监测黑客入侵服务器的事件----【堡塔入侵检测】

宝塔用户_hiluzt 发表于 2025-11-5 09:16
TencentOS 12.3.1.4-2

腾讯云的最新内核版本暂时不支持，这一块内核版本是和官方Linux部分内容是调整过的，后续会支持

系统：Debian GNU/Linux 12 (bookworm) x86_64(Py3.7.16)
当前内核版本(6.1.0-22-amd64)不支持使用堡塔入侵检测

堡塔安全Bacon 发表于 2025-11-6 09:32
腾讯云的最新内核版本暂时不支持，这一块内核版本是和官方Linux部分内容是调整过的，后续会支持 ...

辛苦了，用 宝塔升级的  防火墙把外网 ip   限制了。。好多了

系统：OpenCloudOS 9.4 x86_64(Py3.7.16）

错误：

内核版本(6.8.0-78-generic)不支持使用：
# cd /www/server/panel/plugin/bt_hids/LKM/ && make
|-----------------------------------|
| building HIDS kernel module       |
|-----------------------------------|
make -C /lib/modules/6.8.0-78-generic/build M=/www/server/panel/plugin/bt_hids/LKM modules
make[1]: Entering directory '/usr/src/linux-headers-6.8.0-78-generic'
warning: the compiler differs from the one used to build the kernel
  The kernel was built by: x86_64-linux-gnu-gcc-13 (Ubuntu 13.3.0-6ubuntu2~24.04) 13.3.0
  You are using:           gcc-13 (Ubuntu 13.3.0-6ubuntu2~24.04) 13.3.0
  CC [M]  /www/server/panel/plugin/bt_hids/LKM/src/init.o
  CC [M]  /www/server/panel/plugin/bt_hids/LKM/src/trace.o
  CC [M]  /www/server/panel/plugin/bt_hids/LKM/src/trace_buffer.o
  CC [M]  /www/server/panel/plugin/bt_hids/LKM/src/smith_hook.o
  CC [M]  /www/server/panel/plugin/bt_hids/LKM/src/anti_rootkit.o
  CC [M]  /www/server/panel/plugin/bt_hids/LKM/src/filter.o
  CC [M]  /www/server/panel/plugin/bt_hids/LKM/src/util.o
  CC [M]  /www/server/panel/plugin/bt_hids/LKM/src/memcache.o
  LD [M]  /www/server/panel/plugin/bt_hids/LKM/hids_driver.o
  MODPOST /www/server/panel/plugin/bt_hids/LKM/Module.symvers
  CC [M]  /www/server/panel/plugin/bt_hids/LKM/hids_driver.mod.o
  LD [M]  /www/server/panel/plugin/bt_hids/LKM/hids_driver.ko
  BTF [M] /www/server/panel/plugin/bt_hids/LKM/hids_driver.ko
Skipping BTF generation for /www/server/panel/plugin/bt_hids/LKM/hids_driver.ko due to unavailability of vmlinux
make[1]: Leaving directory '/usr/src/linux-headers-6.8.0-78-generic'
make -C test
make[1]: Entering directory '/www/server/panel/plugin/bt_hids/LKM/test'
|---------------------------------|
| building HIDS pipe reader       |
|---------------------------------|
     CC main.ou
building test programs
     CC rst
make[1]: Leaving directory '/www/server/panel/plugin/bt_hids/LKM/test'
root@iZn5img5yqb8ajZ:/www/server/panel/plugin/bt_hids/LKM#

宝塔用户_nyidjw 发表于 2025-11-8 08:11
内核版本(6.8.0-78-generic)不支持使用：
# cd /www/server/panel/plugin/bt_hids/LKM/ && make
|--------- ...

这个已经编译成功了。能正常运行了，重新打开插件或者修复一下，就能使用了

root@iZgq1np1s7vda0Z:~# cd /www/server/panel/plugin/bt_hids/LKM/ && make
Makefile:154: *** Kernel header files related to 6.1.0-31-amd64 not found.  Stop.


Debian 12/当前内核版本(6.1.0-31-amd64)不支持使用堡塔入侵检测，更换内核版本


请问可以支持这个版本吗

当前内核版本(6.1.0-40-amd64)不支持使用堡塔入侵检测，更换内核版本参考：
https://www.bt.cn/bbs/thread-113964-1-1.html

|-----------------------------------|
| building HIDS kernel module       |
|-----------------------------------|
make -C /lib/modules/6.1.0-40-amd64/build M=/www/server/panel/plugin/bt_hids/LKM modules
make[1]: Entering directory '/usr/src/linux-headers-6.1.0-40-amd64'
make[1]: Leaving directory '/usr/src/linux-headers-6.1.0-40-amd64'
make -C test
make[1]: Entering directory '/www/server/panel/plugin/bt_hids/LKM/test'
|---------------------------------|
| building HIDS pipe reader       |
|---------------------------------|
     CC main.ou
building test programs
     CC rst

