目录
[1.2 实例:GRUB 菜单设置密码](#1.2 实例:GRUB 菜单设置密码)
[2.1 限制root只在安全终端登录](#2.1 限制root只在安全终端登录)
[3.1 Joth the Ripper,JR编辑](#3.1 Joth the Ripper,JR编辑)
[4.1 nmap命令](#4.1 nmap命令)
1.开关机安全控制
1.1 GRUB限制
限制更改GRUB引导参数
通常情况下在系统开机进入GRUB菜单时,按e键可以查看并修改GRUB引导参数,这对服务器是一个极大的威胁。
可以为GRUB 菜单设置一个密码,只有提供正确的密码才被允许修改引导参数。
1.2 实例:GRUB 菜单设置密码
(1)根据提示设置GRUB菜单的密码;
(2)备份密码字符串、grub.cfg文件以及00_header文件;
(3)设置能够修改GRUB菜单的用户名和密码;
(4)生成新的grub.cfg文件;
2.终端登录安全控制
2.1 限制root只在安全终端登录
/etc/securetty:保存虚拟终端的配置文件,注释指定虚拟主机,将无法登录到系统;
2.2 禁止普通用户登录
A
/etc/nologin:创建该文件后,普通用户将无法再登录到系统中;
[root@localhost ~]# touch /etc/nologin #创建文件,禁止普通用户登录
[root@localhost ~]# rm -f /etc/nologin #删除该文件后,其他普通文件仍然又可以继续登录到系统中
3.弱口令检测
3.1 Joth the Ripper,JR
使用jr工具密码破解 ,步骤如下:
(1) 解压工具包
[root@localhost ~]# cd /opt
[root@localhost opt]# ls #将john压缩工具包拉入虚拟机中
john-1.8.0.tar.gz rh
[root@localhost opt]# tar xf john-1.8.0.tar.gz #解压工具包
(2)切换到src子目录
[root@localhost opt]# ls
john-1.8.0 john-1.8.0.tar.gz rh
[root@localhost opt]# cd john-1.8.0/
[root@localhost john-1.8.0]# ls
doc README run src
[root@localhost john-1.8.0]# cd src/
(3)进行编译安装
[root@localhost src]# yum install -y gcc gcc-c++ make #编码安装之前先安装gcc
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: ftp.sjtu.edu.cn
* extras: mirrors.163.com
* updates: mirrors.163.com
软件包 gcc-4.8.5-44.el7.x86_64 已安装并且是最新版本
软件包 gcc-c++-4.8.5-44.el7.x86_64 已安装并且是最新版本
软件包 1:make-3.82-24.el7.x86_64 已安装并且是最新版本
无须任何处理
rm -f ../run/unshadow
ln -s john ../run/unshadow
rm -f ../run/unafs
ln -s john ../run/unafs
rm -f ../run/unique
ln -s john ../run/unique
make[1]: 离开目录"/opt/john-1.8.0/src
(4)准备待破解的密码文件
[root@localhost src]# cd ..
[root@localhost john-1.8.0]# ls
doc README run src
[root@localhost john-1.8.0]# cd run/
[root@localhost run]# ls
ascii.chr john lm_ascii.chr makechr relbench unique
digits.chr john.conf mailer password.lst unafs unshadow
[root@localhost run]# cp /etc/shadow ./shadow #将/etc/shadow下的文件复制到当前目录下的shadow.txt文件中
( 5)执行暴力破解(./john --wordlist=[指定字典文件的绝对路径] [需要破解的文件名]:使用指定的字典文件进行破解)
[root@localhost run]# ./john shadow --wordlist=./password.lst #执行暴力破解密码
Loaded 4 password hashes with 4 different salts (crypt, generic crypt(3) [?/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
123456 (zhangsan)
123123 (lisi)
2g 0:00:01:02 100% 0.03212g/s 56.96p/s 123.1c/s 123.1C/s !@#$%..sss
Use the "--show" option to display all of the cracked passwords reliably
Session completed
[root@localhost run]#
password.lst:该文件保存密码字典
[root@localhost /opt/john-1.8.0/run]# vim password.lst #该文件保存密码字典,只有保存在字典里的密码才能够破解出来,对于字典里没有的密码,将无法破解(字典里的文件越全,破解能力越强)
slip
stivers
test2
test3
tula
unix
user1
xanth
john.pot:破解后的密码信息都保存在该文件中,加密后的字符串对应解密后的密码
[root@localhost run]# vim john.pot
$6$BZfw4ECl$6X4RYQDDzbDlmXYN1N7E4lz9sA7VmSpVfPkfLFDh8bvUSHPYODst3h9kEnz/k4UU7M0gybLdnjqi0ofSpc41J/:123456
$6$ir9lWkcD$NbNigOetdQuBSrfwXwB63z9cg8rCMasotwVb5WgfdEKdKD6VzZyjz8ey4agu5axJChKy.KwT94XO1NE/lXXcX/:123123
4.网络端口扫描
4.1 nmap命令
netstat -lntp:以数字形式显示TCP处于监听状态的网络连接及端口信息
[root@localhost yum.repos.d]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1099/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1101/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1425/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1134/named
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 4199/sshd: root@pts
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 715/rpcbind
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1134/named
tcp 0 0 192.168.80.100:53 0.0.0.0:* LISTEN 1134/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1134/named
tcp6 0 0 :::22 :::* LISTEN 1099/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1101/cu
netstat -antp:以数字形式显示TCP所有状态下的网络连接及端口信息
[root@localhost yum.repos.d]# netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1099/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1101/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1425/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1134/named
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 4199/sshd: root@pts
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 715/rpcbind
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1134/named
tcp 0 0 192.168.80.100:53 0.0.0.0:* LISTEN 1134/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1134/named
tcp 0 36 192.168.80.100:22 192.168.80.1:60425 ESTABLISHED 4199/ss
ss -antp:以数字形式显示TCP所有状态下的网络连接及端口信息;(效果和netstat命令相同,但执行效率比netstat命令更高)
[root@localhost yum.repos.d]# ss -antp
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:* users:(("sshd",pid=1099,fd=3))
LISTEN 0 128 127.0.0.1:631 *:* users:(("cupsd",pid=1101,fd=11))
LISTEN 0 100 127.0.0.1:25 *:* users:(("master",pid=1425,fd=13))
LISTEN 0 128 127.0.0.1:953 *:* users:(("named",pid=1134,fd=23))
LISTEN 0 128 127.0.0.1:6010 *:* users:(("sshd",pid=4199,fd=9))
LISTEN 0 128 *:111 *:* users:(("rpcbind",pid=715,fd=8))
LISTEN 0 10 192.168.122.1:53 *:* users:(("named",pid=1134,fd=25))
LISTEN 0 10 192.168.80.100:53 *:*
查看进程是否开启的四种方法
[root@localhost opt]# ps -elf | grep ssdh
0 S root 5375 4207 0 80 0 - 28206 pipe_w 16:14 pts/0 00:00:00 grep --color=auto ssdh
[root@localhost opt]# netstat -lntp | grep sshd #第一种
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1099/sshd
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 4199/sshd: root@pts
tcp6 0 0 :::22 :::* LISTEN 1099/sshd
tcp6 0 0 ::1:6010 :::* LISTEN 4199/sshd: root@pts
[root@localhost opt]# ps aux | grep httpd #第二种
root 5464 0.0 0.0 112824 988 pts/0 S+ 16:19 0:00 grep --color=auto httpd
[root@localhost opt]# lsof -i :80 #第三种
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 5563 root 4u IPv6 71872 0t0 TCP *:http (LISTEN)
httpd 5568 apache 4u IPv6 71872 0t0 TCP *:http (LISTEN)
httpd 5569 apache 4u IPv6 71872 0t0 TCP *:http (LISTEN)
httpd 5570 apache 4u IPv6 71872 0t0 TCP *:http (LISTEN)
httpd 5571 apache 4u IPv6 71872 0t0 TCP *:http (LISTEN)
httpd 5572 apache 4u IPv6 71872 0t0 TCP *:http (LISTEN)
[root@localhost opt]# systemctl status httpd #第四种
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since 六 2024-04-27 16:27:02 CST; 11s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 5563 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
Tasks: 6
CGroup: /system.slice/httpd.service
├─5563 /usr/sbin/httpd -DFOREGROUND
├─5568 /usr/sbin/httpd -DFOREGROUND
├─5569 /usr/sbin/httpd -DFOREGROUND
├─5570 /usr/sbin/httpd -DFOREGROUND
├─5571 /usr/sbin/httpd -DFOREGROUND
└─5572 /usr/sbin/httpd -DFOREGROUND
如何通过端口查看进程号
[root@localhost opt]# netstat -lntp | grep sshd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1099/sshd
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 4199/sshd: root@pts
tcp6 0 0 :::22 :::* LISTEN 1099/sshd
tcp6 0 0 ::1:6010 :::* LISTEN 4199/sshd: root@pts
[root@localhost opt]# lsof -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 5563 root 4u IPv6 71872 0t0 TCP *:http (LISTEN)
httpd 5568 apache 4u IPv6 71872 0t0 TCP *:http (LISTEN)
httpd 5569 apache 4u IPv6 71872 0t0 TCP *:http (LISTEN)
httpd 5570 apache 4u IPv6 71872 0t0 TCP *:http (LISTEN)
httpd 5571 apache 4u IPv6 71872 0t0 TCP *:http (LISTEN)
httpd 5572 apache 4u IPv6 71872 0t0 TCP *:http (LISTEN)
[root@localhost opt]# ss -lntup | grep :80
tcp LISTEN 0 128 [::]:80 [::]:* users:(("httpd",pid=5572,fd=4),("httpd",pid=5571,fd=4),("httpd",pid=5570,fd=4),("httpd",pid=5569,fd=4),("httpd",pid=5568,fd=4),("httpd",pid=5563,fd=4))
nmap -p 80 192.168.80.0/24 :扫描出指定192.168.80.0网段内有哪些主机开启了80端口
[root@localhost opt]# nmap -p 80 192.168.80.0/24
Starting Nmap 6.40 ( http://nmap.org ) at 2024-04-27 16:59 CST
Nmap scan report for 192.168.80.1
Host is up (0.00051s latency).
PORT STATE SERVICE
80/tcp closed http
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 192.168.80.2
Host is up (0.00025s latency).
PORT STATE SERVICE
80/tcp closed http
MAC Address: 00:50:56:E7:A2:D5 (VMware)
Nmap scan report for 192.168.80.254
Host is up (-0.10s latency).
PORT STATE SERVICE
80/tcp filtered http
MAC Address: 00:50:56:E8:8F:B7 (VMware)
Nmap scan report for 192.168.80.100
Host is up (0.00020s latency).
PORT STATE SERVICE
80/tcp open http
Nmap done: 256 IP addresses (4 hosts up) scanned in 2.69 seconds
nmap -n -sP 192.168.80.0/24:查看192.168.80.0网段内,有哪些主机存活
[root@localhost opt]# nmap -n -sP 192.168.80.0/24
Starting Nmap 6.40 ( http://nmap.org ) at 2024-04-27 17:04 CST
Nmap scan report for 192.168.80.1
Host is up (0.0011s latency).
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 192.168.80.2
Host is up (0.00013s latency).
MAC Address: 00:50:56:E7:A2:D5 (VMware)
Nmap scan report for 192.168.80.254
Host is up (-0.10s latency).
MAC Address: 00:50:56:E8:8F:B7 (VMware)
Nmap scan report for 192.168.80.100
Host is up.
Nmap done: 256 IP addresses (4 hosts up) scanned in 2.17 seconds