Script for Secure nobody and its Procedure.


Secure nobody is the script /command through which we can find following things:

1. First it checks suspicious process, which are running under nobody user.

2. Then It checks directories such as


Above directories should not present on the server

3. It checks /tmp and /dev/shm for malicious scriptsand their mounting options.
If it’s found then it will delete automatically on the server.

4. Then its scans suspicious files/dirs under all users accounts. Following are few suspicious file names


5. It also checks wget instances in domlogs.

6. It also repairs PHPBB and Galary vulnerability on the server.
7. It secures wget/lynx/curl so that nobody user can not use it.

8. Finally it provides result in /var/sn/current/names.log file.

9. We must check the scan result need to take necessary action on it.

How To Install Secure Nobody script on the server.

1. Login to the server as root and run the following commands.

mkdir /root/download
cd /root/download
rpm -ivh securenobody.rpm
cd /usr/local/securenobody
mv checknames checknames_old
tar -xvf checknames.tar
chmod 700 checknames

You have successfully installed the script here.

How to use this script?

1. Login to server as root user.
2. Fire cmd: securenobody

In few minutes it will start scanning and generate the result there itself.

NOTE: While running this script, please monitor server load.


Both comments and pings are currently closed.

Comments are closed.