Linux / Centos7 system administration and system security applications
1. Security Account Control
2. Control system boot and logon
3. detecting weak password
4. port scan
First, account security control
1.1 Basic safety measures
1.1.1 System account cleanup
(1) In the Linux system, in addition to the various account users manually created, also includes a number of other accounts with system installation process or generated. In addition to the root user, most of the non-login user (bin, daemon, adm, nobody, lp, apache, etc.) are not logged in.
Use the grep command to view the non-login user as follows:
[root@localhost ~]# grep "/sbin/nologin$" /etc/passwd
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
polkitd:x:999:998:User for polkitd:/:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
libstoragemgmt:x:998:996:daemon account for libstoragemgmt:/var/run/lsm:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
colord:x:997:995:User for colord:/var/lib/colord:/sbin/nologin
saslauth:x:996:76:Saslauthd user:/run/saslauthd:/sbin/nologin
rtkit:x:172:172:RealtimeKit:/proc:/sbin/nologin
pulse:x:171:171:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
chrony:x:995:991::/var/lib/chrony:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
usbmuxd:x:113:113:usbmuxd user:/:/sbin/nologin
geoclue:x:994:989:User for geoclue:/var/lib/geoclue:/sbin/nologin
qemu:x:107:107:qemu user:/:/sbin/nologin
radvd:x:75:75:radvd user:/:/sbin/nologin
setroubleshoot:x:993:988::/var/lib/setroubleshoot:/sbin/nologin
sssd:x:992:987:User for sssd:/:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
gnome-initial-setup:x:991:986::/run/gnome-initial-setup/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologi
avahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
(2) For the long-term Linux servers without user accounts, if unable to determine whether to delete, you can temporarily lock it.
[root@localhost ~]# usermod -L zhangsan
[root@localhost ~]# passwd -S zhangsan
zhangsan LK 2019-11-15 0 99999 7 -1 (密码已被锁定。)
[root@localhost ~]# passwd -u zhangsan
解锁用户 zhangsan 的密码。
passwd: 操作成功
(3) Of course, if the user account has been fixed, no change in the server, you can also take account of the configuration file locking method, using the chattr (change attribution - change file status) command.
[root@localhost ~]# chattr +i /etc/passwd /etc/shadow
[root@localhost ~]# lsattr /etc/passwd /etc/shadow
----i----------- /etc/passwd
----i----------- /etc/shadow
[root@localhost ~]# useradd lisi
useradd:无法打开 /etc/passwd
[root@localhost ~]# chattr -i /etc/passwd /etc/shadow
[root@localhost ~]# lsattr /etc/passwd /etc/shadow
---------------- /etc/passwd
---------------- /etc/shadow
[root@localhost ~]# useradd lisi
Command interpreter: + i represents the lock, -i represents unlock, lsattr expressed view status
1.1.2 password security control
The method of setting a password deadline to tell the story with examples
[root@localhost ~]#head -25 /etc/login.defs |tail -1
PASS_MAX_DAYS 99999
[root@localhost ~]# vim /etc/login.defs
[root@localhost ~]# head -25 /etc/login.defs |tail -1
PASS_MAX_DAYS 30
[root@localhost ~]# useradd wangwu
[root@localhost ~]# passwd wangwu
更改用户 wangwu 的密码 。
新的 密码:
无效的密码: 密码少于 8 个字符
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@localhost ~]# tail -1 /etc/shadow
wangwu:$6$pDVLca5K$iy9JAb4PzbG14d3XfG8ei7dV0YnJFjOwRJVMzs3bMFyp.XPEkv0WO5XaGViv.4.n1jp5fPSCDHanJh2j3Am4f1:18215:0:30:7:::Operation explanation: View /etc/login.defs file content in line 25, to go with vim editor to modify, change it to 30, represents the longest time that the password is valid for 30 days. The only way for after the new user, then the user how to operate it for the original? The answer is to use the chage command.
