Вирусы сожрали комп.Кто бы мог записать на болванку бутабельный диск с Linux. Хеши должны совпадать. Юг Красноярского края, города Черногорск, Абакан, Минусинск. Подъеду в указанное место и дам болванку.
> Вирусы сожрали комп.
> Кто бы мог записать на болванку бутабельный диск с Linux. Хеши должны
> совпадать. Юг Красноярского края, города Черногорск, Абакан, Минусинск. Подъеду в указанное
> место и дам болванку.Попробуйте написать кому-то отсюда. Это список распространителей Runtu. Но, думаю, в просьбе записать другой дистрибутив не откажут.
http://runtu.org/runtu/runtu-spreader.html
> Вирусы сожрали комп.Вендузятник должен страдать.
>> Вирусы сожрали комп.
> Вендузятник должен страдать.ну шо за уровень дворовой шелупони ?
солидней надобно бы, что ли..
>>> Вирусы сожрали комп.
>> Вендузятник должен страдать.
> ну шо за уровень дворовой шелупони ?
> солидней надобно бы, что ли..Вендузятник должен заказывать лицензионный загрузочный диск линуха в шопе Майкрософт!!
Уважаемые граждане, у меня вири сожрали Hardened Gentoo.../, /usr монтировались только для чтения
/home, /var, /tmp c запретом исполнения + TPE разрешала запрет на исполнения любого файла которые может быть изменён или создан не пользователем root.В / и /usr обнаружены вири
Или система изначально была установлена с заражённого диска. Или использовался сложный эксплоит с возможность записи в ro область.
> В / и /usr обнаружены вириА что обнаружено и чем? Не поделишься заражённым файлом?
>> В / и /usr обнаружены вири
> А что обнаружено и чем?Заметил правку некоторых моих программ. Также перестал запускаться qTox.
Лечил самописным антивирусником.
> Не поделишься заражённым файлом?
Их много куда тебе слать?
> Их много куда тебе слать?Положи на какой-нибудь Гугол-диск или куда тебе удобнее в запароленном архиве. А сюда ссылку и пароль.
#!/bin/bash
# 20161109
# GPL-3
# If 'infected_action' set to 'DELETE' or "REMOVE' then
# script will delete all files from:
# /bin/*, /sbin/*, /lib* and /usr/* except /usr/local/*
# which was not installed by emerge,
# or installed by emerge and modified by other program!
infected_action='DELETE'
infected_action='REMOVE'
#infected_action='SKIP'# Gentoo pkg database
db='/mnt/gentoo/var/db/pkg/'# Where root of checking system is mouted. You run this from LiveCD? Rhite?
root='/mnt/gentoo'# Path to log file
log='/var/tmp/vlist'
# We delete old log!!!
rm -f "${log}"
logclean="YES"
logclean="NO"# Removed virus files
infdir='/mnt/gentoo/var/viruses'# Path to temp files
iffile='/var/tmp/iflist'
effile='/var/tmp/eflist'
isfile='/var/tmp/islist'
esfile='/var/tmp/eslist'
delete() {
if [[ `echo ${fn} |cut -b-5` == '/bin/' || `echo ${fn} |cut -b-6` == '/sbin/' || `echo ${fn} |cut -b-4` == '/lib' ]]
then
rm -f "${root}${fn}"
echo "Deleted!!!" >> "${log}"
((d+=1))
elif [[ `echo ${fn} |cut -b-5` == '/usr/' && `echo ${fn} |cut -b-11` != '/usr/local/' ]]
then
rm -f "${root}${fn}"
echo "Deleted!!!" >> "${log}"
((d+=1))
else
echo "Skip!" >> "${log}"
fi
}
remove() {
if [[ `echo ${fn} |cut -b-5` == '/bin/' || `echo ${fn} |cut -b-6` == '/sbin/' || `echo ${fn} |cut -b-4` == '/lib' ]]
then
path=`echo ${fn} |sed -r 's/^(\/.+)\/(.+)$/\1/m'`
mkdir -p "${infdir}${path}"
mv -f "${root}${fn}" "${infdir}${path}"
echo "Removed!!!" >> "${log}"
((d+=1))
elif [[ `echo ${fn} |cut -b-5` == '/usr/' && `echo ${fn} |cut -b-11` != '/usr/local/' ]]
then
path=`echo ${fn} |sed -r 's/^(\/.+)\/(.+)$/\1/m'`
mkdir -p "${infdir}${path}"
mv -f "${root}${fn}" "${infdir}${path}"
echo "Removed!!!" >> "${log}"
((d+=1))
else
echo "Skip!" >> "${log}"
fi
}
recover_sym() {
path=`echo ${fn} |sed -r 's/^(\/.+)\/(.+)$/\1/m'`
name=`echo ${fn} |sed -r 's/^(\/.+)\/(.+)$/\2/m'`
mkdir -p "${root}${path}"
cd "${root}${path}"
ln -s "${md}" "${name}"
echo "${fn} Recover symlink! :-)" >> "${log}"
((r+=1))
