The redhat series linux users must have used yum to upgrade the system kernel and install software. It is impossible for each system administrator to manually install each package and handle complicated package dependencies, therefore, once a backdoor is installed using yum, it can be ensured that the backdoor will be started every time the Administrator runs yum, which is very cumbersome. However, yum is written based on python and supports the use of its plug-in mechanism. This is what we use as a backdoor. First, let's look at an official yum plugins example: from yum. plugins import PluginYumExit, TYPE_CORE, TYPE_INTERACTIVE requires_api_version = '2. 3 'inin_type = (TYPE_CORE, TYPE_INTERACTIVE) def init_hook (conducting it): conducting it.info (2, 'Hello World') def postreposetup_hook (conducting it): raise PluginYumExit ('Goodbye ') save the preceding code to a file, such as test. py and copy it to/usr/lib/yum-plugins/test. in php, at the same time in/etc/yum/pluginconf. d/to create a configuration file test. conf, the content is: [main] enabled = 1 yum will print Hello world at initialization and force exit print Goodbye. Yum plugins is based on the concept of slot and hook. two slots are briefly introduced as follows: init executes postreposetup during plug-in loading and stores the repository information in different slots, variables and methods of conducting it have different functions. Conduit is a class in yum/plugin. py. All conduit classes inherit from PluginConduit. You can create a linux backdoor by modifying InitPluginConduit or other methods in the conductive it class, so that the backdoor code runs every time you run yum. Well, I admit this article seems to be more about writing yum plugins, but it depends on how everyone uses it. For more information about yum plugins, see http://yum.baseurl.org/wiki/WritingYumPlugins