堡塔安全Bacon 发表于 2025-12-4 09:18
已编译成功,修复一下插件就可以正常使用了
修复插件后还是不行
root@TranBon-BT10:~# uname -a
Linux TranBon-BT10 5.10.0-34-amd64 #1 SMP Debian 5.10.234-1 (2025-02-24) x86_64 GNU/Linux
root@TranBon-BT10:~#
root@TranBon-BT10:~# cd /www/server/panel/plugin/bt_hids/LKM/ && make
|-----------------------------------|
| building HIDS kernel module |
|-----------------------------------|
make -C /lib/modules/5.10.0-34-amd64/build M=/www/server/panel/plugin/bt_hids/LKM modules
make: Entering directory '/usr/src/linux-headers-5.10.0-34-amd64'
CC /www/server/panel/plugin/bt_hids/LKM/src/init.o
CC /www/server/panel/plugin/bt_hids/LKM/src/trace.o
CC /www/server/panel/plugin/bt_hids/LKM/src/trace_buffer.o
CC /www/server/panel/plugin/bt_hids/LKM/src/smith_hook.o
CC /www/server/panel/plugin/bt_hids/LKM/src/anti_rootkit.o
CC /www/server/panel/plugin/bt_hids/LKM/src/filter.o
CC /www/server/panel/plugin/bt_hids/LKM/src/util.o
CC /www/server/panel/plugin/bt_hids/LKM/src/memcache.o
LD /www/server/panel/plugin/bt_hids/LKM/hids_driver.o
MODPOST /www/server/panel/plugin/bt_hids/LKM/Module.symvers
LD /www/server/panel/plugin/bt_hids/LKM/hids_driver.ko
make: Leaving directory '/usr/src/linux-headers-5.10.0-34-amd64'
make -C test
make: Entering directory '/www/server/panel/plugin/bt_hids/LKM/test'
|---------------------------------|
| building HIDS pipe reader |
|---------------------------------|
CC main.ou
building test programs
CC rst
make: Leaving directory '/www/server/panel/plugin/bt_hids/LKM/test'
root@TranBon-BT10:/www/server/panel/plugin/bt_hids/LKM#
本帖最后由 宝塔用户_gudovt 于 2025-12-9 14:20 编辑
|-----------------------------------|| building HIDS kernel module |
|-----------------------------------|
make -C /lib/modules/5.14.0-503.40.1.el9_5.x86_64/build M=/www/server/panel/plugin/bt_hids/LKM modules
make: Entering directory '/usr/src/kernels/5.14.0-503.40.1.el9_5.x86_64'
make: Leaving directory '/usr/src/kernels/5.14.0-503.40.1.el9_5.x86_64'
make -C test
make: Entering directory '/www/server/panel/plugin/bt_hids/LKM/test'
|---------------------------------|
| building HIDS pipe reader |
|---------------------------------|
CC main.ou
building test programs
CC rst
make: Leaving directory '/www/server/panel/plugin/bt_hids/LKM/test'
uname -a
Linux localhost 5.14.0-503.40.1.el9_5.x86_64 #1 SMP PREEMPT_DYNAMIC Mon May 5 06:06:04 EDT 2025 x86_64 x86_64 x86_64 GNU/Linux
Debian13不支持和兼容
系统版本:# cat /etc/os-release
NAME="Alibaba Cloud Linux"
VERSION="3 (OpenAnolis Edition)"
ID="alinux"
ID_LIKE="rhel fedora centos anolis"
VERSION_ID="3"
VARIANT="OpenAnolis Edition"
VARIANT_ID="openanolis"
ALINUX_MINOR_ID="2104"
ALINUX_UPDATE_ID="12.1"
PLATFORM_ID="platform:al8"
PRETTY_NAME="Alibaba Cloud Linux 3.2104 U12.1 (OpenAnolis Edition)"
ANSI_COLOR="0;31"
HOME_URL="https://www.aliyun.com/"
make执行情况:
]# cd /www/server/panel/plugin/bt_hids/LKM/ && make
|-----------------------------------|
| building HIDS kernel module |
|-----------------------------------|
make -C /lib/modules/5.10.134-19.1.al8.x86_64/build M=/www/server/panel/plugin/bt_hids/LKM modules