[root@localhost ~]# tail -3 /etc/passwd
zhangsan:x:1001:1001::/home/zhangsan:/bin/bash
lisi:x:1002:1002::/home/lisi:/bin/bash
wangwu:x:1003:1003::/home/wangwu:/bin/bash
[root@localhost ~]# chage -M 20 lisi
[root@localhost ~]# chage -M 20 wangwu
[root@localhost ~]# tail -3 /etc/shadow
zhangsan:$6$WsyIZguS$ZsJObVyyFzwxT2p0RoIemdrQjLUmoKDkzY8DlrtctYLBzxl0ja3rcp84BP3D5MTHfK.pj1IKAZpezYUwv1d/p0:18215:0:99999:7:::
lisi:$6$yo1cSlqf$tR5J63h7yOdhqearLDVb8nOfpBlJE6Oem9h4bkREzCRDBA.7OsT.wsX5zJ3I.BUbHxfaw56JbP0IkDyAGwbCi0:18215:0:20:7:::
wangwu:$6$pDVLca5K$iy9JAb4PzbG14d3XfG8ei7dV0YnJFjOwRJVMzs3bMFyp.XPEkv0WO5XaGViv.4.n1jp5fPSCDHanJh2j3Am4f1:18215:0:20:7:::
Of course, if it is to be set up when a user creates a batch initial login password, the mandatory policy by an administrator, so that the next must change password at next logon. Use "chage -d 0 username" to set it up.
1.1.3 command history, automatic logout
Under normal circumstances, the default command history is the record 1000 for newly registered users to modify / etc / profile file will change to HISTSIZE
The current user terminal directly changes the current bash: export HISTSIZE = 100
[root@localhost ~]# echo "HISTSIZE=10" >> /etc/profile //对于新登录用户
[root@localhost ~]# tail -1 /etc/profile
HISTSIZE=10
[root@localhost ~]#su - lisi
[lisi@localhost ~]$ history
22 clear
23 ls
24 cd /etc/
25 ls
26 cd ..
27 cd
28 ls
29 history
30 ls
31 history
[root@localhost ~]# export HISTSIZE=5 //对于当前bash终端用户
[root@localhost ~]# history
6 grub2-mkconfig -o /boot/grub2/grub.cfg
7 init 6
8 cd
9 export HISTSIZE=5
10 history
Of course, you can also modify ~ / .bash_logout file in the user's home directory, when the user exits the command history recorded automatically cleared.
You can also set an idle timeout - how long does not operate on automatic logout (TMOUT modify variables, not recommended)
[root@localhost ~]# cat ~/.bash_logout
# ~/.bash_logout
[root@localhost ~]# echo "history -c" >> ~/.bash_logout
[root@localhost ~]# echo "clear" >> ~/.bash_logout
[root@localhost ~]# cat ~/.bash_logout
# ~/.bash_logout
history -c
clear
[root@localhost ~]# source ~/.bash_logout
[root@localhost ~]# history
3 history
[root@localhost ~]#
Switch the user privilege escalation 1.2
In general, most Linux servers do not recommend users to log in directly as the root user. On the one hand can greatly reduce the damage due to mistaken operations, it also reduces the risk of privileged passwords in an insecure network is compromised.
In the Linux system provides us with su, sudo two kinds of commands, which is mainly used the su command to switch users, while the sudo command to elevate privileges to perform.
1.2.1 su command - switching users
su command, the user can switch to another specified to have all the permissions of that user. Where option "-" indicates the switch user enters the target user's login shell environment. If this option is not selected, then just switch users do not switch user environment. For switching to the root user, "root" may be omitted.