}
# Check rhite for deleting bed system files.
if [[ "${infected_action}" == 'DELETE' || "${infected_action}" == 'REMOVE' ]]
then
echo ""
echo " !!! Atention !!!"
echo " This script will delete or remove system files!"
echo ""
echo "Only 64 bit, no multilib, systems are supported."
echo ""
echo "If you don't wont delete any files, just log, type SKIP."
echo "If you wont remove ?infected? files, type REMOVE."
echo -n "If you wont delete ?infected? files type DELETE and press 'Enter': "
read check
if [ "${check}" == 'DELETE' ]
then
infected_action='DELETE'
elif [ "${check}" == 'REMOVE' ]
then
infected_action='REMOVE'
mkdir -p "${infdir}"
else
infected_action='SKIP'
fi
fi
echo ""
echo -n "Build list of installed system files and links. Please wait... "
rm -f "${iffile}_"
for f in `find "${db}" -name CONTENTS -type f`
do# Regular files
grep "obj /" "${f}" |sed 's/obj \/lib\//obj \/lib64\//' \
|sed 's/obj \/usr\/lib\//obj \/usr\/lib64\//' \
|sed -r 's/^(obj) (.+) (.+) (.+)$/\1 \2 \3 \4/m' >> "${iffile}_"# Symbolic links
grep -E '^sym /' "${f}" |sed -r 's/^(sym) (.+) -> (.+) (.+)$/\1 \2 \3 \4/m' >> "${isfile}_"done
sort "${iffile}_" |uniq > "${iffile}"
rm "${iffile}_"sort "${isfile}_" |uniq > "${isfile}"
rm "${isfile}_"echo "OK!"
echo ""
echo -n "Build list of existing system files and links. Please wait... "# Regular files
find "${root}" -type f \
-and ! -wholename "${root}/home/*" \
-and ! -wholename "${root}/lib64/modules/*" \
-and ! -wholename "${root}/media/*" \
-and ! -wholename "${root}/mnt/*" \
-and ! -wholename "${root}/root/*" \
-and ! -wholename "${root}/tmp/*" \
-and ! -wholename "${root}/usr/portage/*" \
-and ! -wholename "${root}/var/cache/*" \
-and ! -wholename "${root}/var/db/*" \
-and ! -wholename "${root}/var/lib/clamav/*" \
-and ! -wholename "${root}/var/lib/gentoo/news/*" \
-and ! -wholename "${root}/var/lib/layman/*" \
-and ! -wholename "${root}/var/lib/motioneye/*" \
-and ! -wholename "${root}/var/lib/portage/*" \
-and ! -wholename "${root}/var/lib/rkhunter/tmp/*" \
-and ! -wholename "${root}/var/log/*" \
-and ! -wholename "${root}/var/spool/*" \
-and ! -wholename "${root}/var/tmp/*" \
-and ! -wholename "${root}/var/lib/tor/data/*" \
-and ! -wholename "${root}/var/www/*" \
|sort > "${effile}"# Symbolic links
find "${root}" -type l \
-and ! -wholename "${root}/home/*" \
-and ! -wholename "${root}/lib64/modules/*" \
-and ! -wholename "${root}/media/*" \
-and ! -wholename "${root}/mnt/*" \
-and ! -wholename "${root}/root/*" \
-and ! -wholename "${root}/tmp/*" \
-and ! -wholename "${root}/var/tmp/*" \
-and ! -wholename "${root}/var/www/*" \
|sort > "${esfile}"echo "OK!"
