Home > php教程 > PHP开发 > linux intrusion

linux intrusion

高洛峰
Release: 2016-12-01 13:40:25
Original
1326 people have browsed it

1. Copy the /etc/skel directory to /home/tuser1. It is required that the group and other users of /home/tuser1 and its internal files do not have any access rights.

[root@www /]# cp -r /etc/skel /home/tuser1 && chmod 700 -R /home/tuser1  
[root@www /]# echo $?
0
[root@www home]# ll -al /home/tuser1/
总用量 12
drwx------. 3 root root  74 11月 30 13:14 .
drwxr-xr-x. 4 root root  30 11月 30 13:14 ..
-rwx------. 1 root root  18 11月 30 13:14 .bash_logout
-rwx------. 1 root root 193 11月 30 13:14 .bash_profile
-rwx------. 1 root root 231 11月 30 13:14 .bashrc
drwx------. 4 root root  37 11月 30 13:14 .mozilla
Copy after login

2. Edit the /etc/group file and add the group hadoop.

    [root@www /]#echo "hadoop:x:1001" >>/etc/group
    [root@www /]# cat /etc/group |grep hadoop
    hadoop:x:1001
    [root@www /]#
Copy after login

3. Manually edit the /etc/passwd file and add a new line to add user hadoop. Its basic group ID is the ID number of the hadoop group; its home directory is /home/hadoop.

    [root@www home]# echo "hadoop:x:1001:1001:hadoop:/home/hadoop:/bin/bash" >> /etc/passwd && tail -n 2 /etc/passwd
    user:x:1000:1000:user:/home/user:/bin/bash
    hadoop:x:1001:1001:hadoop:/home/hadoop:/bin/bash
Copy after login

4. Copy the /etc/skel directory to /home/hadoop. It is required to modify the group belonging to the hadoop directory and other users do not have any access rights.

    [root@www /]# cp -r /etc/skel /home/hadoop && chmod 700 -R /home/hadoop && ll -al /home/hadoop/
    总用量 12
    drwx------. 3 root root  74 11月 30 13:54 .
    drwxr-xr-x. 5 root root  43 11月 30 13:54 ..
    -rwx------. 1 root root  18 11月 30 13:54 .bash_logout
    -rwx------. 1 root root 193 11月 30 13:54 .bash_profile
    -rwx------. 1 root root 231 11月 30 13:54 .bashrc
    drwx------. 4 root root  37 11月 30 13:54 .mozilla
    [root@www /]#
Copy after login

5. Modify the owner of the /home/hadoop directory and all the files inside it to hadoop, and the group to be hadoop.

    [root@www /]# chown -R hadoop:hadoop /home/hadoop/ && ll -al /home/hadoop/
    总用量 12
    drwx------. 3 hadoop hadoop  74 11月 30 13:54 .
    drwxr-xr-x. 5 root   root    43 11月 30 13:54 ..
    -rwx------. 1 hadoop hadoop  18 11月 30 13:54 .bash_logout
    -rwx------. 1 hadoop hadoop 193 11月 30 13:54 .bash_profile
    -rwx------. 1 hadoop hadoop 231 11月 30 13:54 .bashrc
    drwx------. 4 hadoop hadoop  37 11月 30 13:54 .mozilla
    [root@www /]#
Copy after login

6. Display the lines starting with uppercase or lowercase S in the /proc/meminfo file; use two methods;

    [root@www /]# grep -i "^s" /proc/meminfo
    SwapCached:            0 kB
    SwapTotal:       1023996 kB
    SwapFree:        1023996 kB
    Shmem:              9636 kB
    Slab:             171236 kB
    SReclaimable:      99660 kB
    SUnreclaim:        71576 kB
    [root@www /]# grep -i "^[sS]" /proc/meminfo
    SwapCached:            0 kB
    SwapTotal:       1023996 kB
    SwapFree:        1023996 kB
    Shmem:              9636 kB
    Slab:             171236 kB
    SReclaimable:      99660 kB
    SUnreclaim:        71576 kB
    [root@www /]#
Copy after login

