1. System account cleanup
1. Set the shell of non-login users to /sbin/nologin;
2. Lock accounts that are not used for a long time;
3. Delete useless accounts;
4. Lock account files passwd, shadow
Second, the usage of chattr command
1. "+": Add parameters based on the original parameter setting;
2. "-": Remove the parameter based on the original parameter setting;
3. "="; Update to the specified parameter setting.
"A": The atime (access time) of a file or directory cannot be modified (modified), which can effectively prevent the occurrence of disk I/O errors such as laptop computers;
"S": Hard disk I/O synchronization option, similar to sync;
"A": Append. After setting the parameters, you can only add data to the file, but not delete it. It is mostly used for server log file security. Only root can set this attribute;
"c", namely compresse, whether to set the file Save after compression, and need to go through automatic decompression operation when reading;
"d": no dump setting file cannot be the backup target of the dump program;
"i": setting file cannot be deleted, renamed, set link relationship , And cannot write or add content. The i parameter is very helpful to the security setting of the file system;
"j": namely journal, set this parameter so that when the file system is mounted by the mount parameter: data=ordered or data=writeback, the file will be Record (in the journal). If the filesystem parameter is set to data=journal, this parameter is automatically invalid;
"s": delete files or directories confidentially, that is, all hard disk space is recovered;
"u": contrary to s, when set to u , The data content is actually stored in the disk and can be used for undeletion.
Commonly used in various parameter options are "a" and "i". The "a" option forces can only be added and cannot be deleted. It is mostly used for the security settings of the log system, while "i" is a more stringent security setting, which can only be applied by superuser (root) or processes with CAP_Linux_IMMUYABLE processing capabilities (identification) The option.
Examples of the application of the chattr command:
1. The setting file /etc/passwd /etc/shadow cannot be modified, deleted, link created and verified
2. Unlock and yanzheng
3. Password security control
1. Set the password validity period;
2. Ask the user to log in to change the password next time.
vi /etc/login.defs
……
PASS_MAX_DATS 30
(for new users)
chage –M 30 aaa (applicable to existing users)
chage –d 0 aaa (force to change the password at the next login)
Four, command history restrictions
1. Reduce the number of recorded commands;
vi /etc/profile
HISTSIZE=200
2. Automatically clear historical commands when logging off.
vi ~/.bash_logout
history -c
clear
history -c
This command can clear all the output commands of this login, but does not clear the .bash_history file, so after the next login, the old commands will still appear. The history commands are the ./bash_history file that exists in the current user's root directory.
echo> $home./
bash_history There is a .bash_history file in the root directory of each user to save historical commands. When logging out each time, the commands executed during this login will be written into this file. Therefore, the file can be cleared directly, the last saved command will disappear after the next login, and the clearing effect will take effect in the next login.
Five, use the su command to switch users
1. Purpose: Substitute User to switch users;
2. Format: su target user
Six, password verification
1. Root—any user does not verify the password;
2. Ordinary user—other users verify the password of the target user.
Seven, restrict users who use the su command
1. Add users who are allowed to use the su command to the wheel group;
2. Enable the pam_wheel authentication module.
Eight: PAM security certification process
The control type is also called Control Flags, which is used to return the result of the PAM verification type.
1. Required verification continues, but returns Fail;
2. When requisite verification fails, it ends the entire verification process and returns Fail;
3. If sufficien verification succeeds, it returns immediately without continuing, otherwise ignore the result and continue;
4. optional Not used for verification, only display information (usually used for session type)
Nine, the composition of PAM verification
1. To see if a program supports PAM authentication, you can use the ls command.
Example: Check if su supports PAM module authentication
2. View the PAM configuration file of su
1. Each line is an independent authentication process;
2. Each line can be divided into three fields:
authentication type, control type, PAM module and its parameters
PAM authentication types include four types:
authentication management: accept the user name and password, and then authenticate the user’s password;
account management: check whether the account is allowed to log in to the system, whether the account has expired, and the account Is there any time period limitation for the login;
password management: mainly used to modify the user’s password;
session management: mainly to provide session management and accounting.
10. PAM authentication principle
1. Generally follow the order:
Service (service)-PAM (configuration file)-pam_*.so
2. First determine which service, and then load the corresponding PAM configuration file (located in /etc/pam.d Under), finally call the authentication file (located under /lib/security) for security authentication
3. When the user accesses the server, a certain service program of the server sends the user's request to the PAM module for authentication
4. Different application programs correspond to PAM modules are different
11. The hidden dangers of su command
1. By default, any user is allowed to use the su command, and has the opportunity to repeatedly try the login password of other users (such as root), which brings security risks;
2. In order to strengthen the control of the use of the su command, the PAM authentication module can be used. Only a few users are allowed to switch using the su command.
12. PAM pluggable authentication module
1. It is an efficient, flexible and convenient user-level authentication method;
2. It is also a commonly used authentication method for current Linux servers.
Thirteen, use sudo mechanism to increase permissions
1. Purpose and usage of sudo command
(1), execute authorized commands with other identities (such as root)
(2), usage: sudo authorized commands
2. Configure sudo authorization
3. The meaning of the 4 ALL
(1), from left to right, the first ALL represents the user;
(2), from left to right, the second ALL represents the machine;
(3), from left to right The third ALL represents the new user identity (sun_as_user, such as root);
(4) The fourth ALL from left to right represents the command.
Example
sudo -l can view the results
4. View sudo operation records
(1), need to enable the Defaults logfile configuration;
(2), the default log file: /var/log/sudo
14. GRUB restrictions
1. Use grub2-mkpasswd-pdkdf2 to generate a key;
2. Modify the /etc/grub.d/00_header file and add key records;
3. Generate a new grub.cfg configuration file
15. Restrict root to log in only on secure terminals
1. Secure terminal configuration: /etc/securetty
16. Ordinary users are prohibited from logging in
1. Create /etc/nologin file
2. Delete nologin file or restore to normal after restart
17. Joth the Ripper, referred to as JR
1. A cryptanalysis tool that supports dictionary brute force cracking;
2. Through password analysis of shadow files, the password strength can be detected;
3. Official website: http://www.openwall.com/john/
Operation process:
18. Network scanning
rpm -ivh /mnt/Packages/nmap-****.rpm install the nmap package
nmap -sT (tcp connection scan) 127.0.0.1, 192.168.4.0/24\192.168.4.100-200
-sU (UDP scan) 127.0 .0.1, 192.168.4.0/24\192.168.4.100-200
-sP (icmp connection scan) 127.0.0.1, 192.168.4.0/24\192.168.4.100-200
-sS (tcp syn connection scan) 127.0.0.1, 192.168. 4.0/24\192.168.4.100-200
-p (specified port scan) 127.0.0.1, 192.168.4.0/24\192.168.4.100-200