Hello, I’m Jay Chou
This day, however, Redis worked as usual, and soon received a SAVE command.
Although this Redis is often used as a cache, data only exists in memory, but it can also pass throughSAVECommand to save data in memory to a disk file for persistent storage.
What the hell is going on? Redis looked stunned.
It all started a month ago.
Dig the virus
A month ago, a sudden alarm broke the quiet night of the Linux empire, and CPU usage skyrocketed. No one was responsible. With the help of Unhide, the hidden process was finally uncovered. I thought the crisis had been resolved, but unexpectedly
It was late in the night when suddenly the security alarm went off again.
“Minister, rm that boy is a fake, today he cheated us, mining virus did not delete, and again!”
The security minister looked to the sky in the distance, and the fans at the gate of the CPU factory began to run wildly again
In desperation, the minister had to summon everyone again.
Once again, Unhide shows his skill and catches several hidden processes. Kill elder brother holding their PID, hand up knife down, clean action.
This time, before the real RM could be found, the minister took matters into his own hands and cleaned up the several program files.
“Minister, going on like this is not an option. We have to think of a long-term solution.” “Said Top from the side.
“We must find out who did this!” “, ps said.
“How they got in, we need to find out!” “Netstat said.
“Yes, yes, yes,” everyone agreed.
The minister stood up and said, “You are right. Before you arrived, I had arranged for my assistant to check it out. I am sure there will be some clues soon.”
At this point, the firewall came forward and said, “In order to prevent leakage of information, it is recommended to stop all network connections.”
“Worth mentioning, this three more midnight, the business impact is not big, stop!” “, the security minister said.
Soon after, the assistant hurried back and whispered in the minister’s ear. The security minister’s face changed.
“SSHD will stay, and the others can leave,” the minister said.
Everyone has dispersed, leaving only SSHD, the heart feel uneasy.
“Wait, kill also stay,” the minister added.
Hearing this, SSHD’s heart beat faster.
SSHD was shocked and asked: “Is the login password leaked?”
“Probably not, it is using the public and private key to avoid secret login,” the side of the assistant replied.
“Look, in the /root/.ssh/authorized_keys file, we found a new login public key, which was not available before.” The assistant then printed the contents of the file:
[root@xuanyuan ~]# cat .ssh/authorized_keysSSH - rsa AAAAB3NzaC1yc2EAAAADAQABA · · · · · ·Copy the code“I didn’t do it,” SSHD said hastily.
“Remote login, isn’t that your business?” “The assistant asked.
“Yes, I was in charge, but I only followed the procedure. He had to write in the public key before he could log in, so who wrote in the public key, that’s the key!” , SSHD said.
“You’re right, don’t be nervous. Think about it. Have you seen anyone move this file?” “Said the minister, patting the SSHD on the shoulder.
“I didn’t notice that.”
The minister frowned, walked back and forth a few steps, said: “Well, this public key we clean first. When you get back, keep an eye on this file and let me know if anyone accesses it.”
“Okay,” SSHD then leaves, finding herself in a cold sweat.
The murderer emerge
Time flies, a month has passed.
Since the public key in the authorized_keys file was cleaned up, the Linux empire has been quiet for a while and the mining virus intrusion has been forgotten.
Late that night, SSHD dozed off.
/root/.sshDirectory!
SSHD was sleepy and waited for more than a month. Is this guy going to show up?
SSHD felt nervous. Who could it be?
At the moment, SSHD is staring at the authorized_keys file, not daring to blink for fear of missing something.
The SSHD did not hesitate to send a message to the Assistant Minister of Security.
The figure turned around and SSHD saw his face clearly. It was Redis!
The minister, who had received the message, rushed over with his men and stopped Redis before he could write the data.
“Good fellow, unexpectedly inside ghost is you!” “, says SSHD proudly.
Redis looked at the crowd with an aggrieved look on his face. “What are you doing? I didn’t do anything wrong.”
“And you deny it? Come on, why are you writing the authorized_keys file?”
“That’s because I’m going to perform persistent storage, write the data in memory to a file,” Redis replied.
“Why did you write to authorized_keys when you persisted?” “SSHD continued.
“Just received several commands, set the persistent storage file name is this, you can not believe it”, said Redis, just received several commands:
CONFIG SET dir /root/.ssh
CONFIG SET dbfilename authorized_keys
SAVE
Copy the code“The first one specifies the path to save, the second specifies the file name to save, and the third is to save the data to a file,” Redis continues.
The security minister looked carefully at several commands and said, “Show me the data you want to write.”
“That’s a lot. Wait a minute,” Redis said, taking out all the key-value data and scattering it on the floor.
“Look, Minister! “SSHD suddenly shouted.
Following the direction of his finger, a prominent public key appeared.
SSH - rsa AAAAB3NzaC1yc2EAA...Copy the code“It was you!
Redis was still stunned and didn’t know what had happened.
“You’ve been used as a gun! You write this file is not ordinary file, if you write in this, others can log in remotely, before the mining virus is so come in!” , SSHD said.
Horrified, Redis cut off his Internet connection.
“Who gave you the order, and how did you get connected?” “Asked the minister.
Redis lowered his head embarrasedly and just said, “To tell you the truth, I don’t have a password by default, so anyone can access it.”
The security minister’s eyes went wide and he left.
There was a loud shout, and once again Kill raised his knife.
eggs
“No, minister.”
“What’s the matter? All in a hurry.”
“All my data is encrypted!” MySQL breathlessly says