By default, any user is allowed to use the su command, thus have the opportunity to try again another user's login password, a security risk. In order to strengthen the su command using the control, by means pam_wheel authentication module, only allow individual users to use the su command to switch. Specific examples are as follows:
[root@localhost ~]# su - lisi
上一次登录:五 11月 15 10:24:08 CST 2019pts/0 上
[lisi@localhost ~]$ su -
密码:
上一次登录:五 11月 15 10:25:26 CST 2019从 192.168.68.1pts/1 上
[root@localhost ~]# su zhangsan
[zhangsan@localhost root]$ su
密码:
[root@localhost ~]# gpasswd -a zhangsan wheel
正在将用户“zhangsan”加入到“wheel”组中
[root@localhost ~]# grep wheel /etc/group
wheel:x:10:zhangsan
[root@localhost ~]# head -6 /etc/pam.d/su | tail -1
#auth required pam_wheel.so use_uid
[root@localhost ~]# vim /etc/pam.d/su
[root@localhost ~]# head -6 /etc/pam.d/su | tail -1
auth required pam_wheel.so use_uid
[root@localhost ~]# su - lisi
上一次登录:五 11月 15 10:48:56 CST 2019pts/1 上
[lisi@localhost ~]$ su -
密码:
su: 拒绝权限
[lisi@localhost ~]$ exit
登出
[root@localhost ~]# su - zhangsan
上一次登录:五 11月 15 10:49:10 CST 2019pts/1 上
最后一次失败的登录:五 11月 15 10:56:24 CST 2019pts/1 上
最有一次成功登录后有 1 次失败的登录尝试。
[zhangsan@localhost ~]$ su -
密码:
上一次登录:五 11月 15 10:49:17 CST 2019pts/1 上
最后一次失败的登录:五 11月 15 10:57:26 CST 2019pts/1 上
最有一次成功登录后有 2 次失败的登录尝试。Command interpreter:
Use gpasswd zhangsan command to add users to the wheel group, edit /etc/pam.d/su file, delete the first row 6 # number, try switching to other users, due to the absence wheel lisi group, they are refused permission, but Joe Smith can be switched to normal root, because he was in the wheel group. Su command will execute the recording operation to the security log / var / log / secure in.
[root@localhost ~]# vim /var/log/secure
1 Nov 14 11:43:22 localhost polkitd[572]: Loading rules from directory /etc/polkit-1/rules.d
2 Nov 14 11:43:22 localhost polkitd[572]: Loading rules from directory /usr/share/polkit-1/rules.d
3 Nov 14 11:43:22 localhost polkitd[572]: Finished loading, compiling and executing 8 rules
4 Nov 14 11:43:22 localhost polkitd[572]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
5 Nov 14 11:43:23 localhost sshd[1030]: Server listening on 0.0.0.0 port 22.
6 Nov 14 11:43:23 localhost sshd[1030]: Server listening on :: port 22.
7 Nov 14 11:44:00 localhost polkitd[572]: Registered Authentication Agent for unix-process:10820:4415 (system bus name :1.133 [/usr/bin/pkttyagent --no tify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8)
8 Nov 14 11:44:00 localhost polkitd[572]: Unregistered Authentication Agent for unix-process:10820:4415 (system bus name :1.133, object path /org/freed esktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) (disconnected from bus)
9 Nov 14 11:44:00 localhost polkitd[572]: Registered Authentication Agent for unix-process:10843:4423 (system bus name :1.134 [/usr/bin/pkttyagent --no tify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8)
10 Nov 14 11:44:00 localhost polkitd[572]: Unregistered Authentication Agent for unix-process:10843:4423 (system bus name :1.134, object path /org/freed esktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) (disconnected from bus)
11 Nov 14 11:44:00 localhost gdm-launch-environment]: pam_unix(gdm-launch-environment:session): session opened for user gdm by (uid=0)
12 Nov 14 11:44:01 localhost polkitd[572]: Registered Authentication Agent for unix-session:c1 (system bus name :1.140 [/usr/bin/gnome-shell], object pa th /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8)
13 Nov 14 11:44:11 localhost gdm-password]: pam_unix(gdm-password:session): session opened for user root by (uid=0)
14 Nov 14 11:44:11 localhost polkitd[572]: Unregistered Authentication Agent for unix-session:c1 (system bus name :1.140, object path /org/freedesktop/P olicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) (disconnected from bus)
