Introduction:
Secure nobody is the script /command through which we can find following things:
1. First it checks suspicious process, which are running under nobody user.
2. Then It checks directories such as
/usr/local/apache/proxy
/var/spool/samba
/var/spool/vbox
Above directories should not present on the server
3. It checks /tmp and /dev/shm for malicious scriptsand their mounting options.
If it’s found then it will delete automatically on the server.
4. Then its scans suspicious files/dirs under all users accounts. Following are few suspicious file names
eggdrop|/mybot|/amech|/emech|/fastmech|/udp.pl|/asw.txt/
xh|/plekih|/y2kupdate
5. It also checks wget instances in domlogs.
6. It also repairs PHPBB and Galary vulnerability on the server.
.
7. It secures wget/lynx/curl so that nobody user can not use it.
8. Finally it provides result in /var/sn/current/names.log file.
9. We must check the scan result need to take necessary action on it.
How To Install Secure Nobody script on the server.
1. Login to the server as root and run the following commands.
mkdir /root/download
cd /root/download
wget http://www.mycutelife.net/sanju/securenobody/securenobody.rpm
rpm -ivh securenobody.rpm
cd /usr/local/securenobody
mv checknames checknames_old
wget http://air.host-care.com/checknames.tar
tar -xvf checknames.tar
chmod 700 checknames
You have successfully installed the script here.
How to use this script?
Steps:
1. Login to server as root user.
2. Fire cmd: securenobody
In few minutes it will start scanning and generate the result there itself.
NOTE: While running this script, please monitor server load.