Shadow文件丢失引发的学习过程
时间:2006-11-14 来源:适兕
<meta http-equiv="CONTENT-TYPE" content="text/html; charset=utf-8"><title></title><meta name="GENERATOR" content="OpenOffice.org 2.0 (Linux)"><meta name="CREATED" content="20061114;10102800"><meta name="CHANGED" content="20061114;11091300"> <style> </style>
今天早上一到公司,打开我的本本,走到login的时候,输入用户名和密码,系统竟然提示
login incorrect ......我晕了,莫名其妙,没有人改动我的密码吧?这是第一反应。仔细一想不可能,谁那么无聊改我的密码了,和同事们又不熟悉。。。肯定是系统有问题了,昨天运行rfuser的时候,报了两个函数错误,不会是系统的接近崩溃了吧?启动的时候并没有报错,只是不能登录,管不了那么多了。进单用户再说:
重启,进入grub,e,e,b ,此时又证明了我的一个致命弱点:“粗心”。在kernel /vmlinuz-2.6.9-11.19 ro root=LABEL=/ 后面添加了一项singel,结果是重复了开始的步骤,此时导致我的思路开始偏了,单用户模式也进入不了?(后来复查是我敲错了,正确的应该是single)那我还有什么?难道要我重装?不行,除非系统千疮百孔了,实在无法运行了,否则遇到问题,解决了再说。
于是我开是进入另外一个系统,将此所在的分区挂接上去。查看 /etc/passwd文件,文件内容没有问题,属性也没有问题。再看/etc/shadow文件。唉,奇怪,!怎么只剩三个数字了????此时我只能将/etc/passwd中的root:x:。。。。。。。。这行内容的x删除。进入系统一切都有办法。
删掉x的结果是login程序不调用验证程序,输入用户名,就有了shell。。。。。。
此时passwd程序是无效的,因为passwd文件在,shadow文件失效,那么只有根据passwd生成shadow文件了。尽管这样以前的设置都丢失了,但总比没有验证程序的好。
还好,有工具pwconv..
先来man 下:
PWCONV(8) PWCONV(8)
NAME
pwconv, pwunconv, grpconv, grpunconv - convert to and from shadow passwords and
groups.
SYNOPSIS
pwconv
pwunconv
grpconv
grpunconv
DESCRIPTION
These four programs all operate on the normal and shadow password and group
files: /etc/passwd, /etc/group, /etc/shadow, and /etc/gshadow.
pwconv creates shadow from passwd and an optionally existing shadow. pwunconv
creates passwd from passwd and shadow and then removes shadow. grpconv creates
gshadow from group and an optionally existing gshadow. grpunconv creates group
from group and gshadow and then removes gshadow.
Each program acquires the necessary locks before conversion.
pwconv and grpconv are similiar. First, entries in the shadowed file which
don<A1><AF>t exist in the main file are removed. Then, shadowed entries which d
on<A1><AF>t
have <A1><AE>x<A1><AF> as the password in the main file are updated. Any missin
g shadowed
on<A1><AF>t
have <A1><AE>x<A1><AF> as the password in the main file are updated. Any missin
g shadowed
entries are added. Finally, passwords in the main file are replaced with <A1>
<AE>x<A1><AF>.
These programs can be used for initial conversion as well to update the shadowed
file if the main file is edited by hand.
pwconv will use the values of PASS_MIN_DAYS, PASS_MAX_DAYS, and PASS_WARN_AGE
from /etc/login.defs when adding new entries to /etc/shadow.
Likewise, pwunconv and grpunconv are similiar. Passwords in the main file are
updated from the shadowed file. Entries which exist in the main file but not in
the shadowed file are left alone. Finally, the shadowed file is removed.
Some password aging information is lost by pwunconv. It will convert what it
can.
BUGS
Errors in the password or group files (such as invalid or duplicate entries) may
cause these programs to loop forever or fail in other strange ways. Please run
pwck and grpck to correct any such errors before converting to or from shadow
passwords or groups.