echo ""
echo "If you looking for progress run:"
echo "tail -f ${log}"
echo "or filter only infected files run:"
echo "tail -f ${log} |grep -v 'OK! ;-)'"
echo "Full scan can take many hoers."
echo ""
echo -n "Scanning all system symlinks. Please wait... "
((v=0)); ((n=0)); ((d=0)); ((r=0))
f=`awk '{if (NR==1) print}' "${esfile}"`
((i=2))
while [ "${f}" != '' ]
do
fn=`echo "${f}" |awk -F"${root}" '{print $2}'`
md=`grep "sym ${fn} " "${isfile}" |awk -F' ' '{print $3}'`
if [ "${md}" == '' ]
then
if [[ `echo ${fn} |cut -b-5` == '/etc/' ]]
then
echo "${fn} Configuration link wasn't installed by emerge!" >> "${log}"
((n+=1))
else
echo -n "${fn} Alien??? Link wasn't installed by emerge! 8-| " >> "${log}"
((n+=1))
if [ "${infected_action}" == 'DELETE' ]
then
delete
elif [ "${infected_action}" == 'REMOVE' ]
then
remove
else
echo "Skip!" >> "${log}"
fi
fi
else
fm=`ls -l "${f}" |awk '{print $11}'`
if [ "${md}" == "${fm}" ]
then
if [ "${logclean}" == "YES" ]
then
echo "${fn} OK! ;-)" >> "${log}"
fi
else
if [[ `echo ${fn} |cut -b-5` == '/etc/' ]]
then
echo "${fn} Configuration link was installed by emerge and are modified!" >> "${log}"
((v+=1))
else
echo -n "${fn} Virus??? Link was installed by emerge and are modified! 8-( " >> "${log}"
((v+=1))
if [ "${infected_action}" == 'DELETE' ]
then
delete
recover_sym
elif [ "${infected_action}" == 'REMOVE' ]
then
remove
recover_sym
else
echo "Skip!" >> "${log}"
fi
fi
fi
fi
f=`awk "{if (NR==$i) print}" "${esfile}"`
((i+=1))
done
echo "OK!"echo "Sumary:"
echo " Total: ${v} system links was installed by emerge and modified by another program!!!"
echo " Total: ${n} system links wasn't installed by emerge and was created by another program!!!"
echo " Total: ${d} system links wasn't installed by emerge or was modified by another program are deleted or removed!!!"
echo " Total: ${r} system links wasn installed by emerge and modified by another program or don't exist are recovered!!!"
echo ""echo -n "Scanning all system files. Please wait... "
((v=0)); ((n=0)); ((d=0));
f=`awk '{if (NR==1) print}' "${effile}"`
((i=2))
while [ "${f}" != '' ]
do
fn=`echo "${f}" |awk -F"${root}" '{print $2}'`
md=`grep "obj ${fn} " "${iffile}" |awk -F' ' '{print $3}'`
if [ "${md}" == '' ]
then
if [[ `echo ${fn} |cut -b-5` == '/etc/' ]]
then
echo "${fn} Configuration file wasn't installed by emerge!" >> "${log}"
((n+=1))
else
echo -n "${fn} Alien??? File wasn't installed by emerge! 8-| " >> "${log}"
((n+=1))
if [ "${infected_action}" == 'DELETE' ]
then
delete
elif [ "${infected_action}" == 'REMOVE' ]
then
remove
else
echo "Skip!" >> "${log}"
fi
fi
else
fm=`md5sum "${f}" |awk '{print $1}'`
if [ "${md}" == "${fm}" ]
then
if [ "${logclean}" == "YES" ]
then
echo "${fn} OK! ;-)" >> "${log}"
fi
else
if [[ `echo ${fn} |cut -b-5` == '/etc/' ]]
then
echo "${fn} Configuration file was installed by emerge and are modified!" >> "${log}"
((v+=1))
else
echo -n "${fn} Virus??? File was installed by emerge and are modified! 8-( " >> "${log}"
((v+=1))
if [ "${infected_action}" == 'DELETE' ]
then
delete
elif [ "${infected_action}" == 'REMOVE' ]
then
remove
else
echo "Skip!" >> "${log}"
fi
fi
fi
fi
f=`awk "{if (NR==$i) print}" "${effile}"`
((i+=1))
done
echo "OK!"echo "Sumary:"
echo " Total: ${v} system files was installed by emerge and modified by another program!!!"
