Skip to content

chriskaliX/Emergency-check

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
conf
conf
 
 
imgs
imgs
 
 
package
package
 
 
plugins
plugins
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.py
main.py
 
 
pre_check.py
pre_check.py
 
 

Repository files navigation

Emergency Alert Script

这是一款linux下的简单应急响应脚本。这是我在学习GScan之后的学习成果,GScan是一个不论在学习和应急响应上都很好的工具。

This Script is use for check linux emergency security check.This script is my production of learning Gscan. GScan is a great tool to both learn and do emergency check.

Author

ChriskaliX

Usage

python3 main.py

(ONLY python>3.6 supported)

Run pic

image

Check list

Backdoor

Checklist
LD_PRELOAD
LD_AOUT_PRELOAD
LD_ELF_PRELOAD
LD_LIBRARY_PATH
PROMPT_COMMAND
Ld_so_preload
Cron_check
SSH Process
SSH Softlink
SSH wrapper
Inted
Xinetd
Setuid
Chmod 777(Useless maybe?)
Startup check
Alias

Configuration

Checklist
Dns check
Iptables check
Host check
Promiscuous check

History Check

Checklist
History check

Log Check

Checklist
wtmp
utmp
lastlog
authlog

Process Check

Checklist
cpu_mem_check
shell_check
exe_check

User Check

Checklist
root check
empty check
sudo check
authorized_check
permission_check

Difference

  • Pure python3,No Linux command used
  • some differences between file check
  • delete some plugins

Update log

  • 2019-11-01:
    • fix the softlink problem
    • fix the logical of backdoor check
  • 2020-03-16:
    • some explations
    • add ruby detect in analysis file

Others & Reference

About

A simple tool to do linux emergency check

Topics

linux security python3 security-tools emergency-check emergency-alert

Resources

Readme

License

MIT license
Activity

Stars

10 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages