Linux系统安全与应用【二】

avatar
作者
筋斗云
阅读量:0

目录

1.开关机安全控制

 1.2 实例:GRUB 菜单设置密码

 2.终端登录安全控制

 2.1 限制root只在安全终端登录

​3.弱口令检测 

 3.1 Joth the Ripper,JR​编辑

4.网络端口扫描

4.1 nmap命令 

1.开关机安全控制

1.1 GRUB限制 

限制更改GRUB引导参数 

通常情况下在系统开机进入GRUB菜单时,按e键可以查看并修改GRUB引导参数,这对服务器是一个极大的威胁。
可以为GRUB 菜单设置一个密码,只有提供正确的密码才被允许修改引导参数。

 1.2 实例:GRUB 菜单设置密码

 (1)根据提示设置GRUB菜单的密码;

(2)备份密码字符串、grub.cfg文件以及00_header文件; 

(3)设置能够修改GRUB菜单的用户名和密码; 

 

(4)生成新的grub.cfg文件; 

 2.终端登录安全控制

 2.1 限制root只在安全终端登录

 

 /etc/securetty:保存虚拟终端的配置文件,注释指定虚拟主机,将无法登录到系统;

 

2.2 禁止普通用户登录 

A

 /etc/nologin:创建该文件后,普通用户将无法再登录到系统中;

[root@localhost ~]# touch /etc/nologin #创建文件,禁止普通用户登录 [root@localhost ~]# rm -f /etc/nologin #删除该文件后,其他普通文件仍然又可以继续登录到系统中

3.弱口令检测 

 3.1 Joth the Ripper,JR

 

使用jr工具密码破解 ,步骤如下:

(1) 解压工具包 

[root@localhost ~]# cd /opt [root@localhost opt]# ls     #将john压缩工具包拉入虚拟机中 john-1.8.0.tar.gz  rh [root@localhost opt]# tar xf john-1.8.0.tar.gz   #解压工具包

(2)切换到src子目录 

[root@localhost opt]# ls john-1.8.0  john-1.8.0.tar.gz  rh [root@localhost opt]# cd john-1.8.0/ [root@localhost john-1.8.0]# ls doc  README  run  src [root@localhost john-1.8.0]# cd src/

(3)进行编译安装 

[root@localhost src]# yum install -y gcc gcc-c++ make #编码安装之前先安装gcc 已加载插件:fastestmirror, langpacks Loading mirror speeds from cached hostfile  * base: ftp.sjtu.edu.cn  * extras: mirrors.163.com  * updates: mirrors.163.com 软件包 gcc-4.8.5-44.el7.x86_64 已安装并且是最新版本 软件包 gcc-c++-4.8.5-44.el7.x86_64 已安装并且是最新版本 软件包 1:make-3.82-24.el7.x86_64 已安装并且是最新版本 无须任何处理 rm -f ../run/unshadow ln -s john ../run/unshadow rm -f ../run/unafs ln -s john ../run/unafs rm -f ../run/unique ln -s john ../run/unique make[1]: 离开目录“/opt/john-1.8.0/src

(4)准备待破解的密码文件 

[root@localhost src]# cd .. [root@localhost john-1.8.0]# ls doc  README  run  src [root@localhost john-1.8.0]# cd run/ [root@localhost run]# ls ascii.chr   john       lm_ascii.chr  makechr       relbench  unique digits.chr  john.conf  mailer        password.lst  unafs     unshadow [root@localhost run]#  cp /etc/shadow ./shadow  #将/etc/shadow下的文件复制到当前目录下的shadow.txt文件中

( 5)执行暴力破解(./john --wordlist=[指定字典文件的绝对路径] [需要破解的文件名]:使用指定的字典文件进行破解)

