Number 23rd received a customer call, the Linux server can not log on, because the server is placed in China Unicom's hosting room, so can not be processed to the scene. After the network detection, the server could not ping, the server network segment gateway can ping. Beginning to think that the server managed room network problems, causing the server can not access, and later use scanning tool to discover that the server IP location Port 21,389,1002 and 1702 have a response, so that the network is not a problem, the server is also running. After understanding, the installation of simple too simple digital password customers do not make changes (this is really not the idea), the server has been estimated to have been visited by bad people. Through negotiation, the client takes the server back to its own company and waits for us to recover the password.
After arriving at the customer in the morning of Saturday, the password recovery work begins:
1, on the server boot run to the Grub screen is, press e key to enter the landing options, which have three,
Root (hd0,0)
Kernel/boot/vmlinuz-2.4.21-15 EL ro root=label=/
Initrd/initrd-2.4.21-15 el.img
Move the cursor to the second item, and then press E again, and the bottom line in the interface that appears is:
Grub Edit > Kernel/boot/vmlinuz-2.4.21-15.el ro root=label=/
Add a single before Ro and press ENTER to return to the Grub login selection interface and press the B key on the second item.
You can go directly to the Linux command line and then type passwd root to modify the root password.
After checking to find that the SSHD service on the server is running normally, and also did not find that run 21 port has open, scan to the 389,1002 and 1702 are not open, depressed, because I to Linux level is poor, so not like Windows platform, Checking the status of the Linux service running like a registry or running service seems to be catching up. The server also opened a few commonly used ports, 22, 3306 and other service ports. Firewall settings are also allowed through SSH, is really depressing why 22 and 3306 ports are not detected on the open state? System that only two accounts, one is the test account, at that time is not set up their own installation has been forgotten, the other is a MySQL account, with the account can not be completed landing, the user password has also been modified. No matter how much, first behead the test account. Check the log is found February 22 before the logs are all gone, that is, the bad guys have to empty the front of the log, you can not track what action has been done. (You will focus on the way the log is saved, transfer the logs to another server, or mail, and so on.) )
2, reinstall and IP-related packages, IPtables, IPSec, Iproute, Initscripts, Iputils. After reinstalling the associated package, the root user is set to a strong enough password, as is the MySQL account. And will connect the public network Eth0 network card in the firewall settings inside configured to not trust the network card, filter out no rules allow the package. After testing ssh can be normal through the connection, but MySQL could not find the local settings, allowing the firewall to release 3306-Port packets. (Too much food)
Forgetting to update OpenSSH related packages at the same time in the on-site process (it's amazing) because you'll need SSH to provide a remote connection service later, if you do something inside the SSH setup it's a big back door, and MySQL doesn't reinstall. Later, these two problems have to wait for customers to connect the server to the network, the OpenSSH in the Redhat version of the release package of the OpenSSH and Telnet-related packets first to the server, and then install the Telnet-server server, Remove OpenSSH Reinstall the new OpenSSH via Telnet connection. (in order to set up Telnet and update openssh for n hours of study and research) then add the corresponding rules to the iptable to allow 3306 packets to pass.
Note: In order to solve this problem, many of my friends in Zhuhai, Liang Baoyu and colleagues of the company, expressed their gratitude. Through this practice and a few working days of hard work, the use of Linux systems and settings also improved and rapid growth.