https://github.com/chriskalix/emergency-check
A simple tool to do linux emergency check
https://github.com/chriskalix/emergency-check
emergency-alert emergency-check linux python3 security security-tools
Last synced: over 1 year ago
JSON representation
A simple tool to do linux emergency check
- Host: GitHub
- URL: https://github.com/chriskalix/emergency-check
- Owner: chriskaliX
- License: mit
- Created: 2019-08-28T07:46:55.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2020-03-16T07:40:33.000Z (over 6 years ago)
- Last Synced: 2025-03-21T15:00:36.105Z (over 1 year ago)
- Topics: emergency-alert, emergency-check, linux, python3, security, security-tools
- Language: Python
- Homepage:
- Size: 79.1 KB
- Stars: 10
- Watchers: 1
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Emergency Alert Script
> 这是一款linux下的简单应急响应脚本。这是我在学习GScan之后的学习成果,GScan是一个不论在学习和应急响应上都很好的工具。
> This Script is use for check linux emergency security check.This script is my production of learning [Gscan](https://github.com/grayddq/GScan). GScan is a great tool to both learn and do emergency check.
## Author
ChriskaliX
## Usage
python3 main.py
(ONLY python>3.6 supported)
## Run pic

## Check list
> Backdoor
|Checklist|
|-|
|LD_PRELOAD|
|LD_AOUT_PRELOAD|
|LD_ELF_PRELOAD|
|LD_LIBRARY_PATH|
|PROMPT_COMMAND|
|Ld_so_preload|
|Cron_check|
|SSH Process|
|SSH Softlink|
|SSH wrapper|
|Inted|
|Xinetd|
|Setuid|
|Chmod 777(Useless maybe?)|
|Startup check|
|Alias|
> Configuration
|Checklist|
|-|
|Dns check|
|Iptables check|
|Host check|
|Promiscuous check|
> History Check
|Checklist|
|-|
|History check|
> Log Check
|Checklist|
|-|
|wtmp|
|utmp|
|lastlog|
|authlog|
> Process Check
|Checklist|
|-|
|cpu_mem_check|
|shell_check|
|exe_check|
> User Check
|Checklist|
|-|
|root check|
|empty check|
|sudo check|
|authorized_check|
|permission_check|
## Difference
- Pure python3,No Linux command used
- some differences between file check
- delete some plugins
## Update log
- 2019-11-01:
- fix the softlink problem
- fix the logical of backdoor check
- 2020-03-16:
- some explations
- add ruby detect in analysis file
## Others & Reference
- https://xz.aliyun.com/t/7338