Linux 系统安全相关 - Go语言中文社区

Linux 系统安全相关

CentOS-Logo

本篇关于Linux的一些安全知识,主要就是与账号相关的安全。

账户文件锁定

当服务器中的用户账号已经固定,不在进行更改,可锁定账户文件。锁定后,无法添加、删除账号,也无法更改密码等。

  • 锁定账户文件
chattr +i /etc/passwd /etc/shadow
  • 解锁账户文件
chattr -i /etc/passwd /etc/shadow
  • 查看账户文件是否锁定
lsattr /etc/passwd /etc/shadow

Demo

1.查看允许登录的账户。

[root@localhost ~]# grep "/bin/bash$" /etc/passwd
root:x:0:0:root:/root:/bin/bash

2.添加一个名为zhangsan用户。

[root@localhost ~]# useradd zhangsan && echo "000000" | passwd --stdin zhangsan
Changing password for user zhangsan.
passwd: all authentication tokens updated successfully.
[root@localhost ~]# grep "/bin/bash$" /etc/passwd
root:x:0:0:root:/root:/bin/bash
zhangsan:x:1000:1000::/home/zhangsan:/bin/bash

3.锁定账号文件。

[root@localhost ~]# lsattr /etc/passwd /etc/shadow
---------------- /etc/passwd
---------------- /etc/shadow
[root@localhost ~]# chattr +i /etc/passwd /etc/shadow
[root@localhost ~]# lsattr /etc/passwd /etc/shadow
----i----------- /etc/passwd
----i----------- /etc/shadow

4.尝试添加名为lisi的用户,添加失败。

[root@localhost ~]# useradd lisi && echo "000000" | passwd --stdin lisi
useradd: cannot open /etc/passwd
[root@localhost ~]# grep "/bin/bash$" /etc/passwd
root:x:0:0:root:/root:/bin/bash
zhangsan:x:1000:1000::/home/zhangsan:/bin/bash

5.解锁账号文件。

[root@localhost ~]# lsattr /etc/passwd /etc/shadow
----i----------- /etc/passwd
----i----------- /etc/shadow
[root@localhost ~]# chattr -i /etc/passwd /etc/shadow
[root@localhost ~]# lsattr /etc/passwd /etc/shadow
---------------- /etc/passwd
---------------- /etc/shadow

6.尝试添加名为lisi的用户,添加成功。

[root@localhost ~]# useradd lisi && echo "000000" | passwd --stdin lisi
Changing password for user lisi.
passwd: all authentication tokens updated successfully.
[root@localhost ~]# grep "/bin/bash$" /etc/passwd
root:x:0:0:root:/root:/bin/bash
zhangsan:x:1000:1000::/home/zhangsan:/bin/bash
lisi:x:1001:1001::/home/lisi:/bin/bash

密码有效期

为了避免用户长时间使用同一个密码,管理员可以设置密码有效期。密码过期后,只有重新设置密码,否则无法登录。

  • 对于新建的用户,修改配置文件
# vi /etc/login.defs
PASS_MAX_DAYS   99999
  • 对于已有的用户,使用chage命令修改密码时限
chage -M 30 lisi
  • 强制用户下次登陆必须更改密码
chage -d 0 zhangsan

Demo

1.查看/etc/shadow发现用户密码有效期为99999天。

[root@localhost ~]# cat /etc/shadow
root:$6$4/ne8o5V38hiA2jr$6SclA1hllj8FPXqyMtfof5T4NMH1gJeDQ31AfoR4wapYPBQWlbZQKKPkuUBWoqgwA1GsuHW.1lTg59tyfrwvC/::0:99999:7:::
bin:*:17110:0:99999:7:::
daemon:*:17110:0:99999:7:::
adm:*:17110:0:99999:7:::
lp:*:17110:0:99999:7:::
sync:*:17110:0:99999:7:::
shutdown:*:17110:0:99999:7:::
halt:*:17110:0:99999:7:::
mail:*:17110:0:99999:7:::
operator:*:17110:0:99999:7:::
games:*:17110:0:99999:7:::
ftp:*:17110:0:99999:7:::
nobody:*:17110:0:99999:7:::
systemd-network:!!:18124::::::
dbus:!!:18124::::::
polkitd:!!:18124::::::
postfix:!!:18124::::::
sshd:!!:18124::::::
chrony:!!:18124::::::
zhangsan:$6$MWTXL8Jt$rEFwO.UoAmoKmxczVgiJtOWCHtdYwRbW1G.drbEFrWuKYCAvfEByRN7eohVxonsVZCtqJ.oV3c1sLaVGUVIk9.:18136:0:99999:7:::
lisi:$6$VLsvfMkO$aNnVeB1wWspXnD.4QErik1iLRw80jI7qqosbn9RgtGA9di5QFYh5ZWe3sUtLyshADukCH9vdZ55DZghDu4c.K.:18136:0:99999:7:::

