Shulou(Shulou.com)06/03 Report--

Account security control

The user account is the identity certificate or identity of the computer user. Everyone who wants to access the system resources must rely on his user account to enter the computer.

Basic security measures 1. System account clearance

Set the shell of non-logged-in users to / sbin/nologin

Delete useless accounts

Lock accounts that have not been used for a long time

Chattr + I lock the file

Chattr-I unlock the file

Lsattr to check file locking

We can prevent the creation of new users [root@localhost ~] # chattr + I / etc/passwd / etc/shadow / / lock passwd by locking passwd and shadow files. Shadow file [root@localhost ~] # lsattr / etc/passwd / etc/shadow / / View lock status-I-/ etc/passwd----i- / etc/shadow / / File locked [root@localhost ~] # useradd siti / / create user useradd: unable to open / etc/passwd / / unable to open file User cannot create [root@localhost ~] # chattr-I / etc/passwd / etc/shadow / / unlock file [root@localhost ~] # lsattr / etc/passwd / etc/shadow / / View file locking information-/ etc/passwd / / File unlocked-/ etc/shadow [root@ Localhost home] # useradd st11 / / create user [root@localhost home] # echo "123123" | passwd-- stdin st11 / / set the user password to change the password of the user st11. Passwd: all authentication tokens have been successfully updated. / / set successfully 2. Password security control setting password validity period set in vim / etc/login.defs configuration file. Applicable to new users who have used the command chage-M [password validity] [user name] to set the password validity period [root@localhost home] # vim / etc/shadow / / View the user password information root:$6$ DErFk.wqtcw55ui.$sbinnItTXo1wtxsOmThAEwBXHluuCC04as2tSUvoCEdDTHMTumpl/VcjH6KCYkJh0xc3KqLdcTq2NTe3K7nTi1::0:99999:7::: / / root user password is valid for 99999binghuanglu 17110Vist0VOV999997FLDA: .. / / omit part of the contents. G2hmfiVD2XG/zY37 g2hmfiVD2XG/zY37 $53BhBT.2ILsuF22KZ2BRaEUniverse 6hGGUkBIxh2TM69Vv0MUkBIxh2TM69V0UkBIxh2TM69V0V0M18117V0V0UkBIxh2TM69Vv0V0V0UkBIxh2TM69Vv0UkBIxh2TM69Vv0UkBIxh2TM69Vv0V0M18117pur0V0V0UkBIxh2TM69Vv0UkBIxh2TM69Vv0UkBIxh2TM69V0, the validity period of sun user password is 99999st11:$6$ BhBT.2ILsuF22KZ2BRaEG6hG. / exit [root@ Localhost home] # vim / etc/login.defs / / enter the password configuration file Set password validity. / / omit part of the content. # PASS_MIN_DAYS Minimum number of days allowed between password changes.# PASS_MIN_LEN Minimum acceptable password length.# PASS_WARN_AGE Number of days warning given before a password expires.#PASS_MAX_DAYS 30 / / password maximum validity change 99999 to 30PASS_MIN_DAYS 0 / / password is the shortest Valid PASS_MIN_LEN 5 / / minimum character length of password PASS_WARN_AGE 7 / / A few days before the password expires. / / omit part of the content. / 99999 / / find and locate 99999 location / / after the change is completed: wq save exit [root@localhost ~] # useradd siti / / create user [root@ Localhost ~] # passwd siti / / set the user password to change the password of the user siti. New password: invalid password: password less than 8 characters re-enter the new password: passwd: all authentication tokens have been successfully updated. [root@localhost ~] # vim / etc/shadow / / View all user password information root:$6$ DErFk.wqtcw55ui.$sbinnItTXo1wtxsOmThAEwBXHluuCC04as2tSUvoCEdDTHMTumpl/VcjH6KCYkJh0xc3KqLdcTq2NTe3K7nTi1::0:99999:7::: / / the password validity period remains unchanged. PostfixfixGetWord ("18117");" 18117Vv0UkBIxh2T.2ILsuF22KZ2BRaEG6hGGUkBIxh2TM69Vv018117V0UkBIxh2TM69Vv018117V0UUkBIxh2TM69Vv018117V0UUkBIxh2TM69Vv018117V0V0U117V0UUkBIxh2TM69Vv018117V0UUkBIxh2TM69Vv018117V0V0U117V0V0U117V0V0U117V0MU9999Vv0UM999Vv0U117V0UUkBIxh2TM69Vv018117V0UUkBIxh2TM69Vv018117V0WKDubUkBIxh2TM69Vv018117V0V018117V0UM9997 The built user siti password is valid for 30 days [root@localhost ~] # chage-M 30 st11 / / change st11 user password is valid for 30 days [root@localhost ~] # vim / etc/shadow / / View all user password information root:$6$ DErFk.wqtcw55ui.$sbinnItTXo1wtxsOmThAEwBXHluuCC04as2tSUvoCEdDTHMTumpl/VcjH6KCYkJh0xc3KqLdcTq2NTe3K7nTi1::0:99999:7:::bin:*:17110:0:99999:7:::daemon:*:17110:0:99999:7:::.. . / / omit part of the content... siti:$6$ ZGozUglO$ymyQEtkL//rzx8UdgDcy1yd3WVLiET9K6xrC.dT0lUnNH17dzkuSxkqepAC5plPlad5VWrewJOkAKJxdmiYLZ.:18136:0:30:7::: / / st11 user password validity change has not been 30 days since siti:$6$ RUXRmwz/$046PV4WYKzGpp.32FT7GKu04jvaCkut/d2GjtseMi1MnU1YfGMy1.AJdtOPZByWCyfP05LqoRNe0OT5tz1FUv1:18136:0:30:7:::

