JavaScript must be enabled in order for you to see "WP Copy Data Protect" effect. However, it seems JavaScript is either disabled or not supported by your browser. To see full result of "WP Copy Data Protector", enable JavaScript by changing your browser options, then try again.

用Pkill揮刀殺掉指定用戶或指定TTY並搭配Tcp_Wrappers


最近被人家踢下線的感覺不是很好,這時突然從腦袋閃過一個大刀指令,那就是Pkill,可以透過它針對某用戶TTY來送出SIGTERM,把所屬的Processes清得一乾二淨的,若再搭配Tcp_Wrapper來做使用服務上的控管(也可以透過Xinetd做限制,但在此暫不作介紹),更是不錯的搭配,所以廢話不多說,趕緊來嘗嘗踢人的滋味吧!如下所示:

1) 透過W來檢視當前線上的使用者(可透過清除/var/run/utmp來躲避W或Who的調用)
#w
22:32:12 up 6:50, 2 users, load average: 0.09, 0.08, 0.01
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/1 1.111.11.11 22:23 0.00s 0.08s 0.01s sshd: root [priv]
root pts/2 1.111.11.11 22:28 3:49 0.04s 0.02s sshd: root [priv]

2) 透過Pkill將Pts/2的TTY所屬Process刪除(若是指定user01用戶則為#pkill -kill -u user01)
#pkill -kill -t pts/2

3) 透過W來驗證Pts/2的TTY已被剔除
#w
22:33:26 up 6:52, 1 user, load average: 0.08, 0.08, 0.01
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/1 1.111.11.11 22:23 0.00s 0.08s 0.01s sshd: root [priv]

4) 透過Ldd找尋sshd是否支援Tcp_Wrappers(找呼叫的函式庫中是否含有libwrap.so.0)
#ldd `which sshd`
linux-vdso.so.1 => (0x00007fff2a7a6000)
libwrap.so.0 => /lib64/libwrap.so.0 (0x00002ab8b77d1000)
libpam.so.0 => /lib64/libpam.so.0 (0x00002ab8b79da000)
libdl.so.2 => /lib64/libdl.so.2 (0x00002ab8b7be5000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00002ab8b7dea000)
libaudit.so.0 => /lib64/libaudit.so.0 (0x00002ab8b8002000)
libfipscheck.so.1 => /usr/lib64/libfipscheck.so.1 (0x00002ab8b821a000)
libcrypto.so.6 => /lib64/libcrypto.so.6 (0x00002ab8b841d000)
libutil.so.1 => /lib64/libutil.so.1 (0x00002ab8b876e000)
libz.so.1 => /usr/lib64/libz.so.1 (0x00002ab8b8971000)
libnsl.so.1 => /lib64/libnsl.so.1 (0x00002ab8b8b86000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00002ab8b8d9e000)
libresolv.so.2 => /lib64/libresolv.so.2 (0x00002ab8b8fd6000)
libgssapi_krb5.so.2 => /usr/lib64/libgssapi_krb5.so.2 (0x00002ab8b91ec000)
libkrb5.so.3 => /usr/lib64/libkrb5.so.3 (0x00002ab8b941a000)
libk5crypto.so.3 => /usr/lib64/libk5crypto.so.3 (0x00002ab8b96af000)
libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00002ab8b98d5000)
libnss3.so => /usr/lib64/libnss3.so (0x00002ab8b9ad7000)
libc.so.6 => /lib64/libc.so.6 (0x00002ab8b9e04000)
/lib64/ld-linux-x86-64.so.2 (0x00002ab8b75b3000)
libsepol.so.1 => /lib64/libsepol.so.1 (0x00002ab8ba15d000)
libkrb5support.so.0 => /usr/lib64/libkrb5support.so.0 (0x00002ab8ba3a3000)
libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00002ab8ba5ac000)
libnssutil3.so => /usr/lib64/libnssutil3.so (0x00002ab8ba7ae000)
libplc4.so => /usr/lib64/libplc4.so (0x00002ab8ba9cc000)
libplds4.so => /usr/lib64/libplds4.so (0x00002ab8babd1000)
libnspr4.so => /usr/lib64/libnspr4.so (0x00002ab8badd4000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00002ab8bb00f000)

5) Hosts.{Allow,Deny}的運作方式如下
/etc/hosts.allow 有找到,就不查/etc/hosts.deny ->放行
/etc/hosts.allow 沒找到,再去查/etc/hosts.deny ->有找到拒絕
/etc/hosts.allow 沒找到,再去查/etc/hosts.deny ->也沒找到放行

6) 設定Hosts.Deny將1.1.1.1使用sshd時做阻擋
#vi /etc/hosts.deny
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
sshd: 140.135.100.10

7) 透過1.1.1.1來做驗證(假設上述設定是在2.2.2.2上實作)
#ssh 1.1.1.1
#ssh 2.2.2.2
ssh_exchange_identification: Connection closed by remote host

◎以上就是關於用Pkill並搭配Tcp_Wrappers的簡易實作,若想要檢視詳細的使用請#man pkill,或是透過Xinetd來幫忙,至於其他像PAM、SELinux或Iptables等就等到有機會在為各位做介紹吧!累了,收工!

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 
This site is protected by WP-CopyRightPro