1.1 definition

Rootkit It's a set of back door programs left in the system by intruders .Rootkit Usually only when the system has been compromised and acquired root Only after permission is installed into the system , And help the intruder control the system for a long time ,
, Gather host and network information , And hide the intruder's trace . in other words ,Rootkit Need to be persistent and imperceptible in the target system , Operate the system , Procedures for collecting data through covert channels . therefore ,
Rootkit The three elements of : hide , control , collecting data . Different operating systems will have different Rootkit,Linux In the system Rootkit It's called LinuxRootkit.

1.2 classification

LinuxRookit It can be simply divided into user mode and kernel level , Some novel LinuxRootkit technology ( as BIOS,PIC,Boot) It can be divided into new technology types . User status
Rootkit You can replace some binaries ( as ps,netstat,ls etc. ), To hide the process , Network connection information hiding , File hiding and other functions . kernel Rootkit
Because of the good concealment , Strong attack ability , Gradually become the mainstream . kernel Rootkit It can also be subdivided into LKM(LoadableKernel Modules) Of Rookit And not based on LKM Of
Rootkit.

1.3 function

Either way Rootkit, The following functions are required :

(1) Remote instruction execution

Through the network Rootkit The host system sends instructions , To control the remote host ;

(2) information gathering

Collect system activity information , Data information of other hosts on the network ;

(3) File hiding

Hide specific files on the target host , Make it invisible through normal methods , In this way, some traces of the system being controlled can be hidden ;

(4) Process hiding

Start related processes when controlling the target host or collecting system information , adopt Rootkit It can hide the process ;

(5) Network connection hidden

Hide the port information of network connection , utilize netstat Tools such as can't show hidden information , So you can secretly send information to the remote end ;

(6) Kernel module hiding

take Rootkit The modules installed in the system are hidden , Improve their own viability .

Technology
©2019-2020 Toolsou All rights reserved,
JS How to operate C Language console games , Make bricks use Python Do automated testing (pytest The essence of framework ) First knowledge MySQL Comprehensive review ( dried food )Python+OpenCV Detailed explanation of face recognition technology Baidu , Ali , Tencent's internal position level and salary structure , With job suggestions ! Image explanation of over fitting and under fitting Huawei certification HCIA-AI artificial intelligence New York Youth Project “ Recapture Wall Street ”: Safeguarding the interests of retail investors CSS architecture design