15 Nov 14 11:44:12 localhost polkitd[572]: Registered Authentication Agent for unix-session:1 (system bus name :1.161 [/usr/bin/gnome-shell], object pat h /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8)
16 Nov 14 20:21:09 localhost polkitd[572]: Registered Authentication Agent for unix-process:19734:78501 (system bus name :1.254 [/usr/bin/pkttyagent --n otify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8)
17 Nov 14 20:21:11 localhost polkitd[572]: Unregistered Authentication Agent for unix-process:19734:78501 (system bus name :1.254, object path /org/free desktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) (disconnected from bus)
18 Nov 14 20:21:25 localhost sshd[20138]: Accepted password for root from 192.168.68.1 port 59169 ssh2
19 Nov 14 20:21:25 localhost sshd[20138]: pam_unix(sshd:session): session opened for user root by (uid=0)
20 Nov 14 20:21:46 localhost sshd[20138]: pam_unix(sshd:session): session closed for user root
21 Nov 15 09:24:35 localhost polkitd[572]: Registered Authentication Agent for unix-process:24514:117799 (system bus name :1.302 [/usr/bin/pkttyagent -- notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8)
22 Nov 15 09:25:41 localhost polkitd[555]: Loading rules from directory /etc/polkit-1/rules.d
23 Nov 15 09:25:41 localhost polkitd[555]: Loading rules from directory /usr/share/polkit-1/rules.d
24 Nov 15 09:25:41 localhost polkitd[555]: Finished loading, compiling and executing 8 rules
25 Nov 15 09:25:41 localhost polkitd[555]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
26 Nov 15 09:25:42 localhost sshd[951]: Server listening on 0.0.0.0 port 22.
27 Nov 15 09:25:42 localhost sshd[951]: Server listening on :: port 22.
Note: Be sure to edit the file /etc/pam.d/su! For normal operation, otherwise it is the default normal switching.
1.2.2sudo command - to enhance execute permissions
(1) add authorization in the configuration file / etc / sudoers in (attention to the need:! Wq Force Save)
First we look at the configuration file
[root@localhost ~]# grep -v "^#" /etc/sudoers //反向检索出不是以#号开头的内容
Defaults !visiblepw
Defaults always_set_home
Defaults match_group_by_gid
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALLWhere we look at the last two, root and% wheel, respectively, the root user can perform all rights, members of the wheel group can perform all the permissions.
Then we use a user does not belong to the wheel group, giving him a permission to modify the ip address to verify.
[root@localhost ~]# vim /etc/sudoers //在该文件中添加命令:lisi localhost=/sbin/ifconfig
[root@localhost ~]# su - lisi
上一次登录:五 11月 15 10:55:54 CST 2019pts/1 上
[lisi@localhost ~]$ su -
密码:
su: 拒绝权限
[lisi@localhost ~]$ ifconfig ens33 1.1.1.1 //没有使用sudo是无法操作的
SIOCSIFADDR: 不允许的操作
SIOCSIFFLAGS: 不允许的操作
[lisi@localhost ~]$ sudo ifconfig ens33 1.1.1.1 //第一次需要输入自己的密码,只要不超过5min,就无需再次输入
我们信任您已经从系统管理员那里了解了日常注意事项。
总结起来无外乎这三点:
#1) 尊重别人的隐私。
#2) 输入前要先考虑(后果和风险)。
#3) 权力越大,责任越大。
[sudo] lisi 的密码:
[lisi@localhost ~]$ ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 1.1.1.1 netmask 255.0.0.0 broadcast 1.255.255.255
inet6 fe80::7eb1:2dde:8a54:6927 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:56:d3:4a txqueuelen 1000 (Ethernet)
RX packets 3105 bytes 231965 (226.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 981 bytes 150502 (146.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 16 bytes 1752 (1.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 1752 (1.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:71:37:09 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 01.3PAM safety certification
1.3.1PAM its role
PAM (Pluggable Authentication Modules), the system is Linux Pluggable Authentication Modules.
(1) efficient and flexible user-level authentication, authentication is the current widespread use of Linux servers;
(2) which provides a central mechanism to see = authentication for all services for login, telnet and so on;
(3) Certified System Administrator to develop different strategies for different applications by PAM configuration file.
