http://jackxiang.com/index.php zh-cn http://jackxiang.com/post// jack <xdy108@126.com> Tue, 19 Jul 2016 09:32:16 +0000 http://jackxiang.com/post// TASK [irdcops : 修改 /etc/sudoers] ***********************************************
skipping: [10.70.37.24]
fatal: [10.70.36.172]: FAILED! => {"changed": false, "failed": true, "msg": "Could not replace file: /tmp/tmpfToWiS to /etc/sudoers: [Errno 1] Operation not permitted"}
fatal: [10.70.36.173]: FAILED! => {"changed": false, "failed": true, "msg": "Could not replace file: /tmp/tmpvA5FJh to /etc/sudoers: [Errno 1] Operation not permitted"}


[root@v-szq-Localizationweb13 etc]# chmod 755 sudoers
chmod: changing permissions of `sudoers': Operation not permitted
[root@v-szq-Localizationweb13 etc]# lsattr sudoers
----i--------e- sudoers
[root@v-szq-Localizationweb13 etc]#  chattr -i sudoers
[root@v-szq-Localizationweb13 etc]# visudo

http://www.linuxeye.com/command/chattr.html


lsattr  /etc/sudoers ----i--------e- /etc/sudoers

去掉保护命令：
lsattr  /etc/sudoers chattr -i /etc/sudoers xiangdong ALL=(ALL) NOPASSWD: ALL chattr +i /etc/sudoers

chattr -i /etc/shadow chattr -i /etc/passwd chattr -i /etc/group chattr -i /etc/sudoers chattr -i /etc/gshadow  

黑客最容易修改这个sshd：
chattr -i /usr/sbin/sshd

Form:http://jackxiang.com/post/1792/ ]]> http://jackxiang.com/post//#blogcomment <user@domain.com> Thu, 01 Jan 1970 00:00:00 +0000 http://jackxiang.com/post//#blogcomment