Redhat series system basic protection
setting account validity period: use the chage tool
account lockout: use the passwd command to
force the file to periodically change the password: /etc/login.defs (only valid for new users)
modify the login prompt and reduce the system's private information / etc / issue, /etc/issue.net
disable non-essential system service
lock to protect some confidential files: use chattr tool to append file's i attribute, a attribute
user switch: su [-] username
security log record: / var / log / secure
user privilege escalation :
check your own sudo authorization: sudo -l
execute privilege: sudo privilege command or sudo [-u target user] privilege command
configures sudo authorization file: / etc / sudoers
has a default wheel group, you can All commands should be commented out!
SSH access control:
protective measures: user restrictions, black and white lists, changing authentication methods, password verification to key pairs, firewalls, limiting the number of authentications, enabling high-
end SSH protocol and other server configuration files: ../ssh/sshd_config
key Verification: Check whether the client's private key matches the server's public key
AuthorizedKeysFile Specify the public key text
Private key file: id_rsa Public key file: id_rsa.pub
Create an SSH key pair: Use the ssh-keygen tool, and the default RSA encryption.
Deploy SSH public key: use ssh-copy-id or copy the public key file
:
MD5 integrity check: use md5sum verification tool
GPG encryption and decryption:
official website: http://www.gnupg.org/
GPG supports many algorithms, supports
basic encryption such as symmetric encryption, asymmetric encryption, hashing, etc . : gpg -c Document
basic decryption: gpg -d encrypted document
GPG asymmetric encryption and decryption:
1. Create key pair: gpg --gen-key
2. View key pair: gpg --list-keys
3. Export public key: gpg -a --export User B> File with public key
4. Import public key: gpg --import File
with public key GPG software signature and verification:
1. Signature: gpg -b file
2. Import public key: gpg --import
3. Verify: gpg --verify
AIDE intrusion detection system
software package: aide
default configuration file: /etc/aide.conf
1. Initial detection: before being attacked (generally when the system is just installed), perform a verification operation: aide --init
2. copy verification file to a safe storage, mobile hard disk
if it considers intrusion, check files before the backup restore: cp suspected of being infected document validation file location directory, execute aide --check
Scanning and packet capture
NMAP scanning: network detection, host and port discovery, etc.
Basic usage: nmap [scan type] [options] <scan target>
Common scan types: -sS, -sT, -sU, -sP, -A,- p
tcpdump packet capture: extract TCP data packets
Basic usage: tcpdump [options] [filter conditions]
Common monitoring options: -i, -A, -w, -r
access POP3 service of 1.1.1.1: tcpdump -A dst host 1.1. 1.1 and tcp port 110