Linux系统安全与应用【二】

目录

1.开关机安全控制

[1.2 实例:GRUB 菜单设置密码](#1.2 实例:GRUB 菜单设置密码)

2.终端登录安全控制

[2.1 限制root只在安全终端登录](#2.1 限制root只在安全终端登录)

​3.弱口令检测

[3.1 Joth the Ripper,JR​编辑](#3.1 Joth the Ripper,JR编辑)

4.网络端口扫描

[4.1 nmap命令](#4.1 nmap命令)


1.开关机安全控制

1.1 GRUB限制

限制更改GRUB引导参数

通常情况下在系统开机进入GRUB菜单时,按e键可以查看并修改GRUB引导参数,这对服务器是一个极大的威胁。
可以为GRUB 菜单设置一个密码,只有提供正确的密码才被允许修改引导参数。

1.2 实例:GRUB 菜单设置密码

(1)根据提示设置GRUB菜单的密码;
(2)备份密码字符串、grub.cfg文件以及00_header文件;
(3)设置能够修改GRUB菜单的用户名和密码;

(4)生成新的grub.cfg文件;

2.终端登录安全控制

2.1 限制root只在安全终端登录

/etc/securetty:保存虚拟终端的配置文件,注释指定虚拟主机,将无法登录到系统;

2.2 禁止普通用户登录

A

/etc/nologin:创建该文件后,普通用户将无法再登录到系统中;

[root@localhost ~]# touch /etc/nologin #创建文件,禁止普通用户登录
[root@localhost ~]# rm -f /etc/nologin #删除该文件后,其他普通文件仍然又可以继续登录到系统中

3.弱口令检测

3.1 Joth the Ripper,JR

使用jr工具密码破解 ,步骤如下:

(1) 解压工具包

[root@localhost ~]# cd /opt
[root@localhost opt]# ls     #将john压缩工具包拉入虚拟机中
john-1.8.0.tar.gz  rh
[root@localhost opt]# tar xf john-1.8.0.tar.gz   #解压工具包

(2)切换到src子目录

[root@localhost opt]# ls
john-1.8.0  john-1.8.0.tar.gz  rh
[root@localhost opt]# cd john-1.8.0/
[root@localhost john-1.8.0]# ls
doc  README  run  src
[root@localhost john-1.8.0]# cd src/

(3)进行编译安装

[root@localhost src]# yum install -y gcc gcc-c++ make #编码安装之前先安装gcc
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp.sjtu.edu.cn
 * extras: mirrors.163.com
 * updates: mirrors.163.com
软件包 gcc-4.8.5-44.el7.x86_64 已安装并且是最新版本
软件包 gcc-c++-4.8.5-44.el7.x86_64 已安装并且是最新版本
软件包 1:make-3.82-24.el7.x86_64 已安装并且是最新版本
无须任何处理
rm -f ../run/unshadow
ln -s john ../run/unshadow
rm -f ../run/unafs
ln -s john ../run/unafs
rm -f ../run/unique
ln -s john ../run/unique
make[1]: 离开目录"/opt/john-1.8.0/src

(4)准备待破解的密码文件

[root@localhost src]# cd ..
[root@localhost john-1.8.0]# ls
doc  README  run  src
[root@localhost john-1.8.0]# cd run/
[root@localhost run]# ls
ascii.chr   john       lm_ascii.chr  makechr       relbench  unique
digits.chr  john.conf  mailer        password.lst  unafs     unshadow
[root@localhost run]#  cp /etc/shadow ./shadow  #将/etc/shadow下的文件复制到当前目录下的shadow.txt文件中 

5)执行暴力破解(./john --wordlist=[指定字典文件的绝对路径] [需要破解的文件名]:使用指定的字典文件进行破解)

[root@localhost run]# ./john shadow --wordlist=./password.lst    #执行暴力破解密码
Loaded 4 password hashes with 4 different salts (crypt, generic crypt(3) [?/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
123456           (zhangsan)
123123           (lisi)
2g 0:00:01:02 100% 0.03212g/s 56.96p/s 123.1c/s 123.1C/s !@#$%..sss
Use the "--show" option to display all of the cracked passwords reliably
Session completed
[root@localhost run]# 

password.lst:该文件保存密码字典

[root@localhost /opt/john-1.8.0/run]# vim password.lst   #该文件保存密码字典,只有保存在字典里的密码才能够破解出来,对于字典里没有的密码,将无法破解(字典里的文件越全,破解能力越强)
slip
stivers
test2
test3
tula
unix
user1
xanth

