名词解释

 

当一个攻击者成功地进入了系统休息,两人第一次想做的事情,他通常是:

• Keep the administators unaware of his presence.保持administators知道他的存在.
• Prevent the administrators from kicking him off the system.防止系统管理员从踢他出门.

One of the methods of accomplishing both of these tasks is to modify the system binaries, or even the system libraries.方法之一,完成这些任务是修改二元制,甚至图书馆系统.

The most simple and classic example of this is to replace /bin/login.最典型的例子就是简单地更换/斌/login.

1. Obtain a copy of the source code to /bin/login for the version of Unix the target host is running -- or at least a very close version.索取源代码来/宾/登录UNIX的版本为对象举办为期--或至少十分密切版本.
2. Edit the source code to /bin/login to include a "secret" password that will always let you login as root if you enter the "backdoor" password.编辑源代码来/宾/登录列入"秘密",永远密码如果你登录为根让你进入"后门"口令. This backdoor will also not create an entry in the system log files.这也不会造成后门进入系统的日志档案.
3. Compile the source code.汇编源代码.
4. Save a copy of the original /bin/login binary in case something goes wrong.节省副本/斌/登录二进制万一出事.
5. Replace the original /bin/login with your new /bin/login, keeping the same file permissions, ownerships, and time stamps.取代原来/斌/你登录新/斌/登录,饲养同一档案许可,所有制和时间邮票.

These steps replace one system binary.二元制取代这些步骤之一. A rootkit is a collection of modified program sources or binaries which replace an entire set of system binaries.Rootkit的是一个集节目源或改装二元取代一整套制度二元.

System binaries replaced by common rootkit's include netstat, ifconfig, ps, ld, du, in.telnetd, chfn, chsh, inetd, passwd, top, rshd, and syslogdRootkit的双星系统代替普通的包括netstat、ifconfig、聚苯乙烯、劳工处、杜、in.telnetd、chfn、chsh、inetd、passwd、顶、rshd、而syslogd

 

 

 

什么是Inetd