[root@localhost run]# ./john shadow --wordlist=./password.lst    #执行暴力破解密码 Loaded 4 password hashes with 4 different salts (crypt, generic crypt(3) [?/64]) Press 'q' or Ctrl-C to abort, almost any other key for status 123456           (zhangsan) 123123           (lisi) 2g 0:00:01:02 100% 0.03212g/s 56.96p/s 123.1c/s 123.1C/s !@#$%..sss Use the "--show" option to display all of the cracked passwords reliably Session completed [root@localhost run]#

 password.lst:该文件保存密码字典

[root@localhost /opt/john-1.8.0/run]# vim password.lst   #该文件保存密码字典,只有保存在字典里的密码才能够破解出来,对于字典里没有的密码,将无法破解(字典里的文件越全,破解能力越强) slip stivers test2 test3 tula unix user1 xanth

john.pot:破解后的密码信息都保存在该文件中,加密后的字符串对应解密后的密码

[root@localhost run]# vim john.pot  $6$BZfw4ECl$6X4RYQDDzbDlmXYN1N7E4lz9sA7VmSpVfPkfLFDh8bvUSHPYODst3h9kEnz/k4UU7M0gybLdnjqi0ofSpc41J/:123456 $6$ir9lWkcD$NbNigOetdQuBSrfwXwB63z9cg8rCMasotwVb5WgfdEKdKD6VzZyjz8ey4agu5axJChKy.KwT94XO1NE/lXXcX/:123123

4.网络端口扫描

4.1 nmap命令 

 netstat -lntp:以数字形式显示TCP处于监听状态的网络连接及端口信息

[root@localhost yum.repos.d]# netstat -lntp  Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name     tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1099/sshd            tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1101/cupsd           tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1425/master          tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      1134/named           tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      4199/sshd: root@pts  tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      715/rpcbind          tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1134/named           tcp        0      0 192.168.80.100:53       0.0.0.0:*               LISTEN      1134/named           tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1134/named           tcp6       0      0 :::22                   :::*                    LISTEN      1099/sshd            tcp6       0      0 ::1:631                 :::*                    LISTEN      1101/cu

netstat -antp:以数字形式显示TCP所有状态下的网络连接及端口信息

[root@localhost yum.repos.d]# netstat -antp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name     tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1099/sshd            tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1101/cupsd           tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1425/master          tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      1134/named           tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      4199/sshd: root@pts  tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      715/rpcbind          tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1134/named           tcp        0      0 192.168.80.100:53       0.0.0.0:*               LISTEN      1134/named           tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1134/named           tcp        0     36 192.168.80.100:22       192.168.80.1:60425      ESTABLISHED 4199/ss

 ss -antp:以数字形式显示TCP所有状态下的网络连接及端口信息;(效果和netstat命令相同,但执行效率比netstat命令更高)

[root@localhost yum.repos.d]#  ss -antp State       Recv-Q Send-Q Local Address:Port               Peer Address:Port               LISTEN      0      128             *:22                          *:*                   users:(("sshd",pid=1099,fd=3)) LISTEN      0      128     127.0.0.1:631                         *:*                   users:(("cupsd",pid=1101,fd=11)) LISTEN      0      100     127.0.0.1:25                          *:*                   users:(("master",pid=1425,fd=13)) LISTEN      0      128     127.0.0.1:953                         *:*                   users:(("named",pid=1134,fd=23)) LISTEN      0      128     127.0.0.1:6010                        *:*                   users:(("sshd",pid=4199,fd=9)) LISTEN      0      128             *:111                         *:*                   users:(("rpcbind",pid=715,fd=8)) LISTEN      0      10     192.168.122.1:53                          *:*                   users:(("named",pid=1134,fd=25)) LISTEN      0      10     192.168.80.100:53                          *:*

 查看进程是否开启的四种方法

[root@localhost opt]# ps -elf | grep ssdh 0 S root       5375   4207  0  80   0 - 28206 pipe_w 16:14 pts/0    00:00:00 grep --color=auto ssdh [root@localhost opt]# netstat -lntp | grep sshd #第一种 tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1099/sshd            tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      4199/sshd: root@pts  tcp6       0      0 :::22                   :::*                    LISTEN      1099/sshd            tcp6       0      0 ::1:6010                :::*                    LISTEN      4199/sshd: root@pts  [root@localhost opt]# ps aux | grep httpd   #第二种 root       5464  0.0  0.0 112824   988 pts/0    S+   16:19   0:00 grep --color=auto httpd [root@localhost opt]# lsof -i :80    #第三种 COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME httpd   5563   root    4u  IPv6  71872      0t0  TCP *:http (LISTEN) httpd   5568 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN) httpd   5569 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN) httpd   5570 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN) httpd   5571 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN) httpd   5572 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN) [root@localhost opt]# systemctl status httpd  #第四种 ● httpd.service - The Apache HTTP Server    Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)    Active: active (running) since 六 2024-04-27 16:27:02 CST; 11s ago      Docs: man:httpd(8)            man:apachectl(8)  Main PID: 5563 (httpd)    Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"     Tasks: 6    CGroup: /system.slice/httpd.service            ├─5563 /usr/sbin/httpd -DFOREGROUND            ├─5568 /usr/sbin/httpd -DFOREGROUND            ├─5569 /usr/sbin/httpd -DFOREGROUND            ├─5570 /usr/sbin/httpd -DFOREGROUND            ├─5571 /usr/sbin/httpd -DFOREGROUND            └─5572 /usr/sbin/httpd -DFOREGROUND

