Linux server attacks are nothing new. 14 years ago I was installing a server, Red Hat 7 I think, and in the hour or so after I installed it to the time I applied the patches it was infected with an Apache ssl trojan.
Years ago I moved sshd off port 22, disabled password logins and use certificates after noticing my logs filling up with numerous daily attempts at hacking into sshd.
Mike
On 03/19/2014 12:11 PM, SilverTip257 wrote:
On Wed, Mar 19, 2014 at 10:01 AM, Johnny Hughes johnny@centos.org wrote:
On 03/19/2014 08:50 AM, Timothy Murphy wrote:
SlashDot had an article today on a Linux server malware attack, <
http://it.slashdot.org/story/14/03/18/2218237/malware-attack-infected-25000-...
.
I wonder if there is a simple test to see if a CentOS machine has been infected in this way?
The article mentions Yara and Snort rules to test for this, but I wonder if there is something simpler? Alternatively, are there Yara or Snort packages for CentOS? ("Yum search" didn't seem to find anything.)
Look at this PDF:
The article I read, linked to a detection toolkit on GitHub. https://github.com/eset/malware-ioc
Read this: https://github.com/eset/malware-ioc/blob/master/windigo/README.adoc