Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > invades the examination > Content
Hot Articles
Based on CallStack count
Security precious book m
Bypasses the web key wor
How to use double WAN ro
Only opens 80 port's saf
pcshare official net exa
Uses IDS/IPS effectively
The invasion examination
pcshare official net exa
Making network security
The invasion examination
Serv-U bounce attack and
IDS invasion examination
php.ini explains in deta
Invasion examination + f
Recommend Articles
Only opens 80 port's saf
Bypasses the web key wor
Bypasses the CallStack f
Security precious book m
Based on CallStack count
pcshare official net exa
SQL Server SA idle talk
Honey jar and honey net
The invasion examines th
Four next generation inv
An accidental invasion e
The invasion examines (I
How to use IDS to invade
The invasion examination
A winding safe examinati
New Articles
To a Jinshan poisonous t
I to a some hacker techn
Carries on the safe exam
To some senior Technical
To a some agricultural s
health.china.com's frien
To a Jiangxi some teleco
To Tsinghua University's
To Tsinghua University's
To a some software compa
Uses Snort1.7
After the system suffers
The distributional invas
Surveys the LKM back doo
After one time by DNS at
Linux invasion observation system LIDS principle
  Add date: 10/27/2008   Publishing date: 10/27/2008   Hits: 1
Total 7 pages, Current page:1, Jump to page:
 
First, invasion

  Along with Internet on Linux main engine's increase, more and more security cracks discovered on the current GNU/Linux system. Perhaps you had heard on Internet discovers bug under Linux, it will cause the system very easily by the hacker attack.

  Because Linux is an open code system, the crack is very easy to discover  
King of ACDSee 6.0 application comprehensive work numerical code photograph picture arrow quantification and artistic treatment map-read
Six days learn Visual the Basic database programming analysis “the shake wave” the malignant worm virus
, and very quick will also have the patch to come out. But when the crack has not announced that and the manager is very lazy, has not gone to have the patch. Hacker very easy attack this system, to obtain the root jurisdiction, under existing GNU/Linux, he may handle the matter which any he wants to do. Now you may ask that what now we can make?

  1.1 present's GNU/Linux mistakes in where?

  The super user meets the abuse of power, he can handle the matter which possesses him to do. As root. He will change all things.

  Many system files are very easy to change. These documents are possibly the very important documents, if /bin/login, if an hacker enters, he may upload a login procedure to make a round trip covers /bin/login, like this he may not use the debarkation name and the password lands the system. But these documents do not need to modify frequently, only if you must promote the system.

  Module modules is very easy to use for to interrupt the essence. The module is to let the Linux essence module words and more highly effective designs. But when the module joins the essence, it will become the essence a part, and can do the work which the primitive essence can do. Therefore, some unfriendly code might write the module to join to the essence, these code heavy orientation system will transfer, and took a virus to move.

  The advancement is not protected, some advancements, if the backstage web server, has thought does not have the strict protection procedure. Therefore, they will be very easy by the hacker attack.

  1.2 LIDS tentative plans are anything.

  Protects the important document. Because the document is very easy by the root change, why not strict file operation? Therefore, LIDS changed filing system's in essence safety system transfer. If some time some people visit a document, he will enter system call then us to be possible to inspect the filename, and looked whether they are protected. If it were already protected, we may reject this visitor's request.

  Protects the important advancement. This and the above protection advancement's idea is not same. When in a system moves an advancement, it will have one in the /proc filing system to take the way name with pid the entrance. Therefore, if you use “ps - axf” you to be possible to demonstrate the current movement the advancement. You may ask, if protects these advancements. If you must kill advancement, first, you enter “ps” to obtain advancement PID, then, you enter “kill <pid>” to kill it. But, if I do not let you see the advancement, how you do kill this advancement? Therefore, LIDS is protects it with the hideaway advancement.

 
Other pages: : 1 * 2 * 3 * 4 * 5 * 6 * 7 * Next>>
Prev:Is invaded system's restoration guide (next) Next:Linux invasion observation system LIDS principle (2)

Comment:

Category: Home > invades the examination
Home