2.修改/etc/login.defs配置文件,更改最大有效期为30天。

[root@localhost ~]# vim /etc/login.defs
# PASS_MAX_DAYS   99999
PASS_MAX_DAYS   30

3.新创建wangwu用户,并查看密码有效期为30天。

[root@localhost ~]# useradd wangwu && echo "000000" | passwd --stdin wangwu
Changing password for user wangwu.
passwd: all authentication tokens updated successfully.
[root@localhost ~]# cat /etc/shadow | grep wangwu
wangwu:$6$qTt8ruAd$PbgMJlgjO6.Bp4YpQwN60oTyZyPloMxTjOUBJ0aYEBAjzg/opw4Ci6LZG5/RtBJW/YJ7QbJaMUEFbkLl9XTG8/:18136:0:30:7:::

4.更改已存在的用户lisi密码有效期为30天。

[root@localhost ~]# chage -M 30 lisi
[root@localhost ~]# cat /etc/shadow | grep lisi
lisi:$6$VLsvfMkO$aNnVeB1wWspXnD.4QErik1iLRw80jI7qqosbn9RgtGA9di5QFYh5ZWe3sUtLyshADukCH9vdZ55DZghDu4c.K.:18136:0:30:7:::

5.强制zhangsan用户下次登录必须修改密码。

[root@localhost ~]# chage -d 0 zhangsan
[root@localhost ~]# cat /etc/shadow | grep zhangsan
zhangsan:$6$MWTXL8Jt$rEFwO.UoAmoKmxczVgiJtOWCHtdYwRbW1G.drbEFrWuKYCAvfEByRN7eohVxonsVZCtqJ.oV3c1sLaVGUVIk9.:0:0:99999:7:::

6.使用zhangsan用户登录发现必须要修改密码,注意密码复杂性要求,示例密码:asdf1928

login as: zhangsan
zhangsan@192.168.128.133's password:
You are required to change your password immediately (root enforced)
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user zhangsan.
Changing password for zhangsan.
(current) UNIX password:
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

history 命令历史

命令历史记录在带来便利的同时,也存在着潜在的风险,比如曾经输入的明文密码等。

  • 对所有用户生效,修改系统环境变量,可修改能查看最近历史记录的条数。
# vi /etc/profile
HISTSIZE=1000
  • ~/.bash_logout在用户注销时会自动执行,可实现自动清除命令记录,下次登录将无法查看以前的命令记录。
# vi ~/.bash_logout
history -c
clear

Demo

1.查看命令历史记录。

[root@localhost ~]# history
    1  grep "/bin/bash$" /etc/passwd
    2  useradd zhangsan && echo "000000" | passwd --stdin zhangsan
    3  grep "/bin/bash$" /etc/passwd
    4  lsattr /etc/passwd /etc/shadow
    5  chattr +i /etc/passwd /etc/shadow
    6  lsattr /etc/passwd /etc/shadow
    7  useradd lisi && echo "000000" | passwd --stdin lisi
    8  grep "/bin/bash$" /etc/passwd
    9  lsattr /etc/passwd /etc/shadow
   10  chattr -i /etc/passwd /etc/shadow
   11  lsattr /etc/passwd /etc/shadow
   12  useradd lisi && echo "000000" | passwd --stdin lisi
   13  grep "/bin/bash$" /etc/passwd
   14  cat /etc/shadow
   15  yum install vim -y
   16  vim /etc/login.defs
   17  useradd wangwu && echo "000000" | passwd --stdin wangwu
   18  cat /etc/shadow | grep wangwu
   19  chage -M 30 lisi
   20  cat /etc/shadow | grep lisi
   21  chage -d 0 zhangsan
   22  cat /etc/shadow | grep zhangsan
   23  history

