欢迎来到 黑吧安全网 聚焦网络安全前沿资讯,精华内容,交流技术心得!

Linux系统下的行为记载与攻击面研究探讨

来源:本站整理 作者:佚名 时间:2017-09-28 TAG: 我要投稿
+ suid binary /usr/lib/virtualbox/VirtualBox got created (owner=root, group=root, perm=-r-s--x--x, size=158304)
+ i-node for listening UNIX socket /run/systemd/private changed from 3428734 to 3452848
+ systemd property NInstalledJobs changed from 8392199 to 3238035463
+ systemd property NNames changed from 261 to 263
+ systemd unit file vboxautostart-service.service added
+ systemd unit file vboxballoonctrl-service.service added
+ systemd unit file vboxdrv.service added
+ systemd unit file vboxweb-service.service added
+ systemd unit 'vboxautostart-service.service' added
+ systemd unit 'vboxballoonctrl-service.service' added
+ systemd unit 'vboxdrv.service' added
+ systemd unit 'vboxweb-service.service' added
这里必要注意下,以上行动其实不都是差错的;然则咱们想要看虚构机里能否有当地权限晋升破绽漏洞bug利用的行动,至多咱们晓得从那边开端(suid root二进制文件便是一个察看点,此中有可以或者包含权限晋升的破绽漏洞bug). 这个对象今朝看起来照样颇有用的.今朝该对象曾经被一些企业开端适用了,咱们常常收到答复邮件.比起那些繁杂昂贵的SIEM对象,dawgmon就简略适用多了.它可以或者给咱们一些正告提醒,好比机械重启,某些配置文件不经意被篡改等.上面是部门邮件截图:

 这些邮件来自分歧组件的测试成果.好比监控着 SystemD, System V IPC, UNIX sockets, TCP/UDP 端口的变更,和处置和篡改`/etc`,`/boot`里文件的行动等.一些注意事项都写在了README里了,可在源代码中找到.上面是dawgmon 1.0版本的一些敕令:
$ ./dawgmon -E
NAME                DESCRIPTION
check_boot          analyzes /boot directory
check_etc           analyzes /etc directory
check_groups        analyze UNIX group changes
check_users         analyze UNIX user changes
env                 monitor changes in environment variables
kernel_version      analyze changes in kernel version
list_blkdev         analyze changes in available block devices
list_ifaces         analyze changes in network interfaces
list_mount          analyze changes in file system mounts
list_msq            analyze changes in System V message queues
list_packages       analyze changes in installed Debian packages
list_pipes          lists named pipes
list_processes      monitors changes in the running processes (mostly for debugging)
list_sem            analyze changes in System V sempahores
list_shm            analyze changes in System V shared memory segments
list_suids          lists setuid/setgid executables
list_sysvinit_jobs  analyze changes in available System V init jobs
list_tcpudp_ports   list changes in listening TCP/UDP ports for both IPv4/IPv6
list_unix_ports     list changes in listening UNIX ports
lsb_version         analyze changes in Linux Standard Base release settings
needs_restart       checks whether a reboot is required (Ubuntu-only)
systemd_props       show all systemd properties
systemd_sockets     list systemd sockets
systemd_timers      list systemd timers
systemd_unitfiles   list all available systemd unit files
systemd_units       list all available systemd units
uptime              show uptime and check if reboot happened
总结与源码
我很高兴听到对该对象的各类倡议,好比添加些其余敕令和模块.那末请从速经由过程github和邮件来提交patch吧.
在Anvil Ventures企业的github页面上你可以或者找到该对象的源代码:dawgmon.迎接提交补钉,批驳,建媾和批驳. 联系方式: github Twitter gvb@anvilventures.com

上一页  [1] [2] 

【声明】:黑吧安全网(http://www.myhack58.com)登载此文出于传递更多信息之目的,并不代表本站赞同其观点和对其真实性负责,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规。如有问题请联系我们,联系邮箱admin@myhack58.com,我们会在最短的时间内进行处理。
  • 最新更新
    • 相关阅读
      • 本类热门
        • 最近下载