1.3.2PAM support of four management interface:
1, authentication management (authentication management)
largely accepts user name and password, and then authenticate the user's password, and are responsible for setting some of the secrets of user
information.
2, account management (account management)
mainly to check whether the account is allowed to log into the system, whether the account has expired, login account if there is a time period of
restrictions and so on.
3, password management (password management)
is mainly used to modify the user's password.
4, session management (session management)
primarily provides session management and billing (accounting).
1.3.3PAM certification principles
(1) PAM authentication generally follow this order:. Service (Service) → PAM (Profile) → PAM _ * SO
(2) PAM authentication must first determine that a service, and then load the appropriate PAM configuration file ( /etc/pam.d located next), the last call authentication file (located in / lib / security under) security certification.
1.3.4PAM has authenticated
Such as viewing su PAM configuration file
[root@localhost ~]# cat /etc/pam.d/su
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth required pam_wheel.so use_uid
auth substack system-auth
auth include postlogin
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session include postlogin
session optional pam_xauth.so
(1) Each row is a separate certification process
(2) each row can be divided into three fields: an authentication type, and the type of the control module and its parameters PAM
Second, the system boot and logon control
2.1 Safety control switch
2.1.1 BIOS boot adjust settings
- The first boot device set to the current system where the hard disk
- Other devices is prohibited from booting the system (CD-ROM, U disk, network)
- The security level is set isetup, and set the administrator password
Note: Do not boot from another device operating systems, if the feeling is not forgotten root password may not be able to modify from the drive, still exercise caution
2.1.2 limit change GTUB boot parameters
- Use grub2-mkpasswd-pbkdf2 generate the key
- Modify /etc/grub.d//00_header file, add password records
- Grub.cfg generate a new configuration file
2.2 terminal and login control
2.2.1 prohibit root logins
Modify / etc / securetty file to prohibit the root user on the line commented out from tty6 Login
[root@localhost ~]# vim /etc/securetty
[root@localhost ~]# head -18 /etc/securetty |tail -1
#tty6
2.2.2 prohibit ordinary users login
Only you need to create a / etc / nologin file to
[root@localhost ~]# touch /etc/nologinThird, the detection of weak password, port scan
3.1 weak password detection --John the Ripper
[root@localhost tarpkg]# ls
apr-1.4.6.tar.gz apr-util-1.4.1.tar.gz httpd-2.4.2.tar.gz john-1.8.0.tar.gz
[root@localhost tarpkg]# tar zxf john-1.8.0.tar.gz -C /opt/ //解压缩到/opt下
[root@localhost tarpkg]# ls /opt/
john-1.8.0 rh
[root@localhost tarpkg]# cd /opt/john-1.8.0/
[root@localhost john-1.8.0]# ls
doc README run src
root@localhost john-1.8.0]# cd src/ //查看文件信息,根据内容我们知道需要安装编译器
[root@localhost src]# ls
AFS_fmt.c config.c ia64.h MD5_fmt.c ppc64alt.h trip_fmt.c
alpha.h config.h idle.c MD5_std.c ppc64.h tty.c
alpha.S cracker.c idle.h MD5_std.h recovery.c tty.h
batch.c cracker.h inc.c memory.c recovery.h unafs.c
batch.h crc32.c inc.h memory.h rpp.c unique.c
bench.c crc32.h john.asm mips32.h rpp.h unshadow.c
bench.h DES_bs_b.c john.c mips64.h rules.c vax.h
best.c DES_bs.c john.com misc.c rules.h wordlist.c
best.sh DES_bs.h john.h misc.h sboxes.c wordlist.h
BF_fmt.c DES_fmt.c list.c nonstd.c sboxes-s.c x86-64.h
BF_std.c DES_std.c list.h options.c signals.c x86-64.S
BF_std.h DES_std.h LM_fmt.c options.h signals.h x86-any.h
BSDI_fmt.c detect.c loader.c os.h single.c x86-mmx.h
c3_fmt.c dummy.c loader.h params.c single.h x86-mmx.S
charset.c external.c logger.c params.h sparc32.h x86.S
charset.h external.h logger.h pa-risc.h sparc64.h x86-sse.h
common.c formats.c Makefile path.c status.c x86-sse.S
common.h formats.h Makefile.dep path.h status.h
compiler.c getopt.c math.c ppc32alt.h symlink.c
compiler.h getopt.h math.h ppc32.h times.h
[root@localhost src]# ls ../run
ascii.chr john.conf mailer password.lst
digits.chr lm_ascii.chr makechr relbench(2) Installation compiler installation, get the executable file john, and then run to crack simple passwords.