2.修改配置文件记录的历史为20条,并立即生效。

[root@localhost ~]# vim /etc/profile
#HISTSIZE=1000
HISTSIZE=20
[root@localhost ~]# source /etc/profile

3.再次查看命令历史记录。

[root@localhost ~]# history
    6  useradd lisi && echo "000000" | passwd --stdin lisi
    7  grep "/bin/bash$" /etc/passwd
    8  lsattr /etc/passwd /etc/shadow
    9  chattr -i /etc/passwd /etc/shadow
   10  lsattr /etc/passwd /etc/shadow
   11  useradd lisi && echo "000000" | passwd --stdin lisi
   12  grep "/bin/bash$" /etc/passwd
   13  cat /etc/shadow
   14  yum install vim -y
   15  vim /etc/login.defs
   16  useradd wangwu && echo "000000" | passwd --stdin wangwu
   17  cat /etc/shadow | grep wangwu
   18  chage -M 30 lisi
   19  cat /etc/shadow | grep lisi
   20  chage -d 0 zhangsan
   21  cat /etc/shadow | grep zhangsan
   22  history
   23  vim /etc/profile
   24  source /etc/profile
   25  history

4.配置注销时自动清除历史记录,并注销登录。

[root@localhost ~]# vim ~/.bash_logout
# ~/.bash_logout
history -c
clear
[root@localhost ~]# logout

5.再次登录,无法查看以前的命令历史记录。

[root@localhost ~]# history
    1  history

TMOUT 自动注销

BASH终端环境中,可以设置一个闲置超时时间,当超过指定时间没有执行任何命令时,将自动注销终端。

  • 添加系统环境变量TMOUT,对所有用户生效
# vi /etc/profile
export TMOUT=600

Demo

1.添加TMOUT系统环境变量。

[root@localhost ~]# vim /etc/profile
export TMOUT=600

2.设置生效,并查看是否生效。

[root@localhost ~]# echo $TMOUT

[root@localhost ~]# source /etc/profile
[root@localhost ~]# echo $TMOUT
600

3.执行一些长时间的操作时,应使用unset取消超时。

[root@localhost ~]# unset TMOUT
[root@localhost ~]# echo $TMOUT

su 用户安全切换

一般Linux系统不建议直接使用root用户直接登录,但在必要时可以使用su命令用来切换用户。默认情况下,所有用户都可以使用su命令,这样必然会带来安全风险。所以需要对su的使用做控制。

  • su - root

-:等同于--login-l,表示切换用户后进入目标用户的登录shell环境。

  • 开启pam_wheel认证,配置文件/etc/pam.d/su,去掉pam_wheel条目开头注释。
auth            required        pam_wheel.so use_uid

Demo

1.正常情况下zhangsan用户可以切换root用户。

[zhangsan@localhost ~]$ su - root
Password:
Last login: Wed Aug 28 13:33:12 CST 2019 from 192.168.128.1 on pts/0
[root@localhost ~]#

2.修改/etc/pam.d/su认证配置,去掉开头#注释,以启用pam_wheel认证。

[root@localhost ~]# vim /etc/pam.d/su
auth            required        pam_wheel.so use_uid

3.查看wheel组,其中没有已添加的用户。(只有在wheel组中的用户可以正常切换root用户)

[root@localhost ~]# grep "^wheel" /etc/group
wheel:x:10:

4.再次尝试切换root用户,权限拒绝。

[zhangsan@localhost ~]$ su - root
Password:
su: Permission denied

5.将zhangsan加入wheel组。

[root@localhost ~]# gpasswd -a zhangsan wheel
Adding user zhangsan to group wheel
[root@localhost ~]# grep "^wheel" /etc/group
wheel:x:10:zhangsan