echo " Total: ${n} system files wasn't installed by emerge and was created by another program!!!"
echo " Total: ${d} system files wasn't installed by emerge or was modified by another program are deleted or removed!!!"
echo ""
echo -n "Looking for missing system lynks. Please wait... "
((v=0)); ((r=0))
fn=`awk -F' ' '{if (NR==1) {print $2}}' "${isfile}"`
((i=2))
while [ "${fn}" != '' ]
do
if [ ! -s "${root}${fn}" ]
then
echo "${fn} Link was installed by emerge and don't exist! 8-(" >> "${log}"
((v+=1))
if [[ "${infected_action}" == 'DELETE' || "${infected_action}" == 'REMOVE' ]]
then
md=`grep "sym ${fn} " "${isfile}" |awk -F' ' '{print $3}'`
recover_sym
fi
fi
fn=`awk "{if (NR==$i) print}" "${isfile}" |awk -F' ' '{print $2}'`
((i+=1))
done
echo "OK!"echo "Sumary:"
echo " Total: ${v} system links was installed by emerge and don't exist!!!"
echo " Total: ${r} system links installed by emerge and don't exist, are recovered!!!"
echo ""
echo -n "Looking for missing system files. Please wait... "
((v=0))
fn=`awk -F' ' '{if (NR==1) {print $2}}' "${iffile}"`
((i=2))
while [ "${fn}" != '' ]
do
if [ ! -f "${root}${fn}" ]
then
echo "${fn} File was installed by emerge and don't exist! 8-(" >> "${log}"
((v+=1))
fi
fn=`awk "{if (NR==$i) print}" "${iffile}" |awk -F' ' '{print $2}'`
((i+=1))
done
echo "OK!"echo "Sumary:"
echo " Total: ${v} system files was installed by emerge and don't exist!!!"
echo ""echo " Please look in '${log}' for detail information."
echo " If you looking only for virus run:"
echo " grep -v 'OK! ;-)' ${log} |less"
exit 0
>> В / и /usr обнаружены вири
> А что обнаружено и чем?После чистой установки надо обязательно использовать системы обнаружения вторжений, и созданные ими хеши держать на ROM CD-DVD вместе с чистым LiveCD/DVD.
Законодательная проблема получить болванку с ISO образом который проходит варификацию по контрольной суме в РФ есть?Есть в РФ организации высылающие LiveCD диски по почте?
Вопрос с записью диска пока ещё актуален! Как получю, на юге края смогу раздавать всем желающим...
> Есть в РФ организации высылающие LiveCD диски по почте?АльтЛинукс, не?
Я вообще не представляю где бы это понадобилось, кроме гос-органов.
> Вирусы сожрали комп.Целиком?
Пробовали включить\выключить?Может быть экзорциста позвать? :)
А если серьёзно, болванки прошлый век. Почему не флешка, например? Или это такой тонкий троллинг был, что я не понял?
>> Вирусы сожрали комп.
> Целиком?
> Пробовали включить\выключить?
> Может быть экзорциста позвать? :)
> А если серьёзно, болванки прошлый век. Почему не флешка, например? Или это
> такой тонкий троллинг был, что я не понял?У меня вирь крутой.. Необходимо запись и верификация с диска физически доступного только для чтения, например ROM CD-DVD. Хеши которых можно верифицировать.
вирь блокирует запись cdrecord и growisofs, а если удавалось записать, то результат не проходил верификацию по контрольной суме или хешу.