RCLocals - Linux Startup Analyzer
2022-1-9 11:30:0 Author: www.kitploit.com(查看原文) 阅读量:13 收藏

Inspired by 'Autoruns' from Sysinternals, RCLocals analyzes all Linux startup possibilities to find backdoors, also performs process integrity verification, scan for DLL injected processes and much more

Things covered:

·List GPG keys trusted by the system

·Installed Packages

·File integrity

·Process integrity (process and libraries loaded in a process that not belongs to any installed package)

·Processes with name spoofed (processes that use prctl() to change their name in /bin/ps)

·CRON entries

·RC files

·X system startup files

·Active Systemd Units

·Systemd Timer Units

·tmpfiles.d

·linger users

USAGE

For only suspicious information:

#python3 rclocals.py --triage

For detailed information:

#python3 rclocals.py --all

Screenshots


文章来源: http://www.kitploit.com/2022/01/rclocals-linux-startup-analyzer.html
如有侵权请联系:admin#unsafe.sh