7. Display the users whose default shell is not /sbin/nologin in the /etc/passwd file;

    [root@www /]# grep -v "/sbin/nologin" /etc/passwd
    root:x:0:0:root:/root:/bin/bash
    sync:x:5:0:sync:/sbin:/bin/sync
    shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
    halt:x:7:0:halt:/sbin:/sbin/halt
    amandabackup:x:33:6:Amanda user:/var/lib/amanda:/bin/bash
    user:x:1000:1000:user:/home/user:/bin/bash
    hadoop:x:1001:1001:hadoop:/home/hadoop:/bin/bash
    [root@www /]# 

    cut一下,美观
    [root@www /]# grep -v "/sbin/nologin" /etc/passwd | cut -d":" -f1
    root
    sync
    shutdown
    halt
    amandabackup
    user
    hadoop
    [root@www /]#
Copy after login

8. Display the users whose default shell is /bin/bash in the /etc/passwd file;

    [root@www /]# grep  "/bin/bash" /etc/passwd
    root:x:0:0:root:/root:/bin/bash
    amandabackup:x:33:6:Amanda user:/var/lib/amanda:/bin/bash
    user:x:1000:1000:user:/home/user:/bin/bash
    hadoop:x:1001:1001:hadoop:/home/hadoop:/bin/bash

    cut一下,美观
    [root@www /]# grep  "/bin/bash" /etc/passwd |cut -d":" -f1
    root
    amandabackup
    user
    hadoop
    [root@www /]#
Copy after login

9. Find the one or two digits in the /etc/passwd file;

grep "\<[0-9]\{1,2\}\>" /etc/passwd
Copy after login

10. Display lines starting with at least one blank character in /boot/grub/grub.conf;

    [root@centos6 ~]# grep "^[[:space:]]\+" /boot/grub/grub.conf
        root (hd0,0)
        kernel /vmlinuz-2.6.32-642.3.1.el6.x86_64 ro root=/dev/mapper/vg_centos-lv_root rd_NO_LUKS rd_LVM_LV=vg_centos/lv_swap rd_NO_MD.UTF-8 rd_LVM_LV=vg_centos/lv_root  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet crashkernel=auto
        initrd /initramfs-2.6.32-642.3.1.el6.x86_64.img
        root (hd0,0)
        kernel /vmlinuz-2.6.32-642.el6.x86_64 ro root=/dev/mapper/vg_centos-lv_root rd_NO_LUKS rd_LVM_LV=vg_centos/lv_swap rd_NO_MD.UTF-8 rd_LVM_LV=vg_centos/lv_root  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
        initrd /initramfs-2.6.32-642.el6.x86_64.img
Copy after login

11. Display lines starting with # in the /etc/rc.d/rc.sysinit file, followed by at least one blank character, and then Lines with at least one non-whitespace character;

    grep "^#[[:space:]]\+[^[:space:]]\+" /etc/rc.d/rc.sysinit
Copy after login

12. Find lines ending with 'LISTEN' followed by 0, 1 or more whitespace characters in the results of the "netstat -tan" command;

    [root@www /]# netstat -tan | grep  "LISTEN[[:space:]]*$"
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
    tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
    tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN     
    tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN     
    tcp6       0      0 :::22                   :::*                    LISTEN     
    tcp6       0      0 ::1:631                 :::*                    LISTEN     
    tcp6       0      0 ::1:25                  :::*                    LISTEN     
    tcp6       0      0 ::1:6010                :::*                    LISTEN     
    [root@www /]#
Copy after login

13. Add user bash , testbash, basher, nologin (the shell of this user is /sbin/nologin), and then find out the information of the user whose user name is the same as the default shell on the current system;

    useradd -d /home/bash -s /bin/bash -m bash
    useradd -d /home/testbash -s /bin/bash -m testbash
    useradd -d /home/basher -s /bin/bash -m basher
    useradd -d /home/nologin -s /sbin/nologin -m nologin


    [root@www /]# cat  /etc/passwd | grep "^\<bash\>"
    bash:x:1002:1002::/home/bash:/bin/bash
    [root@www /]#
Copy after login


Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Recommendations
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template