............(省略若干行)
sh-3.1# cp ssh_config sshd_config /etc/ssh/
sh-3.1# /etc/rc.d/init.d/sshd restart
鍋滄 sshd锛 [纭畾]
鍚姩 sshd锛 [纭畾]
ok了, 用我们的sshdoor登录。
[root@localhost ~]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=system_u:system_r:unconfined_t:SystemLow-SystemHigh
[root@localhost ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 2298/hpiod
tcp 0 0 0.0.0.0:1000 0.0.0.0:* LISTEN 2090/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2056/portmap
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2883/vsftpd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2315/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2361/sendmail: acce
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 2303/python
总感觉这系统怪怪的, 连22端口都看不到, 应该替换了netstat了, 先看看有没有其他被替换掉的系统文件吧。
[root@localhost ~]# rpm -qaV
S.5..UG. /bin/netstat
S.5..UG. /sbin/ifconfig
S.5....T /usr/bin/ssh-keygen
S.5....T c /etc/sysconfig/system-config-securitylevel
S.5..UG. /usr/sbin/lsof
.M...... /var/tux
S.5....T c /etc/inittab
S.5....T /usr/share/texmf-var/fonts/map/dvipdfm/updmap/dvipdfm_dl14.map
S.5....T /usr/share/texmf-var/fonts/map/dvipdfm/updmap/dvipdfm_ndl14.map
S.5....T /usr/share/texmf-var/fonts/map/pdftex/updmap/pdftex_dl14.map
S.5....T /usr/share/texmf-var/fonts/map/pdftex/updmap/pdftex_ndl14.map
S.5....T /usr/share/texmf-var/web2c/aleph.fmt
S.5....T /usr/share/texmf-var/web2c/amstex.fmt
S.5....T /usr/share/texmf-var/web2c/bamstex.fmt
S.5....T /usr/share/texmf-var/web2c/bplain.fmt
S.5....T /usr/share/texmf-var/web2c/cont-en.fmt
S.5....T /usr/share/texmf-var/web2c/etex.fmt
..5....T /usr/share/texmf-var/web2c/metafun.mem
S.5....T /usr/share/texmf-var/web2c/mf.base
..5....T /usr/share/texmf-var/web2c/mpost.mem
S.5....T /usr/share/texmf-var/web2c/mptopdf.fmt
S.5....T /usr/share/texmf-var/web2c/omega.fmt
S.5....T /usr/share/texmf-var/web2c/pdfetex.fmt
S.5....T /usr/share/texmf-var/web2c/pdftex.fmt
S.5....T /usr/share/texmf-var/web2c/tex.fmt
.......T c /etc/kdump.conf
S.5....T c /etc/printcap
..5....T c /etc/pki/nssdb/secmod.db
....L... c /etc/pam.d/system-auth
.M...... c /etc/cups/classes.conf
.......T c /etc/audit/auditd.conf
missing /usr/sbin/nscd
S.5....T c /etc/sysconfig/named
.M...... /var/named
SM5..UG. /bin/ps
SM5..UG. /usr/bin/top
SM5....T c /etc/sysconfig/iptables-config
S.5..UG. /usr/bin/find
prelink: /usr/lib/libGL.so.1.2.#prelink#.crFdQJ Could not trace symbol resolving
S.?..... /usr/lib/libGL.so.1.2
S.5....T c /etc/ppp/chap-secrets
S.5....T c /etc/ppp/pap-secrets
S.5....T c /etc/xml/catalog
S.5....T c /usr/share/sgml/docbook/xmlcatalog
S.5....T c /etc/ssh/ssh_config
S.5....T /usr/bin/scp
S.5....T /usr/bin/sftp
S.5....T /usr/bin/ssh
S.5....T /usr/bin/ssh-add
SM5...GT /usr/bin/ssh-agent
S.5....T /usr/bin/ssh-keyscan
S.5....T /usr/share/texmf-var/fonts/map/dvips/updmap/builtin35.map
S.5....T /usr/share/texmf-var/fonts/map/dvips/updmap/download35.map
S.5....T /usr/share/texmf-var/fonts/map/dvips/updmap/ps2pk.map
S.5....T /usr/share/texmf-var/fonts/map/dvips/updmap/psfonts_pk.map
S.5....T /usr/share/texmf-var/fonts/map/dvips/updmap/psfonts_t1.map
S.5....T /etc/sgml/docbook-slides.cat
S.5....T /usr/share/icons/hicolor/icon-theme.cache
S.5..UG. /bin/ls
S.5..UG. /usr/bin/dir
S.5..UG. /usr/bin/md5sum
S.5..UG. /usr/bin/pstree
S.5....T c /etc/syslog.conf
S.5....T c /etc/ssh/sshd_config
S.5....T /usr/sbin/sshd
missing /var/lib/texmf/ls-R
S.5....T /etc/sgml/docbook-simple.cat
S.5....T c /etc/vsftpd/vsftpd.conf
.M...... /var/ftp/pub
S.5....T c /etc/mailcap
......G. /var/cache/samba/winbindd_privileged
.......T c /etc/mail/sendmail.cf
SM5....T c /etc/mail/submit.cf
S.5....T c /var/log/mail/statistics
..5....T c /usr/lib/security/classpath.security
S.5....T c /etc/sane.d/dll.conf
还好rpm没替换, 看来系统的好些命令被替换了, 嘿嘿, 有同行在啊。
不好意思, 那我就要T你下去了。 下面先检查一下, 当然这个系统不可靠了, 我们先替换回可靠的命令:
[root@localhost bin]# cp -f /home/ldc/.v/dir /usr/bin/dir
cp: cannot remove `/usr/bin/dir': Operation not permitted
chattr加了iau了。
[root@localhost bin]# chattr -iau /usr/bin/dir
[root@localhost bin]# cp -f /home/ldc/.v/dir /usr/bin/dir
ok了。 看看还有什么吧:
[root@localhost chkrootkit-0.48]# lsattr /bin /sbin /usr/bin /usr/sbin /etc(北联网教程,专业提供视频软件下载)
……