john.pot:破解后的密码信息都保存在该文件中,加密后的字符串对应解密后的密码

[root@localhost run]# vim john.pot

$6$BZfw4ECl$6X4RYQDDzbDlmXYN1N7E4lz9sA7VmSpVfPkfLFDh8bvUSHPYODst3h9kEnz/k4UU7M0gybLdnjqi0ofSpc41J/:123456
$6$ir9lWkcD$NbNigOetdQuBSrfwXwB63z9cg8rCMasotwVb5WgfdEKdKD6VzZyjz8ey4agu5axJChKy.KwT94XO1NE/lXXcX/:123123

4.网络端口扫描

4.1 nmap命令

netstat -lntp:以数字形式显示TCP处于监听状态的网络连接及端口信息

[root@localhost yum.repos.d]# netstat -lntp 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1099/sshd           
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1101/cupsd          
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1425/master         
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      1134/named          
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      4199/sshd: root@pts 
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      715/rpcbind         
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1134/named          
tcp        0      0 192.168.80.100:53       0.0.0.0:*               LISTEN      1134/named          
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1134/named          
tcp6       0      0 :::22                   :::*                    LISTEN      1099/sshd           
tcp6       0      0 ::1:631                 :::*                    LISTEN      1101/cu

netstat -antp:以数字形式显示TCP所有状态下的网络连接及端口信息

[root@localhost yum.repos.d]# netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1099/sshd           
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1101/cupsd          
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1425/master         
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      1134/named          
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      4199/sshd: root@pts 
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      715/rpcbind         
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1134/named          
tcp        0      0 192.168.80.100:53       0.0.0.0:*               LISTEN      1134/named          
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1134/named          
tcp        0     36 192.168.80.100:22       192.168.80.1:60425      ESTABLISHED 4199/ss

ss -antp:以数字形式显示TCP所有状态下的网络连接及端口信息;(效果和netstat命令相同,但执行效率比netstat命令更高)

[root@localhost yum.repos.d]#  ss -antp
State       Recv-Q Send-Q Local Address:Port               Peer Address:Port              
LISTEN      0      128             *:22                          *:*                   users:(("sshd",pid=1099,fd=3))
LISTEN      0      128     127.0.0.1:631                         *:*                   users:(("cupsd",pid=1101,fd=11))
LISTEN      0      100     127.0.0.1:25                          *:*                   users:(("master",pid=1425,fd=13))
LISTEN      0      128     127.0.0.1:953                         *:*                   users:(("named",pid=1134,fd=23))
LISTEN      0      128     127.0.0.1:6010                        *:*                   users:(("sshd",pid=4199,fd=9))
LISTEN      0      128             *:111                         *:*                   users:(("rpcbind",pid=715,fd=8))
LISTEN      0      10     192.168.122.1:53                          *:*                   users:(("named",pid=1134,fd=25))
LISTEN      0      10     192.168.80.100:53                          *:*             

查看进程是否开启的四种方法

[root@localhost opt]# ps -elf | grep ssdh
0 S root       5375   4207  0  80   0 - 28206 pipe_w 16:14 pts/0    00:00:00 grep --color=auto ssdh
[root@localhost opt]# netstat -lntp | grep sshd #第一种
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1099/sshd           
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      4199/sshd: root@pts 
tcp6       0      0 :::22                   :::*                    LISTEN      1099/sshd           
tcp6       0      0 ::1:6010                :::*                    LISTEN      4199/sshd: root@pts 
[root@localhost opt]# ps aux | grep httpd   #第二种
root       5464  0.0  0.0 112824   988 pts/0    S+   16:19   0:00 grep --color=auto httpd
[root@localhost opt]# lsof -i :80    #第三种
COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
httpd   5563   root    4u  IPv6  71872      0t0  TCP *:http (LISTEN)
httpd   5568 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN)
httpd   5569 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN)
httpd   5570 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN)
httpd   5571 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN)
httpd   5572 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN)
[root@localhost opt]# systemctl status httpd  #第四种
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
   Active: active (running) since 六 2024-04-27 16:27:02 CST; 11s ago
     Docs: man:httpd(8)
           man:apachectl(8)
 Main PID: 5563 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"
    Tasks: 6
   CGroup: /system.slice/httpd.service
           ├─5563 /usr/sbin/httpd -DFOREGROUND
           ├─5568 /usr/sbin/httpd -DFOREGROUND
           ├─5569 /usr/sbin/httpd -DFOREGROUND
           ├─5570 /usr/sbin/httpd -DFOREGROUND
           ├─5571 /usr/sbin/httpd -DFOREGROUND
           └─5572 /usr/sbin/httpd -DFOREGROUND

