Close all ports you do not need.

Ports listening on this system:
Protocol Port

tcp 27878
tcp 587
tcp 32784
tcp 6000
tcp 37878
tcp 8118
tcp 22
tcp 25

****************************************
Hrm, do not see FORWARD_IPV4=FALSE in network.
Make sure that /etc/sysconfig/network
contains the line FORWARD_IPV4=FALSE

****************************************
Final check. This is a list of all services in
all runlevels on the system.
ntpd            0:关 1:关 2:关 3:关 4:关 5:关 6:关
syslog          0:关 1:关 2:开 3:开 4:开 5:开 6:关
microcode_ctl    0:关 1:关 2:开 3:开 4:开 5:开 6:关
netfs       0:关 1:关 2:关 3:关 4:开 5:关 6:关
network         0:关 1:关 2:开 3:开 4:开 5:开 6:关
random          0:关 1:关 2:开 3:开 4:开 5:开 6:关
rawdevices      0:关 1:关 2:关 3:开 4:开 5:开 6:关
saslauthd       0:关 1:关 2:关 3:关 4:关 5:关 6:关
xinetd          0:关 1:关 2:关 3:关 4:开 5:关 6:关
portmap         0:关 1:关 2:关 3:关 4:开 5:关 6:关
apmd            0:关 1:关 2:开 3:开 4:开 5:开 6:关
atd             0:关 1:关 2:关 3:开 4:开 5:开 6:关
gpm             0:关 1:关 2:开 3:开 4:开 5:开 6:关
autofs          0:关 1:关 2:关 3:关 4:开 5:关 6:关
irda            0:关 1:关 2:关 3:关 4:关 5:关 6:关
isdn            0:关 1:关 2:开 3:关 4:开 5:关 6:关
keytable    0:关 1:开 2:开 3:开 4:开 5:开 6:关
kudzu       0:关 1:关 2:关 3:开 4:开 5:开 6:关
sshd            0:关 1:关 2:开 3:开 4:开 5:开 6:关
snmpd       0:关 1:关 2:关 3:关 4:关 5:关 6:关
snmptrapd       0:关 1:关 2:关 3:关 4:关 5:关 6:关
sendmail    0:关 1:关 2:开 3:开 4:开 5:开 6:关
netdump-server 0:关 1:关 2:关 3:关 4:关 5:关 6:关
iptables    0:关 1:关 2:开 3:开 4:开 5:开 6:关
nfs             0:关 1:关 2:关 3:关 4:关 5:关 6:关
nfslock         0:关 1:关 2:关 3:关 4:开 5:关 6:关
rhnsd       0:关 1:关 2:关 3:开 4:开 5:开 6:关
crond       0:关 1:关 2:开 3:开 4:开 5:开 6:关
anacron         0:关 1:关 2:开 3:开 4:开 5:开 6:关
xfs             0:关 1:关 2:开 3:关 4:开 5:开 6:关
named       0:关 1:关 2:关 3:关 4:关 5:关 6:关
lpd             0:关 1:关 2:开 3:关 4:开 5:关 6:关
firstboot       0:关 1:关 2:关 3:关 4:关 5:关 6:关
pxe             0:关 1:关 2:关 3:关 4:关 5:关 6:关
yppasswdd       0:关 1:关 2:关 3:关 4:关 5:关 6:关
ypserv          0:关 1:关 2:关 3:关 4:关 5:关 6:关
ypxfrd          0:关 1:关 2:关 3:关 4:关 5:关 6:关
innd            0:关 1:关 2:关 3:关 4:关 5:关 6:关
mysql       0:关 1:关 2:开 3:关 4:开 5:关 6:关
httpd       0:关 1:关 2:关 3:关 4:关 5:关 6:关
aep1000         0:关 1:关 2:关 3:关 4:关 5:关 6:关
bcm5820         0:关 1:关 2:关 3:关 4:关 5:关 6:关
winbind         0:关 1:关 2:关 3:关 4:关 5:关 6:关
smb             0:关 1:关 2:关 3:关 4:关 5:关 6:关
squid       0:关 1:关 2:关 3:关 4:关 5:关 6:关
