Shulou(Shulou.com)06/01 Report--

I. Preface

As an IT practitioner, the security of your laptop is important, because your computer has the authority to connect to the servers of the company, and some personal and company privacy important information, if it is illegally used by people with ulterior motives, the consequences will be unimaginable. If you make a mistake, the pot will be memorized, so your laptop cannot be used by others without authorization.

This paper is mainly strengthened from the level of computer network and physical use.

On the network, it is still based on the firewall. There is a graphical firewall on the ubuntu, and the bottom layer is also based on iptables, that is, the software gufw. The rule is to deny the entry and exit by default, open external access for common use and daily use, and trust the office local area network, so as to minimize the possibility of attack on the network.

Xiaomi pro Notebook installs ubuntu 16.04

As shown in the figure:

Physically, since mainstream notebooks basically have T-FLASH slots, we use the login password and T-FLASH card as the key to boot. The boot password is generally set with a password. If you do not specify a T-FLASH card, you are not allowed to log in. The effect is as follows:

Boot is the prompt: "system is going down" prompt; click retry is useless, a minute later automatically shut down; at this time if the specified T-FLASH is inserted, you can try to log in again.

In the operation of the machine, if the T-flash card is plugged in, the machine will be shut down quietly after one minute. In case of emergency, you can lock the plug card directly and leave. Insert the card within one minute (you can modify it by yourself) and restore it.

As shown in the picture: (observe that a device is unplugged in the upper left corner and the log changes are plugged in again)

It is useless if an incorrect T-FLASH card is inserted, as shown in the figure: (a flash memory card appears, but it does not work, only plug in the correct TFLASH device again)

If you are also a Ubuntu Linux office; if you want to do the same, read on:

Environment and tools:

System: ubuntu 16.04

Gufw firewall

Shell script

One T-FLASH card

Are you ready? Go

Idea 1. Network level

Install gufw Firewall

Sudo apt install gufw

Press the win icon to search for gufw as shown below:

The firewall is turned off by default (the authentication password is required to be turned on in root mode). Turn on the firewall first, and the default incoming rule is deny (deny external access to the local computer, that is, INPUT rule), and outgoing rule (allow access to external services, that is, OUTPUT rule).

Incoming and outgoing denials are DROP rejections; only when the corresponding rules are open can they be allowed; next, add the local network segment 172.16.0.0Universe 16 to trust; outbound defaults to trust 21 22 25 53 80 110 443 3389

Please add others that need to be open. Take the commonly used trusted network segments and ports that are added for access as examples.

Example of adding a trusted network segment:

Add an example of accessing 80 web services:

Open local port 8000 example: th

Well, the trust addition of other network segments is similar to the port that you go out to access; add it according to your actual needs! The above points can be added to the advanced section to log! There is no demonstration here, after all, all these need you to try to operate!

This is the end of the network level! The effect is that you can't come in or go out without being opened!

Physical level

As described earlier, the physical security of personal notebooks is in addition to taking good care of themselves. when the laptop is not around, if you do not have a specific T-FLASH card, you cannot normally boot up and log in to the system, even if you log in, in case of emergency, you can unplug and let the notebook shut down by itself, and it is impossible to boot again. Of course, if there is still a way to be familiar with Ubuntu Linxu, I will not mention it here. Guard against the gentleman but against the villain, against the rookie but against the great god!

You've seen the previous effect and description, so go straight to the code:

Need rc.local service is under the normal operation and boot operation!

# the main function is to boot and check and run the boot daemon for (cycle check) # cat / etc/rc.localstatus=$ (ls-l / dev/disk/by-uuid/ | grep mmcblk0p1 | awk'{print $9}') Check () {echo $statusif [${status} = "DA28BC3228BC0F8D"] Then echo "Welcome dongyc login at $(date +% F-%H-%M-%S)" > > / home/dongyc/Login.txtelse echo "$(date +% F-%H-%M-%S) login failed!" > > / home/dongyc/Login.txt shutdown-h + 1fi} Checknohup / home/dongyc/CHECK.sh > / tmp/check.out 2 > & 1 & the identification number of my T-flash device above DA28BC3228BC0F8D The only # cat / homepool dongycqCHECK.shedding truedo sleep 2 # # detects whether status=$ exists when the TFLASH card is mounted (ls-l / dev/disk/by-uuid/ | grep mmcblk0p1 | awk'{print $9}') # # to determine whether it exists And check whether the variable stat is empty (that is, whether the shutdown operation is triggered) # TFLASH exists while stat is empty if ["${status}" = "DA28BC3228BC0F8D"-a-n ${stat}] then echo "${status} is exsit.Login OK~" > > / tmp/check.log # TFLASH exists and keeps canceling the shutdown when stat is empty Because this indicates that the normal state shutdown-c stat= "" else # # if stat has a value and TFLASH does not have a mount Indicates that the shutdown operation was triggered. Or reboot (both) skip checking and perform shutdown if ["${stat}" = "reboot"] then continue else # # TFLASH does not exist, perform shutdown, set stat to reboot, and log time=$ (date +% F-%H-%M-%S) echo "At ${time} Can't found TFLASH I think is not my master login.system reboot after 1 min. "> > / tmp/check.log stat=$ (shutdown-h + 1 Echo "reboot") fi fidone

So far, in terms of network and physical control, security is basically in the past, right? In fact, the original intention of doing this is to make a notebook computer with FLASH as the key multi-function can be expanded, for example, if there is no T-FLASH card, in addition to shutdown outside the shutdown can delete important information!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.