[root@localhost src]# yum install -y gcc gcc-c++
... //省略过程
完毕!
[root@localhost src]# rpm -q gcc
gcc-4.8.5-39.el7.x86_64
[root@localhost src]# rpm -q gcc-c+
[root@localhost src]# make linux-x86-64 //进行编译
... //省略过程
[root@localhost src]# cd ../run
[root@localhost run]# ls
ascii.chr john lm_ascii.chr makechr relbench unique
digits.chr john.conf mailer password.lst unafs unshadow
[root@localhost run]# ./john /etc/passwd /etc/shadow
Loaded 3 password hashes with 3 different salts (crypt, generic crypt(3) [?/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
123456 (lokott)
123456 (root)
2g 0:00:01:06 7% 2/3 0.03025g/s 284.7p/s 287.6c/s 287.6C/s pookie1..mary1
Use the "--show" option to display all of the cracked passwords reliablyBased on the above steps, we can get root and lokott user's password.
3.2 Network Scanning --NMAP
NMAP port scanning is a powerful class security assessment tool to detect hosts a large number of huge network that supports ping scanning, multi-port detection, OS recognition and other technologies. Use NMAP regularly scan the internal network, the network can identify uncontrolled application services, promptly shut down unsafe services, reducing security risks.
nmap command
Format: nmap [Scan Type] [options] <scan target ...>
-sS: TCP SYN scan (half-open scanning)
-sT: TCP connect scan
-sF: TCP FIN scans
-sU: UDP scanning
-sP: ICMP scanning
-P0: Skip Detection ping
[root@localhost ~]# rpm -q nmap
nmap-6.40-19.el7.x86_64
[root@localhost ~]# netstat -ntap //查看tcp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1267/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 942/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 944/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1252/master
tcp 0 52 192.168.68.130:22 192.168.68.1:52378 ESTABLISHED 3578/sshd: root@pts
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 942/sshd
tcp6 0 0 ::1:631 :::* LISTEN 944/cupsd
tcp6 0 0 ::1:25 :::* LISTEN 1252/master
[root@localhost ~]# netstat -nuap //查看udp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:58802 0.0.0.0:* 3456/dhclient
udp 0 0 0.0.0.0:46033 0.0.0.0:* 563/avahi-daemon: r
udp 0 0 192.168.122.1:53 0.0.0.0:* 1267/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 1267/dnsmasq
udp 0 0 0.0.0.0:68 0.0.0.0:* 3456/dhclient
udp 0 0 0.0.0.0:5353 0.0.0.0:* 563/avahi-daemon: r
udp6 0 0 :::42353 :::* 3456/dhclient
We installed a httpd service, and start the httpd service, you will find 80 ports are used.
[root@localhost ~]# yum install -y httpd
已加载插件:fastestmirror, langpacks
... //省略内容
[root@localhost ~]# systemctl start httpd.service
[root@localhost ~]# nmap -sT 127.0.0.1
Starting Nmap 6.40 ( http://nmap.org ) at 2019-11-15 13:32 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00060s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
631/tcp open ipp
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds
IV Summary
This paper describes the theoretical knowledge and application of system security Linux / Centos7 management system, to enhance the understanding of the operation command by way of example. Through the study of this article, you can easily find a security risk, which promptly adopt appropriate protective measures.