Linux 系统安全相关
程序员文章站
2022-08-08 18:19:03
本篇关于 Linux 的一些安全知识,主要就是与账号相关的安全。 ......
本篇关于linux的一些安全知识,主要就是与账号相关的安全。
账户文件锁定
当服务器中的用户账号已经固定,不在进行更改,可锁定账户文件。锁定后,无法添加、删除账号,也无法更改密码等。
- 锁定账户文件
chattr +i /etc/passwd /etc/shadow
- 解锁账户文件
chattr -i /etc/passwd /etc/shadow
- 查看账户文件是否锁定
lsattr /etc/passwd /etc/shadow
demo:
1.查看允许登录的账户。
[root@localhost ~]# grep "/bin/bash$" /etc/passwd root:x:0:0:root:/root:/bin/bash
2.添加一个名为zhangsan用户。
[root@localhost ~]# useradd zhangsan && echo "000000" | passwd --stdin zhangsan changing password for user zhangsan. passwd: all authentication tokens updated successfully. [root@localhost ~]# grep "/bin/bash$" /etc/passwd root:x:0:0:root:/root:/bin/bash zhangsan:x:1000:1000::/home/zhangsan:/bin/bash
3.锁定账号文件。
[root@localhost ~]# lsattr /etc/passwd /etc/shadow ---------------- /etc/passwd ---------------- /etc/shadow [root@localhost ~]# chattr +i /etc/passwd /etc/shadow [root@localhost ~]# lsattr /etc/passwd /etc/shadow ----i----------- /etc/passwd ----i----------- /etc/shadow
4.尝试添加名为lisi的用户,添加失败。
[root@localhost ~]# useradd lisi && echo "000000" | passwd --stdin lisi useradd: cannot open /etc/passwd [root@localhost ~]# grep "/bin/bash$" /etc/passwd root:x:0:0:root:/root:/bin/bash zhangsan:x:1000:1000::/home/zhangsan:/bin/bash
5.解锁账号文件。
[root@localhost ~]# lsattr /etc/passwd /etc/shadow ----i----------- /etc/passwd ----i----------- /etc/shadow [root@localhost ~]# chattr -i /etc/passwd /etc/shadow [root@localhost ~]# lsattr /etc/passwd /etc/shadow ---------------- /etc/passwd ---------------- /etc/shadow
6.尝试添加名为lisi的用户,添加成功。
[root@localhost ~]# useradd lisi && echo "000000" | passwd --stdin lisi changing password for user lisi. passwd: all authentication tokens updated successfully. [root@localhost ~]# grep "/bin/bash$" /etc/passwd root:x:0:0:root:/root:/bin/bash zhangsan:x:1000:1000::/home/zhangsan:/bin/bash lisi:x:1001:1001::/home/lisi:/bin/bash
密码有效期
为了避免用户长时间使用同一个密码,管理员可以设置密码有效期。密码过期后,只有重新设置密码,否则无法登录。
- 对于新建的用户,修改配置文件
# vi /etc/login.defs pass_max_days 99999
- 对于已有的用户,使用
chage命令修改密码时限
chage -m 30 lisi
- 强制用户下次登陆必须更改密码
chage -d 0 zhangsan
demo:
1.查看/etc/shadow发现用户密码有效期为99999天。
[root@localhost ~]# cat /etc/shadow root:$6$4/ne8o5v38hia2jr$6scla1hllj8fpxqymtfof5t4nmh1gjedq31afor4wapypbqwlbzqkkpkuubwoqgwa1gsuhw.1ltg59tyfrwvc/::0:99999:7::: bin:*:17110:0:99999:7::: daemon:*:17110:0:99999:7::: adm:*:17110:0:99999:7::: lp:*:17110:0:99999:7::: sync:*:17110:0:99999:7::: shutdown:*:17110:0:99999:7::: halt:*:17110:0:99999:7::: mail:*:17110:0:99999:7::: operator:*:17110:0:99999:7::: games:*:17110:0:99999:7::: ftp:*:17110:0:99999:7::: nobody:*:17110:0:99999:7::: systemd-network:!!:18124:::::: dbus:!!:18124:::::: polkitd:!!:18124:::::: postfix:!!:18124:::::: sshd:!!:18124:::::: chrony:!!:18124:::::: zhangsan:$6$mwtxl8jt$refwo.uoamokmxczvgijtowchtdywrbw1g.drbefrwukycavfebyrn7eohvxonsvzctqj.ov3c1slavguvik9.:18136:0:99999:7::: lisi:$6$vlsvfmko$annveb1wwspxnd.4qerik1ilrw80ji7qqosbn9rgtga9di5qfyh5zwe3sutlyshadukch9vdz55dzghdu4c.k.:18136:0:99999:7:::
