Article Title: Linux operating system security performance check notes. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Linux security check notes
1. Accounts check
# Less/etc/passwd
# Grep: 0:/etc/passwd
Note that the new user, UID, and GID are 0 users.
2. Log check
Note "entered promiscuous mode"
Error Message
Note: Remote Procedure Call (rpc) programs with a log entry that includes des a large number (> 20) strange characters (-^ PM)
The last one has not been understood yet and has not been met yet. Please give me some advice.
3. Processes check
# Ps-aux
Note that the UID is 0
# Suspicious lsof-p process number
View the ports and files opened by the Process
4. Files check
# Find/-uid 0? Perm-4000? Print
# Find/-size + 10000 k? Print
# Find/-name "..."? Print
# Find/-name "..."? Print
# Find/-name "."? Print
# Find/-name "? Print
Note the SUID File, which is more than 10 MB,...,... and space.
[1] [2] Next page