---

1. 介绍

2. Systemctl and Services

root@node2:~# apt-get install snapd
root@node2:~# systemctl start snapd
root@node2:~# systemctl status snapd
● snapd.service - Snap Daemon
   Loaded: loaded (/lib/systemd/system/snapd.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2021-05-25 05:18:53 PDT; 1s ago
 Main PID: 16265 (snapd)
    Tasks: 9 (limit: 2333)
   CGroup: /system.slice/snapd.service
           └─16265 /usr/lib/snapd/snapd

May 25 05:18:53 node2 systemd[1]: Starting Snap Daemon...
May 25 05:18:53 node2 snapd[16265]: AppArmor status: apparmor is enabled and all features are available
May 25 05:18:53 node2 snapd[16265]: patch.go:64: Patching system state level 6 to sublevel 1...
May 25 05:18:53 node2 snapd[16265]: patch.go:64: Patching system state level 6 to sublevel 2...
May 25 05:18:53 node2 snapd[16265]: patch.go:64: Patching system state level 6 to sublevel 3...
May 25 05:18:53 node2 snapd[16265]: daemon.go:347: started snapd/2.49.2+18.04 (series 16; classic) ubuntu/16.04 (amd64) linux/4.4.0-142-generic.
May 25 05:18:53 node2 snapd[16265]: daemon.go:440: adjusting startup timeout by 30s (pessimistic estimate of 30s plus 5s per snap)
May 25 05:18:53 node2 systemd[1]: Started Snap Daemon.


root@node2:~# systemctl list-units --type=service --state=running |grep snap
snapd.service               loaded active running Snap Daemon    


root@node2:~# systemctl stop snapd
Warning: Stopping snapd.service, but it can still be activated by:
  snapd.socket
root@node2:~# systemctl disable snapd
Removed /etc/systemd/system/multi-user.target.wants/snapd.service.

3. Install and investigate Services

root@node2:~# apt-get install -y vsftpd samba

root@node2:~# systemctl status vsftpd
● vsftpd.service - vsftpd FTP server
   Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2021-05-25 05:25:26 PDT; 47s ago
 Main PID: 26713 (vsftpd)
    Tasks: 1 (limit: 2333)
   CGroup: /system.slice/vsftpd.service
           └─26713 /usr/sbin/vsftpd /etc/vsftpd.conf

May 25 05:25:26 node2 systemd[1]: Starting vsftpd FTP server...
May 25 05:25:26 node2 systemd[1]: Started vsftpd FTP server.
root@node2:~# systemctl status smbd
● smbd.service - Samba SMB Daemon
   Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:smbd(8)
           man:samba(7)
           man:smb.conf(5)
root@node2:~# systemctl start smbd
root@node2:~# systemctl status smbd
● smbd.service - Samba SMB Daemon
   Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2021-05-25 05:26:32 PDT; 1s ago
     Docs: man:smbd(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 29800 (smbd)
   Status: "smbd: ready to serve connections..."
    Tasks: 4 (limit: 2333)
   CGroup: /system.slice/smbd.service
           ├─29800 /usr/sbin/smbd --foreground --no-process-group
           ├─29803 /usr/sbin/smbd --foreground --no-process-group
           ├─29804 /usr/sbin/smbd --foreground --no-process-group
           └─29805 /usr/sbin/smbd --foreground --no-process-group

May 25 05:26:31 node2 systemd[1]: Starting Samba SMB Daemon...
May 25 05:26:32 node2 systemd[1]: Started Samba SMB Daemon.


root@node2:~# ps aux |grep vsftpd
root      26713  0.0  0.1  27068  2860 ?        Ss   05:25   0:00 /usr/sbin/vsftpd /etc/vsftpd.conf
root      31002  0.0  0.0  14416  1124 pts/0    S+   05:27   0:00 grep --color=auto vsftpd
root@node2:~# ps aux |grep smbd
root      29800  0.1  1.0 351556 20892 ?        Ss   05:26   0:00 /usr/sbin/smbd --foreground --no-process-group
root      29803  0.0  0.2 341808  5796 ?        S    05:26   0:00 /usr/sbin/smbd --foreground --no-process-group
root      29804  0.0  0.2 341800  4500 ?        S    05:26   0:00 /usr/sbin/smbd --foreground --no-process-group
root      29805  0.0  0.2 351556  5484 ?        S    05:26   0:00 /usr/sbin/smbd --foreground --no-process-group
root      31218  0.0  0.0  14416  1048 pts/0    S+   05:27   0:00 grep --color=auto smbd



root@node2:~# netstat -ntlp 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:10248         0.0.0.0:*               LISTEN      9920/kubelet    
tcp        0      0 127.0.0.1:10249         0.0.0.0:*               LISTEN      13541/kube-proxy
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      29800/smbd      
tcp        0      0 192.168.211.42:9099     0.0.0.0:*               LISTEN      59899/calico-node
tcp        0      0 0.0.0.0:179             0.0.0.0:*               LISTEN      14549/bird      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      897/sshd        
tcp        0      0 192.168.211.42:36632    0.0.0.0:*               LISTEN      9920/kubelet    
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      29800/smbd      
tcp6       0      0 :::10250                :::*                    LISTEN      9920/kubelet    
tcp6       0      0 :::139                  :::*                    LISTEN      29800/smbd      
tcp6       0      0 :::10256                :::*                    LISTEN      13541/kube-proxy
tcp6       0      0 :::21                   :::*                    LISTEN      26713/vsftpd    
tcp6       0      0 :::22                   :::*                    LISTEN      897/sshd        
tcp6       0      0 :::445                  :::*                    LISTEN      29800/smbd      