2.修改/etc/login.defs配置文件,更改最大有效期为30天。
[root@localhost ~]# vim /etc/login.defs # pass_max_days 99999 pass_max_days 30
3.新创建wangwu用户,并查看密码有效期为30天。
[root@localhost ~]# useradd wangwu && echo "000000" | passwd --stdin wangwu changing password for user wangwu. passwd: all authentication tokens updated successfully. [root@localhost ~]# cat /etc/shadow | grep wangwu wangwu:$6$qtt8ruad$pbgmjlgjo6.bp4ypqwn60otyzyplomxtjoubj0ayebajzg/opw4ci6lzg5/rtbjw/yj7qbjamuefbkll9xtg8/:18136:0:30:7:::
4.更改已存在的用户lisi密码有效期为30天。
[root@localhost ~]# chage -m 30 lisi [root@localhost ~]# cat /etc/shadow | grep lisi lisi:$6$vlsvfmko$annveb1wwspxnd.4qerik1ilrw80ji7qqosbn9rgtga9di5qfyh5zwe3sutlyshadukch9vdz55dzghdu4c.k.:18136:0:30:7:::
5.强制zhangsan用户下次登录必须修改密码。
[root@localhost ~]# chage -d 0 zhangsan [root@localhost ~]# cat /etc/shadow | grep zhangsan zhangsan:$6$mwtxl8jt$refwo.uoamokmxczvgijtowchtdywrbw1g.drbefrwukycavfebyrn7eohvxonsvzctqj.ov3c1slavguvik9.:0:0:99999:7:::
6.使用zhangsan用户登录发现必须要修改密码,注意密码复杂性要求,示例密码:asdf1928。
login as: zhangsan zhangsan@192.168.128.133's password:
you are required to change your password immediately (root enforced) warning: your password has expired. you must change your password now and login again! changing password for user zhangsan. changing password for zhangsan. (current) unix password: new password: retype new password: passwd: all authentication tokens updated successfully.
history 命令历史
命令历史记录在带来便利的同时,也存在着潜在的风险,比如曾经输入的明文密码等。
- 对所有用户生效,修改系统环境变量,可修改能查看最近历史记录的条数。
# vi /etc/profile histsize=1000
-
~/.bash_logout在用户注销时会自动执行,可实现自动清除命令记录,下次登录将无法查看以前的命令记录。
# vi ~/.bash_logout history -c clear
demo:
1.查看命令历史记录。
[root@localhost ~]# history
1 grep "/bin/bash$" /etc/passwd
2 useradd zhangsan && echo "000000" | passwd --stdin zhangsan
3 grep "/bin/bash$" /etc/passwd
4 lsattr /etc/passwd /etc/shadow
5 chattr +i /etc/passwd /etc/shadow
6 lsattr /etc/passwd /etc/shadow
7 useradd lisi && echo "000000" | passwd --stdin lisi
8 grep "/bin/bash$" /etc/passwd
9 lsattr /etc/passwd /etc/shadow
10 chattr -i /etc/passwd /etc/shadow
11 lsattr /etc/passwd /etc/shadow
12 useradd lisi && echo "000000" | passwd --stdin lisi
13 grep "/bin/bash$" /etc/passwd
14 cat /etc/shadow
15 yum install vim -y
16 vim /etc/login.defs
17 useradd wangwu && echo "000000" | passwd --stdin wangwu