如何通过端口查看进程号

[root@localhost opt]# netstat -lntp | grep sshd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1099/sshd           
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      4199/sshd: root@pts 
tcp6       0      0 :::22                   :::*                    LISTEN      1099/sshd           
tcp6       0      0 ::1:6010                :::*                    LISTEN      4199/sshd: root@pts 
[root@localhost opt]# lsof -i :80
COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
httpd   5563   root    4u  IPv6  71872      0t0  TCP *:http (LISTEN)
httpd   5568 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN)
httpd   5569 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN)
httpd   5570 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN)
httpd   5571 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN)
httpd   5572 apache    4u  IPv6  71872      0t0  TCP *:http (LISTEN)
[root@localhost opt]# ss -lntup | grep :80
tcp    LISTEN     0      128    [::]:80                 [::]:*                   users:(("httpd",pid=5572,fd=4),("httpd",pid=5571,fd=4),("httpd",pid=5570,fd=4),("httpd",pid=5569,fd=4),("httpd",pid=5568,fd=4),("httpd",pid=5563,fd=4))

nmap -p 80 192.168.80.0/24 :扫描出指定192.168.80.0网段内有哪些主机开启了80端口

[root@localhost opt]# nmap -p 80 192.168.80.0/24

Starting Nmap 6.40 ( http://nmap.org ) at 2024-04-27 16:59 CST
Nmap scan report for 192.168.80.1
Host is up (0.00051s latency).
PORT   STATE  SERVICE
80/tcp closed http
MAC Address: 00:50:56:C0:00:08 (VMware)

Nmap scan report for 192.168.80.2
Host is up (0.00025s latency).
PORT   STATE  SERVICE
80/tcp closed http
MAC Address: 00:50:56:E7:A2:D5 (VMware)

Nmap scan report for 192.168.80.254
Host is up (-0.10s latency).
PORT   STATE    SERVICE
80/tcp filtered http
MAC Address: 00:50:56:E8:8F:B7 (VMware)

Nmap scan report for 192.168.80.100
Host is up (0.00020s latency).
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 256 IP addresses (4 hosts up) scanned in 2.69 seconds

nmap -n -sP 192.168.80.0/24:查看192.168.80.0网段内,有哪些主机存活

[root@localhost opt]# nmap -n -sP 192.168.80.0/24

Starting Nmap 6.40 ( http://nmap.org ) at 2024-04-27 17:04 CST
Nmap scan report for 192.168.80.1
Host is up (0.0011s latency).
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 192.168.80.2
Host is up (0.00013s latency).
MAC Address: 00:50:56:E7:A2:D5 (VMware)
Nmap scan report for 192.168.80.254
Host is up (-0.10s latency).
MAC Address: 00:50:56:E8:8F:B7 (VMware)
Nmap scan report for 192.168.80.100
Host is up.
Nmap done: 256 IP addresses (4 hosts up) scanned in 2.17 seconds

4.2 nmap使用方法

相关推荐
软件技术员18 分钟前
Let‘s Encrypt SSL证书:acmessl.cn申请免费3个月证书
服务器·网络协议·ssl
哎呦喂-ll29 分钟前
Linux进阶:环境变量
linux
耗同学一米八31 分钟前
2024 年河北省职业院校技能大赛网络建设与运维赛项样题四
运维·网络
Rverdoser31 分钟前
Linux环境开启MongoDB的安全认证
linux·安全·mongodb
PigeonGuan41 分钟前
【jupyter】linux服务器怎么使用jupyter
linux·ide·jupyter
一条晒干的咸魚1 小时前
【Web前端】创建我的第一个 Web 表单
服务器·前端·javascript·json·对象·表单
东华果汁哥1 小时前
【linux 免密登录】快速设置kafka01、kafka02、kafka03 三台机器免密登录
linux·运维·服务器
咖喱鱼蛋2 小时前
Ubuntu安装Electron环境
linux·ubuntu·electron
ac.char2 小时前
在 Ubuntu 系统上安装 npm 环境以及 nvm(Node Version Manager)
linux·ubuntu·npm