Vlákno názorů k článku
Eset: útočník má pod kontrolou 10 tisíc linuxových serverů
od feri - moze mi niekto povedat naco je -G dobre...
-
feri (neregistrovaný)
moze mi niekto povedat naco je -G dobre (velke G)?
$ ssh -G
ssh: illegal option -- G
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-e escape_char] [-F configfile]
[-I pkcs11] [-i identity_file]
[-L [bind_address:]port:host:hostport]
[-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
[-R [bind_address:]port:host:hostport] [-S ctl_path]
[-W host:port] [-w local_tun[:remote_tun]]
[user@]hostname [command] -
feri (neregistrovaný)
Ah :)
http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf Strana 57
A.1.1. Host-based Indicators
A.1.1.1. Linux/EburyThe command ssh -G has a different behavior on a system with Linux/Ebury.A clean server will print
ssh: illegal option -- G
to stderr but an infected server will only print the usage. One can use the following command
to determine if the server he is on is compromised:
$ ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo
“System clean” || echo “System infected”
