linux intrusion
- 高洛峰Original
- 2016-12-01 13:40:251270browse
1. Copy the /etc/skel directory to /home/tuser1. It is required that the group and other users of /home/tuser1 and its internal files do not have any access rights.
[root@www /]# cp -r /etc/skel /home/tuser1 && chmod 700 -R /home/tuser1 [root@www /]# echo $? 0 [root@www home]# ll -al /home/tuser1/ 总用量 12 drwx------. 3 root root 74 11月 30 13:14 . drwxr-xr-x. 4 root root 30 11月 30 13:14 .. -rwx------. 1 root root 18 11月 30 13:14 .bash_logout -rwx------. 1 root root 193 11月 30 13:14 .bash_profile -rwx------. 1 root root 231 11月 30 13:14 .bashrc drwx------. 4 root root 37 11月 30 13:14 .mozilla
2. Edit the /etc/group file and add the group hadoop.
[root@www /]#echo "hadoop:x:1001" >>/etc/group
[root@www /]# cat /etc/group |grep hadoop
hadoop:x:1001
[root@www /]#3. Manually edit the /etc/passwd file and add a new line to add user hadoop. Its basic group ID is the ID number of the hadoop group; its home directory is /home/hadoop.
[root@www home]# echo "hadoop:x:1001:1001:hadoop:/home/hadoop:/bin/bash" >> /etc/passwd && tail -n 2 /etc/passwd
user:x:1000:1000:user:/home/user:/bin/bash
hadoop:x:1001:1001:hadoop:/home/hadoop:/bin/bash4. Copy the /etc/skel directory to /home/hadoop. It is required to modify the group belonging to the hadoop directory and other users do not have any access rights.
[root@www /]# cp -r /etc/skel /home/hadoop && chmod 700 -R /home/hadoop && ll -al /home/hadoop/
总用量 12
drwx------. 3 root root 74 11月 30 13:54 .
drwxr-xr-x. 5 root root 43 11月 30 13:54 ..
-rwx------. 1 root root 18 11月 30 13:54 .bash_logout
-rwx------. 1 root root 193 11月 30 13:54 .bash_profile
-rwx------. 1 root root 231 11月 30 13:54 .bashrc
drwx------. 4 root root 37 11月 30 13:54 .mozilla
[root@www /]#5. Modify the owner of the /home/hadoop directory and all the files inside it to hadoop, and the group to be hadoop.
[root@www /]# chown -R hadoop:hadoop /home/hadoop/ && ll -al /home/hadoop/
总用量 12
drwx------. 3 hadoop hadoop 74 11月 30 13:54 .
drwxr-xr-x. 5 root root 43 11月 30 13:54 ..
-rwx------. 1 hadoop hadoop 18 11月 30 13:54 .bash_logout
-rwx------. 1 hadoop hadoop 193 11月 30 13:54 .bash_profile
-rwx------. 1 hadoop hadoop 231 11月 30 13:54 .bashrc
drwx------. 4 hadoop hadoop 37 11月 30 13:54 .mozilla
[root@www /]#6. Display the lines starting with uppercase or lowercase S in the /proc/meminfo file; use two methods;
[root@www /]# grep -i "^s" /proc/meminfo
SwapCached: 0 kB
SwapTotal: 1023996 kB
SwapFree: 1023996 kB
Shmem: 9636 kB
Slab: 171236 kB
SReclaimable: 99660 kB
SUnreclaim: 71576 kB
[root@www /]# grep -i "^[sS]" /proc/meminfo
SwapCached: 0 kB
SwapTotal: 1023996 kB
SwapFree: 1023996 kB
Shmem: 9636 kB
Slab: 171236 kB
SReclaimable: 99660 kB
SUnreclaim: 71576 kB
[root@www /]#7. Display the users whose default shell is not /sbin/nologin in the /etc/passwd file;
[root@www /]# grep -v "/sbin/nologin" /etc/passwd
root:x:0:0:root:/root:/bin/bash
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
amandabackup:x:33:6:Amanda user:/var/lib/amanda:/bin/bash
user:x:1000:1000:user:/home/user:/bin/bash
hadoop:x:1001:1001:hadoop:/home/hadoop:/bin/bash
[root@www /]#
cut一下,美观
[root@www /]# grep -v "/sbin/nologin" /etc/passwd | cut -d":" -f1
root
sync
shutdown
halt
amandabackup
user
hadoop
[root@www /]#8. Display the users whose default shell is /bin/bash in the /etc/passwd file;
[root@www /]# grep "/bin/bash" /etc/passwd
root:x:0:0:root:/root:/bin/bash
amandabackup:x:33:6:Amanda user:/var/lib/amanda:/bin/bash
user:x:1000:1000:user:/home/user:/bin/bash
hadoop:x:1001:1001:hadoop:/home/hadoop:/bin/bash
cut一下,美观
[root@www /]# grep "/bin/bash" /etc/passwd |cut -d":" -f1
root
amandabackup
user
hadoop
[root@www /]#9. Find the one or two digits in the /etc/passwd file;
grep "\<[0-9]\{1,2\}\>" /etc/passwd10. Display lines starting with at least one blank character in /boot/grub/grub.conf;
[root@centos6 ~]# grep "^[[:space:]]\+" /boot/grub/grub.conf
root (hd0,0)
kernel /vmlinuz-2.6.32-642.3.1.el6.x86_64 ro root=/dev/mapper/vg_centos-lv_root rd_NO_LUKS rd_LVM_LV=vg_centos/lv_swap rd_NO_MD.UTF-8 rd_LVM_LV=vg_centos/lv_root KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet crashkernel=auto
initrd /initramfs-2.6.32-642.3.1.el6.x86_64.img
root (hd0,0)
kernel /vmlinuz-2.6.32-642.el6.x86_64 ro root=/dev/mapper/vg_centos-lv_root rd_NO_LUKS rd_LVM_LV=vg_centos/lv_swap rd_NO_MD.UTF-8 rd_LVM_LV=vg_centos/lv_root KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
initrd /initramfs-2.6.32-642.el6.x86_64.img11. Display lines starting with # in the /etc/rc.d/rc.sysinit file, followed by at least one blank character, and then Lines with at least one non-whitespace character;
grep "^#[[:space:]]\+[^[:space:]]\+" /etc/rc.d/rc.sysinit
12. Find lines ending with 'LISTEN' followed by 0, 1 or more whitespace characters in the results of the "netstat -tan" command;
[root@www /]# netstat -tan | grep "LISTEN[[:space:]]*$"
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 ::1:6010 :::* LISTEN
[root@www /]#13. Add user bash , testbash, basher, nologin (the shell of this user is /sbin/nologin), and then find out the information of the user whose user name is the same as the default shell on the current system;
useradd -d /home/bash -s /bin/bash -m bash
useradd -d /home/testbash -s /bin/bash -m testbash
useradd -d /home/basher -s /bin/bash -m basher
useradd -d /home/nologin -s /sbin/nologin -m nologin
[root@www /]# cat /etc/passwd | grep "^\<bash\>"
bash:x:1002:1002::/home/bash:/bin/bash
[root@www /]#