2. 软件开发
    3. Linux木马查杀辅助脚本

    Linux木马查杀辅助脚本

    xiaoxiao2022-07-06  200
    #/bin/sh # # # Linux information Collection # # # by thecastle <https://github.com/IIComing> # # . ############################################################ clear echo echo "############################################################" echo '| |' echo "| Linux Information Collection |" echo "| |" echo "| by thecastle <https://github.com/IIComing> |" echo "############################################################" echo echo echo "STARTING >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" echo echo "Running Time: `date |awk '{print $6" "$2" "$3" "$4}'`" echo echo "############################################################" echo echo -n "Step 1." echo " Hi, are you root?" if [ -f /usr/bin/id ]; then /usr/bin/id |grep "uid=0" >/dev/null 2>&1 if [ $? -eq 0 ] ; then echo " yes, I am root." else echo " Please su root first." exit fi else echo "Check for /usr/bin/id........" exit fi ###### echo echo -n "Step 2." echo " Backup PATH variable......" if [ -f "/tmp/PATH" ] ; then echo $PATH >/tmp/PATH else touch /tmp/PATH echo $PATH >/tmp/PATH fi ###### echo echo -n "Step 3." echo " Please change to /tmp directory to see the Gather." RUNTIME=`date |awk '{print $6" "$2" "$3" "$4}'` GATHERMAINDIR=/tmp/ GATHERFILE=$GATHERMAINDIR/Gather.`ifconfig -a |grep inet |grep -v "127.0.0.1" |awk '{print $2}' |head -n 1`.`date |awk '{print $6"."$2"."$3"."$4}'` if [ -d $GATHERMAINDIR ] ; then echo " Gathermaindir OK" else echo -n " Make Gathermaindir..." mkdir $GATHERMAINDIR chmod 775 $GATHERMAINDIR echo " [ OK ]" fi ###### echo echo -n "Step 4." echo " Information gathering..." echo echo " ____________________________________________________________________ " >>$GATHERFILE echo "| |" >>$GATHERFILE echo "| Linux information Collection |" >>$GATHERFILE echo "| |" >>$GATHERFILE echo "| by thecastle <https://github.com/IIComing> |" >>$GATHERFILE echo "|____________________________________________________________________|" >>$GATHERFILE echo "" >>$GATHERFILE echo "Generate Time: $RUNTIME" >>$GATHERFILE echo "" >>$GATHERFILE ###### HOSTNAME=`hostname` DOMAINNAME=`domainname` OSTYEP=`uname -s`" "`uname -p`" "`uname -r` UPTIME=`uptime` MAINIPADD=`ifconfig -a |grep inet |grep -v "127.0.0.1" |awk '{print $2}' |head -n 1` MAINNETMASK=`ifconfig -a |grep inet |grep -v "127.0.0.1" |awk '{print $4}' |head -n 1` MAINBROADCAST=`ifconfig -a |grep inet |grep -v "127.0.0.1" |awk '{print $6}' |head -n 1` ROUTETABLE=`netstat -nr` DNSADDR=`cat /etc/resolv.conf | sed -e '/^#/d' -e /^$/d |grep nameserver | awk '{ print $2 }'` ###### echo '################################################################' >>$GATHERFILE echo "| -= Basic Information =- |" >>$GATHERFILE echo '################################################################' >>$GATHERFILE echo "" >>$GATHERFILE ###### echo -n "Checking hostname..." echo "HostName: $HOSTNAME" >>$GATHERFILE echo " [ OK ]" echo "" >>$GATHERFILE ###### echo -n "Checking domainname..." echo "DomainName: $DOMAINNAME" >>$GATHERFILE echo " [ OK ]" echo "" >>$GATHERFILE ###### echo -n "Checking ostype..." echo "OsType: $OSTYEP" >>$GATHERFILE echo " [ OK ]" echo "" >>$GATHERFILE ###### echo -n "Checking uptime..." echo "Uptime: $UPTIME" >>$GATHERFILE echo " [ OK ]" echo "" >>$GATHERFILE ###### echo -n "Checking hostmainip..." echo "HostMainIP: $MAINIPADD" >>$GATHERFILE echo " [ OK ]" echo "" >>$GATHERFILE ###### echo -n "Checking mainnetmask..." echo "MainNetMask: $MAINNETMASK" >>$GATHERFILE echo " [ OK ]" echo "" >>$GATHERFILE ###### echo -n "Checking all Ethernet card mode..." echo "Mode: `ifconfig -a|grep UP`" >>$GATHERFILE echo " [ OK ]" echo "" >>$GATHERFILE ###### echo -n "Checking mainbroadcast..." echo "MainBroadCast: $MAINBROADCAST" >>$GATHERFILE echo " [ OK ]" echo "" >>$GATHERFILE ###### echo -n "Checking othernetinfo..." ifconfig -a |grep inet |grep -v "127.0.0.1" |grep -v $MAINIPADD >/dev/null 2>&1 if [ $? -ne 0 ];then echo "OtherNetInfo = NONE" >>$GATHERFILE else echo "OtherNetInfo :" >>$GATHERFILE OTHERNETINFO=`ifconfig -a |grep inet |grep -v "127.0.0.1" |grep -v $MAINIPADD 2>/dev/null` echo $OTHERNETINFO >>$GATHERFILE fi echo " [ OK ]" echo "" >>$GATHERFILE ###### echo -n "Checking route table..." echo "RouteTable: $ROUTETABLE" >>$GATHERFILE echo " [ OK ]" echo "" >>$GATHERFILE ###### echo -n "Checking DNS address..." echo "DNSAddress: $DNSADDR" >>$GATHERFILE echo " [ OK ]" echo "" >>$GATHERFILE ###### echo -n "Checking syspath variable..." echo "Syspath:`cat /tmp/PATH`" >>$GATHERFILE 2>/dev/null echo " [ OK ]" echo "" >>$GATHERFILE ###### echo '################################################################' >>$GATHERFILE echo "| -= Key command file information =- |" >>$GATHERFILE echo '################################################################' >>$GATHERFILE echo "" >>$GATHERFILE echo -n "Checking File size..." echo "................................................................." >>$GATHERFILE echo "File size " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE ls -ahl `which ps` `which lsof` `which netstat` `which ss` `which pstree` `which kill` `which killall` `which lsattr` `which chattr`>>$GATHERFILE 2>/dev/null echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking File type ..." echo "................................................................." >>$GATHERFILE echo "File type " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE file `which ps` `which lsof` `which netstat` `which ss` `which pstree` `which kill` `which killall` `which lsattr` `which chattr` >>$GATHERFILE 2>/dev/null echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking File md5 ..." echo "................................................................." >>$GATHERFILE echo "File md5 " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE ls -ahl `which ps` `which lsof` `which netstat` `which ss` `which pstree` `which kill` `which killall` `which lsattr` `which chattr` | awk '{print $9}' | xargs md5sum >>$GATHERFILE 2>/dev/null echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo '################################################################' >>$GATHERFILE echo "| -= Accounts Password Information =- |" >>$GATHERFILE echo '################################################################' >>$GATHERFILE echo "" >>$GATHERFILE echo -n "Checking umask..." echo "................................................................." >>$GATHERFILE echo "Umask Current Value " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE echo "Umask = `umask 2>/dev/null`" >>$GATHERFILE echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" echo -n "Checking account password information..." echo "................................................................." >>$GATHERFILE echo "Account password information " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE join -t ':' /etc/passwd /etc/shadow | grep -v "\!" | grep -v "\*" |sed -e '/^#/d' -e /^$/d >>$GATHERFILE echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking /etc/login.defs file..." echo "................................................................." >>$GATHERFILE echo "/etc/login.defs File Content " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE if [ -f /etc/login.defs ];then cat /etc/login.defs| sed -e '/^#/d' -e /^$/d >>$GATHERFILE else echo "no /etc/login.defs file" >>$GATHERFILE fi echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking /etc/profile file..." echo "................................................................." >>$GATHERFILE echo "/etc/profile File Content " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE if [ -f /etc/profile ];then cat /etc/profile |sed -e '/^#/d' -e /^$/d>>$GATHERFILE else echo "no /etc/profile file" >>$GATHERFILE fi echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking Current logged in user ..." echo "................................................................." >>$GATHERFILE echo "Current logged in user " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE w >>$GATHERFILE 2>/dev/null echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking /etc/securetty file..." echo "................................................................." >>$GATHERFILE echo "/etc/securetty File Content " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE if [ -f /etc/securetty ];then cat /etc/securetty | sed -e '/^#/d' -e /^$/d >>$GATHERFILE else echo "no /etc/securetty file" >>$GATHERFILE fi echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo '################################################################' >>$GATHERFILE echo "| -= Rc*.d Information =- |" >>$GATHERFILE echo '################################################################' >>$GATHERFILE echo "" >>$GATHERFILE echo -n "Checking /etc/rc*.d start file..." echo "................................................................." >>$GATHERFILE echo "/etc/rc*.d directory start file " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE ls -gld /etc/rc0.d/* | grep -v -E "K[0-9]" | grep -v README >>$GATHERFILE ls -gld /etc/rc1.d/* | grep -v -E "K[0-9]" | grep -v README>>$GATHERFILE ls -gdl /etc/rc2.d/* | grep -v -E "K[0-9]" | grep -v README>>$GATHERFILE ls -adl /etc/rc3.d/* | grep -v -E "K[0-9]" | grep -v README>>$GATHERFILE ls -gdl /etc/rc4.d/* | grep -v -E "K[0-9]" | grep -v README>>$GATHERFILE ls -gdl /etc/rc5.d/* | grep -v -E "K[0-9]" | grep -v README>>$GATHERFILE ls -gdl /etc/rc6.d/* | grep -v -E "K[0-9]" | grep -v README>>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking /etc/rc*.d file..." echo "................................................................." >>$GATHERFILE echo "/etc/rc*.d file List " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE a0=`find /etc/rc0.d -type f | grep -v README 2>/dev/null` a1=`find /etc/rc1.d -type f | grep -v README 2>/dev/null` a2=`find /etc/rc2.d -type f | grep -v README 2>/dev/null` a3=`find /etc/rc3.d -type f | grep -v README 2>/dev/null` a4=`find /etc/rc4.d -type f | grep -v README 2>/dev/null` a5=`find /etc/rc5.d -type f | grep -v README 2>/dev/null` a6=`find /etc/rc6.d -type f | grep -v README 2>/dev/null` for i in $a0 $a1 $a2 $a3 $a4 $a5 $a6; do echo -n "Checking $i file..." echo "................................................................." >>$GATHERFILE echo "$i File Content " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE cat $i |sed -e '/^#/d' -e /^$/d>>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" done echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo '################################################################' >>$GATHERFILE echo "| -= Process Information =- |" >>$GATHERFILE echo '################################################################' >>$GATHERFILE echo "" >>$GATHERFILE echo -n "Checking process status information..." echo "................................................................." >>$GATHERFILE echo "Process Status Information " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE ps -axu >>$GATHERFILE 2>/dev/null echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking process tree information..." echo "................................................................." >>$GATHERFILE echo "Process Tree Information " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE pstree -p>>$GATHERFILE 2>/dev/null echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking modules information..." echo "................................................................." >>$GATHERFILE echo "Modules Information " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE if [ -f /sbin/lsmod ];then lsmod >>$GATHERFILE else echo "no modules information" >>$GATHERFILE fi echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo '################################################################' >>$GATHERFILE echo "| -= Network Information =- |" >>$GATHERFILE echo '################################################################' >>$GATHERFILE echo "" >>$GATHERFILE echo -n "Checking /etc/init.d/ directory..." echo "................................................................." >>$GATHERFILE echo "/etc/init.d/ directory " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE ls -al /etc/init.d/* >>$GATHERFILE echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking chkconfig information..." echo "................................................................." >>$GATHERFILE echo "Chkconfig Information" >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE if [ -f '/sbin/chkconfig' ];then chkconfig --list >>$GATHERFILE 2>/dev/null else echo "no chkconfig information" >>$GATHERFILE fi echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking sockets information..." echo "................................................................." >>$GATHERFILE echo "Sockets Information" >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE ss -p >>$GATHERFILE 2>/dev/null echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking listening server ports information..." echo "................................................................." >>$GATHERFILE echo "Listening Server Ports Information" >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE netstat -ant | grep LISTEN >>$GATHERFILE 2>/dev/null echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking listening services information..." echo "................................................................." >>$GATHERFILE echo "Listening Services Information" >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE netstat -at | grep LISTEN >>$GATHERFILE 2>/dev/null echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking program processes active connections information..." echo "................................................................." >>$GATHERFILE echo "Program Processes Active Connections Information" >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE netstat -pt >>$GATHERFILE 2>/dev/null echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking lsof Information..." echo "................................................................." >>$GATHERFILE echo "lsof Information " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE lsof -i >>$GATHERFILE 2>/dev/null echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ##### echo '################################################################' >>$GATHERFILE echo "| -= Syslog Information =- |" >>$GATHERFILE echo '################################################################' >>$GATHERFILE echo "" >>$GATHERFILE echo -n "Checking /etc/syslog.conf file..." echo "................................................................." >>$GATHERFILE echo "/etc/syslog.conf File Content " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE if [ -f /etc/syslog.conf ];then cat /etc/syslog.conf |sed -e '/^#/d' -e /^$/d >>$GATHERFILE else echo "no /etc/syslog.conf file" >>$GATHERFILE fi echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo '################################################################' >>$GATHERFILE echo "| -= DNS Information =- |" >>$GATHERFILE echo '################################################################' >>$GATHERFILE echo "" >>$GATHERFILE echo -n "Checking /etc/resolv.conf file..." echo "................................................................." >>$GATHERFILE echo "/etc/resolv.conf File Content " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE if [ -f /etc/resolv.conf ];then cat /etc/resolv.conf |sed -e '/^#/d' -e /^$/d>>$GATHERFILE else echo "no /etc/resolv.conf file" >>$GATHERFILE fi echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking /etc/hosts file..." echo "................................................................." >>$GATHERFILE echo "/etc/hosts File