SEE ALSO
login.defs(5), grpck(8), pwck(8)
26 Sep 1997 PWCONV(8)
然后,此时再运行passwd程序,将密码修改过来。不过此时再用pwck程序(pwck verifies the integrity of the system authentication information. All entries in the /etc/passwd and /etc/shadow are checked to see that the entry has the proper format and valid data in each field. The user is prompted to delete entries that are improperly formatted or which have other incorrectable errors.),检查一下基本的漏洞,看看还有没有无需输入密码就可以登录系统的用户。。。危险!!!
还好,一切有惊无险,此时再分析一下自己的系统是最好不过的了,正好认识了一个新工具:
sysreport......全当是一次实验。
先介绍一下sysreport的来源、功能、及其方便之处。
Sysreport is released under the same GPL as all Software produced by Red Hat Inc and is freely distributable.
Sysreport is a utility used to collect data to help Technical Support and Developers in solving problems associated with Red Hat Linux. This tool gathers as much information as possible about your system; while trying to avoid
A: creating a large file
B: invading privacy and
C: Collecting information that could be detrimental to the integrity of your system.
The idea/design of this utility is to gather all the valuable information about your system and keeping that data in a small file (.tar.gz) in case the problem is network related; the output from this can be moved to a floppy and sent from a working machine.
本人认为好处之一,就是配置文件可以备份和保留,即使是重新安装系统了,重新配置一个系统也是几秒钟的时间。。。。
When sending this file created by Sysreport please be sure include the incident #/bug #, the name of the person who requested the file, as well as you name (Don't forget to attach the tar.gz also). The e-mail to send the output to it will tell you this during the process.
下面是我的机器的输出:明眼人知道我使用的什么系统,呵呵。。
This utility will go through and collect some detailed information
about the hardware and setup of your Asianux system.
This information will be used to diagnose problems with your system
and will be considered confidential information. Asianux will use
this information for diagnostic purposes ONLY.
Please wait while we collect information about your system.
This process may take a while to complete....
No changes will be made to your system during this process.
NOTE: You can safely ignore a failed message. This only means a file
we were checking for did not exist.
If your system hangs while gathering rpm information, please abort
the script with CTRL-C and run it again after adding -norpm (注意这个选项,rpm -qai的信息并不能完全收集)to the sysreport command line
程序运行完会在/tmp下生成一个让我们用户来命名的+随机数+tar.bz2的文件。解压后有如下文件:
[root@lee lee.25477]# ls -R
.:
boot etc hostname ls-boot lspci proc root uname vgdisplay
date fdisk-l ifconfig lsmod ls-samba ps route uptime
df free lib lsof mount pstree sestatus var
./boot:
grub
./boot/grub:
device.map grub.conf
./etc:
aliases cron.weekly ld.so.conf redflag-release
asianux-release fstab lftp.conf redhat-release
cron.d ftpusers mail resolv.conf
cron.daily haansoft-release miraclelinux-release sysconfig
cron.deny host.conf named.conf sysctl.conf
cron.hourly hosts pam.d X11
cron.monthly hosts.allow proftpd.conf xinetd.conf
crontab hosts.deny proftpd.conf.rpmsave xinetd.d
./etc/cron.d:
evlogmgr.cron mailman sysstat
./etc/cron.daily:
00-logwatch certwatch logrotate slocate.cron tripwire-check
00-makewhatis.cron checksel prelink tetex.cron
0anacron cyrus-imapd rpm tmpwatch
./etc/cron.hourly:
./etc/cron.monthly:
0anacron
./etc/cron.weekly:
00-makewhatis.cron 0anacron
./etc/mail:
access local-host-names sendmail.cf submit.cf virtusertable
domaintable mailertable sendmail.mc submit.mc
helpfile Makefile spamassassin trusted-users
./etc/mail/spamassassin:
init.pre spamassassin-default.rc spamassassin-spamc.rc
local.cf spamassassin-helper.sh
./etc/pam.d:
apol imap ppp smtp.postfix
asianux-switch-mail kbdrate radiusd smtp.sendmail
asianux-switch-mail-nox kde reboot squid
authconfig kscreensaver redmin sshd
authconfig-gtk lmtp remote su
chfn login run_init sudo
chsh mupdate samba system-auth
crond newrole screen system-config-authentication
cups news seaudit system-config-securitylevel
dovecot other setup system-switch-im
ethereal passwd seuserx vlock
ftp pop sieve xdm
halt poweroff smtp xserver
./etc/sysconfig:
amd hwconf mouse saslauthd
arpwatch i18n named selinux
authconfig init netdump sendmail
autofs installinfo netdump_id_dsa spamassassin
clock ip6tables-config netdump_id_dsa.pub squid
console iptables-config network static-routes
cyrus-imapd irqbalance networking sys.dat
daemons isdn network-scripts syslog
desktop kdmtitle-ax.png o2cb syslog-ng
dhcp6s kdmtitle.png oracleasm sysstat
dhcpd kdmtitle-rf.png pcmcia system-config-securitylevel
dhcrelay kernel pgsql tux
diskdump keyboard prelink vncservers
grub khwtree rawdevices xinetd
harddisks kudzu Rfupdate.conf yppasswdd
httpd lm_sensors samba
./etc/sysconfig/console:
./etc/sysconfig/daemons:
rfcadmin
./etc/sysconfig/khwtree:
GroupLook GroupNet GroupSys
./etc/sysconfig/khwtree/GroupLook:
background.desktop desktop.desktop icons.desktop screensaver.desktop
colors.desktop fonts.desktop kwindecoration.desktop style.desktop
./etc/sysconfig/khwtree/GroupNet:
rfapache.desktop rfdhcp.desktop rfdns.desktop rfftp.desktop rfsquid.desktop
./etc/sysconfig/khwtree/GroupSys:
asianux-locale.desktop keyboard.desktop rfcron.desktop rftask.desktop
clock.desktop keys.desktop rflicmgr.desktop rfupdatekernel.desktop
display.desktop kgrub.desktop rflogview.desktop rfuser.desktop
energy.desktop kmenuedit.desktop rflvm.desktop rpmmanager.desktop
kcmfontinst.desktop kprintconfig.desktop rfmon.desktop sound.desktop
kcmnotify.desktop loginconf.desktop rfquota.desktop wnetconfig-panel.desktop
kdepasswd.desktop mouse.desktop rfsysinfo.desktop xmodemcfg.desktop
kdf.desktop network.desktop rfsysv.desktop
./etc/sysconfig/networking:
devices profiles
./etc/sysconfig/networking/devices:
./etc/sysconfig/networking/profiles:
default
./etc/sysconfig/networking/profiles/default:
./etc/sysconfig/network-scripts:
ifcfg-eth0 ifdown-ipv6 ifup-aliases ifup-plusb init.ipv6-global
ifcfg-eth1 ifdown-isdn ifup-ippp ifup-post network-functions
ifcfg-lo ifdown-post ifup-ipsec ifup-ppp network-functions-ipv6
ifdown ifdown-ppp ifup-ipv6 ifup-routes
ifdown-aliases ifdown-sit ifup-ipx ifup-sit
ifdown-ippp ifdown-sl ifup-isdn ifup-sl
ifdown-ipsec ifup ifup-plip ifup-wireless
./etc/sysconfig/pgsql:
postgresql
./etc/X11:
applnk lbxproxy proxymngr starthere twm xdm xkb xorg.conf xserver
fs prefdm serverconfig sysconfig X xinit Xmodmap Xresources xsm
./etc/X11/applnk:
Applications
./etc/X11/applnk/Applications:
nedit.desktop
./etc/X11/fs:
config
./etc/X11/lbxproxy:
AtomControl
./etc/X11/proxymngr:
pmconfig
