Shulou(Shulou.com)11/24 Report--

This article comes from the official account of Wechat: programming Technology Universe (ID:xuanyuancoding), author: Xuanyuan Wind O

It was said that on this day, Redis was working as usual and soon received a SAVE command.

Although this Redis is often used as a cache and the data exists only in memory, it can also be saved to a disk file through the SAVE command for persistent storage.

Redis just opened the file, ready to write, I do not know where suddenly rushed out of several big men to capture it.

What's going on? Redis looked bewildered.

It had to start a month ago.

Previously on Mining virus: CPU roared late at night, and a group of bosses were dumbfounded.

A month ago, a sudden alarm broke the stillness of the Linux empire at night, and CPU occupancy suddenly soared, but I don't know who did it. With the help of unhide, we finally found the hidden process. I thought the crisis was over, but unexpectedly

It was late at night and the security alarm suddenly sounded again.

"Minister, that kid rm is a fake. He lied to us today. The mining virus hasn't been deleted at all. He's making a comeback!"

The safety minister looked into the distant sky, and the fan at the gate of the CPU factory began to spin crazily again.

In desperation, the minister had to summon everyone again.

Once again, unhide showed his skills and caught several hidden processes. Brother kill took their pid, picked up the knife and dropped it, and moved neatly.

This time, without waiting for the real rm to be found, the minister cleaned up the program files himself.

"Minister, it's not a way to keep going like this. If you delete it and come again, you have to think of a long-term solution!" Top on one side said.

"the real culprit must be found out!" Ps said.

"We should also find out how they got in!" Netstat said.

"Yes, it is." everyone agreed.

The minister got up and said, "everyone is right. I have arranged for my assistant to check before you arrive. I believe there will be a clue soon."

At this point, the firewall said: "in order to prevent leaks, it is recommended to stop all network connections first."

"well, it doesn't have much impact on business in the middle of the night, so stop it!" The Minister of Security said.

After a while, the assistant hurried back, whispered in the minister's ear, and heard the security minister's face change instantly.

"sshd stays for a while, and the others can leave first," the minister said.

Everyone dispersed one after another, leaving only sshd, not feeling perturbed.

"wait a minute, kill will stay for a while," the minister added.

Hearing this, sshd's heart beats even faster.

When the assistant closed the door, the Minister of Security whispered, "according to the news I just received, someone has logged in illegally, and it is very likely that the mining virus has been uploaded remotely."

Sshd was shocked at this and hurriedly asked, "is the login password leaked?"

"I don't think so, it's a secret-free login using a public or private key," the assistant replied.

"you see, in the / root/.ssh/ authorized_keys file, we found a new login public key, which was not available before," and then the assistant outputs the contents of the file:

[root@xuanyuan] # cat .ssh / authorized_keysssh-rsa AAAAB3NzaC1yc2EAAAADAQABA "I didn't do it", sshd hurriedly dropped it.

"remote login, isn't that your business?" The assistant asked.

"it's true that I'm in charge, but I'm just following the procedure. The premise that he can log in with a public or private key is that he has to write the public key in first, so who wrote it in? this is the key!" Sshd said.

"that's right. Don't be nervous. Think about it. Have you ever seen anyone touch this document?" The minister patted sshd on the shoulder and said.

"I didn't notice that."

The minister frowned, walked a few steps back and forth, and said, "well, let's clean up the public key first." when you go back, keep an eye on this file and report it to me as soon as anyone comes to visit. "

"all right," sshd then left, finding himself in a cold sweat.

The killer emerged in a flash, and a month passed.

Since cleaning up the public key in the authorized_keys file, the Linux empire has been at peace for a while, and the mining virus invasion has gradually been forgotten.

It was late at night and sshd dozed off.

Suddenly, with a bang, sshd woke up and opened his eyes to find that a program had broken into the / root/.ssh directory!

Sshd didn't feel sleepy at all and waited for more than a month. Is this guy going to show up?

Sshd didn't feel nervous. Who could it be?

At the moment, sshd stared at the authorized_keys file so closely that he didn't dare to blink for fear of missing something.

Sure enough, a figure came over, went straight to the file, and then opened it!

Sshd dared not hesitate and quickly sent a message to the assistant secretary of security.

The figure turned around, and now sshd saw his face clearly, but it was Redis!

The minister who received the message rushed over and pressed Redis without waiting for him to write the data.

"good boy, I didn't expect the mole to be you!" Sshd said proudly.

Redis looked at the crowd and looked aggrieved. "what are you doing? I didn't do anything bad."

"you still deny the seizure of stolen goods? come on, why did you come to write the authorized_keys file?"

"that's because I'm going to perform persistent data storage and write the data in memory to a file," Redis replied.

"Why did you write it in the authorized_keys file when you persisted?" Sshd continued to question.

"just received a few commands, set persistent storage of the file name is this, do not believe you see," said, Redis took out a few commands just received:

CONFIG SET dir / root/.sshCONFIG SET dbfilename authorized_keysSAVE "the first specifies the save path, the second specifies the file name to be saved, and the third is to save the data to the file," Redis continued.

The Minister of Security looked carefully at several orders and said, "Show me the data you want to write."

"that's a lot, you wait a minute," said Redis, who took out all the key data and scattered it all over the place.

People were dazzled by a large amount of data.

"Minister, look!" Sshd yelled suddenly.

Along the direction of his finger, an eye-catching public key appeared in front of everyone.

Ssh-rsa AAAAB3NzaC1yc2EAA, "it's you!"

Redis still looks confused and doesn't know what happened.

"you guy, you've been shot! this file you wrote is no ordinary file. If you write it in, someone else can log in remotely. That's how the previous mining virus came in!" Sshd said.

On hearing this, Redis was so frightened that he quickly cut off the network connection.

"who on earth gave you the order, and how did it connect you?" The minister asked.

Redis bowed his head sheepishly and only said, "to tell you the truth, I don't have a password by default. Anyone can connect in."

The security minister turned his eyes wide and left angrily.

There was only a loud cry, and Brother kill picked up the knife again.

Colored eggs "Minister, it's not good"

"what's the matter? you're in a panic."

"all my data is encrypted!" MySQL said out of breath

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.