Content " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE if [ -f /etc/hosts ];then cat /etc/hosts|sed -e '/^#/d' -e /^$/d >>$GATHERFILE else echo "no /etc/hosts file" >>$GATHERFILE fi echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo '################################################################' >>$GATHERFILE echo "| -= Cron Information =- |" >>$GATHERFILE echo '################################################################' >>$GATHERFILE echo "" >>$GATHERFILE echo -n "Checking crontab Information..." echo "................................................................." >>$GATHERFILE echo "crontab Information " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE if [ -f /usr/bin/crontab ];then crontab -l >>$GATHERFILE else echo "no /usr/bin/crontab file" >>$GATHERFILE fi echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking /etc/crontab file..." echo "................................................................." >>$GATHERFILE echo "/etc/crontab File Content " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE if [ -f /etc/crontab ];then cat /etc/crontab | sed -e '/^#/d' -e /^$/d>>$GATHERFILE else echo "no /etc/crontab file" >>$GATHERFILE fi echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### if [ -d /var/spool/cron ];then c=`find /var/spool/cron -type f 2>/dev/null` for i in $c;do echo -n "Checking $i file..." echo "................................................................." >>$GATHERFILE echo "$i File Content " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE cat $i |sed -e '/^#/d' -e /^$/d>>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" done fi echo "" >>$GATHERFILE ###### echo '################################################################' >>$GATHERFILE echo "| -= Special Files Information =- |" >>$GATHERFILE echo '################################################################' >>$GATHERFILE echo "" >>$GATHERFILE echo -n "Checking /etc/rc.local file..." echo "................................................................." >>$GATHERFILE echo "/etc/rc.local content " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE cat /etc/rc.local | sed -e '/^#/d' -e /^$/d>>$GATHERFILE 2>/dev/null echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking SUID file..." echo "................................................................." >>$GATHERFILE echo "SUID File List " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE find / -type f \( -perm -04000 -o -perm -02000 \) \-exec ls -lg {} \; >>$GATHERFILE 2>/dev/null echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking iptables..." echo "................................................................." >>$GATHERFILE echo "Iptables information " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE iptables -L >>$GATHERFILE 2>/dev/null echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking abnormity & hide file..." echo "................................................................." >>$GATHERFILE echo "Abnormity & Hide File List " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE find / -name "..*" >>$GATHERFILE 2>/dev/null find / -name ".*" | cat -v >>$GATHERFILE 2>/dev/null echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking nouser file or directory..." echo "................................................................." >>$GATHERFILE echo "Nouser File or Directory List " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE find / -nouser -exec ls -lg {} \; >>$GATHERFILE 2>/dev/null echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo -n "Checking nogroup file or directory..." echo "................................................................." >>$GATHERFILE echo "Nogroup File or Directory List " >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE find / -nogroup -exec ls -lg {} \; >>$GATHERFILE 2>/dev/null echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### echo '################################################################' >>$GATHERFILE echo "| -= Packages/Patches Information =- |" >>$GATHERFILE echo '################################################################' >>$GATHERFILE echo "" >>$GATHERFILE echo -n "Checking packages installed information..." echo "................................................................." >>$GATHERFILE echo "Packages Installed Information" >>$GATHERFILE echo "................................................................." >>$GATHERFILE echo "" >>$GATHERFILE rpm -a >>$GATHERFILE 2>/dev/null echo "" >>$GATHERFILE echo "" >>$GATHERFILE echo " [ OK ]" ###### # >>>>> ################################################################### echo echo -n "Step 5." echo " ALL Done." echo "######################################################################" >>$GATHERFILE echo "" >>$GATHERFILE echo "Information collection is complete." >>$GATHERFILE echo "" >>$GATHERFILE echo "######################################################################" >>$GATHERFILE echo "######################################################################" echo "Information collection is complete." echo "Please read Gather $GATHERFILE for more details." echo "######################################################################" echo exit 0
    最新回复(0)