6.再次尝试切换root用户,成功切换。

[zhangsan@localhost ~]$ su - root
Password:
Last login: Wed Aug 28 13:52:17 CST 2019 on pts/1
Last failed login: Wed Aug 28 14:01:26 CST 2019 on pts/1
There was 1 failed login attempt since the last successful login.

sudo 用户提权

通过su可以切换root用户,但是必须要知道密码。若是给普通用户一部分管理权限,就可以不切换用户,必要时使用sudo提升执行权限。

  • 配置文件/etc/sudoers,可使用专门的工具visudo编辑,也可使用vi编辑器,但需要强制保存。基本配置格式如下。
user MACHINE=COMMANDS

user:授权的用户名,或%组名,表示组内所有用户。
MACHINE:使用此配置文件的主机名称,一般设为localhost或者实际主机名。
COMMANDS:允许授权用户通过sudo执行的特权命令,需要命令的完整路径,多个以,分隔。

  • 集中定义别名:User_AliasHost_AliasCmnd_Alias,别名必须大写。

例子:允许用户jerrytomkcce在主机smtppop中执行rpmyum命令。

User_Alias OPERATORS=jerry,tom,kcce
Host_Alias MAILSVRS=smtp,pop
Cmnd_Alias PKGTOOLS=/bin/rpm,/usr/bin/yum
OPERATORS MAILSVRS=PKGTOOLS
  • 通配符*、取反符号!,一般授权某个目录下所有命令,但取消其中个别命令时使用。
zhangsan localhost=/sbin/*,!/sbin/ifconfig,!/sbin/route
  • 启用日志,配置文件添加以下参数。
Defaults logfile="/var/log/sudo"

Demo

1.已有普通用户lisi、现有网卡配置。

[root@localhost ~]# id lisi
uid=1001(lisi) gid=1001(lisi) groups=1001(lisi)
[root@localhost ~]# ifconfig ens33
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.128.133  netmask 255.255.255.0  broadcast 192.168.128.255
        inet6 fe80::7d96:e043:e371:4943  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:5b:e0:09  txqueuelen 1000  (Ethernet)
        RX packets 32045  bytes 36669743 (34.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 13480  bytes 1129005 (1.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

2.使用lisi尝试修改网卡地址,无法修改。

[lisi@localhost ~]$ ifconfig ens33 192.168.128.188
SIOCSIFADDR: Operation not permitted
SIOCSIFFLAGS: Operation not permitted
[lisi@localhost ~]$ sudo ifconfig ens33 192.168.128.188

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for lisi:
lisi is not in the sudoers file.  This incident will be reported.
[lisi@localhost ~]$ ifconfig ens33
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.128.133  netmask 255.255.255.0  broadcast 192.168.128.255
        inet6 fe80::7d96:e043:e371:4943  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:5b:e0:09  txqueuelen 1000  (Ethernet)
        RX packets 32410  bytes 36735375 (35.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 13598  bytes 1141821 (1.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

3.使用root用户编辑/etc/sudoers,给lisi添加授权。

[root@localhost ~]# visudo
lisi localhost=/sbin/ifconfig

4.使用lisi用户再次尝试修改地址,成功修改。

[lisi@localhost ~]$ sudo ifconfig ens33 192.168.128.188
[sudo] password for lisi:
[lisi@localhost ~]$ ifconfig ens33
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.128.188  netmask 255.255.255.0  broadcast 192.168.128.255
        inet6 fe80::7d96:e043:e371:4943  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:5b:e0:09  txqueuelen 1000  (Ethernet)
        RX packets 33575  bytes 36955964 (35.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 13975  bytes 1187393 (1.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

5.使用sudo -l可以查看自己的sudo配置。

[lisi@localhost ~]$ sudo -l
[sudo] password for lisi:
Matching Defaults entries for lisi on localhost:
    !visiblepw, always_set_home, match_group_by_gid, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME
    LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",
    env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin:/bin:/usr/sbin:/usr/bin

