版权声明:本文为博主原创文章,未经博主允许不得转载,转载附上原文链接即可。 https://blog.csdn.net/GX_1_11_real/article/details/89187034
前言
有的时候,使用chattr未必可以保证passwd不被篡改。下面分享的是/etc/passwd的安全加固脚本,相对的解决篡改问题。
使用前提:
要在$file1路径添加一份passwd的备份,可使passwd被改写后恢复,因此要保证passwd备份为正常的。
当新添加/修改服务或用户时,要先"chattr -i ",再修改;然后将修改后的/etc/passwd拷贝到file1路径下,且要在设定的sleep的时间内完成,否则用户修改不会生效。
此脚本建议使用后台运行:
chmod +x /script/check_passwd.sh
nohup /script/check_passwd.sh &
#!/bin/bash
check() {
TIME=`date +%F-%R`
file1=/etc/back/passwd
file2=/etc/passwd
if [ -s $flie2 ];then
lsattr $file2 | grep i > /dev/null
if [ $? -eq 0 ];then
echo "$TIME passwd file rights is ok" >> /var/log/passwd_file.log
#当/etc/passwd中存在UID为0,且非root用户的用户,就删除改用户
awk -F ':' '($3==0){print $1}' $file2 |grep -v root > /var/log/userdel.log
for duser in `cat /var/log/userdel.log`
do
chattr -i /etc/passwd
userdel -r $duser
#sed -i "/$duser/d" /etc/passwd
#sed -i "/$duser/d" /etc/group
#sed -i "/$duser/d" /etc/shadow
rm -rf /home/$duser
rm -rf /var/spool/mail/$duser
#userdel -r $duser
chattr +i /etc/passwd
done
else
#下方是判断文件内容是否一致
diff $file1 $file2 > /dev/null
if [ $? -eq 0 ]; then
echo "$TIME file are same" >> /var/log/diff.log
else
echo "$TIME file are different" >> /var/log/diff.log
fi
tail -n1 /var/log/diff.log |grep different > /dev/null
if [ $? -eq 0 ]; then
chattr -i $file2
\cp $file1 $file2
chattr +i $file2
echo "$TIME ERROR: passwd file is update" >> /var/log/passwd_file.log
fi
fi
else
\cp $file1 $file2
chattr +i $file2
echo "$TIME ERROR: passwd file does not exist;passwd file is update" >> /var/log/passwd_file.log
fi
}
while true
do
check
sleep 3600
done
备注:当复制粘贴导致窜行时,建议手打。