LinuxCheck – this is a small bash script to collect information, useful for emergency response in systemsDebian andCentos.
Characteristics:
LinuxCheck – this is a separate script, capable of collecting a large set of information:
- CPU TOP10, memory TOP10
- CPU usage
- loading time
- Hard drive information
- User information, information about passwd
- Detecting Environment Variables
- List of services
- Changes in the system program (debsums -e и rpm -va)
- Network traffic statistics
- Network connection, listening port
- Open port
- Routing table information
- Routing
- ARP
- DNS server
- SSH login information
- SSH login IP
- iptables info
- SSH Key Discovery
- SSH IP break
- Crontab detection
- Crontab backdoor detection
- Find shared configuration files
- Find common software
- Audit History Files
- Requesting HOSTS files
- lsmod exception kernel module
- Anomalous File Detection (nc, tunnel, proxy common hacker tools)
- Large File Detection (some large files packed)
- Free space, hard drive mount
- Open port
- Detection of LD_PRELOAD
- LD_LIBRARY_PATH
- ld.so.preload
- NIC promiscuous mode
- Most used software
- Change mtime file to latest 7 days
- Change ctime file to latest 7 days
- View the SUID file
- Find: hidden files
- Find sensitive files (nc, nmap, tunnel)
- nickname
- LSOF -L1
- SSHD
- Find Bash shell failures
- php webshell scan
- web shell jsp scanning
- scan asp / aspx webshell
- Mining Process Detection
- Scanning
usage
First installrkhunter andag :\
$ sudo apt purge silversearcher-ag rkhunter
Or for Centos
$ yum -y install the_silver_searcher rkhunter
Then you can run the script directly on github:
bash -c "$(curl -sSL https://raw.githubusercontent.com/al0ne/LinuxCheck/master/LinuxCheck.sh)"
Links
Discover more from VirusNet
Subscribe to get the latest posts sent to your email.