User lisi may run the following commands on localhost:
    (root) /sbin/ifconfig

GRUB 密码

默认情况下,CentOS 7启动时,是可以随意进入GRUB菜单修改引导参数的,为了安全,可以对其设置密码,只有拥有相应的用户与密码才可以进入。

Demo

1.备份需要修改的GRUB配置文件。

[root@localhost ~]# cp -p /boot/grub2/grub.cfg /boot/grub2/grub.cfg.bak
[root@localhost ~]# cp -p /etc/grub.d/00_header /etc/grub.d/00_header.bak

2.创建一个GRUB密码备用。

[root@localhost ~]# grub2-mkpasswd-pbkdf2
Enter password:
Reenter password:
PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.017517DF1145EF0A839EDB3E53A8D3E598D8E8477AFDC778DE66A97966F486B7C6017910C5BF1FAC9882F84E1F8697B56AB5E833480D616A7B28D4BA9F6C5B38.6C0516B81FDFF2382B3AA0FB700FA7FD716DF8B83EBA727349C36BEB9498201B795714429AA09641005C6A176324D16EB7FE63088D393FE1695269E34D20A3F3

3.修改/etc/grub.d/00_header,加入用户与对应的密码。

[root@localhost ~]# vim /etc/grub.d/00_header
cat << EOF
set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000.017517DF1145EF0A839EDB3E53A8D3E598D8E8477AFDC778DE66A97966F486B7C6017910C5BF1FAC9882F84E1F8697B56AB5E833480D616A7B28D4BA9F6C5B38.6C0516B81FDFF2382B3AA0FB700FA7FD716DF8B83EBA727349C36BEB9498201B795714429AA09641005C6A176324D16EB7FE63088D393FE1695269E34D20A3F3
EOF

4.重新创建GRUB配置文件。

[root@localhost ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-693.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-693.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-ba010ae4b2944c52b216ec6259f230c0
Found initrd image: /boot/initramfs-0-rescue-ba010ae4b2944c52b216ec6259f230c0.img
done

