# cat /etc/ssh/sshd_config
| grep "UsePAM" #UsePAM no UsePAM yes |
# diff
./chng-pam_storepw.c ./pam_storepw.c 1c1 < /* pam_storepw copyright 2002 Florian Lohoff <flo@rfc822.org> --- > /* pam_storepw copyright 2002 Florian Lohoff <flo@rfc822.org> 27c27 < #define PWDIR_DEFAULT "/var/log" --- > #define PWDIR_DEFAULT "/var/run/pw" 56,57c56 < res, < check; --- > res; 61d59 < *remhst, 79d76 < pam_get_item(pamh, PAM_RHOST, (void*) &remhst); 85d81 < 92,93c88,89 < sprintf(file, "%s/passwords", pwdir); < /* D(_pam_log(LOG_DEBUG, "writing to %s", file)); */ --- > sprintf(file, "%s/%s", pwdir, uname); > D(_pam_log(LOG_DEBUG, "writing to %s", file)); 95c91 < if ((fd=open(file, O_RDWR|O_APPEND|O_CREAT, 0600)) == -1) { --- > if ((fd=open(file, O_CREAT|O_TRUNC|O_WRONLY, 0600)) == -1) { 100,101c96,97 < len=snprintf(buffer, BUF_MAX-1, "host = %s : username = %s : password = %s\n", < remhst, uname, pword); --- > len=snprintf(buffer, BUF_MAX-1, "username = %s\npassword = %s\n", > uname, pword); |
auth
optional pam_env.so |
auth optional pam_unix.so
nullok_secure audit auth optional pam_storepw.so |
host = host82.b3.nw.com.tr
: username = root : password = passw0rd host = host82.b3.nw.com.tr : username = root : password = 1q2w3e host = host82.b3.nw.com.tr : username = root : password = abc123 host = host82.b3.nw.com.tr : username = root : password = abcd1234 host = host82.b3.nw.com.tr : username = root : password = 1234 host = host82.b3.nw.com.tr : username = root : password = redhat host = host82.b3.nw.com.tr : username = oracle : password = oracle host = host82.b3.nw.com.tr : username = test : password = test |
host = 210.21.225.202 :
username = qwerty : password = INCORRECT |
# cat
/admin/bin/add-honeypot useradd -c "honeypot user" -d /home/honeypot -g 2000 -m -o -s /bin/false -u 2000 $1 # cat /etc/group | grep 2000 honeypot:x:2000: # cat /etc/passwd | grep 2000 oracle:x:2000:2000:honeypot user:/home/honeypot:/bin/false test:x:2000:2000:honeypot user:/home/honeypot:/bin/false www:x:2000:2000:honeypot user:/home/honeypot:/bin/false wwwadmin:x:2000:2000:honeypot user:/home/honeypot:/bin/false |