linux intrusion-PHP开发-php.cn

Home

php教程

PHP开发

linux intrusion

高洛峰

Dec 01, 2016 pm 01:40 PM

linux

1. Copy the /etc/skel directory to /home/tuser1. It is required that the group and other users of /home/tuser1 and its internal files do not have any access rights.

[root@www /]# cp -r /etc/skel /home/tuser1 && chmod 700 -R /home/tuser1  
[root@www /]# echo $?
0
[root@www home]# ll -al /home/tuser1/
总用量 12
drwx------. 3 root root  74 11月 30 13:14 .
drwxr-xr-x. 4 root root  30 11月 30 13:14 ..
-rwx------. 1 root root  18 11月 30 13:14 .bash_logout
-rwx------. 1 root root 193 11月 30 13:14 .bash_profile
-rwx------. 1 root root 231 11月 30 13:14 .bashrc
drwx------. 4 root root  37 11月 30 13:14 .mozilla

2. Edit the /etc/group file and add the group hadoop.

    [root@www /]#echo "hadoop:x:1001" >>/etc/group
    [root@www /]# cat /etc/group |grep hadoop
    hadoop:x:1001
    [root@www /]#

3. Manually edit the /etc/passwd file and add a new line to add user hadoop. Its basic group ID is the ID number of the hadoop group; its home directory is /home/hadoop.

    [root@www home]# echo "hadoop:x:1001:1001:hadoop:/home/hadoop:/bin/bash" >> /etc/passwd && tail -n 2 /etc/passwd
    user:x:1000:1000:user:/home/user:/bin/bash
    hadoop:x:1001:1001:hadoop:/home/hadoop:/bin/bash

4. Copy the /etc/skel directory to /home/hadoop. It is required to modify the group belonging to the hadoop directory and other users do not have any access rights.

    [root@www /]# cp -r /etc/skel /home/hadoop && chmod 700 -R /home/hadoop && ll -al /home/hadoop/
    总用量 12
    drwx------. 3 root root  74 11月 30 13:54 .
    drwxr-xr-x. 5 root root  43 11月 30 13:54 ..
    -rwx------. 1 root root  18 11月 30 13:54 .bash_logout
    -rwx------. 1 root root 193 11月 30 13:54 .bash_profile
    -rwx------. 1 root root 231 11月 30 13:54 .bashrc
    drwx------. 4 root root  37 11月 30 13:54 .mozilla
    [root@www /]#

5. Modify the owner of the /home/hadoop directory and all the files inside it to hadoop, and the group to be hadoop.

    [root@www /]# chown -R hadoop:hadoop /home/hadoop/ && ll -al /home/hadoop/
    总用量 12
    drwx------. 3 hadoop hadoop  74 11月 30 13:54 .
    drwxr-xr-x. 5 root   root    43 11月 30 13:54 ..
    -rwx------. 1 hadoop hadoop  18 11月 30 13:54 .bash_logout
    -rwx------. 1 hadoop hadoop 193 11月 30 13:54 .bash_profile
    -rwx------. 1 hadoop hadoop 231 11月 30 13:54 .bashrc
    drwx------. 4 hadoop hadoop  37 11月 30 13:54 .mozilla
    [root@www /]#

6. Display the lines starting with uppercase or lowercase S in the /proc/meminfo file; use two methods;

    [root@www /]# grep -i "^s" /proc/meminfo
    SwapCached:            0 kB
    SwapTotal:       1023996 kB
    SwapFree:        1023996 kB
    Shmem:              9636 kB
    Slab:             171236 kB
    SReclaimable:      99660 kB
    SUnreclaim:        71576 kB
    [root@www /]# grep -i "^[sS]" /proc/meminfo
    SwapCached:            0 kB
    SwapTotal:       1023996 kB
    SwapFree:        1023996 kB
    Shmem:              9636 kB
    Slab:             171236 kB
    SReclaimable:      99660 kB
    SUnreclaim:        71576 kB
    [root@www /]#

