检测
git clone https://github.com/mempodippy/detect_preload.git && cd detect_preload && gcc detect_preload.c -ldl -o detect_preload && ./detect_preload
执行以上小程序查看输出
[+] finished basic checks
0x7f0144ca2000 /lib64/libdl.so.2
0x7f014490a000 /lib64/libc.so.6
0x7f01446ca000 /lib64/libcrypt.so.1
(nil) /lib64/ld-linux-x86-64.so.2
0x7f01444c2000 /lib64/libfreebl3.so
此程序获取动态连接库信息,ld-linux-x86-64.so.2 无法获取,存在后门。此rookit清理只能替换被修改的恶意动态链接库