https://blog.xpdbk.com/en/categories/linux-system/Recent content in linux system on LEl_FENG BlogHugo -- gohugo.ioenLEl_FENG CopyrightFri, 01 Sep 2023 08:49:19 +0700https://blog.xpdbk.com/en/posts/linux-ssh-root-shell/Fri, 01 Sep 2023 08:49:19 +0700https://blog.xpdbk.com/en/posts/linux-ssh-root-shell/<img src="https://blog.xpdbk.com/en/posts/linux-ssh-root-shell/root-1200-1.webp" alt="Featured image of post One-click script to set up SSH access for ROOT account" /><blockquote> <p><strong>TL;DR / [Geek Summary]:</strong></p> <ul> <li>Root Access Loophole: Bypass default SSH restrictions on Ubuntu/Debian images to reclaim full administrative control via one-click scripts.</li> <li>Config Hardening: Uses <code>sed</code> for surgical modification of <code>sshd_config</code> and <code>chpasswd</code> for instantaneous root password overrides.</li> <li>Universal Support: Tailored snippets for Ubuntu, CentOS, Arch, and Debian to automate server initialization across diverse environments.</li> </ul> </blockquote> <h2 id="preface"> <a href="#preface" class="heading-anchor" aria-label="Anchor for Preface">#</a> Preface </h2> <p>When we use the official <a class="link" href="https://ubuntu.com/download/server" target="_blank" rel="noopener" >Ubuntu server image</a> <span style="white-space: nowrap;"><svg width=".7em" height=".7em" viewBox="0 0 21 21" xmlns="http://www.w3.org/2000/svg"> <path d="m13 3l3.293 3.293l-7 7l1.414 1.414l7-7L21 11V3z" fill="currentColor" /> <path d="M19 19H5V5h7l-2-2H5c-1.103 0-2 .897-2 2v14c0 1.103.897 2 2 2h14c1.103 0 2-.897 2-2v-5l-2-2v7z" fill="currentColor"> </svg></span> to install it on the server, we can only log in to the account that was originally installed and set and use <code>sudo su</code> command to elevate privileges, but there is no root account that can log in through SSH. This is because after the root account is created, a random password will be set each time the computer is turned on and SSH login will be disabled. Therefore, it is not convenient for us to change the passwords one by one using <code>nano</code> and <code>vim</code>.</p> <blockquote> <p><strong>Windows</strong> All need to create a new <code>.txt</code> file and then change the suffix to <code>.sh</code> file and run it on Linux with <code>./root.sh</code></p> <p><strong>linux</strong> Just use <code>nano</code> or <code>vim</code> to create a <code>root.sh</code> and run it with <code>./</code></p> </blockquote> <h2 id="ubuntu-exclusive"> <a href="#ubuntu-exclusive" class="heading-anchor" aria-label="Anchor for ubuntu exclusive">#</a> ubuntu exclusive </h2> <details> <summary>Only for intranet ubuntu (no need for security, just convenience)</summary> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-Bash" data-lang="Bash"><span class="line"><span class="cl"><span class="cp">#!/bin/bash </span></span></span><span class="line"><span class="cl"><span class="cp"></span> </span></span><span class="line"><span class="cl"><span class="c1"># Enable root permissions</span> </span></span><span class="line"><span class="cl">sed -i <span class="s1">&#39;s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g&#39;</span> /etc/ssh/sshd_config </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">## Set root password</span> </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;root:awa114514&#34;</span> <span class="p">|</span> chpasswd </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">## Restart sshd service</span> </span></span><span class="line"><span class="cl">systemctl restart sshd.service </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;SSH ROOT permissions have been enabled and the password has been changed to awa114514&#34;</span> </span></span></code></pre></td></tr></table> </div> </div> </details> <h2 id="script-compatible-with-all-linux-distributions"> <a href="#script-compatible-with-all-linux-distributions" class="heading-anchor" aria-label="Anchor for Script compatible with all Linux distributions">#</a> Script compatible with all Linux distributions </h2> <blockquote> <p>Written casually</p> </blockquote> <details> <summary>Normal script compatible with all Linux distributions</summary> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span><span class="lnt">31 </span><span class="lnt">32 </span><span class="lnt">33 </span><span class="lnt">34 </span><span class="lnt">35 </span><span class="lnt">36 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-Bash" data-lang="Bash"><span class="line"><span class="cl"><span class="cp">#!/bin/bash </span></span></span><span class="line"><span class="cl"><span class="cp"></span> </span></span><span class="line"><span class="cl"><span class="c1">## Check if the root password meets security requirements</span> </span></span><span class="line"><span class="cl"><span class="k">if</span> ! check_passwd<span class="p">;</span> <span class="k">then</span> </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;The root password is not secure, please reset the root password&#34;</span> </span></span><span class="line"><span class="cl"><span class="nb">exit</span> <span class="m">1</span> </span></span><span class="line"><span class="cl"><span class="k">fi</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">## Prompt the user to confirm the operation</span> </span></span><span class="line"><span class="cl"><span class="nb">read</span> -p <span class="s2">&#34;Are you sure to enable root permissions and set the root password? (y/n) &#34;</span> answer </span></span><span class="line"><span class="cl"><span class="k">if</span> <span class="o">[[</span> <span class="nv">$answer</span> !