A test server in the office opened the Tomcat Administration page with external access enabled, and a weak password was set. These 3 factors at the same time set up, not a few days by uninvited guests put a Trojan horse. The aftermath was not seriously affected, but it also gave me a wake-up call. So the following small security measures.
1 , close users that are not available
Execute directly at the command line:
# cp/etc/passwd/etc/passwd-$ (date +%f). bak
# for I in XFS news nscd Dbus VCSA games Nobody Avahi haldaemon gopher ftp mailnull pcap mail shutdown halt UUCP operator Sync ADM LP;
Do
Sed-i "s/^${i}/#${i}/"/ETC/PASSWD;
Done
2. This is a small script that I write myself to detect whether the md5sum value of an important directory has changed
Step1, first on the confirmation of the problem on the computer to execute the following several commands, the md5sum saved, as the original template:
#!/bin/bash
# Record the original execution file's md5sum
if [[!-d/var/md5sum/]];then
Mkdir/var/md5sum-p
Fi
For I In/bin/sbin/usr/local/bin/usr/local/sbin/usr/bin;do
Find $i-maxdepth 1-type F | Xargs-n1 md5sum >>/var/md5sum/md5sum.log.ori
Done
Step2, below is my/home/scripts/chkmd5sum.sh script, which checks to see if the md5sum of the relevant directory has changed.
#!/bin/bash
# You need to configure the scheduled task to execute this script periodically, and change the md5sum to automatically alarm.
if [[!-d/var/md5sum/]];then
Mkdir/var/md5sum-p
Fi
Rm-f/tmp/md5sum*
For I In/bin/sbin/usr/local/bin/usr/local/sbin/usr/bin;do
Find $i-maxdepth 1-type F | Xargs-n1 md5sum >>/tmp/md5sum.log_ ' Date +%f '
Done
if! Diff/tmp/md5sum.log_ ' Date +%f '/var/md5sum/md5sum.log.ori >/tmp/md5sum_status; then
Cat/tmp/md5sum_status |mail-s "Warning,md5sum has changed." [Email protected]
Fi
Rm-f/tmp/md5sum_status
Step3, add timed tasks, check once a day, and send email alerts with changes
Echo ' 7 * * */bin/bash/home/scripts/chkmd5sum.sh >/dev/null 2>&1 ' >>/var/spool/cron/root
We can also add other documents needing attention to the above-mentioned for loop, monitor the change of its md5sum, and report abnormal and timely alarm.
Of course, we also need to configure/etc/mail.rc this file, otherwise it is unable to send out the mail. This step is not the focus of this article, it is omitted.
Script for abnormal automatic alarm of MD5 value of detection program under Linux
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