 如何通过端口查看进程号

[root@localhost opt]# netstat -lntp | grep sshd tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1099/sshd            tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      4199/sshd: root@pts  tcp6       0      0 :::22                   :::*                    LISTEN      1099/sshd            tcp6       0      0 ::1:6010                :::*                    LISTEN      4199/sshd: root@pts  [root@localhost opt]# lsof -i :80 COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME httpd   5563   root    4u  IPv6  71872      0t0  TCP *:http (LISTEN) httpd   5568 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN) httpd   5569 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN) httpd   5570 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN) httpd   5571 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN) httpd   5572 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN) [root@localhost opt]# ss -lntup | grep :80 tcp    LISTEN     0      128    [::]:80                 [::]:*                   users:(("httpd",pid=5572,fd=4),("httpd",pid=5571,fd=4),("httpd",pid=5570,fd=4),("httpd",pid=5569,fd=4),("httpd",pid=5568,fd=4),("httpd",pid=5563,fd=4))

nmap -p 80 192.168.80.0/24 :扫描出指定192.168.80.0网段内有哪些主机开启了80端口

[root@localhost opt]# nmap -p 80 192.168.80.0/24  Starting Nmap 6.40 ( http://nmap.org ) at 2024-04-27 16:59 CST Nmap scan report for 192.168.80.1 Host is up (0.00051s latency). PORT   STATE  SERVICE 80/tcp closed http MAC Address: 00:50:56:C0:00:08 (VMware)  Nmap scan report for 192.168.80.2 Host is up (0.00025s latency). PORT   STATE  SERVICE 80/tcp closed http MAC Address: 00:50:56:E7:A2:D5 (VMware)  Nmap scan report for 192.168.80.254 Host is up (-0.10s latency). PORT   STATE    SERVICE 80/tcp filtered http MAC Address: 00:50:56:E8:8F:B7 (VMware)  Nmap scan report for 192.168.80.100 Host is up (0.00020s latency). PORT   STATE SERVICE 80/tcp open  http  Nmap done: 256 IP addresses (4 hosts up) scanned in 2.69 seconds

nmap -n -sP 192.168.80.0/24:查看192.168.80.0网段内,有哪些主机存活 

 

[root@localhost opt]# nmap -n -sP 192.168.80.0/24  Starting Nmap 6.40 ( http://nmap.org ) at 2024-04-27 17:04 CST Nmap scan report for 192.168.80.1 Host is up (0.0011s latency). MAC Address: 00:50:56:C0:00:08 (VMware) Nmap scan report for 192.168.80.2 Host is up (0.00013s latency). MAC Address: 00:50:56:E7:A2:D5 (VMware) Nmap scan report for 192.168.80.254 Host is up (-0.10s latency). MAC Address: 00:50:56:E8:8F:B7 (VMware) Nmap scan report for 192.168.80.100 Host is up. Nmap done: 256 IP addresses (4 hosts up) scanned in 2.17 seconds

4.2 nmap使用方法

 

相关阅读
  1. 如何查看和设置我的Android N设备的权限?
  2. 如何在安卓手机上自定义应用图标?
  3. 如何在安卓微信中同时听语音和查看图片?
  4. 华为哪些设备将支持升级至安卓7.0?
  5. 微信安卓软件中Q10功能有哪些独特之处?
  6. 安卓用户如何挑选最佳视频播放器应用?
  7. 安卓系统中用户文件目录的确切位置是什么?
  8. 小米4用户如何安全升级到安卓8.0系统?
  9. 如何成功将魅蓝5升级至安卓原生7.0版本?
  10. 16GB存储的安卓手机是否能满足日常需求?

广告一刻

为您即时展示最新活动产品广告消息,让您随时掌握产品活动新动态!