Linux之不同运维人员共用root账户权限审计
建站服务器
[root@open1~]#wgethttp://ftp.gnu.org/gnu/bash/bash-4.1.tar.gz[root@open1~]#tarxvfbash-4.1.tar.gz [root@open1~]#cdbash-4.1
[root@open1bash-4.1]#vimconfig-top.c#defineSSH_SOURCE_BASHRC#defineSYSLOG_HISTORY
[root@open1bash-4.1]#vimbashhist.c #...省略部分段落 void bash_syslog_history(line) constchar*line; {chartrunc[SYSLOG_MAXLEN]; constchar*p; p=getenv(NAME_OF_KEY);if(strlen(line) [root@open1bash-4.1]#./configure--prefix=/usr/local/bash_new [root@open1bash-4.1]#make&&makeinstall...iftestbash=gettext-tools;then\\ /bin/sh/root/bash-4.1/./support/mkinstalldirs/usr/local/bash_new/share/gettext/po;\\forfileinMakefile.in.inremove-potcdate.sinquot.sedboldquot.seden@quot.headeren@boldquot.headerinsert-header.sinRules-quotMakevars.template;do\\ /usr/bin/install-c-m644./$file\\ /usr/local/bash_new/share/gettext/po/$file;\\done;\\forfileinMakevars;do\\rm-f/usr/local/bash_new/share/gettext/po/$file;\\done;\\else\\ :;\\fimake[1]:Leavingdirectory`/root/bash-4.1/po\'[root@open1bash-4.1]#echo/usr/local/bash_new/bin/bash>>/etc/shells [root@open1bash-4.1]#cat/etc/shells /bin/sh/bin/bash /sbin/nologin /bin/dash /usr/local/bash_new/bin/bash创新互联长期为上千多家客户提供的网站建设服务,团队从业经验10年,关注不同地域、不同群体,并针对不同对象提供差异化的产品和服务;打造开放共赢平台,与合作伙伴共同营造健康的互联网生态环境。为相山企业提供专业的网站建设、成都网站建设,相山网站改版等技术服务。拥有十多年丰富建站经验和众多成功案例,为您定制开发。[root@open1bash-4.1]#vim/etc/passwdroot:x:0:0:root:/root:/usr/local/bash_new/bin/bashView Code
-C 注释 (加上这个也是为了最后进行对服务器访问人员进行辨别的一个关键点)
[root@rsyslog~]#ssh-copy-id-i/root/.ssh/id_rsa.pubroot@192.168.30.72root@192.168.30.72\'spassword:Nowtryloggingintothemachine,withssh\'root@192.168.30.72\',andcheckin: .ssh/authorized_keys tomakesurewehaven\'taddedextrakeysthatyouweren\'texpecting.View Code
[root@swift3~]#ssh-copy-id-i/root/.ssh/id_rsa.pubroot@192.168.30.72Theauthenticityofhost\'192.168.30.72(192.168.30.72)\'can\'tbeestablished.RSAkeyfingerprintis8f:a7:1b:8d:e4:92:ad:ae:ea:1b:fb:67:0b:0b:7c:ac. Areyousureyouwanttocontinueconnecting(yes/no)?yes Warning:Permanentlyadded\'192.168.30.72\'(RSA)tothelistofknownhosts. root@192.168.30.72\'spassword:Nowtryloggingintothemachine,withssh\'root@192.168.30.72\',andcheckin: .ssh/authorized_keys tomakesurewehaven\'taddedextrakeysthatyouweren\'texpecting.View Code
[root@open1~]#touch/var/log/keysView Code
[root@open1~]#echotest-f/etc/CheckUser.sh&&./etc/CheckUser.sh>>/etc/profile[root@open1~]#tail-1f/etc/bashrc test-z$BASH_EXECUTION_STRING||{test-f/etc/CheckUser.sh&&./etc/CheckUser.sh;logger-t-bash-sHISTORY$SSH_CLIENTUSER=$NAME_OF_KEYCMD=$BASH_EXECUTION_STRING>/dev/null2>&1;}[root@open1~]#sed-i\'s/#LogLevelINFO/LogLevelDEBUG/g\'/etc/ssh/sshd_config [root@open1~]#servicesshdrestart Stoppingsshd:[OK] Startingsshd:[OK]
文章题目:Linux之不同运维人员共用root账户权限审计
分享链接:http://lswzjz.com/article/cjodeh.html