一、內核提權
由於目前fullnat用的內核是2.6.32-220.23.1.e16這個版本。最近存在內核提權的漏洞。這次受影響的存在於centos6中除了6.5的所有系統。
烏雲上已經公佈了http://zone.wooyun.org/content/3733
解決的辦法是:
sysctl kernel.perf_event_paranoid=2
並寫到/etc/sysctl.conf關於kernel.perf_event_paranoid:
kernel.perf_event_paranoid = 2: you can't take any measurements. The perf utility might still be useful to analyse existing records with perf ls, perf report, perf timechart or perf trace. kernel.perf_event_paranoid = 1: you can trace a command with perf stat or perf record, and get kernel profiling data. kernel.perf_event_paranoid = 0: you can trace a command with perf stat or perf record, and get CPU event data. kernel.perf_event_paranoid = -1: you get raw access to kernel tracepoints (specifically, you can mmap the file created by perf_event_open, I don't know what the implications are).
如果想直接打到內核中,修改kernel/events/core.c,找到int sysctl_perf_event_paranoid在最後改成2。然後搭乘patch,做成內核rpm包
二、待續