1. System-level security reinforcement
*
Basic security measures
*
Switch user su
*
Elevate permissions sudo
*
PAM security authentication
*
Switch and security control
*
Terminal login security settings
*
Weak password detection
*
Port detection (NMAP)
2. System line number cleaning
(1). Change the non-login user shell to /sbin/nologin
*
usermod -s
*
chsh interactive mode
*
chsh -s /bin/bash/amber
*
chattr +a 1.txt to 1.txt Add a lock, only cp and echo
*
chattr -a 1.txt minus a lock
*
chattr +i 1.txt add i lock to 1.txt only cp
*
chattr -i 1.txt minus i lock
*
lsattr view Lock added
*
grep "bash$"/etc/passwd (check the logged-in user)
(2). Password security mechanism
*
Set the password validity period, modify the existing password validity period
chage -M 天数 用户名 ,passwd -x 天数 用户名
*
Newly added users also have password validity period settings by default
cp /etc/login.defs{,.ori} #备份
ls /etc/login.defs*
/etc/login.defs /etc/login.defs.ori
vim /etc/login.defs
PASS_MAX_DAYS 30 #有效期改为30天
*
Require users to change their password the next time they log in
chage -d 0 用户名
*
echo "123123"|psswd --stdin tom change tom password
*
passwd -l usermod -L lock account
*
userdel delete useless account
3. Historical command limit ($: call variable value echo $HISTSIZE)
(1). Reduce the number of historical commands
*
vi edit /etc/profile, modify the value after "HISTSIZE=" (permanently change)
*
export HISTSIZE=value ( Temporary)
*
Note: /etc/profile environment variable, after changing, use the command source /etc/profile to make it effective
*
source /etc/profile is the same as. /etc/profile
(2). Automatically clear the history command
vim bash_logout when logging out , add history -c
4. Terminal automatically log out
*
vi edit /etc/profile, add "TMOUT=number (seconds)"
*
export TMOUT=number (temporary)
5. The su command operation record is recorded in the security log
/var/log/secue 6.
sudo elevation command
* The
su command is that the root password is inconvenient to inform widely, so it can be realized by using the sudo command or the wheel group.
*
visudo or vi /etc/sudoers add configuration content
*
press shift +3 in vi to quickly find the same word
7. PAM security authentication, only allow individual users to use su, in /etc/pam.d/su (not important)
8. Switch the machine safe, set the password in security in the BIOS, and enter the password in the BIOS. (You can only remove the motherboard battery after forgetting the password)
9. Cancel the control-alt-delete hotkey
vi /etc/init/contro-alt-delete.conf Comment out
10. Prohibit ordinary user login
method: touch /etc/nologin, delete The empty file /etc/nologin can be restored.
11. Weak password detection
JR (john the RIpper)
cryptanalysis tool supports dictionary or brute force cracking. Through password analysis of shadow files, passwords can be detected and content can be added to the dictionary.
*
Unzip the tar package
*
Go to the decompressed src directory and execute make clean
*
Go to the decompressed run directory and execute the command
12. Port detection (NMAP)
*
NMAP: powerful network scanning, security detection tool
*
Syntax: nmap [scan type] [option] <scan target>
13. Inode and block
read all sectors as "blocks" at one time, common 4kB: block
inode of 8 sectors : where meta-information exists.
A file must occupy one inode, at least one block.
14. Three times
*
Access: Access time, modify: content modification time, change: attribute modification time
*
ls -lu: view access, ls -lc: view change, ls -l: view modify
*
stat view all
15. The record of block in the inode contains: 12 direct, 1 indirect, 1 double indirect, 1 triple indirect
16.ls -i, df -i, dump2fs -n, tune2fs -l view inode
17. Set the inode and block
mkfs.ext4 -N inode number -b block size device name
mkfs.xfs -b size=1024 /dev/sdb1
18. Link
*
hard link (hard link) → inode number
*
soft link (soft link )→software name (symbolic link)
*
Hard link is not allowed to link to the root directory
*
Syntax: Hard link: ln source file target file
*
Soft link: ln -s source file or directory target file or directory
19. Recovering accidentally deleted files
*
The ext file system under linux can use a tool: debugfs. ext3grep. extundelete
*
extundelete supports ext3 and ext4 file systems
*
date -d "20200727"%s formatted output date
Common options:
*
–inode value specifies the number of inode numbers to start to display
*
–restore-file file name to restore a file deleted by mistake
*
–restore-all restore all deleted files
*
–after dtime after a certain point in time Deleted files
*
--before dtime Deleted files before a certain point in time
20. Log file
*
Function: Record various system operation information files
*
Classification: Kernel-level system log /etc/ryslog.conf
*
User log
*
Program log
