`
a303896522
  • 浏览: 8192 次
  • 性别: Icon_minigender_1
  • 来自: 北京
最近访客 更多访客>>
社区版块
存档分类
最新评论

修复 JBoss 漏洞操作手册

 
阅读更多

修复 JBoss 漏洞操作手册
中毒现象:
1. ps axf 看到多出了很多进程,尤其是有 pnscan 这个进程,它会对外扫描整个网络, 导致网络拥塞:

 

sh -c ./pnscan -r JBoss -w "HEAD / HTTP/1.0\r\n\r\n" -t 6400 61.223.0.0/16 8080 > /tmp/sess_008802541
 

 

2. crontab -l 看到多出了,有些中毒的则没有这个现象:

 

1 1 10 * * /root/.sysdbs
1 1 24 * * /root/.sysync.pl
1 1 10 * * /root/.sysdbs
1 1 24 * * /root/.sysync.pl
 

 

3. ${JBOSS_HOME}/bin/多出了好多文件, 这些文件的 owner 为未知 (比如为 1000): a.tar.gz bm.c bm.h bm.o flu.pl fly.pl install-sh ipsort kisses/ kisses.tar.gz kisses.tar.gz.1 linda.pl lindb.pl Makefile pnscan pnscan.c pnscan.o version.c version.o
修改:
1.清除 JBOSS 后门程序: all(default,minimal)这三个目录下都需要检查一下并做对应 ( 的处理。 ) # ${JBOSS_HOME}/server/all(default,minimal)/deploy/management/ 将该目录下的 iesvc.war wstats.war zecmd.war zmeu.war 等删除。 只留下 console-mgr.sar
2. 修改 jboss 配置:

一、JMX 安全设置: (all(default,minimal)这三个目录下都需要检查一下并做对应的 处理。 )

 

# vi ${JBOSS_HOME}/server/all(default,minimal)/deploy/jmx-console.war/WEB-INF/web.xml

 <!-- A security constraint that restricts access to the HTML JMX console to users with the role JBossAdmin. Edit the roles to what you want and uncomment the WEB-INF/jboss-web.xml/security-domain element to enable secured access to the HTML JMX console. --> 

 

<security-constraint> 
      <web-resource-collection> 
             <web-resource-name>HtmlAdaptor</web-resource-name>
             <description>An example security config that only allows users                             with the role JBossAdmin to access the HTML JMX console web         application </description>             
              <url-pattern>/*</url-pattern> 
              <!-<http-method>GET</http-method> 
                   <http-method>POST</http-method> -->
             </web-resource-collection> 
             <auth-constraint> 
                   <role-name>JBossAdmin</role-name> 
             </auth-constraint> 
</security-constraint>
 

把 GET 和 POST 两行注释掉,同时 security-constraint 整个部分不要注释掉。

 

# vi ${JBOSS_HOME}/server/all(default,minimal)/deploy/jmx-console.war/WEB-INF/jbossweb.xml

 <jboss-web>

 

<!-- Uncomment the security-domain to enable security. You will need to edit the htmladaptor login configuration to setup the login modules used to authentication users. --> 
    <security-domain>java:/jaas/jmx-console</security-domain> 
</jboss-web>

 把 security-domain 注释去掉。 

 

# vi ${JBOSS_HOME}/server/all(default,minimal)/conf/props/jmx-console-users.properties
 

 

# A sample users.properties file for use with the UsersRolesLoginModule admin=emsppassword123 修改 admin 密码

二、WEB-CONSOLE 安全设置: (all(default,minimal)这三个目录下都需要检查一下 并做对应的处理。 ) 

#vi ${JBOSS_HOME}/server/all(default,minimal)/deploy/management/console-mgr.sar/web -console.war/WEB-INF/web.xml

<!-- A security constraint that restricts access to the HTML JMX console to users with the role JBossAdmin. Edit the roles to what you want and uncomment the WEB-INF/jboss-web.xml/security-domain element to enable secured access to the HTML JMX console. --> 
<security-constraint> 
    <web-resource-collection> 
         <web-resource-name>HtmlAdaptor</web-resource-name>   <description>An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application </description> 
         <url-pattern>/*</url-pattern> 
         <!-<http-method>GET</http-method> 
          <http-method>POST</http-method> --> 
     </web-resource-collection> 
     <auth-constraint> 
           <role-name>JBossAdmin</role-name> 
     </auth-constraint> 
</security-constraint>
 

把 GET 和 POST 两行注释掉,同时 security-constraint 整个部分不要注释掉。 

# vi ${JBOSS_HOME}/server/all(default,minimal)/deploy/management/console-mgr.sar/web -console.war/WEB-INF/jboss-web.xml
 <!-- Uncomment the security-domain to enable security. You will need to edit the htmladaptor login configuration to setup the login modules used to authentication users. -->  
<security-domain>java:/jaas/web-console</security-domain>
 

把 security-domain 注释去掉。 

# vi ${JBOSS_HOME}/server/all(default,minimal)/deploy/management/console-mgr.sar/web
-console.war/WEB-INF/classes/web-console-users.properties
 

# A sample users.properties file for use with the UsersRolesLoginModule admin= emsppassword123 修改 admin 密码
最后启动 jboss 生效。

分享到:
| MySQL日期时间函数大全 (转)
评论
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

Magicbox
Global site tag (gtag.js) - Google Analytics