<span class="o">=</span> <span class="s2">&#34;y&#34;</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then</span> </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;The operation has been canceled&#34;</span> </span></span><span class="line"><span class="cl"><span class="nb">exit</span> <span class="m">1</span> </span></span><span class="line"><span class="cl"><span class="k">fi</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">## Check the system type</span> </span></span><span class="line"><span class="cl"><span class="nv">type</span><span class="o">=</span><span class="k">$(</span>uname <span class="p">|</span> tr <span class="s1">&#39;[:upper:]&#39;</span> <span class="s1">&#39;[:lower:]&#39;</span><span class="k">)</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">## Enable root permissions</span> </span></span><span class="line"><span class="cl"><span class="k">case</span> <span class="nv">$type</span> in </span></span><span class="line"><span class="cl">linux<span class="o">)</span> </span></span><span class="line"><span class="cl">sed -i <span class="s1">&#39;s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g&#39;</span> /etc/ssh/sshd_config </span></span><span class="line"><span class="cl"><span class="p">;;</span> </span></span><span class="line"><span class="cl">*<span class="o">)</span> </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;This script is only for Linux systems&#34;</span> </span></span><span class="line"><span class="cl"><span class="nb">exit</span> <span class="m">1</span> </span></span><span class="line"><span class="cl"><span class="p">;;</span> </span></span><span class="line"><span class="cl"><span class="k">esac</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">## Set root password</span> </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;root:</span><span class="nv">$password</span><span class="s2">&#34;</span> <span class="p">|</span> chpasswd </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">## Restart sshd service</span> </span></span><span class="line"><span class="cl">systemctl restart sshd.service </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;SSH ROOT permission is enabled and password has been changed to </span><span class="nv">$password</span><span class="s2">&#34;</span> </span></span></code></pre></td></tr></table> </div> </div> </details> <h2 id="script-compatible-with-centos-ubuntu-arch-and-debian"> <a href="#script-compatible-with-centos-ubuntu-arch-and-debian" class="heading-anchor" aria-label="Anchor for Script compatible with CentOS, Ubuntu, Arch and Debian">#</a> Script compatible with CentOS, Ubuntu, Arch and Debian </h2> <blockquote> <p>Written casually</p> </blockquote> <details> <summary>Script compatible with CentOS, Ubuntu, Arch and Debian</summary> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span><span class="lnt">16 </span><span class="lnt">17 </span><span class="lnt">18 </span><span class="lnt">19 </span><span class="lnt">20 </span><span class="lnt">21 </span><span class="lnt">22 </span><span class="lnt">23 </span><span class="lnt">24 </span><span class="lnt">25 </span><span class="lnt">26 </span><span class="lnt">27 </span><span class="lnt">28 </span><span class="lnt">29 </span><span class="lnt">30 </span><span class="lnt">31 </span><span class="lnt">32 </span><span class="lnt">33 </span><span class="lnt">34 </span><span class="lnt">35 </span><span class="lnt">36 </span><span class="lnt">37 </span><span class="lnt">38 </span><span class="lnt">39 </span><span class="lnt">40 </span><span class="lnt">41 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-Bash" data-lang="Bash"><span class="line"><span class="cl"><span class="cp">#!/bin/bash </span></span></span><span class="line"><span class="cl"><span class="cp"></span> </span></span><span class="line"><span class="cl"><span class="c1">## Check if the root password meets security requirements</span> </span></span><span class="line"><span class="cl"><span class="k">if</span> ! check_passwd<span class="p">;</span> <span class="k">then</span> </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;The root password is not secure, please reset the root password&#34;</span> </span></span><span class="line"><span class="cl"><span class="nb">exit</span> <span class="m">1</span> </span></span><span class="line"><span class="cl"><span class="k">fi</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">## Prompt the user to confirm the operation</span> </span></span><span class="line"><span class="cl"><span class="nb">read</span> -p <span class="s2">&#34;Are you sure you want to enable root permissions and set a root password? (y/n) &#34;</span> answer </span></span><span class="line"><span class="cl"><span class="k">if</span> <span class="o">[[</span> <span class="nv">$answer</span> !