18 cat /etc/shadow | grep wangwu
19 chage -m 30 lisi
20 cat /etc/shadow | grep lisi
21 chage -d 0 zhangsan
22 cat /etc/shadow | grep zhangsan
23 history
2.修改配置文件记录的历史为20条,并立即生效。
[root@localhost ~]# vim /etc/profile #histsize=1000 histsize=20 [root@localhost ~]# source /etc/profile
3.再次查看命令历史记录。
[root@localhost ~]# history
6 useradd lisi && echo "000000" | passwd --stdin lisi
7 grep "/bin/bash$" /etc/passwd
8 lsattr /etc/passwd /etc/shadow
9 chattr -i /etc/passwd /etc/shadow
10 lsattr /etc/passwd /etc/shadow
11 useradd lisi && echo "000000" | passwd --stdin lisi
12 grep "/bin/bash$" /etc/passwd
13 cat /etc/shadow
14 yum install vim -y
15 vim /etc/login.defs
16 useradd wangwu && echo "000000" | passwd --stdin wangwu
17 cat /etc/shadow | grep wangwu
18 chage -m 30 lisi
19 cat /etc/shadow | grep lisi
20 chage -d 0 zhangsan
21 cat /etc/shadow | grep zhangsan
22 history
23 vim /etc/profile
24 source /etc/profile
25 history
4.配置注销时自动清除历史记录,并注销登录。
[root@localhost ~]# vim ~/.bash_logout # ~/.bash_logout history -c clear [root@localhost ~]# logout
5.再次登录,无法查看以前的命令历史记录。
[root@localhost ~]# history
1 history
tmout 自动注销
bash终端环境中,可以设置一个闲置超时时间,当超过指定时间没有执行任何命令时,将自动注销终端。
- 添加系统环境变量
tmout,对所有用户生效
# vi /etc/profile export tmout=600
demo:
1.添加tmout系统环境变量。
[root@localhost ~]# vim /etc/profile export tmout=600
2.设置生效,并查看是否生效。
[root@localhost ~]# echo $tmout [root@localhost ~]# source /etc/profile [root@localhost ~]# echo $tmout 600
3.执行一些长时间的操作时,应使用unset取消超时。
[root@localhost ~]# unset tmout [root@localhost ~]# echo $tmout
su 用户安全切换
一般linux系统不建议直接使用root用户直接登录,但在必要时可以使用su命令用来切换用户。默认情况下,所有用户都可以使用su命令,这样必然会带来安全风险。所以需要对su的使用做控制。
su - root
-:等同于--login或-l,表示切换用户后进入目标用户的登录shell环境。
- 开启
pam_wheel认证,配置文件/etc/pam.d/su,去掉pam_wheel条目开头注释。
auth required pam_wheel.so use_uid
demo:
1.正常情况下zhangsan用户可以切换root用户。
[zhangsan@localhost ~]$ su - root password: last login: wed aug 28 13:33:12 cst 2019 from 192.168.128.1 on pts/0 [root@localhost ~]#
2.修改/etc/pam.d/su认证配置,去掉开头#注释,以启用pam_wheel认证。
[root@localhost ~]# vim /etc/pam.d/su auth required pam_wheel.so use_uid
3.查看wheel组,其中没有已添加的用户。(只有在wheel组中的用户可以正常切换root用户)
[root@localhost ~]# grep "^wheel" /etc/group wheel:x:10:
4.再次尝试切换root用户,权限拒绝。
[zhangsan@localhost ~]$ su - root password: su: permission denied
5.将zhangsan加入wheel组。
[root@localhost ~]# gpasswd -a zhangsan wheel adding user zhangsan to group wheel [root@localhost ~]# grep "^wheel" /etc/group wheel:x:10:zhangsan
6.再次尝试切换root用户,成功切换。
[zhangsan@localhost ~]$ su - root password: last login: wed aug 28 13:52:17 cst 2019 on pts/1 last failed login: wed aug 28 14:01:26 cst 2019 on pts/1 there was 1 failed login attempt since the last successful login.
