记录一次因为mount dev导致的问题,以及audit添加审计日志
因为使用mount ,导致产生了大量的dev的mount结果
udev on /home/minipython/equafl_test/firmadyne/image_7_httpd_1/dev type devtmpfs (rw,nosuid,relatime,size=49129800k,nr_inodes=12282450,mode=755,inode64)
udev on /home/minipython/equafl_test/firmadyne/image_32_httpd_1/dev type devtmpfs (rw,nosuid,relatime,size=49129800k,nr_inodes=12282450,mode=755,inode64)
udev on /home/minipython/equafl_test/firmadyne/image_35_httpd_1/dev type devtmpfs (rw,nosuid,relatime,size=49129800k,nr_inodes=12282450,mode=755,inode64)
udev on /home/minipython/equafl_test/firmadyne/image_36_httpd_1/dev type devtmpfs (rw,nosuid,relatime,size=49129800k,nr_inodes=12282450,mode=755,inode64)
udev on /home/minipython/equafl_test/firmadyne/image_37_httpd_1/dev type devtmpfs (rw,nosuid,relatime,size=49129800k,nr_inodes=12282450,mode=755,inode64)
udev on /home/minipython/equafl_test/firmadyne/image_7_httpd_1/dev type devtmpfs (rw,nosuid,relatime,size=49129800k,nr_inodes=12282450,mode=755,inode64)
udev on /home/minipython/equafl_test/firmadyne/image_32_httpd_1/dev type devtmpfs (rw,nosuid,relatime,size=49129800k,nr_inodes=12282450,mode=755,inode64)
udev on /home/minipython/equafl_test/firmadyne/image_35_httpd_1/dev type devtmpfs (rw,nosuid,relatime,size=49129800k,nr_inodes=12282450,mode=755,inode64)
udev on /home/minipython/equafl_test/firmadyne/image_36_httpd_1/dev type devtmpfs (rw,nosuid,relatime,size=49129800k,nr_inodes=12282450,mode=755,inode64)
udev on /home/minipython/equafl_test/firmadyne/image_37_httpd_1/dev type devtmpfs (rw,nosuid,relatime,size=49129800k,nr_inodes=12282450,mode=755,inode64)
而且mount之后最大的问题在于,使用的root权限在模糊测试后会将pts删除,pts是伪终端,如果该dev文件被删除,就会导致sudo无法使用。
解决方案是在一个有root权限的终端情况下,运行以下命令重新生成dev文件
sudo mount -t devpts devpts /dev/pts sudo rm -f /dev/ptmx sudo ln -s /dev/pts/ptmx /dev/ptmx # 修复ptmx sudo rm -f /dev/null sudo mknod -m 666 /dev/null c 1 3 sudo chown root:root /dev/null # 修复 devnull sudo chmod 666 /dev/pts/ptmx # 设置666
sudo auditctl -w /dev/ptmx -p wa
浙公网安备 33010602011771号