<span class="o">=</span> <span class="s2">&#34;y&#34;</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then</span> </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;The operation has been cancelled&#34;</span> </span></span><span class="line"><span class="cl"><span class="nb">exit</span> <span class="m">1</span> </span></span><span class="line"><span class="cl"><span class="k">fi</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">## Check the operating system</span> </span></span><span class="line"><span class="cl"><span class="nv">os</span><span class="o">=</span><span class="k">$(</span>cat /etc/os-release <span class="p">|</span> grep <span class="s2">&#34;PRETTY_NAME&#34;</span> <span class="p">|</span> cut -d <span class="s1">&#39;=&#39;</span> -f <span class="m">2</span> <span class="p">|</span> tr -d <span class="s1">&#39;&#34;&#39;</span><span class="k">)</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">## Enable root permissions</span> </span></span><span class="line"><span class="cl"><span class="k">case</span> <span class="nv">$os</span> in </span></span><span class="line"><span class="cl"><span class="s2">&#34;CentOS Linux&#34;</span><span class="o">)</span> </span></span><span class="line"><span class="cl">sed -i <span class="s1">&#39;s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g&#39;</span> /etc/ssh/sshd_config </span></span><span class="line"><span class="cl"><span class="p">;;</span> </span></span><span class="line"><span class="cl"><span class="s2">&#34;Ubuntu&#34;</span><span class="o">)</span> </span></span><span class="line"><span class="cl">sed -i <span class="s1">&#39;s/#PermitRootLogin no/PermitRootLogin yes/g&#39;</span> /etc/ssh/sshd_config </span></span><span class="line"><span class="cl"><span class="p">;;</span> </span></span><span class="line"><span class="cl"><span class="s2">&#34;Arch Linux&#34;</span><span class="o">)</span> </span></span><span class="line"><span class="cl">sed -i <span class="s1">&#39;s/#PermitRootLogin no/PermitRootLogin yes/g&#39;</span> /etc/ssh/sshd_config </span></span><span class="line"><span class="cl"><span class="p">;;</span> </span></span><span class="line"><span class="cl"><span class="s2">&#34;Debian&#34;</span><span class="o">)</span> </span></span><span class="line"><span class="cl">sed -i <span class="s1">&#39;s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g&#39;</span> /etc/ssh/sshd_config </span></span><span class="line"><span class="cl"><span class="p">;;</span> </span></span><span class="line"><span class="cl"><span class="k">esac</span> </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">## Set root password</span> </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;root:awa114514&#34;</span> <span class="p">|</span> chpasswd </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="c1">## Restart sshd service</span> </span></span><span class="line"><span class="cl">systemctl restart sshd.service </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="nb">echo</span> <span class="s2">&#34;SSH ROOT permission is enabled and password has been changed to awa114514&#34;</span> </span></span></code></pre></td></tr></table> </div> </div> </details>https://blog.xpdbk.com/en/posts/web-hax/Fri, 11 Nov 2022 00:00:00 +0700https://blog.xpdbk.com/en/posts/web-hax/<img src="https://blog.xpdbk.com/en/posts/web-hax/hax.webp" alt="Featured image of post Uninstall Apache Advanced Edition" /><h1 id="uninstall-apache-advanced-edition"> <a href="#uninstall-apache-advanced-edition" class="heading-anchor" aria-label="Anchor for Uninstall Apache Advanced Edition">#</a> Uninstall Apache Advanced Edition </h1> <blockquote> <p><strong>TL;DR / [Geek Summary]:</strong></p> <ul> <li>Clean Slate: Completely purge redundant Apache2 services to reclaim occupied port 80/443 resources.</li> <li>Deep Scrub: Use <code>apt-get --purge</code> to wipe binaries/configs and <code>find | xargs rm</code> to hunt down and eliminate lingering fragments.</li> <li>Geek Goal: Clear the deck for Nginx or custom web stacks, keeping your server environment lightweight and manageable.</li> </ul> </blockquote> <h2 id="delete-apache"> <a href="#delete-apache" class="heading-anchor" aria-label="Anchor for Delete apache">#</a> Delete apache </h2> <p>Apache2 is installed by default. Now uninstall this service.</p> <h2 id="1-find-web-services"> <a href="#1-find-web-services" class="heading-anchor" aria-label="Anchor for 1. Find web services">#</a> 1. Find web services </h2> <p>Use the following command:</p> <blockquote> <p><code>dpkg -l | grep apache2</code></p> </blockquote> <h2 id="2-delete-apache2"> <a href="#2-delete-apache2" class="heading-anchor" aria-label="Anchor for 2. Delete apache2">#</a> 2. Delete apache2 </h2> <p>The deletion command is as follows:</p> <p><code>apt-get --purge remove apache2</code></p> <p><code>apt-get --purge remove apache2-doc</code></p> <p><code>apt-get --purge remove apache2-utils</code></p> <p><code>apt-get --purge remove apache2-bin</code></p> <p><code>apt-get --purge remove apache2-data</code></p> <h2 id="3-delete-redundant-files"> <a href="#3-delete-redundant-files" class="heading-anchor" aria-label="Anchor for 3. Delete redundant files">#</a> 3. <strong>Delete redundant files</strong> </h2> <p>After the above execution, execute the following command:</p> <p><code>find /etc -name &quot;apache&quot; |xargs rm -rf</code></p> <p><code>rm -rf /var/www</code></p> <p><code>rm -rf /etc/libapache2-mod-jk</code></p> <h2 id="4-finally"> <a href="#4-finally" class="heading-anchor" aria-label="Anchor for 4. Finally">#</a> 4. Finally </h2> <p>Port 80 is released, no problem.</p>