tux             0:关 1:关 2:关 3:关 4:关 5:关 6:关
amd             0:关 1:关 2:关 3:关 4:关 5:关 6:关
arpwatch    0:关 1:关 2:关 3:关 4:关 5:关 6:关
bootparamd      0:关 1:关 2:关 3:关 4:关 5:关 6:关
dhcpd       0:关 1:关 2:关 3:关 4:关 5:关 6:关
dhcrelay    0:关 1:关 2:关 3:关 4:关 5:关 6:关
ipchains    0:关 1:关 2:开 3:关 4:开 5:关 6:关
ip6tables       0:关 1:关 2:关 3:关 4:关 5:关 6:关
ipvsadm         0:关 1:关 2:关 3:关 4:关 5:关 6:关
iscsi       0:关 1:关 2:关 3:关 4:关 5:关 6:关
kadmin          0:关 1:关 2:关 3:关 4:关 5:关 6:关
kprop       0:关 1:关 2:关 3:关 4:关 5:关 6:关
krb524          0:关 1:关 2:关 3:关 4:关 5:关 6:关
krb5kdc         0:关 1:关 2:关 3:关 4:关 5:关 6:关
mars-nwe    0:关 1:关 2:关 3:关 4:关 5:关 6:关
mdmonitor       0:关 1:关 2:开 3:关 4:开 5:关 6:关
atalk       0:关 1:关 2:关 3:关 4:关 5:关 6:关
netdump         0:关 1:关 2:关 3:关 4:关 5:关 6:关
ldap            0:关 1:关 2:关 3:关 4:关 5:关 6:关
ups             0:关 1:关 2:关 3:关 4:关 5:关 6:关
spamassassin    0:关 1:关 2:关 3:关 4:关 5:关 6:关
identd          0:关 1:关 2:关 3:关 4:关 5:关 6:关
privoxy         0:关 1:关 2:开 3:开 4:开 5:开 6:关
psacct          0:关 1:关 2:关 3:关 4:关 5:关 6:关
radvd       0:关 1:关 2:关 3:关 4:关 5:关 6:关
rarpd       0:关 1:关 2:关 3:关 4:关 5:关 6:关
routed          0:关 1:关 2:关 3:关 4:关 5:关 6:关
rstatd          0:关 1:关 2:关 3:关 4:关 5:关 6:关
rusersd         0:关 1:关 2:关 3:关 4:关 5:关 6:关
rwalld          0:关 1:关 2:关 3:关 4:关 5:关 6:关
rwhod       0:关 1:关 2:关 3:关 4:关 5:关 6:关
vncserver       0:关 1:关 2:关 3:关 4:关 5:关 6:关
bgpd            0:关 1:关 2:关 3:关 4:关 5:关 6:关
ospf6d          0:关 1:关 2:关 3:关 4:关 5:关 6:关
ospfd       0:关 1:关 2:关 3:关 4:关 5:关 6:关
ripd            0:关 1:关 2:关 3:关 4:关 5:关 6:关
ripngd          0:关 1:关 2:关 3:关 4:关 5:关 6:关
zebra       0:关 1:关 2:关 3:关 4:关 5:关 6:关
lircd       0:关 1:关 2:关 3:关 4:关 5:关 6:关
proftpd         0:关 1:关 2:关 3:关 4:关 5:关 6:关
usermin         0:关 1:关 2:开 3:开 4:关 5:开 6:关
webmin          0:关 1:关 2:开 3:开 4:关 5:开 6:关
fwlogwatch      0:关 1:关 2:开 3:关 4:开 5:关 6:关
portmon         0:关 1:关 2:开 3:开 4:开 5:开 6:关
numlock         0:关 1:关 2:关 3:开 4:开 5:开 6:关
基于 xinetd 的服务：
chargen-udp: 关
chargen: 关
daytime-udp: 关
daytime: 关
echo-udp: 关
echo: 关
services: 关
servers: 关
time-udp: 关
time: 关
cups-lpd: 关
sgi_fam: 关
rsync: 关
dbskkd-cdb: 关
proftpd-xinetd: 关
krb5-telnet: 关
imap: 开
imaps: 开
ipop2: 关
ipop3: 关
pop3s: 关
finger: 关
rexec: 关
rlogin: 关
rsh: 关
ntalk: 关
talk: 关
telnet: 关
comsat: 关
eklogin: 关
gssftp: 关
klogin: 关
kotalk: 关
kshell: 关
ktalk: 关
swat: 关
tftp: 关

