Linux Shell procedures for identification Linux Shell procedures for identification By hutuworm Origin activity Linux system administrator's headache is often encountered in determining the system is not under the premise of the invasion. Careless operation of the pig not know which specific uses Shell procedures, systems and made a Confused. Moreover, the system records show that the pig is used by utilities account number (root or admin). You do not know the specific pig in real life which is equivalent to pigs. Opening activity To solve the above problem, there are two solutions : First, the time and ip trace, according to the time and ip, The pig from which to trace the feed trough over the arch. But there are often feed trough mixed asked his pen Stated that this solution could only be determined by a group led by the suspicious pig pig. If we are through agents Even the server, then log in addition to the investigation but no one by one by now. Second, the way in the Shell Sequence identity verification log records, and define responsibilities. Solving activity Qmail author of this paper prepared by the master DJ Bernstein tools for identity checkpassword Certification. 1. Download : Http://cr.yp.to/checkpwd/checkpassword-0.90.tar.gz 2. Installation : Tar xvfz checkpassword-0.90.tar.gz Cd checkpassword-0.90 Make Make setup check 3. Executable File checkpassword /bin if not under, then goto 1 Now this coupled with the success of the procedure : －－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－ #!/bin/sh # # Filename : auth.sh # Author : hutuworm # 2003 hutuworm.orgCopyleft # Auth_failed function () ( Echo "rely on, you resorted to dumping Laozhu ah? " Exit 1 } Echo "Persisting in having having the ※ ※ CY 14" Echo "she idler Mo activity pigsties into activity" Echo "Persisting in having having the ※ ※ CY 14" Printf "Please input account :" Read ACCOUNT If [$ACCOUNT = 'admin' -o $ACCOUNT = 'root'] Then Echo "of the circle are not welcome admin&root!" Exit 1 Fi Printf "Please password :" Stty -echo Read PASSWORD Stty echo Echo "" Printf "$ACCOUNT\0$PASSWORD\0Y123456\0" | /bin/checkpassword logger "$ACCOUNT used auth.sh" auth_failed 3<&0 | | Echo "Welcome confused greedy Temple subsidiary Zhaitang 之 sty! : P " －－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－ Acceptance activity $ Chmod → auth.sh $ $. /auth.sh ※※※※※※※※※※※ Mo activity pigsties into the activity she idler ※※※※※※※※※※※ Please input No. : hutuworm Please password : Rely on you playing I Laozhu ah? $ $. /auth.sh ※※※※※※※※※※※ Mo activity pigsties into the activity she idler ※※※※※※※※※※※ Please input admin account : Please password : The circle does not welcome admin&root! $ $. /auth.sh ※※※※※※※※※※※ Mo activity pigsties into the activity she idler ※※※※※※※※※※※ Please input No. : hutuworm Please password : Welcome confused greedy Temple subsidiary Zhaitang 之 sty! : P $ $ Tail -1 /var/log/messages May 5 May 5 13:51:45 13:51:45 hutuworm.org hutuworm used auth.sh logger : Temple confused irregular activity : free software files source of infection http://www.hutuworm.org Justice lie! Nobody has such a good message, the top, no justice! [ Closed window ]