当前内核版本(6.1.0-40-amd64)不支持使用堡塔入侵检测，更换内核版本参考：
https://www.bt.cn/bbs/thread-113964-1-1.html

|-----------------------------------|
| building HIDS kernel module       |
|-----------------------------------|
make -C /lib/modules/6.1.0-40-amd64/build M=/www/server/panel/plugin/bt_hids/LKM modules
make[1]: Entering directory '/usr/src/linux-headers-6.1.0-40-amd64'
make[1]: Leaving directory '/usr/src/linux-headers-6.1.0-40-amd64'
make -C test
make[1]: Entering directory '/www/server/panel/plugin/bt_hids/LKM/test'
|---------------------------------|
| building HIDS pipe reader       |
|---------------------------------|
     CC main.ou
building test programs
     CC rst

cd /www/server/panel/plugin/bt_hids/LKM/ && make
|-----------------------------------|
| building HIDS kernel module       |
|-----------------------------------|
make -C /lib/modules/6.8.0-88-generic/build M=/www/server/panel/plugin/bt_hids/LKM modules
make[1]: Entering directory '/usr/src/linux-headers-6.8.0-88-generic'
warning: the compiler differs from the one used to build the kernel
  The kernel was built by: x86_64-linux-gnu-gcc-13 (Ubuntu 13.3.0-6ubuntu2~24.04) 13.3.0
  You are using:           gcc-13 (Ubuntu 13.3.0-6ubuntu2~24.04) 13.3.0
make[1]: Leaving directory '/usr/src/linux-headers-6.8.0-88-generic'
make -C test
make[1]: Entering directory '/www/server/panel/plugin/bt_hids/LKM/test'
|---------------------------------|
| building HIDS pipe reader       |
|---------------------------------|
     CC main.ou
building test programs
     CC rst
make[1]: Leaving directory '/www/server/panel/plugin/bt_hids/LKM/test'

root@TranBon-BT10:/www/server/panel/plugin/bt_hids/LKM# uname -a
Linux TranBon-BT10 5.10.0-34-amd64 #1 SMP Debian 5.10.234-1 (2025-02-24) x86_64 GNU/Linux

宝塔用户_pdxzje 发表于 2025-12-4 00:09
root@TranBon-BT10:/www/server/panel/plugin/bt_hids/LKM# uname -a
Linux TranBon-BT10 5.10.0-34-amd64  ...

已编译成功，修复一下插件就可以正常使用了

jacky1983 发表于 2025-11-21 10:58
cd /www/server/panel/plugin/bt_hids/LKM/ && make
|-----------------------------------|
| building HI ...

已编译成功，修复一下插件就可以正常使用了

xiyuvi23 发表于 2025-11-11 15:16
root@iZgq1np1s7vda0Z:~# cd /www/server/panel/plugin/bt_hids/LKM/ && make
Makefile:154: *** Kernel he ...

支持这个版本，这个是缺少 6.1.0-31-amd64-header的内核头文件，需要下载一个

堡塔安全Bacon 发表于 2025-12-4 09:18
已编译成功，修复一下插件就可以正常使用了

修复插件后还是不行

1. root@TranBon-BT10:~# uname -a
   
2. Linux TranBon-BT10 5.10.0-34-amd64 #1 SMP Debian 5.10.234-1 (2025-02-24) x86_64 GNU/Linux
   
3. root@TranBon-BT10:~#
   
4. root@TranBon-BT10:~# cd /www/server/panel/plugin/bt_hids/LKM/ && make
   
5. |-----------------------------------|
   
6. | building HIDS kernel module       |
   
7. |-----------------------------------|
   
8. make -C /lib/modules/5.10.0-34-amd64/build M=/www/server/panel/plugin/bt_hids/LKM modules
   
9. make[1]: Entering directory '/usr/src/linux-headers-5.10.0-34-amd64'
   
10.   CC [M]  /www/server/panel/plugin/bt_hids/LKM/src/init.o
    
11.   CC [M]  /www/server/panel/plugin/bt_hids/LKM/src/trace.o
    
12.   CC [M]  /www/server/panel/plugin/bt_hids/LKM/src/trace_buffer.o
    
13.   CC [M]  /www/server/panel/plugin/bt_hids/LKM/src/smith_hook.o
    
14.   CC [M]  /www/server/panel/plugin/bt_hids/LKM/src/anti_rootkit.o
    
15.   CC [M]  /www/server/panel/plugin/bt_hids/LKM/src/filter.o
    
16.   CC [M]  /www/server/panel/plugin/bt_hids/LKM/src/util.o
    
17.   CC [M]  /www/server/panel/plugin/bt_hids/LKM/src/memcache.o
    
18.   LD [M]  /www/server/panel/plugin/bt_hids/LKM/hids_driver.o
    
19.   MODPOST /www/server/panel/plugin/bt_hids/LKM/Module.symvers
    
20.   LD [M]  /www/server/panel/plugin/bt_hids/LKM/hids_driver.ko
    
21. make[1]: Leaving directory '/usr/src/linux-headers-5.10.0-34-amd64'
    
22. make -C test
    
23. make[1]: Entering directory '/www/server/panel/plugin/bt_hids/LKM/test'
    
24. |---------------------------------|
    
25. | building HIDS pipe reader       |
    
26. |---------------------------------|
    
27.      CC main.ou
    
28. building test programs
    
29.      CC rst
    
30. make[1]: Leaving directory '/www/server/panel/plugin/bt_hids/LKM/test'
    
31. root@TranBon-BT10:/www/server/panel/plugin/bt_hids/LKM#

复制代码