5.重启验证。

[root@localhost ~]# reboot

6.验证结果。

(1)使用上下取消读秒,按下e默认进入3,可以随意修改引导参数,不需要密码。

GRUB1

(2)加入密码后,需要输入用户名、密码才可以进入3

GRUB2

(3)引导参数相关。

GRUB3

弱口令检测

使用弱密码会增加安全风险,而管理员可以使用john the Ripper这款开源工具,可以分析弱密码,以便采取相应的安全措施。

Demo

1.安装编译器环境。

[root@localhost ~]# yum install gcc gcc-c++ -y

2.源代码编译安装。

[root@localhost ~]# tar zxvf john-1.8.0.tar.gz -C ~
[root@localhost ~]# ll
total 5328
-rw-------. 1 root root    1241 Aug 16 17:16 anaconda-ks.cfg
drwxr-xr-x. 5 root root      53 Aug 28 15:33 john-1.8.0
-rw-r--r--. 1 root root 5450412 Aug 28 15:31 john-1.8.0.tar.gz
[root@localhost ~]# cd ~/john-1.8.0/src/
[root@localhost src]# ls
AFS_fmt.c  BF_fmt.c    compiler.c  DES_bs.c    formats.c  john.asm  logger.c      memory.c   os.h        ppc64.h     signals.c  times.h     wordlist.h
alpha.h    BF_std.c    compiler.h  DES_bs.h    formats.h  john.c    logger.h      memory.h   params.c    recovery.c  signals.h  trip_fmt.c  x86-64.h
alpha.S    BF_std.h    config.c    DES_fmt.c   getopt.c   john.com  Makefile      mips32.h   params.h    recovery.h  single.c   tty.c       x86-64.S
batch.c    BSDI_fmt.c  config.h    DES_std.c   getopt.h   john.h    Makefile.dep  mips64.h   pa-risc.h   rpp.c       single.h   tty.h       x86-any.h
batch.h    c3_fmt.c    cracker.c   DES_std.h   ia64.h     list.c    math.c        misc.c     path.c      rpp.h       sparc32.h  unafs.c     x86-mmx.h
bench.c    charset.c   cracker.h   detect.c    idle.c     list.h    math.h        misc.h     path.h      rules.c     sparc64.h  unique.c    x86-mmx.S
bench.h    charset.h   crc32.c     dummy.c     idle.h     LM_fmt.c  MD5_fmt.c     nonstd.c   ppc32alt.h  rules.h     status.c   unshadow.c  x86.S
best.c     common.c    crc32.h     external.c  inc.c      loader.c  MD5_std.c     options.c  ppc32.h     sboxes.c    status.h   vax.h       x86-sse.h
best.sh    common.h    DES_bs_b.c  external.h  inc.h      loader.h  MD5_std.h     options.h  ppc64alt.h  sboxes-s.c  symlink.c  wordlist.c  x86-sse.S
[root@localhost src]# make linux-x86-64
ln -sf x86-64.h arch.h
make ../run/john ../run/unshadow ../run/unafs ../run/unique 
        JOHN_OBJS="DES_fmt.o DES_std.o DES_bs.o DES_bs_b.o BSDI_fmt.o MD5_fmt.o MD5_std.o BF_fmt.o BF_std.o AFS_fmt.o LM_fmt.o trip_fmt.o dummy.o batch.o bench.o charset.o common.o compiler.o config.o cracker.o crc32.o external.o formats.o getopt.o idle.o inc.o john.o list.o loader.o logger.o math.o memory.o misc.o options.o params.o path.o recovery.o rpp.o rules.o signals.o single.o status.o tty.o wordlist.o unshadow.o unafs.o unique.o c3_fmt.o x86-64.o" 
        CFLAGS="-c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT" 
        LDFLAGS="-s  -lcrypt"
make[1]: Entering directory `/root/john-1.8.0/src'
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops DES_fmt.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops DES_std.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops DES_bs.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -Os -funroll-loops -finline-functions DES_bs_b.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops BSDI_fmt.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops MD5_fmt.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops MD5_std.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops BF_fmt.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops BF_std.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops AFS_fmt.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops LM_fmt.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops trip_fmt.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops dummy.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops batch.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops bench.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops charset.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops common.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops compiler.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops config.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops cracker.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops crc32.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops external.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops formats.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops getopt.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops idle.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops inc.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops john.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops list.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops loader.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops logger.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops math.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops memory.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops misc.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops options.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops params.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops path.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops recovery.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops rpp.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops rules.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops signals.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops single.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops status.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops tty.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops wordlist.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops unshadow.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops unafs.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops unique.c
gcc -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer  -DHAVE_CRYPT -funroll-loops c3_fmt.c
gcc -c  x86-64.S
gcc DES_fmt.o DES_std.o DES_bs.o DES_bs_b.o BSDI_fmt.o MD5_fmt.o MD5_std.o BF_fmt.o BF_std.o AFS_fmt.o LM_fmt.o trip_fmt.o dummy.o batch.o bench.o charset.o common.o compiler.o config.o cracker.o crc32.o external.o formats.o getopt.o idle.o inc.o john.o list.o loader.o logger.o math.o memory.o misc.o options.o params.o path.o recovery.o rpp.o rules.o signals.o single.o status.o tty.o wordlist.o unshadow.o unafs.o unique.o c3_fmt.o x86-64.o -s  -lcrypt -o ../run/john
rm -f ../run/unshadow
ln -s john ../run/unshadow
rm -f ../run/unafs
ln -s john ../run/unafs
rm -f ../run/unique
ln -s john ../run/unique
make[1]: Leaving directory `/root/john-1.8.0/src'

3.运行脚本,分析账户、密码文件,只有zhangsan用户的密码强度足够,没有分析出来。

[root@localhost src]# cd ~/john-1.8.0/run/
[root@localhost run]# ls
ascii.chr  digits.chr  john  john.conf  lm_ascii.chr  mailer  makechr  password.lst  relbench  unafs  unique  unshadow
[root@localhost run]# ./john /etc/passwd /etc/shadow
Loaded 4 password hashes with 4 different salts (crypt, generic crypt(3) [?/64])
Press 'q' or Ctrl-C to abort, almost any other key for status
000000           (root)
000000           (lisi)
000000           (wangwu)
3g 0:00:09:38 90% 2/3 0.005184g/s 272.3p/s 278.2c/s 278.2C/s christmased..freemaned
Use the "--show" option to display all of the cracked passwords reliably
Session aborted

nmap 端口扫描

定期的端口扫描,可以找出网络中不可控的应用服务,及时关闭不安全的服务,减小安全风险。

  • nmap [扫描类型] [选项]