sudo 用户提权
通过su可以切换root用户,但是必须要知道密码。若是给普通用户一部分管理权限,就可以不切换用户,必要时使用sudo提升执行权限。
- 配置文件
/etc/sudoers,可使用专门的工具visudo编辑,也可使用vi编辑器,但需要强制保存。基本配置格式如下。
user machine=commands
user:授权的用户名,或%组名,表示组内所有用户。machine:使用此配置文件的主机名称,一般设为localhost或者实际主机名。commands:允许授权用户通过sudo执行的特权命令,需要命令的完整路径,多个以,分隔。
- 集中定义别名:
user_alias、host_alias、cmnd_alias,别名必须大写。
例子:允许用户jerry、tom、kcce在主机smtp、pop中执行rpm、yum命令。
user_alias operators=jerry,tom,kcce host_alias mailsvrs=smtp,pop cmnd_alias pkgtools=/bin/rpm,/usr/bin/yum operators mailsvrs=pkgtools
- 通配符
*、取反符号!,一般授权某个目录下所有命令,但取消其中个别命令时使用。
zhangsan localhost=/sbin/*,!/sbin/ifconfig,!/sbin/route
- 启用日志,配置文件添加以下参数。
defaults logfile="/var/log/sudo"
demo:
1.已有普通用户lisi、现有网卡配置。
[root@localhost ~]# id lisi uid=1001(lisi) gid=1001(lisi) groups=1001(lisi)
[root@localhost ~]# ifconfig ens33
ens33: flags=4163<up,broadcast,running,multicast> mtu 1500
inet 192.168.128.133 netmask 255.255.255.0 broadcast 192.168.128.255
inet6 fe80::7d96:e043:e371:4943 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:5b:e0:09 txqueuelen 1000 (ethernet)
rx packets 32045 bytes 36669743 (34.9 mib)
rx errors 0 dropped 0 overruns 0 frame 0
tx packets 13480 bytes 1129005 (1.0 mib)
tx errors 0 dropped 0 overruns 0 carrier 0 collisions 0
2.使用lisi尝试修改网卡地址,无法修改。
[lisi@localhost ~]$ ifconfig ens33 192.168.128.188
siocsifaddr: operation not permitted
siocsifflags: operation not permitted
[lisi@localhost ~]$ sudo ifconfig ens33 192.168.128.188
we trust you have received the usual lecture from the local system
administrator. it usually boils down to these three things:
#1) respect the privacy of others.
#2) think before you type.
#3) with great power comes great responsibility.
[sudo] password for lisi:
lisi is not in the sudoers file. this incident will be reported.
[lisi@localhost ~]$ ifconfig ens33
ens33: flags=4163<up,broadcast,running,multicast> mtu 1500
inet 192.168.128.133 netmask 255.255.255.0 broadcast 192.168.128.255
inet6 fe80::7d96:e043:e371:4943 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:5b:e0:09 txqueuelen 1000 (ethernet)
rx packets 32410 bytes 36735375 (35.0 mib)
rx errors 0 dropped 0 overruns 0 frame 0
tx packets 13598 bytes 1141821 (1.0 mib)
tx errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3.使用root用户编辑/etc/sudoers,给lisi添加授权。
[root@localhost ~]# visudo lisi localhost=/sbin/ifconfig
4.使用lisi用户再次尝试修改地址,成功修改。
[lisi@localhost ~]$ sudo ifconfig ens33 192.168.128.188 [sudo] password for lisi:
[lisi@localhost ~]$ ifconfig ens33
ens33: flags=4163<up,broadcast,running,multicast> mtu 1500
inet 192.168.128.188 netmask 255.255.255.0 broadcast 192.168.128.255
inet6 fe80::7d96:e043:e371:4943 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:5b:e0:09 txqueuelen 1000 (ethernet)
rx packets 33575 bytes 36955964 (35.2 mib)
rx errors 0 dropped 0 overruns 0 frame 0
tx packets 13975 bytes 1187393 (1.1 mib)
tx errors 0 dropped 0 overruns 0 carrier 0 collisions 0
5.使用sudo -l可以查看自己的sudo配置。
[lisi@localhost ~]$ sudo -l
[sudo] password for lisi:
matching defaults entries for lisi on localhost:
!visiblepw, always_set_home, match_group_by_gid, env_reset, env_keep="colors display hostname histsize kdedir ls_colors", env_keep+="mail ps1 ps2 qtdir username
lang lc_address lc_ctype", env_keep+="lc_collate lc_identification lc_measurement lc_messages", env_keep+="lc_monetary lc_name lc_numeric lc_paper lc_telephone",
env_keep+="lc_time lc_all language linguas _xkb_charset xauthority", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
user lisi may run the following commands on localhost:
(root) /sbin/ifconfig
grub 密码
默认情况下,centos 7启动时,是可以随意进入grub菜单修改引导参数的,为了安全,可以对其设置密码,只有拥有相应的用户与密码才可以进入。
demo:
1.备份需要修改的grub配置文件。
[root@localhost ~]# cp -p /boot/grub2/grub.cfg /boot/grub2/grub.cfg.bak [root@localhost ~]# cp -p /etc/grub.d/00_header /etc/grub.d/00_header.bak
2.创建一个grub密码备用。
[root@localhost ~]# grub2-mkpasswd-pbkdf2 enter password: reenter password: pbkdf2 hash of your password is grub.pbkdf2.sha512.10000.017517df1145ef0a839edb3e53a8d3e598d8e8477afdc778de66a97966f486b7c6017910c5bf1fac9882f84e1f8697b56ab5e833480d616a7b28d4ba9f6c5b38.6c0516b81fdff2382b3aa0fb700fa7fd716df8b83eba727349c36beb9498201b795714429aa09641005c6a176324d16eb7fe63088d393fe1695269e34d20a3f3
3.修改/etc/grub.d/00_header,加入用户与对应的密码。
[root@localhost ~]# vim /etc/grub.d/00_header cat << eof set superusers="root" password_pbkdf2 root grub.pbkdf2.sha512.10000.017517df1145ef0a839edb3e53a8d3e598d8e8477afdc778de66a97966f486b7c6017910c5bf1fac9882f84e1f8697b56ab5e833480d616a7b28d4ba9f6c5b38.6c0516b81fdff2382b3aa0fb700fa7fd716df8b83eba727349c36beb9498201b795714429aa09641005c6a176324d16eb7fe63088d393fe1695269e34d20a3f3 eof
4.重新创建grub配置文件。
[root@localhost ~]# grub2-mkconfig -o /boot/grub2/grub.cfg generating grub configuration file ... found linux image: /boot/vmlinuz-3.10.0-693.el7.x86_64 found initrd image: /boot/initramfs-3.10.0-693.el7.x86_64.img found linux image: /boot/vmlinuz-0-rescue-ba010ae4b2944c52b216ec6259f230c0 found initrd image: /boot/initramfs-0-rescue-ba010ae4b2944c52b216ec6259f230c0.img done
5.重启验证。
[root@localhost ~]# reboot
6.验证结果。
(1)使用上下取消读秒,按下e默认进入3,可以随意修改引导参数,不需要密码。
(2)加入密码后,需要输入用户名、密码才可以进入3。
(3)引导参数相关。
弱口令检测
使用弱密码会增加安全风险,而管理员可以使用john the ripper这款开源工具,可以分析弱密码,以便采取相应的安全措施。
demo:
1.安装编译器环境。
[root@localhost ~]# yum install gcc gcc-c++ -y
2.源代码编译安装。
[root@localhost ~]# tar zxvf john-1.8.0.tar.gz -c ~
[root@localhost ~]# ll total 5328 -rw-------. 1 root root 1241 aug 16 17:16 anaconda-ks.cfg drwxr-xr-x. 5 root root 53 aug 28 15:33 john-1.8.0 -rw-r--r--. 1 root root 5450412 aug 28 15:31 john-1.8.0.tar.gz
[root@localhost ~]# cd ~/john-1.8.0/src/ [root@localhost src]# ls afs_fmt.c bf_fmt.c compiler.c des_bs.c formats.c john.asm logger.c memory.c os.h ppc64.h signals.c times.h wordlist.h alpha.h bf_std.c compiler.h des_bs.h formats.h john.c logger.h memory.h params.c recovery.c signals.h trip_fmt.c x86-64.h alpha.s bf_std.h config.c des_fmt.c getopt.c john.com makefile mips32.h params.h recovery.h single.c tty.c x86-64.s batch.c bsdi_fmt.c config.h des_std.c getopt.h john.h makefile.dep mips64.h pa-risc.h rpp.c single.h tty.h x86-any.h batch.h c3_fmt.c cracker.c des_std.h ia64.h list.c math.c misc.c path.c rpp.h sparc32.h unafs.c x86-mmx.h bench.c charset.c cracker.h detect.c idle.c list.h math.h misc.h path.h rules.c sparc64.h unique.c x86-mmx.s bench.h charset.h crc32.c dummy.c idle.h lm_fmt.c md5_fmt.c nonstd.c ppc32alt.h rules.h status.c unshadow.c x86.s best.c common.c crc32.h external.c inc.c loader.c md5_std.c options.c ppc32.h sboxes.c status.h vax.h x86-sse.h best.sh common.h des_bs_b.c external.h inc.h loader.h md5_std.h options.h ppc64alt.h sboxes-s.c symlink.c wordlist.c x86-sse.s
[root@localhost src]# make linux-x86-64
ln -sf x86-64.h arch.h
make ../run/john ../run/unshadow ../run/unafs ../run/unique \
john_objs="des_fmt.o des_std.o des_bs.o des_bs_b.o bsdi_fmt.o md5_fmt.o md5_std.o bf_fmt.o bf_std.o afs_fmt.o lm_fmt.o trip_fmt.o dummy.o batch.o bench.o charset.o common.o compiler.o config.o cracker.o crc32.o external.o formats.o getopt.o idle.o inc.o john.o list.o loader.o logger.o math.o memory.o misc.o options.o params.o path.o recovery.o rpp.o rules.o signals.o single.o status.o tty.o wordlist.o unshadow.o unafs.o unique.o c3_fmt.o x86-64.o" \
