别名< cmd>到“do X then< cmd>”。透明 [英] Alias <cmd> to "do X then <cmd>" transparently

问题描述

标题很烂，但我不知道我想要做的正确的术语，如果我知道我现在可能找到了答案！

问题：

由于过热的端口扫描器（客户的网络监视器）和一个过于简单的telnet守护进程busybox linux）每次端口23被扫描，telnetd启动 / bin / login 的另一实例等待通过telnet的用户输入。

由于端口扫描器实际上并没有尝试登录，没有会话，因此没有会​​话超时，所以我们很快就结束了一个庞大的僵尸副本 / bin / login 运行。

我想要解决的问题： p>

telnetd 为我们提供启动选项（ -l <​​/ code> / bin / login ，所以我想我们可以替换 / bin / login c>用一个bash脚本杀死旧登录进程，然后正常运行 / bin / login ：

 ＃！/ bin / sh 
＃首先杀掉任何现有的悬挂登录
＃/ bin / login在成功登录时消失，所以
＃应该只有一个
 killall -q login 
 
＃现在运行login 
 / bin / login 
  

但是这似乎立即返回（没有错误，但没有登录提示）。我也试过只是链接命令在telnetd的参数：

telnetd - -lkillall -q login; / bin / login code>

但这似乎不工作（再次 - 没有错误，但没有登录提示）。我确定这里有一些明显的皱纹。

系统是嵌入式Linux 2.6.x运行Busybox，所以保持简单是最好的选择

：我可以不让脚本可执行，

解决方案

右键，我固定它，因为我怀疑有一个皱纹，我失踪：

exec / bin / login

我需要 exec 将控制权交给 / bin / login

因此，telnet守护进程是这样​​启动的：

  usr / sbin / telnetd -l / usr / sbin / not_really_login 
  

登录脚本是：

 ＃！/ bin / sh 
 echo -n终止旧登录...
 killall -q login 
 echo... done
 exec / bin / login 
  

b $ b

并且所有的工作，因为它应该，在telnet连接我们得到这个：

  ** MOTD Etc .. 。** 
 
杀死旧登录... done 
 
登录：zero_cool 
密码：
  

我们可以照常登录。

我唯一没有想到的是if我们可以检测 / bin / login （如果我们杀了它）的退出状态，并打印一条消息：太慢了，吸盘！ c $ c>或类似的。 TBH虽然，这是一个可以等待一个下雨天，我只是很高兴我们的东西不能通过Telnet的DDOS的可贵了！

The title sucks but I'm not sure of the correct term for what I'm trying to do, if I knew that I'd probably have found the answer by now!

The problem:

Due to an over-zealous port scanner (customer's network monitor) and an overly simplistic telnet daemon (busybox linux) every time port 23 gets scanned, telnetd launches another instance of /bin/login waiting for user input via telnet.

As the port scanner doesn't actually try to login, there is no session, so there can be no session timeout, so we quickly end up with a squillion zombie copies of /bin/login running.

What I'm trying to do about it:

telnetd gives us the option (-l) of launching some other thing rather than /bin/login so I thought we could replace /bin/login with a bash script that kills old login processes then runs /bin/login as normal:

#!/bin/sh
# First kill off any existing dangling logins
# /bin/login disappears on successful login so
# there should only ever be one
killall -q login

# now run login
/bin/login

But this seems to return immediately (no error, but no login prompt). I also tried just chaining the commands in telnetd's arguments:

telnetd -- -l "killall -q login;/bin/login"

But this doesn't seem to work either (again - no error, but no login prompt). I'm sure there's some obvious wrinkle I'm missing here.

System is embedded Linux 2.6.x running Busybox so keeping it simple is the greatly preferred option.

EDIT: OK I'm a prat for not making the script executable, with that done I get the login: prompt but after entering the username I get nothing further.

解决方案

Right, I fixed it, as I suspected there was a wrinkle I was missing:

exec /bin/login

I needed exec to hand control over to /bin/login rather than just call it.

So the telnet daemon is started thusly:

/usr/sbin/telnetd -l /usr/sbin/not_really_login

The contents of the not-really-login script are:

#!/bin/sh
echo -n "Killing old logins..."
killall -q login
echo "...done"
exec /bin/login

And all works as it should, on telnet connect we get this:

**MOTD Etc...**

Killing old logins......done

login: zero_cool
password: 

And we can login as usual.

The only thing I haven't figured out is if we can detect the exit-status of /bin/login (if we killed it) and print a message saying Too slow, sucker! or similar. TBH though, that's a nicety that can wait for a rainy day, I'm just happy our stuff can't be DDOS'ed over Telnet anymore!

这篇关于别名< cmd>到“do X then< cmd>”。透明的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！