Common operation and maintenance security bad habits

Enterprise 2021-03-19 01:44:45 views: null

My operation and maintenance security course:

    I Course Link: https://edu.51cto.com/course/27043.html   Author: Zhang Yanfeng, please indicate the source


Common operation and maintenance security bad habits 

    The frequent occurrence of operation and maintenance security incidents is, on the one hand, due to the blank or failure of operation and maintenance or safety regulations, on the other hand, it is also due to the lack of strong operation and maintenance security awareness of operation and maintenance personnel, and the existence of such and other security bad habits in daily work. You can take your seats, and think about whether you have stepped on the same pit once before.

1、iptables

    After modifying iptables, the configuration is not restored, and even iptables is cleared and closed

    It is understandable to temporarily empty iptables for testing purposes, but many people will forget to restore and there is no automatic restoration mechanism.

    [root@localhost ~]# iptables -F

 

2. Script

    The script did not check "*", spaces, and variables.

    If we think that "not only the user's input is unreliable, but also our own input", such pits will be less likely to be stepped on.

    [root@localhost ~]# rm -rf /var1/var2

 

3. Service start

    The service starts listening to all addresses by default

    This is the case with most application default configurations. It is not far from danger to enable monitoring of all addresses without clearing effective access control.

    bind-address 0.0.0.0

 

4. File permissions

    Anyone can read and write when granting too much permissions to the file

    [root@localhost ~]# chmod 777 dir

    [root@localhost ~]# chmod 666 script

 

5. Start the service with root

    For most operation and maintenance, the root is cut as soon as the machine is on, and then the service is started with root as if it were done in one go.

    [root@localhost ~]# nohup ./server &

 

6. Authentication and access control

    Too much trouble does not deserve authentication, and does not deserve access control

    This is similar to monitoring any address, usually due to the default configuration, and users have no intention to reinforce it.

 

7, sudo authorization

    The sudo authorization is too large, which leads to the escalation of the rights of the custom script

    If the *** person can modify the content of the script, it is easy to raise the authority.

    [root@localhost ~]# sudo script.sh

 

8. Root permission object

    Authorize root privileges for development or QA, if he is doing things, you are in trouble?

    We have always emphasized RBAC, but when the operation and maintenance are too busy and the developers and testers have too much demand, many operation and maintenance personnel will directly authorize them with root permissions, and they do not have much control over system-level access, so the vulnerabilities caused are very considerable.

    [root@localhost ~]$ su

    [root@localhost ~]# whoami

    root

 

9, ssh private key

    The key/token/ssh private key is stored in a txt file, and there is also a personal ssh private key on the server

    [root@localhost ~]# ls ~/.ssh

    id_rsa id_rsa.pub

 

10. Code storage awareness

    Publish the work code to the outside world

    I encountered an intern who submitted the project code to github, and the reason for the reply was that git was mismatched. Although I don't know the true or false, but I think that at least they are insufficiently aware of security.

    [root@localhost ~]# git remote add origin

    https://github.com/secondwatchCH/EFS.git

    [root@localhost ~]# git push origin master

 

11. Home directory

    The personal home directory is so sensitive, and some people use it to directly host the service, at least the leak of .bash_history can't run

    [root@localhost ~]# python -m HTTPSimpleServer

 

12. Application selection

    Safety risks are not considered in application selection

    Apache Struts Version:Struts 2.5 - Struts 2.5.12

    Online business uses the s2 version affected by s2-052

 

13. Software Supply Chain

    No concept of software supply chain security

    From the xcode incident to the official discovery of malicious ssh libraries by pip, they all show us a truth: the security of the software supply chain is extremely risky. At present, the common problems among operation and maintenance personnel are:

    ● SSH client or development IDE download from Baidu network disk

    ● Close your eyes and use the applications/libraries/images downloaded from github/pypi/dockerhub and other websites directly to the production environment

    ● The default password or default configuration is not cleared

Guess you like

Origin blog.51cto.com/12760547/2663898
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com