- 论坛徽章:
- 0
|
/etc/pam.d- #%PAM-1.0
- auth sufficient pam_rootok.so
- # Uncomment the following line to implicitly trust users in the "wheel" group.
- #auth sufficient pam_wheel.so trust use_uid
- # Uncomment the following line to require a user to be in the "wheel" group.
- auth required pam_wheel.so use_uid
- auth include system-auth
- account sufficient pam_succeed_if.so uid = 0 use_uid quiet
- account include system-auth
- password include system-auth
- session include system-auth
- session optional pam_xauth.so
- auth sufficient pam_rootok.so debug
- auth required pam_wheel.so group=wheel
复制代码 /etc/pam.d- #%PAM-1.0
- auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
- auth include system-auth
- account required pam_nologin.so
- account include system-auth
- password include system-auth
- # pam_selinux.so close should be the first session rule
- session required pam_selinux.so close
- session include system-auth
- session required pam_loginuid.so
- session optional pam_console.so
- # pam_selinux.so open should only be followed by sessions to be executed in the user context
- session required pam_selinux.so open
- session optional pam_keyinit.so force revoke
- session required /lib/security/pam_limits.so
复制代码 /etc/passwd- root:x:0:0:root:/root:/bin/bash
- bin:x:1:1:bin:/bin:/sbin/nologin
- daemon:x:2:2:daemon:/sbin:/sbin/nologin
- #adm:x:3:4:adm:/var/adm:/sbin/nologin
- #lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
- #sync:x:5:0:sync:/sbin:/bin/sync
- #shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
- #halt:x:7:0:halt:/sbin:/sbin/halt
- #mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
- #news:x:9:13:news:/etc/news:
- #uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
- #operator:x:11:0:operator:/root:/sbin/nologin
- #games:x:12:100:games:/usr/games:/sbin/nologin
- #gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
- ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
- nobody:x:99:99:Nobody:/:/sbin/nologin
- vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
- sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
- dbus:x:81:81:System message bus:/:/sbin/nologin
- haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
- Fing:x:500:500::/home/Fing:/bin/bash
- apache:x:48:48:Apache:/var/www:/sbin/nologin
- mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
- webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
复制代码 /etc/ssh/sshd_config- # $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
- # This is the sshd server system-wide configuration file. See
- # sshd_config(5) for more information.
- # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
- # The strategy used for options in the default sshd_config shipped with
- # OpenSSH is to specify options with their default value where
- # possible, but leave them commented. Uncommented options change a
- # default value.
- Port 19266
- #Protocol 2,1
- Protocol 2
- #AddressFamily any
- ListenAddress 192.168.1.2
- #ListenAddress ::
- # HostKey for protocol version 1
- #HostKey /etc/ssh/ssh_host_key
- # HostKeys for protocol version 2
- #HostKey /etc/ssh/ssh_host_rsa_key
- #HostKey /etc/ssh/ssh_host_dsa_key
- # Lifetime and size of ephemeral version 1 server key
- #KeyRegenerationInterval 1h
- ServerKeyBits 1024
- # Logging
- # obsoletes QuietMode and FascistLogging
- #SyslogFacility AUTH
- SyslogFacility AUTHPRIV
- #LogLevel INFO
- # Authentication:
- #LoginGraceTime 2m
- PermitRootLogin no
- #StrictModes yes
- #MaxAuthTries 6
- #RSAAuthentication yes
- #PubkeyAuthentication yes
- #AuthorizedKeysFile .ssh/authorized_keys
- # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
- #RhostsRSAAuthentication no
- # similar for protocol version 2
- #HostbasedAuthentication no
- # Change to yes if you don't trust ~/.ssh/known_hosts for
- # RhostsRSAAuthentication and HostbasedAuthentication
- #IgnoreUserKnownHosts no
- # Don't read the user's ~/.rhosts and ~/.shosts files
- #IgnoreRhosts yes
- # To disable tunneled clear text passwords, change to no here!
- #PasswordAuthentication yes
- #PermitEmptyPasswords no
- PasswordAuthentication yes
- # Change to no to disable s/key passwords
- #ChallengeResponseAuthentication yes
- ChallengeResponseAuthentication no
- # Kerberos options
- #KerberosAuthentication no
- #KerberosOrLocalPasswd yes
- #KerberosTicketCleanup yes
- #KerberosGetAFSToken no
- # GSSAPI options
- #GSSAPIAuthentication no
- GSSAPIAuthentication yes
- #GSSAPICleanupCredentials yes
- GSSAPICleanupCredentials yes
- # Set this to 'yes' to enable PAM authentication, account processing,
- # and session processing. If this is enabled, PAM authentication will
- # be allowed through the ChallengeResponseAuthentication mechanism.
- # Depending on your PAM configuration, this may bypass the setting of
- # PasswordAuthentication, PermitEmptyPasswords, and
- # "PermitRootLogin without-password". If you just want the PAM account and
- # session checks to run without PAM authentication, then enable this but set
- # ChallengeResponseAuthentication=no
- #UsePAM no
- UsePAM no
- # Accept locale-related environment variables
- AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
- AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
- AcceptEnv LC_IDENTIFICATION LC_ALL
- #AllowTcpForwarding yes
- #GatewayPorts no
- #X11Forwarding no
- X11Forwarding yes
- #X11DisplayOffset 10
- #X11UseLocalhost yes
- #PrintMotd yes
- #PrintLastLog yes
- #TCPKeepAlive yes
- #UseLogin no
- #UsePrivilegeSeparation yes
- #PermitUserEnvironment no
- #Compression delayed
- #ClientAliveInterval 0
- #ClientAliveCountMax 3
- #ShowPatchLevel no
- #UseDNS yes
- #PidFile /var/run/sshd.pid
- #MaxStartups 10
- #PermitTunnel no
- # no default banner path
- #Banner /some/path
- # override default of no subsystems
- Subsystem sftp /usr/libexec/openssh/sftp-server
复制代码 /etc/securetty- console
- vc/1
- vc/2
- vc/3
- vc/4
- vc/5
- vc/6
- vc/7
- vc/8
- vc/9
- vc/10
- vc/11
- tty1
- #tty2
- #tty3
- #tty4
- #tty5
- #tty6
- #tty7
- #tty8
- #tty9
- #tty10
- #tty11
复制代码 曾执行了- # chattr +i /etc/passwd
- # chattr +i /etc/shadow
- # chattr +i /etc/group
- # chattr +i /etc/gshadow
复制代码- # rm -f /etc/issue
- # rm -f /etc/issue.net
- # touch /etc/issue
- # touch /etc/issue.net
复制代码- # chmod -R 700 /etc/rc.d/init.d/*
复制代码
红色是我修改过的,但是我恢复了还是不行的。
命令也是恢复过的,这种情况我之前也出现过,但是我重安装了系统,我还是照样设置,但是也是出现,问题现在是,我根本不知道产生这结果是那一步产生的,麻烦了。。。
[ 本帖最后由 very263 于 2009-5-14 14:00 编辑 ] |
|