./etc/X11/serverconfig:
./etc/X11/starthere:
./etc/X11/sysconfig:
./etc/X11/twm:
system.twmrc
./etc/X11/xdm:
authdir GiveConsole pixmaps Xaccess Xresources Xsession Xwilling
chooser kdmrc TakeConsole xdm-config Xservers Xsetup_0
./etc/X11/xdm/pixmaps:
xorg-bw.xpm xorg.xpm
./etc/X11/xinit:
Xclients xinitrc xinitrc-common xinitrc.d xinput.d
./etc/X11/xinit/xinitrc.d:
xinput.sh xmbind.sh
./etc/X11/xinit/xinput.d:
en_US ja_JP ko_KR none scim zh_CN zh_TW
./etc/X11/xserver:
SecurityPolicy
./etc/X11/xsm:
system.xsm
./etc/xinetd.d:
auth cups-lpd echo finger krb5-telnet rsync time
chargen daytime echo-udp gssftp kshell sgi_fam time-udp
chargen-udp daytime-udp eklogin klogin proftpd-xinetd swat
./lib:
modules
./lib/modules:
2.6.9-11.19AX
./lib/modules/2.6.9-11.19AX:
modules.dep
./proc:
bus cpuinfo dma filesystems interrupts mdstat mounts pci sys
cmdline devices driver ide ioports meminfo partitions stat
./proc/bus:
input pci usb
./proc/bus/input:
devices handlers
./proc/bus/pci:
00 02 devices
./proc/bus/pci/00:
00.0 00.1 00.3 02.0 02.1 1d.0 1d.1 1d.2 1d.7 1e.0 1f.0 1f.1 1f.3 1f.5 1f.6
./proc/bus/pci/02:
00.0 06.0 09.0 09.2 09.3 09.4
./proc/bus/usb:
001 002 003 004 devices
./proc/bus/usb/001:
001
./proc/bus/usb/002:
001
./proc/bus/usb/003:
001 002
./proc/bus/usb/004:
001
./proc/driver:
rtc
./proc/ide:
drivers hda hdc ide0 ide1 piix
./proc/ide/ide0:
channel config hda mate model
./proc/ide/ide0/hda:
cache driver identify model smart_thresholds
capacity geometry media settings smart_values
./proc/ide/ide1:
channel config hdc mate model
./proc/ide/ide1/hdc:
capacity driver identify media model settings
./proc/sys:
debug dev fs kernel net proc vm
./proc/sys/debug:
./proc/sys/dev:
cdrom raid rtc
./proc/sys/dev/cdrom:
autoclose autoeject check_media debug info lock
./proc/sys/dev/raid:
speed_limit_max speed_limit_min
./proc/sys/dev/rtc:
max-user-freq
./proc/sys/fs:
aio-max-nr dentry-state file-nr lease-break-time overflowgid
aio-nr dir-notify-enable inode-nr leases-enable overflowuid
binfmt_misc file-max inode-state mqueue quota
./proc/sys/fs/binfmt_misc:
register status
./proc/sys/fs/mqueue:
msg_max msgsize_max queues_max
./proc/sys/fs/quota:
allocated_dquots cache_hits drops free_dquots lookups reads syncs writes
./proc/sys/kernel:
acct hotplug panic sem
cad_pid modprobe panic_on_oops shmall
cap-bound msgmax pid_max shmmax
core_pattern msgmnb print-fatal-signals shmmni
core_uses_pid msgmni printk suid_dumpable
ctrl-alt-del ngroups_max printk_ratelimit sysrq
domainname osrelease printk_ratelimit_burst tainted
exec-shield ostype pty threads-max
exec-shield-randomize overflowgid random vdso
hostname overflowuid real-root-dev version
./proc/sys/kernel/pty:
max nr
./proc/sys/kernel/random:
boot_id entropy_avail poolsize read_wakeup_threshold uuid write_wakeup_threshold
./proc/sys/net:
core ethernet ipv4 ipv6 token-ring unix
./proc/sys/net/core:
dev_weight message_burst netdev_max_backlog optmem_max somaxconn
divert_version message_cost no_cong rmem_default wmem_default
lo_cong mod_cong no_cong_thresh rmem_max wmem_max
./proc/sys/net/ethernet:
./proc/sys/net/ipv4:
conf neigh tcp_orphan_retries
icmp_echo_ignore_all route tcp_reordering
icmp_echo_ignore_broadcasts tcp_abort_on_overflow tcp_retrans_collapse