make: Entering directory '/usr/src/kernels/5.10.134-19.1.al8.x86_64'
CC /www/server/panel/plugin/bt_hids/LKM/src/init.o
LD /www/server/panel/plugin/bt_hids/LKM/hids_driver.o
MODPOST /www/server/panel/plugin/bt_hids/LKM/Module.symvers
CC /www/server/panel/plugin/bt_hids/LKM/hids_driver.mod.o
LD /www/server/panel/plugin/bt_hids/LKM/hids_driver.ko
make: Leaving directory '/usr/src/kernels/5.10.134-19.1.al8.x86_64'
make -C test
make: Entering directory '/www/server/panel/plugin/bt_hids/LKM/test'
|---------------------------------|
| building HIDS pipe reader |
|---------------------------------|
CC main.ou
building test programs
CC rst
make: Leaving directory '/www/server/panel/plugin/bt_hids/LKM/test'
Alibaba Cloud 3 (OpenAnolis Edition)不支持,
系统信息如下:
# cat /etc/os-release
NAME="Alibaba Cloud Linux"
VERSION="3 (OpenAnolis Edition)"
ID="alinux"
ID_LIKE="rhel fedora centos anolis"
VERSION_ID="3"
VARIANT="OpenAnolis Edition"
VARIANT_ID="openanolis"
ALINUX_MINOR_ID="2104"
ALINUX_UPDATE_ID="12.1"
PLATFORM_ID="platform:al8"
PRETTY_NAME="Alibaba Cloud Linux 3.2104 U12.1 (OpenAnolis Edition)"
ANSI_COLOR="0;31"
HOME_URL="https://www.aliyun.com/"
运行文档指令结果如下
]# cd /www/server/panel/plugin/bt_hids/LKM/ && make
|-----------------------------------|
| building HIDS kernel module |
|-----------------------------------|
make -C /lib/modules/5.10.134-19.1.al8.x86_64/build M=/www/server/panel/plugin/bt_hids/LKM modules
make: Entering directory '/usr/src/kernels/5.10.134-19.1.al8.x86_64'
CC /www/server/panel/plugin/bt_hids/LKM/src/init.o
LD /www/server/panel/plugin/bt_hids/LKM/hids_driver.o
MODPOST /www/server/panel/plugin/bt_hids/LKM/Module.symvers
CC /www/server/panel/plugin/bt_hids/LKM/hids_driver.mod.o
LD /www/server/panel/plugin/bt_hids/LKM/hids_driver.ko
make: Leaving directory '/usr/src/kernels/5.10.134-19.1.al8.x86_64'
make -C test
make: Entering directory '/www/server/panel/plugin/bt_hids/LKM/test'
|---------------------------------|
| building HIDS pipe reader |
|---------------------------------|
CC main.ou
building test programs
CC rst
make: Leaving directory '/www/server/panel/plugin/bt_hids/LKM/test'
系统:Ubuntu 22.04.5 LTS (Jammy Jellyfish) x86_64(Py3.7.8)
当前内核版本(5.15.0-163-generic)不支持使用堡塔入侵检测,更换内核版本参考:
https://www.bt.cn/bbs/thread-113964-1-1.html
Last login: Thu Dec 11 09:12:50 2025 from 127.0.0.1
root@ser292211515307:~# cd /www/server/panel/plugin/bt_hids/LKM/ && make
|-----------------------------------|
| building HIDS kernel module |
|-----------------------------------|
make -C /lib/modules/5.15.0-163-generic/build M=/www/server/panel/plugin/bt_hids/LKM modules
make: Entering directory '/usr/src/linux-headers-5.15.0-163-generic'
CC /www/server/panel/plugin/bt_hids/LKM/src/init.o
CC /www/server/panel/plugin/bt_hids/LKM/src/trace.o
CC /www/server/panel/plugin/bt_hids/LKM/src/trace_buffer.o
CC /www/server/panel/plugin/bt_hids/LKM/src/smith_hook.o
CC /www/server/panel/plugin/bt_hids/LKM/src/anti_rootkit.o
CC /www/server/panel/plugin/bt_hids/LKM/src/filter.o
CC /www/server/panel/plugin/bt_hids/LKM/src/util.o
CC /www/server/panel/plugin/bt_hids/LKM/src/memcache.o