gugong · 发表于 2003-2-8 11:04:48

http://ws.obit.nl/hackbot/hackbot-2.18.tgz

2003年01月29日上午11时29分49秒[root@mail tmp]# hackbot.pl -A 192.168.20.2

###############################################################
# HackBot v2.18 2003 / http://ws.obit.nl/hackbot/ #
# (c) 2000-2003 Marco van Berkum #
# #
# Marco van Berkum - [email protected] #
# Kristian Vlaardingerbroek - [email protected] #
# Pepijn Vissers - [email protected] #
# Martijn Mooijman - [email protected] #
# Herman Poortermans - [email protected] #
###############################################################

Checking 192.168.20.2 ...

Trying simple Telnet fingerprint
--------------------------------
Possible OS's

Fingerprint: 25525324255253322552533525525339
Description: Linux
Fingerprint submission by: Marco

Checking for FTP server
-----------------------
FTP Server Found:
220-
*
*
*******************************************************
* * *
* 《欢迎大家的光临》 *
* * *
* * *
* * 古公 *
* * *
*******************************************************
*
*

220 FTP Server ready.
331 Anonymous login ok, send your complete email address as your password.

Anonymous login allowed!

550 upload: No such file or directory

Trying MTA - Relaying, VRFY and EXPN
------------------------------------
220 www.fruitron.com.cn ESMTP Sendmail 8.11.6/8.11.6; Wed, 29 Jan 2003 11:27:38 +0800
Relaying allowed

Checking for SSH
----------------
SSH-1.99-OpenSSH_3.1p1

Checking for DNS
----------------
Bindversion: 9.2.1

Checking for webserver on port 80
-----------------------------------
HTTP/1.1 200 OK
Date: Wed, 29 Jan 2003 03:28:56 GMT
Server: Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_jk/1.2.2-dev mod_webapp/1.2.0-dev mod_gzip/1.3.19.1a mod_python/2.7.8 Python/1.5.2 mod_ssl/2.8.12 OpenSSL/0.9.6b DAV/1.0.3 PHP/4.1.2 mod_perl/1.26 mod_throttle/3.1.2
X-Powered-By: PHP/4.1.2
Connection: close
Content-Type: text/html

mod_ssl 2.8.12 found
PHP 4.1.2 found

HTTP options
------------
Allow options : GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, TRACE

Checking the webserver on port 80 for various potential problems
------------------------------------------------------------------
* /mrtg/ found!
* Server has mrtg directory

* /old/ found!
* Server has old directory

--->
- All scans done. Hackbot 2.18 -
---> Exiting.

haohaoo · 发表于 2003-6-10 18:45:20

老大，我怎么给你发了好几次信都不回的啊

becks · 发表于 2003-7-10 17:10:27

楼上的~你是广东科技干部学院？？五山那里的？~~？

gugong · 发表于 2003-7-16 16:55:42

[quote:2fd7a8dee6="haohaoo"]老大，我怎么给你发了好几次信都不回的啊[/quote]

时间不够啊！

daoke · 发表于 2006-5-29 14:26:27

[quote:579367ee5a="gugong"][quote:579367ee5a="haohaoo"]老大，我怎么给你发了好几次信都不回的啊[/quote]

时间不够啊！[/quote]

老大不厚道

gugong · 发表于 2006-5-30 15:09:25

现在有时间了，

		自动登录	找回密码
密码			注册