7. Display the users whose default shell is not /sbin/nologin in the /etc/passwd file;

    [root@www /]# grep -v "/sbin/nologin" /etc/passwd
    root:x:0:0:root:/root:/bin/bash
    sync:x:5:0:sync:/sbin:/bin/sync
    shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
    halt:x:7:0:halt:/sbin:/sbin/halt
    amandabackup:x:33:6:Amanda user:/var/lib/amanda:/bin/bash
    user:x:1000:1000:user:/home/user:/bin/bash
    hadoop:x:1001:1001:hadoop:/home/hadoop:/bin/bash
    [root@www /]# 

    cut一下，美观
    [root@www /]# grep -v "/sbin/nologin" /etc/passwd | cut -d":" -f1
    root
    sync
    shutdown
    halt
    amandabackup
    user
    hadoop
    [root@www /]#

8. Display the users whose default shell is /bin/bash in the /etc/passwd file;

    [root@www /]# grep  "/bin/bash" /etc/passwd
    root:x:0:0:root:/root:/bin/bash
    amandabackup:x:33:6:Amanda user:/var/lib/amanda:/bin/bash
    user:x:1000:1000:user:/home/user:/bin/bash
    hadoop:x:1001:1001:hadoop:/home/hadoop:/bin/bash

    cut一下，美观
    [root@www /]# grep  "/bin/bash" /etc/passwd |cut -d":" -f1
    root
    amandabackup
    user
    hadoop
    [root@www /]#

9. Find the one or two digits in the /etc/passwd file;

grep "\<[0-9]\{1,2\}\>" /etc/passwd

10. Display lines starting with at least one blank character in /boot/grub/grub.conf;

    [root@centos6 ~]# grep "^[[:space:]]\+" /boot/grub/grub.conf
        root (hd0,0)
        kernel /vmlinuz-2.6.32-642.3.1.el6.x86_64 ro root=/dev/mapper/vg_centos-lv_root rd_NO_LUKS rd_LVM_LV=vg_centos/lv_swap rd_NO_MD.UTF-8 rd_LVM_LV=vg_centos/lv_root  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet crashkernel=auto
        initrd /initramfs-2.6.32-642.3.1.el6.x86_64.img
        root (hd0,0)
        kernel /vmlinuz-2.6.32-642.el6.x86_64 ro root=/dev/mapper/vg_centos-lv_root rd_NO_LUKS rd_LVM_LV=vg_centos/lv_swap rd_NO_MD.UTF-8 rd_LVM_LV=vg_centos/lv_root  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
        initrd /initramfs-2.6.32-642.el6.x86_64.img

11. Display lines starting with # in the /etc/rc.d/rc.sysinit file, followed by at least one blank character, and then Lines with at least one non-whitespace character;

    grep "^#[[:space:]]\+[^[:space:]]\+" /etc/rc.d/rc.sysinit

12. Find lines ending with 'LISTEN' followed by 0, 1 or more whitespace characters in the results of the "netstat -tan" command;

    [root@www /]# netstat -tan | grep  "LISTEN[[:space:]]*$"
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
    tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN     
    tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN     
    tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN     
    tcp6       0      0 :::22                   :::*                    LISTEN     
    tcp6       0      0 ::1:631                 :::*                    LISTEN     
    tcp6       0      0 ::1:25                  :::*                    LISTEN     
    tcp6       0      0 ::1:6010                :::*                    LISTEN     
    [root@www /]#

13. Add user bash , testbash, basher, nologin (the shell of this user is /sbin/nologin), and then find out the information of the user whose user name is the same as the default shell on the current system;

    useradd -d /home/bash -s /bin/bash -m bash
    useradd -d /home/testbash -s /bin/bash -m testbash
    useradd -d /home/basher -s /bin/bash -m basher
    useradd -d /home/nologin -s /sbin/nologin -m nologin


    [root@www /]# cat  /etc/passwd | grep "^\<bash\>"
    bash:x:1002:1002::/home/bash:/bin/bash
    [root@www /]#

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055523 fails to install in Windows 11?

3 weeks agoByDDD

How to fix KB5055518 fails to install in Windows 10?

3 weeks agoByDDD

Roblox: Dead Rails - How To Tame Wolves

4 weeks agoByDDD

Strength Levels for Every Enemy & Monster in R.E.P.O.

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Roblox: Grow A Garden - Complete Mutation Guide

2 weeks agoByDDD

Hot Tools

WebStorm Mac version

Useful JavaScript development tools

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.