LD /www/server/panel/plugin/bt_hids/LKM/hids_driver.o
MODPOST /www/server/panel/plugin/bt_hids/LKM/Module.symvers
CC /www/server/panel/plugin/bt_hids/LKM/hids_driver.mod.o
LD /www/server/panel/plugin/bt_hids/LKM/hids_driver.ko
BTF /www/server/panel/plugin/bt_hids/LKM/hids_driver.ko
Skipping BTF generation for /www/server/panel/plugin/bt_hids/LKM/hids_driver.ko due to unavailability of vmlinux
make: Leaving directory '/usr/src/linux-headers-5.15.0-163-generic'
make -C test
make: Entering directory '/www/server/panel/plugin/bt_hids/LKM/test'
|---------------------------------|
| building HIDS pipe reader |
|---------------------------------|
CC main.ou
building test programs
CC rst
make: Leaving directory '/www/server/panel/plugin/bt_hids/LKM/test'
root@ser292211515307:/www/server/panel/plugin/bt_hids/LKM#
当前内核版本(6.12.38+deb13-amd64)不支持使用堡塔入侵检测
服务器是Alibaba Cloud 3(5.10 内核),“堡塔入侵检测”开始是正常可以开启的,在执行下述系统更新后,“堡塔入侵检测”提示:“当前内核版本(5.10.134-19.2.al8.x86_64)不支持使用堡塔入侵检测,更换内核版本参考:https://www.bt.cn/bbs/thread-113964-1-1.html”,无法开启“堡塔入侵检测”,如何解决
yum check-update
alinux3-os 112 kB/s | 3.8 kB 00:00
alinux3-updates 195 kB/s | 4.1 kB 00:00
alinux3-updates 79 MB/s |35 MB 00:00
alinux3-module 139 kB/s | 4.2 kB 00:00
alinux3-plus 315 kB/s | 3.1 kB 00:00
alinux3-plus 73 MB/s |33 MB 00:00
alinux3-powertools 277 kB/s | 3.0 kB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 492 kB/s | 4.0 kB 00:00
Extra Packages for Enterprise Linux 8 - x86_64 50 MB/s |14 MB 00:00
Extra Packages for Enterprise Linux Modular 8 - x86_64 364 kB/s | 3.0 kB 00:00
aliyun-cli.x86_64 3.2.0-1.al8 alinux3-plus
bpftool.x86_64 5.10.134-19.2.al8 alinux3-plus
kernel.x86_64 5.10.134-19.2.al8 alinux3-plus
kernel-core.x86_64 5.10.134-19.2.al8 alinux3-plus
kernel-devel.x86_64 5.10.134-19.2.al8 alinux3-plus
kernel-headers.x86_64 5.10.134-19.2.al8 alinux3-plus
kernel-modules.x86_64 5.10.134-19.2.al8 alinux3-plus
kernel-modules-extra.x86_64 5.10.134-19.2.al8 alinux3-plus
kernel-modules-internal.x86_64 5.10.134-19.2.al8 alinux3-plus
kernel-tools.x86_64 5.10.134-19.2.al8 alinux3-plus
kernel-tools-libs.x86_64 5.10.134-19.2.al8 alinux3-plus
perf.x86_64 5.10.134-19.2.al8 alinux3-plus
python3-perf.x86_64 5.10.134-19.2.al8 alinux3-plus
quota.x86_64 1:4.09-4.0.1.al8 alinux3-updates
quota-nls.noarch 1:4.09-4.0.1.al8 alinux3-updates
Obsoleting Packages
kernel-headers.x86_64 5.10.134-19.2.al8 alinux3-plus
kernel-headers.x86_64 5.10.134-19.1.al8 @System
# yum upgrade
当前内核版本(6.6.117-45.oc9.x86_64)不支持使用堡塔入侵检测,更换内核版本参考:
https://www.bt.cn/bbs/thread-113964-1-1.html
腾讯云,OpenCloudOS 9.4 x86_64(Py3.7.16)内核不支持吗?请问一下怎么升级内核
当前内核版本(6.6.117-45.1.oc9.x86_64)不支持使用堡塔入侵检测,更换内核版本参考:
https://www.bt.cn/bbs/thread-113964-1-1.html
Alibaba 3
当前内核版本(5.10.134-19.2.al8.x86_64)不支持使用堡塔入侵检测,,已经尝试过上面的办法,还是依旧不支持
宝塔用户_uqjtxz 发表于 2025-12-13 23:35
服务器是Alibaba Cloud 3(5.10 内核),“堡塔入侵检测”开始是正常可以开启的,在执行下述系统更新后,“ ...
同样情况,而且宝塔防火墙现在不能开,开的话CPU占用超过60%,时间长点服务器就卡死了
KKal 发表于 2026-1-2 16:58
同样情况,而且宝塔防火墙现在不能开,开的话CPU占用超过60%,时间长点服务器就卡死了 ...
更新到最新版就正常了
入侵检测2.8 更新
1.【修复】首次安装启动失败问题
2.【优化】过滤掉一些常见的无用的进程信息
3.【新增】告警内容一键处理按钮
4.【兼容】OpenCloudOS 9系统