Experience in troubleshooting the linux server in yangfangdian

Experience in maintenance of linux Server faults in yangfangdian-Linux Enterprise Application-Linux server application information. For details, refer to the following section. Author: coolerfeng

I received a call from Qiu Xiang today, asking me to go to the data center of yangfang to handle a linux server fault with him after work. According to the company's developers. Remote Login is not possible, and it may be hacked.

I arrived 7 o'clock after work, but I don't know where the UNICOM data center is. I just switched around for a long time, but I still couldn't find it. In the meantime, I kept the phone number N times and still had no results. (I am the kind of person who has no sense of direction in a day.

It is 8 o'clock in the IDC room. You have to go through the procedures for entering the IDC, but the personnel on duty at the unicom idc must provide us with documents. I can only wait with another person because I only have documents with Qiu Xiang. Around 10 o'clock. I didn't wait for a question, So Brother Qiu Xiang began to "ask" the accompanying developer.

The fault identification process is difficult due to the lack of colors on the display of the UNICOM data center. (In linux, colors are displayed by default, and the directories and file names cannot be displayed due to lack of colors. The last time I suspected that the hard disk was faulty, I also found that the display was unavailable ).

The alias for the ls command in linux can be seen through alias.

Alias ls = 'ls -- color = tty'

Therefore, if ls is input to display the directory in color, what should we do under such a junk monitor? One solution is to change the display, and the other solution is to change to a monochrome display.

Unalias ls

If you also need a monochrome echo "syntax off">; ~ in vim ;~ /. Vimrc

Or enter syntax off at the colon prompt.

Try to log on in the console: after entering the password, the system automatically jumps back to the logon page. I had to restart to enter the single-user mode, modify the user password, and then restart, or cannot I enter? Strange things

The/etc/passwd cannot be viewed as an exception in single-user mode.

Root: x: 0: 0: root:/bin/bash

If it is not/bin/bash but/bin/false/bin/nologin, it should be changed back.

And search, there are no other 0: 0 users (0: 0 represents the root permission)

Check the/etc/security directory. Check the/var/log/secure and/var/log/message files. No suspicious information.

There is a deadlock here, and it seems that there are no signs of intrusion, and the intruders will not be stupid enough to make themselves unable to log on, right. So why? A common user is created under a single user, and then the user is changed to the root user.

Cooler: x: 506: 506:/home/cooler:/bin/bash

Replace 506: 506 with 0: 0

Cooler: x: 0: 0:/home/cooler:/bin/bash

At this time, cooler becomes the root user.

Connect your laptop to an ssh client. Then check/etc/passwd, and finally find the problem. It turns out that each line in the file has a special character ^ M.

Solution: Delete the ^ M character dos2unix/etc/passwd

Then let's take a look at cat-n/etc/passwd. There is no ^ M. Log out and log on again. This time OK. The password of the original root user has not been modified.

After analysis, confirm that the facts are basically as follows (there may be slight discrepancies, but it is almost certain ). The developer needs to modify the ftp user password. (Ftp adopts the system user authentication method ). Remotely download the/etc/passwd file from a linux machine to a local windows machine. After the backup, open it in the windows Editor. After the modification, upload it to linux to overwrite the original file. Then, the remote ssh connection will no longer be available after exiting.

For fault analysis, the line feed characters of files in windows are inconsistent with those in linux. After the file is edited in windows, ^ M is added, which makes the system cannot correctly identify/etc/passwd in linux.

After the solution was completed, it was 10 o'clock. After a rush to eat something, I went home. This damn windows operation is "bad.