My operation and maintenance security course:
I Course Link: https://edu.51cto.com/course/27043.html Author: Zhang Yanfeng, please indicate the source
Common operation and maintenance security bad habits
The frequent occurrence of operation and maintenance security incidents is, on the one hand, due to the blank or failure of operation and maintenance or safety regulations, on the other hand, it is also due to the lack of strong operation and maintenance security awareness of operation and maintenance personnel, and the existence of such and other security bad habits in daily work. You can take your seats, and think about whether you have stepped on the same pit once before.
1、iptables
After modifying iptables, the configuration is not restored, and even iptables is cleared and closed
It is understandable to temporarily empty iptables for testing purposes, but many people will forget to restore and there is no automatic restoration mechanism.
[root@localhost ~]# iptables -F
2. Script
The script did not check "*", spaces, and variables.
If we think that "not only the user's input is unreliable, but also our own input", such pits will be less likely to be stepped on.
[root@localhost ~]# rm -rf /var1/var2
3. Service start
The service starts listening to all addresses by default
This is the case with most application default configurations. It is not far from danger to enable monitoring of all addresses without clearing effective access control.
bind-address 0.0.0.0
4. File permissions
Anyone can read and write when granting too much permissions to the file
[root@localhost ~]# chmod 777 dir
[root@localhost ~]# chmod 666 script
5. Start the service with root
For most operation and maintenance, the root is cut as soon as the machine is on, and then the service is started with root as if it were done in one go.
[root@localhost ~]# nohup ./server &
6. Authentication and access control
Too much trouble does not deserve authentication, and does not deserve access control
This is similar to monitoring any address, usually due to the default configuration, and users have no intention to reinforce it.
7, sudo authorization
The sudo authorization is too large, which leads to the escalation of the rights of the custom script
If the *** person can modify the content of the script, it is easy to raise the authority.
[root@localhost ~]# sudo script.sh
8. Root permission object
Authorize root privileges for development or QA, if he is doing things, you are in trouble?
We have always emphasized RBAC, but when the operation and maintenance are too busy and the developers and testers have too much demand, many operation and maintenance personnel will directly authorize them with root permissions, and they do not have much control over system-level access, so the vulnerabilities caused are very considerable.
[root@localhost ~]$ su
[root@localhost ~]# whoami
root
9, ssh private key
The key/token/ssh private key is stored in a txt file, and there is also a personal ssh private key on the server
[root@localhost ~]# ls ~/.ssh
id_rsa id_rsa.pub
10. Code storage awareness
Publish the work code to the outside world
I encountered an intern who submitted the project code to github, and the reason for the reply was that git was mismatched. Although I don't know the true or false, but I think that at least they are insufficiently aware of security.
[root@localhost ~]# git remote add origin
https://github.com/secondwatchCH/EFS.git
[root@localhost ~]# git push origin master
11. Home directory
The personal home directory is so sensitive, and some people use it to directly host the service, at least the leak of .bash_history can't run
[root@localhost ~]# python -m HTTPSimpleServer
12. Application selection
Safety risks are not considered in application selection
Apache Struts Version:Struts 2.5 - Struts 2.5.12
Online business uses the s2 version affected by s2-052
13. Software Supply Chain
No concept of software supply chain security
From the xcode incident to the official discovery of malicious ssh libraries by pip, they all show us a truth: the security of the software supply chain is extremely risky. At present, the common problems among operation and maintenance personnel are:
● SSH client or development IDE download from Baidu network disk
● Close your eyes and use the applications/libraries/images downloaded from github/pypi/dockerhub and other websites directly to the production environment
● The default password or default configuration is not cleared