root@node2:~# vim /etc/samba/smb.conf 
interfaces = 127.0.0.0/8 eth0  #取消注释

bind interfaces only = yes     #取消注释

root@node2:~# systemctl restart smbd.service 

#127.0.0.1绑定
root@node2:~# netstat -ntlp |grep smbd
tcp        0      0 127.0.0.1:139           0.0.0.0:*               LISTEN      36416/smbd      
tcp        0      0 127.0.0.1:445           0.0.0.0:*               LISTEN      36416/smbd      

4. Disable application on port

root@node2:~# netstat -nltp |grep 21
tcp        0      0 192.168.211.42:9099     0.0.0.0:*               LISTEN      59899/calico-node
tcp        0      0 192.168.211.42:36632    0.0.0.0:*               LISTEN      9920/kubelet    
tcp6       0      0 :::21                   :::*                    LISTEN      26713/vsftpd    
root@node2:~# lsof -i :21
COMMAND   PID USER   FD   TYPE   DEVICE SIZE/OFF NODE NAME
vsftpd  26713 root    3u  IPv6 19811710      0t0  TCP *:ftp (LISTEN)
root@node2:~# systemctl list-units --type service |grep ftp
vsftpd.service                     loaded active running vsftpd FTP server                                                 
root@node2:~# systemctl status vsftpd
● vsftpd.service - vsftpd FTP server
   Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2021-05-25 05:25:26 PDT; 8min ago
 Main PID: 26713 (vsftpd)
    Tasks: 1 (limit: 2333)
   CGroup: /system.slice/vsftpd.service
           └─26713 /usr/sbin/vsftpd /etc/vsftpd.conf

May 25 05:25:26 node2 systemd[1]: Starting vsftpd FTP server...
May 25 05:25:26 node2 systemd[1]: Started vsftpd FTP server.
root@node2:~# systemctl stop vsftpd
root@node2:~# systemctl status vsftpd
● vsftpd.service - vsftpd FTP server
   Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Tue 2021-05-25 05:34:07 PDT; 2s ago
  Process: 26713 ExecStart=/usr/sbin/vsftpd /etc/vsftpd.conf (code=killed, signal=TERM)
 Main PID: 26713 (code=killed, signal=TERM)

May 25 05:25:26 node2 systemd[1]: Starting vsftpd FTP server...
May 25 05:25:26 node2 systemd[1]: Started vsftpd FTP server.
May 25 05:34:07 node2 systemd[1]: Stopping vsftpd FTP server...
May 25 05:34:07 node2 systemd[1]: Stopped vsftpd FTP server.
root@node2:~# netstat -nltp |grep 21
tcp        0      0 192.168.211.42:9099     0.0.0.0:*               LISTEN      59899/calico-node
tcp        0      0 192.168.211.42:36632    0.0.0.0:*               LISTEN      9920/kubelet    

5. Investigate Linux Users

root@node2:~# whoami
root
root@node2:~# tail /etc/passwd
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
syslog:x:104:108::/home/syslog:/bin/false
_apt:x:105:65534::/nonexistent:/bin/false
messagebus:x:106:110::/var/run/dbus:/bin/false
uuidd:x:107:111::/run/uuidd:/bin/false
spectre:x:1000:1000:ubuntu64,,,:/home/spectre:/bin/bash
sshd:x:108:65534::/var/run/sshd:/usr/sbin/nologin
grafana:x:1001:1001::/home/grafana:
ftp:x:103:105:ftp daemon,,,:/srv/ftp:/bin/false
root@node2:~# su ubuntu
No passwd entry for user 'ubuntu'
root@node2:~# su - ubuntu
No passwd entry for user 'ubuntu'
root@node2:~# useradd test
root@node2:~# passwd test
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
root@node2:~# su test
test@node2:/root$ whoami
test
test@node2:/root$ exit
exit
root@node2:~# ps aux |grep bash
root      49317  0.0  0.0  14416  1068 pts/0    S+   05:40   0:00 grep --color=auto bash
spectre   62942  0.0  0.2  22708  5016 pts/0    Ss   May24   0:00 -bash
root      63061  0.0  0.2  23060  5736 pts/0    S    May24   0:00 -bash
root@node2:~# su test
test@node2:/root$ ps aux |grep bash
test      49440  0.0  0.1  21384  3936 pts/0    S    05:40   0:00 bash
test      49555  0.0  0.0  14416  1128 pts/0    S+   05:40   0:00 grep bash
spectre   62942  0.0  0.2  22708  5016 pts/0    Ss   May24   0:00 -bash
root      63061  0.0  0.2  23060  5736 pts/0    S    May24   0:00 -bash

6. 总结