ubuntu intrusion detection

Summary of the Elevation of Privilege of intrusion penetration Detection TechnologyHello everyone, I have never written any articles to share with you at the beginning. I hope you will be guilty of guilt.Today we have time to write a process and share it with you, because I think it is worth sharing.Well, let's get down to the truth, and the intrusion process wil

knowledge-based pattern matching IDS can be avoided.5. disassemble the string through the "+" sign and bypass it,For example, or 'sword' = 'sw '+ 'ords'; EXEC ('in' + 'sert into' + '..... ')6. bypass through LIKE, for example, or 'sword' LIKE 'sw'7. bypass through IN, such as or 'sword' IN ('sword ')8. bypass through BETWEEN, for example, or 'sword' BETWEEN 'rw 'AND 'tw'9. Pass> or Or 'sword'> 'sw'Or 'sword' Or 1 10. Bypass Using comment statements:Use/**/to replace spaces, such:UNION/**/SELECT

knowledge-based pattern matching IDs can be avoided.5. disassemble the string through the "+" sign and bypass it,For example, or 'sword' = 'sw '+ 'ords'; Exec ('in' + 'sert into' + '..... ')6. bypass through like, for example, or 'sword' like 'sw'7. bypass through in, such as or 'sword' in ('sword ')8. bypass through between, for example, or 'sword' between 'rw 'and 'tw'9. Pass> or Or 'sword'> 'sw'Or 'sword' Or 1 10. Bypass Using comment statements:Use/**/to replace spaces, such:Union/**/select

Sometimes the server is in a strange situation, suspect that the machine is compromised, you can use this chkrootkig tool:Chkrootkit is an open source security Detection Tool His official website is www.chkrootkit.org: http://pkgs.repoforge.org/chkrootkit/Download the corresponding package according to the OS version:wget http://pkgs.repoforge.org/chkrootkit/chkrootkit-0.49-1.el5.rf.x86_64.rpmStart detection:Run Chkrootkit[Email protected] ~]# Chkroot

is updated gradually. However, when there are so many pages, it is difficult for you to detect vulnerabilities on that page one by one. if you write the following detection code, I did not expect this to be done simply, and you can use this method to optimize your SQL. Step 1 create an SQL log table The code is as follows: Create table [dbo]. [my_sqllog] ( [Id] [bigint] IDENTITY (1, 1) not null, [Hit] [bigint] NULL, [Sqltext] [varchar] (max) COLLATE

Article title: build a small Intrusion Detection System (RedHat9 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source. 　　 I. system platform Redhat9.0 release, install gcc and related library files, it is recommended not to install Apache, PHP, and MySQL are compiled and in

for effective network connection. If you click on a network connection that has been found, this program will display a chart showing the signal strength of the problematic network connection. This chart is updated frequently. It displays both the reading of signals and the reading of background noise. If the network connection signal in a region is very weak, this function can help the Administrator determine whether there is interference from other radio sources, or this is only because the s

Linux Kernel real-time Intrusion Detection security enhancement-Background-general Linux technology-Linux programming and kernel information. For more information, see the following. V. Background Ice cubes I have not found the whole patch code in this article, probably because this person has abandoned the development of this item. Haha, if anyone can find it. Please tell us that the original url they pro

Note: The following actions need to be set on the OSSEC serverFirst, download Analogi, store under/var/www/html/and give permission[Email protected] ~]# wget https://github.com/ECSC/analogi/archive/master.zip[Email protected] ~]# Unzip Master.zip[Email protected] ~]# MV analogi-master//var/www/html/analogi[Email protected] ~]# cd/var/www/html/[Email protected] html]# chown-r Apache.apache analogi/[Email protected] html]# CD analogi/[email protected] analogi]# CP db_ossec.php.new db_ossec.phpSeco

Yum Install aide-y//epelCP/ETC/AIDE.CONF{,.BK}/etc/aide.conf//config file#初始化监控数据库 (This takes some time)/usr/sbin/aide-c/etc/aide.conf-i#把当前初始化的数据库作为开始的基础数据库Cp/var/lib/aide/aide.db.new.gz/var/lib/aide/aide.db.gz#如果是正常的改动 update changes to the underlying databaseAide-ucd/var/lib/aide/#覆盖替换旧的数据库MV Aide.db.new.gz aide.db.gz#在终端中查看检测结果Aide-c#检查文件改动 Save to FileAide-c--report=file:/tmp/aide-report-' date +%y%m%d '. txt#定时任务执行aide检测报告和自动邮件发送aide检测报告Crontab-eXX * * */usr/sbin/aide-c | /bin/mail-s "AID

The Intranet Intrusion detection system ("IDs system") can find out some high risk events such as network virus, system vulnerability, abnormal attack and so on in time, which enhances the security of intranet, and effectively guarantees the normal operation of each important business system. In order to strengthen the management of intranet and give full play to the function of "IDs system", the author ana

confirm that the root has a scheduled task:sudo crontab -lIf a timed task already exists, you should back up the task by pipe:sudo sh -c ‘crontab -l > crontab.bad‘We can then edit this scheduled task:sudo crontab -eIf this is your first time running a scheduled task, it will ask which editor you want to open. If you don't have a custom editor, the Nano is a good choice.After opening the file, we can customize the tripwire of automation. Because we only need tripwire to run every day, we just ne

Run the command line to check and fix the bad track in ubuntu. 02 1: Check the bad track 03. you must detach it before operating the disk ~ The 04umount parameter is as follows: www.2cto. com05-a unload all file systems recorded in/etc/mtab. 0-6 h show help. 07 -... Run the command line to check and fix the bad track in ubuntu. 02 1: Check the bad track 03. you must detach it before operating the disk ~ The

Due to the recent use of ICF,DPM and other new pedestrian detection algorithm, found the Open Source Library CCV http://libccv.org/tutorial/, but the code is under the Linux platform, the company machine does not allow itself to install dual systems, the use of visual box+ Ubuntu for implementation, the specific implementation steps are as follows:First, install the Visualbox+ubuntu1 Downloads Visualbox htt