Linux之不同运维人员共用root账户权限审计

建站服务器

[root@open1~]#wgethttp://ftp.gnu.org/gnu/bash/bash-4.1.tar.gz[root@open1~]#tarxvfbash-4.1.tar.gz
[root@open1~]#cdbash-4.1

[root@open1bash-4.1]#vimconfig-top.c#defineSSH_SOURCE_BASHRC#defineSYSLOG_HISTORY

[root@open1bash-4.1]#vimbashhist.c
#...省略部分段落
void
bash_syslog_history(line)
constchar*line;
{chartrunc[SYSLOG_MAXLEN];
constchar*p;
p=getenv(NAME_OF_KEY);if(strlen(line)

[root@open1bash-4.1]#./configure--prefix=/usr/local/bash_new
[root@open1bash-4.1]#make&&makeinstall...iftestbash=gettext-tools;then\\
/bin/sh/root/bash-4.1/./support/mkinstalldirs/usr/local/bash_new/share/gettext/po;\\forfileinMakefile.in.inremove-potcdate.sinquot.sedboldquot.seden@quot.headeren@boldquot.headerinsert-header.sinRules-quotMakevars.template;do\\
/usr/bin/install-c-m644./$file\\
/usr/local/bash_new/share/gettext/po/$file;\\done;\\forfileinMakevars;do\\rm-f/usr/local/bash_new/share/gettext/po/$file;\\done;\\else\\
:;\\fimake[1]:Leavingdirectory`/root/bash-4.1/po\'

[root@open1bash-4.1]#echo/usr/local/bash_new/bin/bash>>/etc/shells
[root@open1bash-4.1]#cat/etc/shells
/bin/sh/bin/bash
/sbin/nologin
/bin/dash
/usr/local/bash_new/bin/bash

创新互联长期为上千多家客户提供的网站建设服务,团队从业经验10年,关注不同地域、不同群体,并针对不同对象提供差异化的产品和服务;打造开放共赢平台,与合作伙伴共同营造健康的互联网生态环境。为相山企业提供专业的网站建设、成都网站建设相山网站改版等技术服务。拥有十多年丰富建站经验和众多成功案例,为您定制开发。
[root@open1bash-4.1]#vim/etc/passwdroot:x:0:0:root:/root:/usr/local/bash_new/bin/bash

View Code

-C 注释 (加上这个也是为了最后进行对服务器访问人员进行辨别的一个关键点)

[root@rsyslog~]#ssh-copy-id-i/root/.ssh/id_rsa.pubroot@192.168.30.72root@192.168.30.72\'spassword:Nowtryloggingintothemachine,withssh\'root@192.168.30.72\',andcheckin:

.ssh/authorized_keys

tomakesurewehaven\'taddedextrakeysthatyouweren\'texpecting.

View Code

[root@swift3~]#ssh-copy-id-i/root/.ssh/id_rsa.pubroot@192.168.30.72Theauthenticityofhost\'192.168.30.72(192.168.30.72)\'can\'tbeestablished.RSAkeyfingerprintis8f:a7:1b:8d:e4:92:ad:ae:ea:1b:fb:67:0b:0b:7c:ac.
Areyousureyouwanttocontinueconnecting(yes/no)?yes
Warning:Permanentlyadded\'192.168.30.72\'(RSA)tothelistofknownhosts.
root@192.168.30.72\'spassword:Nowtryloggingintothemachine,withssh\'root@192.168.30.72\',andcheckin:

.ssh/authorized_keys

tomakesurewehaven\'taddedextrakeysthatyouweren\'texpecting.

View Code

[root@open1~]#touch/var/log/keys

View Code

[root@open1~]#echotest-f/etc/CheckUser.sh&&./etc/CheckUser.sh>>/etc/profile

[root@open1~]#tail-1f/etc/bashrc
test-z$BASH_EXECUTION_STRING||{test-f/etc/CheckUser.sh&&./etc/CheckUser.sh;logger-t-bash-sHISTORY$SSH_CLIENTUSER=$NAME_OF_KEYCMD=$BASH_EXECUTION_STRING>/dev/null2>&1;}

[root@open1~]#sed-i\'s/#LogLevelINFO/LogLevelDEBUG/g\'/etc/ssh/sshd_config
[root@open1~]#servicesshdrestart
Stoppingsshd:[OK]
Startingsshd:[OK]


文章题目:Linux之不同运维人员共用root账户权限审计
转载来源:http://azwzsj.com/article/cjodeh.html