icmp_ignore_bogus_error_responses tcp_adv_win_scale tcp_retries1
icmp_ratelimit tcp_app_win tcp_retries2
icmp_ratemask tcp_bic tcp_rfc1337
igmp_max_memberships tcp_bic_beta tcp_rmem
igmp_max_msf tcp_bic_fast_convergence tcp_sack
inet_peer_gc_maxtime tcp_bic_low_window tcp_stdurg
inet_peer_gc_mintime tcp_dsack tcp_synack_retries
inet_peer_maxttl tcp_ecn tcp_syncookies
inet_peer_minttl tcp_fack tcp_syn_retries
inet_peer_threshold tcp_fin_timeout tcp_timestamps
ip_autoconfig tcp_frto tcp_tso_win_divisor
ip_default_ttl tcp_keepalive_intvl tcp_tw_recycle
ip_dynaddr tcp_keepalive_probes tcp_tw_reuse
ip_forward tcp_keepalive_time tcp_vegas_alpha
ipfrag_high_thresh tcp_low_latency tcp_vegas_beta
ipfrag_low_thresh tcp_max_orphans tcp_vegas_cong_avoid
ipfrag_secret_interval tcp_max_syn_backlog tcp_vegas_gamma
ipfrag_time tcp_max_tw_buckets tcp_westwood
ip_local_port_range tcp_mem tcp_window_scaling
ip_nonlocal_bind tcp_moderate_rcvbuf tcp_wmem
ip_no_pmtu_disc tcp_no_metrics_save
./proc/sys/net/ipv4/conf:
all default eth0 lo
./proc/sys/net/ipv4/conf/all:
accept_redirects arp_ignore force_igmp_version medium_id send_redirects
accept_source_route bootp_relay forwarding proxy_arp shared_media
arp_announce disable_policy log_martians rp_filter tag
arp_filter disable_xfrm mc_forwarding secure_redirects
./proc/sys/net/ipv4/conf/default:
accept_redirects arp_ignore force_igmp_version medium_id send_redirects
accept_source_route bootp_relay forwarding proxy_arp shared_media
arp_announce disable_policy log_martians rp_filter tag
arp_filter disable_xfrm mc_forwarding secure_redirects
./proc/sys/net/ipv4/conf/eth0:
accept_redirects arp_ignore force_igmp_version medium_id send_redirects
accept_source_route bootp_relay forwarding proxy_arp shared_media
arp_announce disable_policy log_martians rp_filter tag
arp_filter disable_xfrm mc_forwarding secure_redirects
./proc/sys/net/ipv4/conf/lo:
accept_redirects arp_ignore force_igmp_version medium_id send_redirects
accept_source_route bootp_relay forwarding proxy_arp shared_media
arp_announce disable_policy log_martians rp_filter tag
arp_filter disable_xfrm mc_forwarding secure_redirects
./proc/sys/net/ipv4/neigh:
default eth0 lo
./proc/sys/net/ipv4/neigh/default:
anycast_delay gc_interval gc_thresh3 proxy_qlen
app_solicit gc_stale_time locktime retrans_time
base_reachable_time gc_thresh1 mcast_solicit ucast_solicit
delay_first_probe_time gc_thresh2 proxy_delay unres_qlen
./proc/sys/net/ipv4/neigh/eth0:
anycast_delay delay_first_probe_time mcast_solicit retrans_time
app_solicit gc_stale_time proxy_delay ucast_solicit
base_reachable_time locktime proxy_qlen unres_qlen
./proc/sys/net/ipv4/neigh/lo:
anycast_delay delay_first_probe_time mcast_solicit retrans_time
app_solicit gc_stale_time proxy_delay ucast_solicit
base_reachable_time locktime proxy_qlen unres_qlen
./proc/sys/net/ipv4/route:
error_burst gc_elasticity gc_thresh max_size min_pmtu redirect_number
error_cost gc_interval gc_timeout min_adv_mss mtu_expires redirect_silence
flush gc_min_interval max_delay min_delay redirect_load secret_interval
./proc/sys/net/ipv6:
bindv6only icmp ip6frag_low_thresh ip6frag_time neigh
conf ip6frag_high_thresh ip6frag_secret_interval mld_max_msf route
./proc/sys/net/ipv6/conf:
all default eth0 lo
./proc/sys/net/ipv6/conf/all:
accept_ra forwarding regen_max_retry temp_valid_lft
accept_redirects hop_limit router_solicitation_delay use_tempaddr
autoconf max_addresses router_solicitation_interval
dad_transmits max_desync_factor router_solicitations
force_mld_version mtu temp_prefered_lft
./proc/sys/net/ipv6/conf/default:
accept_ra forwarding regen_max_retry temp_valid_lft
accept_redirects hop_limit router_solicitation_delay use_tempaddr
autoconf max_addresses router_solicitation_interval
dad_transmits max_desync_factor router_solicitations
force_mld_version mtu temp_prefered_lft
./proc/sys/net/ipv6/conf/eth0:
accept_ra forwarding regen_max_retry temp_valid_lft
accept_redirects hop_limit router_solicitation_delay use_tempaddr
autoconf max_addresses router_solicitation_interval
dad_transmits max_desync_factor router_solicitations
force_mld_version mtu temp_prefered_lft
./proc/sys/net/ipv6/conf/lo:
accept_ra forwarding regen_max_retry temp_valid_lft
accept_redirects hop_limit router_solicitation_delay use_tempaddr
autoconf max_addresses router_solicitation_interval
dad_transmits max_desync_factor router_solicitations
force_mld_version mtu temp_prefered_lft
./proc/sys/net/ipv6/icmp:
ratelimit
./proc/sys/net/ipv6/neigh:
default eth0 lo
./proc/sys/net/ipv6/neigh/default:
anycast_delay gc_interval gc_thresh3 proxy_qlen
app_solicit gc_stale_time locktime retrans_time
base_reachable_time gc_thresh1 mcast_solicit ucast_solicit
delay_first_probe_time gc_thresh2 proxy_delay unres_qlen
./proc/sys/net/ipv6/neigh/eth0:
anycast_delay delay_first_probe_time mcast_solicit retrans_time
app_solicit gc_stale_time proxy_delay ucast_solicit
base_reachable_time locktime proxy_qlen unres_qlen
./proc/sys/net/ipv6/neigh/lo:
anycast_delay delay_first_probe_time mcast_solicit retrans_time
app_solicit gc_stale_time proxy_delay ucast_solicit
base_reachable_time locktime proxy_qlen unres_qlen
./proc/sys/net/ipv6/route:
flush gc_interval gc_thresh max_size mtu_expires
gc_elasticity gc_min_interval gc_timeout min_adv_mss
./proc/sys/net/token-ring:
rif_timeout
./proc/sys/net/unix:
max_dgram_qlen
./proc/sys/proc:
./proc/sys/vm:
block_dump hugetlb_shm_group min_free_kbytes page-cluster
dirty_background_ratio laptop_mode nr_hugepages swappiness
dirty_expire_centisecs legacy_va_layout nr_pdflush_threads vfs_cache_pressure
dirty_ratio lower_zone_protection overcommit_memory
dirty_writeback_centisecs max_map_count overcommit_ratio
./root:
install.log
./var:
log named
./var/log:
boot.log dmesg messages sa
./var/log/sa:
sa01 sa02 sa03 sa04 sa05 sa06 sa07 sa08 sa09 sa10 sa13 sa14
./var/named:
chroot localdomain.zone named.broadcast named.ip6.local named.zero
data localhost.zone named.ca named.local slaves
./var/named/chroot:
dev etc var
./var/named/chroot/dev:
null random zero
./var/named/chroot/etc:
localtime named.conf named.conf.rpmsave rndc.key
./var/named/chroot/var:
named run tmp
./var/named/chroot/var/named:
data localhost.zone named.ca named.local slaves
localdomain.zone named.broadcast named.ip6.local named.zero
./var/named/chroot/var/named/data:
./var/named/chroot/var/named/slaves:
./var/named/chroot/var/run:
named
./var/named/chroot/var/run/named:
./var/named/chroot/var/tmp:
./var/named/data:
./var/named/slaves:
此刻,你的系统还是穿着衣服的吗?呵呵,暴露的有点过火。。。
相关阅读 更多 +
