N weapons for finding vulnerabilities in Linux (1)

Before reading this article, we also need to have a certain understanding of the basic security features of the Linux system.
The Linux operating system is an open-source free operating system. It is not only secure, stable, and low-cost, but also seldom finds virus spreading. Therefore, linux has always been regarded as an enemy of Microsoft Windows. In recent years, with the increasing popularity of Linux operating systems in China, as more and more servers, workstations, and PCs begin to use Linux software, of course, more and more security enthusiasts have begun to become interested in this operating system. The purpose of this article is to provide users with a more detailed and comprehensive understanding of the features and usage of high-quality Hack software in Linux at the fastest speed. Today, we will first learn about N weapons for bots.
A vulnerability scanner is a program that automatically detects remote or local host security vulnerabilities. Like Windows systems, when a hacker obtains a list of target hosts, he can use some Linux scanner programs to find these host vulnerabilities. In this way, attackers can find various TCP ports on the server, services provided, Web service software versions, and these services and security vulnerabilities. For system administrators, if they can detect and stop these behaviors in time, they can also greatly reduce the incidence of intrusion events. According to general standards, vulnerability scanners can be divided into two types: Host vulnerability Scanner Host vulnerability) and Network vulnerability Scanner Network vulnerability ). A host vulnerability scanner is a program that runs locally to detect system vulnerabilities. A network vulnerability scanner is a program that remotely detects the target network and host System Vulnerabilities Based on the Internet. below, we will introduce some typical software and instances.
1. host-based practical scanning software
1) sXid
SXid is a system monitoring program. After downloading the software, run the "make install" command to install the software. It can scan suid and sgid files and directories in the system, because these directories are probably Backdoor programs and can be set to report results through email. The default installation configuration file is/etc/sxid. conf, which defines the working method of sxid and the number of cycles of log files. The default log file is/var/log/sxid. log. For security considerations, we can set sxid. conf to unchangeable After configuring the parameters. We can use the chattr command to set the sxid. log File to only add. In addition, we can also use the sxid-k plus-k option at any time for inspection. This check method is flexible, neither logged nor emailed. 1.

Figure 1
2) LSAT
Linux Security Auditing Tool (LSAT) is a local Security scan program that generates reports when it is found that the default configuration is insufficient. Developed by Triode, LSAT is mainly designed for RPM-based Linux release. After the software is downloaded, compile it as follows:

cndes$ tar xzvf last-VERSION.tgzcndes$ cd lsat-VERSIONcndes$ ./configurecndes$ make

Then run: root #./lsat as root. By default, it generates a report named lsat. out. You can also specify some options:
-O filename: Specifies the report generation file name.
-V detailed output mode
-S does not print any information on the screen. Only reports are generated.
-R: run the RPM checksum and check to find the files whose default content and permissions are modified.
LSAT can check a lot of content, mainly including: Checking useless RPM installation; Checking inetd and Xinetd and some system configuration files; Checking SUID and SGID files; Checking 777 of files; check processes and services, and open ports. The common LSAT method is to use cron for regular calls, and then use diff to compare the differences between the current report and the previous report, so that you can find the changes in the system configuration. The following is a test report piece:

****************************************This is a list of SUID files on the system:/bin/ping/bin/mount/bin/umount/bin/su/sbin/pam_timestamp_check/sbin/pwdb_chkpwd/sbin/unix_chkpwd****************************************This is a list of SGID files/directories on the system:/root/sendmail.bak/root/mta.bak/sbin/netreport****************************************List of normal files in /dev. MAKEDEV is ok, but thereshould be no other files:/dev/MAKEDEV/dev/MAKEDEV.afa****************************************This is a list of world writable files/etc/cron.daily/backup.sh/etc/cron.daily/update_CDV.sh/etc/megamonitor/monitor/root/e/root/pl/outfile