cflags="-c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt" \
ldflags="-s -lcrypt"
make[1]: entering directory `/root/john-1.8.0/src'
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops des_fmt.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops des_std.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops des_bs.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -os -funroll-loops -finline-functions des_bs_b.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops bsdi_fmt.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops md5_fmt.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops md5_std.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops bf_fmt.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops bf_std.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops afs_fmt.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops lm_fmt.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops trip_fmt.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops dummy.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops batch.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops bench.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops charset.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops common.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops compiler.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops config.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops cracker.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops crc32.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops external.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops formats.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops getopt.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops idle.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops inc.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops john.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops list.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops loader.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops logger.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops math.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops memory.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops misc.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops options.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops params.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops path.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops recovery.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops rpp.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops rules.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops signals.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops single.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops status.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops tty.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops wordlist.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops unshadow.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops unafs.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops unique.c
gcc -c -wall -wdeclaration-after-statement -o2 -fomit-frame-pointer -dhave_crypt -funroll-loops c3_fmt.c
gcc -c x86-64.s
gcc des_fmt.o des_std.o des_bs.o des_bs_b.o bsdi_fmt.o md5_fmt.o md5_std.o bf_fmt.o bf_std.o afs_fmt.o lm_fmt.o trip_fmt.o dummy.o batch.o bench.o charset.o common.o compiler.o config.o cracker.o crc32.o external.o formats.o getopt.o idle.o inc.o john.o list.o loader.o logger.o math.o memory.o misc.o options.o params.o path.o recovery.o rpp.o rules.o signals.o single.o status.o tty.o wordlist.o unshadow.o unafs.o unique.o c3_fmt.o x86-64.o -s -lcrypt -o ../run/john
rm -f ../run/unshadow
ln -s john ../run/unshadow
rm -f ../run/unafs
ln -s john ../run/unafs
rm -f ../run/unique
ln -s john ../run/unique
make[1]: leaving directory `/root/john-1.8.0/src'
3.运行脚本,分析账户、密码文件,只有zhangsan用户的密码强度足够,没有分析出来。
[root@localhost src]# cd ~/john-1.8.0/run/ [root@localhost run]# ls ascii.chr digits.chr john john.conf lm_ascii.chr mailer makechr password.lst relbench unafs unique unshadow [root@localhost run]# ./john /etc/passwd /etc/shadow loaded 4 password hashes with 4 different salts (crypt, generic crypt(3) [?/64]) press 'q' or ctrl-c to abort, almost any other key for status 000000 (root) 000000 (lisi) 000000 (wangwu) 3g 0:00:09:38 90% 2/3 0.005184g/s 272.3p/s 278.2c/s 278.2c/s christmased..freemaned use the "--show" option to display all of the cracked passwords reliably session aborted
nmap 端口扫描
定期的端口扫描,可以找出网络中不可控的应用服务,及时关闭不安全的服务,减小安全风险。
- nmap [扫描类型] [选项] 扫描目标>
常用的扫描类型:
-ss:tcp syn扫描(半开扫描):只向目标发出syn数据包,如果收到syn/ack响应包就认为目标端口正在监听,并立即断开连接;否则认为目标端口并未开放。-st:tcp连接扫描:这是完整的tcp扫描方式,用来建立一个tcp连接,如果成功则认为目标端口正在监听服务,否则认为目标端口并未开放。-sf:tcp fin扫描:开放的端口会忽略这种数据包,关闭的端口会回应rst数据包。许多防火墙只对syn数据包进行简单过滤,而忽略了其他形式的tcp攻击包。这种类型的扫描可间接检测防火墙的健壮性。-su:udp扫描:探测目标主机提供哪些udp服务,udp扫描的速度会比较慢。-sp:icmp扫描:类似于ping检测,快速判断目标主机是否存活,不做其他扫描。-p0:跳过ping检测:这种方式认为所有目标主机时存活的,当对方不响应icmp请求时,使用这种方式可以避免无法ping通而放弃扫描。
常用的选项:
-p:指定扫描的端口-n:禁用反向dns解析,加快扫描速度
demo:
1.扫描本机开放了哪些tcp端口。
[root@localhost ~]# nmap -st 127.0.0.1 starting nmap 6.40 ( http://nmap.org ) at 2019-08-28 15:58 cst nmap scan report for localhost (127.0.0.1) host is up (0.0011s latency). not shown: 998 closed ports port state service 22/tcp open ssh 25/tcp open smtp nmap done: 1 ip address (1 host up) scanned in 0.09 seconds
2.扫描本机开放了哪些udp端口。
[root@localhost ~]# nmap -su 127.0.0.1 starting nmap 6.40 ( http://nmap.org ) at 2019-08-28 16:01 cst nmap scan report for localhost (127.0.0.1) host is up (0.00011s latency). not shown: 999 closed ports port state service 68/udp open|filtered dhcpc nmap done: 1 ip address (1 host up) scanned in 48.02 seconds
3.扫描网段中的哪些主机在线。
[root@localhost ~]# nmap -sp 192.168.128.0/24 starting nmap 6.40 ( http://nmap.org ) at 2019-08-28 16:03 cst nmap scan report for 192.168.128.1 host is up (0.000074s latency). mac address: 00:50:56:c0:00:08 (vmware) nmap scan report for 192.168.128.2 host is up (0.00017s latency). mac address: 00:50:56:e0:8f:d1 (vmware) nmap scan report for 192.168.128.132 host is up (0.00024s latency). mac address: 00:0c:29:bc:ab:96 (vmware) nmap scan report for 192.168.128.254 host is up (0.00029s latency). mac address: 00:50:56:e7:ac:de (vmware) nmap scan report for 192.168.128.133 host is up. nmap done: 256 ip addresses (5 hosts up) scanned in 4.16 seconds
4.扫描某主机开启了哪些tcp端口。
[root@localhost ~]# nmap -st 192.168.128.132 starting nmap 6.40 ( http://nmap.org ) at 2019-08-28 16:07 cst nmap scan report for 192.168.128.132 host is up (0.68s latency). not shown: 999 filtered ports port state service 22/tcp open ssh mac address: 00:0c:29:bc:ab:96 (vmware) nmap done: 1 ip address (1 host up) scanned in 58.14 seconds
上一篇: 方便面怎么煮好吃,再不知道就晚了!