Stats
Actions
Tags
Analyzes Linux system artifacts like auth logs, cron jobs, shell history, configs, and SUID binaries to detect intrusions, rootkits, persistence, and unauthorized access in incident response.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills-zh:analyzing-linux-system-artifactsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
- 调查受损的 Linux 服务器或工作站时
(参见源文档中的命令)
| 概念 | 定义 |
|---|---|
| /var/log/auth.log | Debian/Ubuntu 系统上的主要身份验证日志 |
| /var/log/secure | RHEL/CentOS 系统上的主要身份验证日志 |
| wtmp/btmp | 记录成功和失败登录会话的二进制日志 |
| .bash_history | 用户命令历史文件(攻击者可能清除) |
| crontab | 通常用于持久化的计划任务系统 |
| authorized_keys | 授予账户无密码访问权限的 SSH 公钥 |
| SUID 位 | 允许以文件所有者身份执行的文件权限(权限提升向量) |
| LD_PRELOAD | 在所有其他库之前加载共享库的环境变量(钩挂技术) |
| 工具 | 用途 |
|---|---|
| chkrootkit | Linux 系统 Rootkit 检测扫描器 |
| rkhunter | Rootkit Hunter - 检查 Rootkit、后门和本地漏洞利用 |
| AIDE | 高级入侵检测环境 - 文件完整性监控器 |
| auditd | 用于系统调用和文件访问监控的 Linux 审计框架 |
| last/lastb | 解析 wtmp/btmp 获取登录和失败登录历史 |
| Plaso/log2timeline | 包含 Linux 痕迹的超级时间线创建工具 |
| osquery | 基于 SQL 的系统查询工具,用于实时取证调查 |
| Velociraptor | 具有 Linux 痕迹收集能力的终端代理 |
npx claudepluginhub killvxk/cybersecurity-skills-zhExamines Linux system artifacts including auth logs, cron jobs, shell history, and system configuration to uncover evidence of compromise or unauthorized activity during incident response.
Analyzes Linux system artifacts like auth logs, cron jobs, shell history, configs, and user files to detect compromise, persistence mechanisms, and unauthorized activity in incident response.
Analyzes Linux system artifacts like auth logs, cron jobs, shell history, configs, and user files to detect compromise, persistence mechanisms, and unauthorized activity in incident response.