常用的扫描类型:

-sSTCP SYN扫描(半开扫描):只向目标发出SYN数据包,如果收到SYN/ACK响应包就认为目标端口正在监听,并立即断开连接;否则认为目标端口并未开放。
-sTTCP连接扫描:这是完整的TCP扫描方式,用来建立一个TCP连接,如果成功则认为目标端口正在监听服务,否则认为目标端口并未开放。
-sFTCP FIN扫描:开放的端口会忽略这种数据包,关闭的端口会回应RST数据包。许多防火墙只对SYN数据包进行简单过滤,而忽略了其他形式的TCP攻击包。这种类型的扫描可间接检测防火墙的健壮性。
-sUUDP扫描:探测目标主机提供哪些UDP服务,UDP扫描的速度会比较慢。
-sPICMP扫描:类似于ping检测,快速判断目标主机是否存活,不做其他扫描。
-P0:跳过ping检测:这种方式认为所有目标主机时存活的,当对方不响应ICMP请求时,使用这种方式可以避免无法ping通而放弃扫描。

常用的选项:

-p:指定扫描的端口
-n:禁用反向DNS解析,加快扫描速度

Demo

1.扫描本机开放了哪些TCP端口。

[root@localhost ~]# nmap -sT 127.0.0.1

Starting Nmap 6.40 ( http://nmap.org ) at 2019-08-28 15:58 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0011s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
25/tcp open  smtp

Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds

2.扫描本机开放了哪些UDP端口。

[root@localhost ~]# nmap -sU 127.0.0.1

Starting Nmap 6.40 ( http://nmap.org ) at 2019-08-28 16:01 CST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00011s latency).
Not shown: 999 closed ports
PORT   STATE         SERVICE
68/udp open|filtered dhcpc

Nmap done: 1 IP address (1 host up) scanned in 48.02 seconds

3.扫描网段中的哪些主机在线。

[root@localhost ~]# nmap -sP 192.168.128.0/24

Starting Nmap 6.40 ( http://nmap.org ) at 2019-08-28 16:03 CST
Nmap scan report for 192.168.128.1
Host is up (0.000074s latency).
MAC Address: 00:50:56:C0:00:08 (VMware)
Nmap scan report for 192.168.128.2
Host is up (0.00017s latency).
MAC Address: 00:50:56:E0:8F:D1 (VMware)
Nmap scan report for 192.168.128.132
Host is up (0.00024s latency).
MAC Address: 00:0C:29:BC:AB:96 (VMware)
Nmap scan report for 192.168.128.254
Host is up (0.00029s latency).
MAC Address: 00:50:56:E7:AC:DE (VMware)
Nmap scan report for 192.168.128.133
Host is up.
Nmap done: 256 IP addresses (5 hosts up) scanned in 4.16 seconds

4.扫描某主机开启了哪些TCP端口。

[root@localhost ~]# nmap -sT 192.168.128.132

Starting Nmap 6.40 ( http://nmap.org ) at 2019-08-28 16:07 CST
Nmap scan report for 192.168.128.132
Host is up (0.68s latency).
Not shown: 999 filtered ports
PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: 00:0C:29:BC:AB:96 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 58.14 seconds
版权声明:本文来源博客园,感谢博主原创文章,遵循 CC 4.0 by-sa 版权协议,转载请附上原文出处链接和本声明。
原文链接:https://www.cnblogs.com/llife/p/11467000.html
站方申明:本站部分内容来自社区用户分享,若涉及侵权,请联系站方删除。
  • 发表于 2019-11-09 10:07:15
  • 阅读 ( 677 )
  • 分类:Linux

你可能感兴趣的文章

精选的优质文章

0 条评论

请先 登录 后评论

官方社群

GO教程

推荐文章

猜你喜欢

随便看看

来源51CTO

如果觉得我的文章对您有用,请随意打赏。你的支持将鼓励我继续创作!