Users are required to change their password the next time they log in.

Chage-d 0 username: forces the user to change the password the next time they log in

After using this command, when the specified user logs in to set the password, the password is conditional, that is, the set password does not allow the password to be set with consecutive letters and Arabic numerals, otherwise the password cannot be reset, so this command is not recommended.

[root@localhost] # chage-d-0 st11

3. Restrictions on historical orders

Historical commands View and clear

History: view history command

History-c: clear history command

[root@localhost ~] # history / / View history command 1 vim / ect/sysconfig/network-scripts/ifcfg-ens33 2 vim / etc/sysconfig/network-scripts/ifcfg-ens33 3 vim / ect/sysconfig/network-scripts/ifcfg-ens33 4 vim / ect/sysconfig/network-scripts/ifcfg-ens33 5 vim / ect/sysconfig/netwok-scripts/ifcfg-ens33 6 vim / etc/sysconfig/network-scripts/ifcfg-ens-33 7 vim / etc/ Sysconfig/network-scirpts/ifcfg-ens33 8 vim / etc/sysconfig/network-scripts/ifcfg-ens33 9 vim / etc/sysconfig/network-scirpts/ifcfg-ens33 10 vim / etc/sysconfig/network-scripts/ifcfg-ens33 11 service network restart 12 ifconfig 13 chattr + I / etc/passwd/ etc/shadow 14 lsattr / etc/passwd/ etc/shadow 15 chattr-I / etc/passwd/ etc/shadow 16 lsattr / etc/passwd/ etc/shadow 17 chattr + I / etc/passwd/ / etc/shadow 18 chattr + I / etc/passwd / etc/shadow 19 lsattr 20 lsattr / etc/passwd / etc/shadow 21 useradd siti 22 chattr-I / etc/passwd / etc/shadow 23 lsattr / etc/passwd / etc/shadow 24 useradd siti 25 passwd siti 26 history [root@localhost ~] # history-c / clear History Command [root@localhost ~] # history / / View History Command 1 history

Reduce the number of recorded commands

Vim / etc/profile: the number of change history command entries in the system environment variable configuration file today

Source / etc/profile: make the changed configuration effective

[root@localhost ~] # vim / etc/profile

[root@localhost ~] # history / / View history command, this time the setting does not take effect 1 history 2 vim / etc/profile 3 history [root@localhost ~] # source / etc/profile / / enter the command to make the changed configuration effective [root@localhost ~] # history / / View the history command again 4 history / / display only one command

Idle automatic logout

Edit the add idle logout entry in the vim / etc/profile configuration file and set the automatic logout time

Export TMOUT= time (in seconds): set limit logout time entry

[root@localhost ~] # vim / etc/profile / / enter the editing configuration file pathmunge / usr/local/sbin after pathmunge / usr/sbin after# / etc/profile# System wide environment and startup programs, for login setup# Functions and aliases go in / etc/bashrc# It's NOT a good idea to change this file unless you know what you# are doing. It's much better to create a custom.sh shell script in...// omits part of the content. Fi fidoneunset iunset-f pathmungeexport TMOUT=60 / / add setting entry ~: wq / / Save exit [root@localhost ~] # source / etc/profile / / enter the command to make the added entry effective

After setting up, the system will log out automatically after 60 seconds. The logout time can be set according to your own operation habits.

Automatically clear command history on logout

Vim ~ / .basf_logout: user environment variable profile

Adding history-c and clear commands to the user environment variable file can make the user automatically clear the history command and cache when logging out, and improve the security.

[root@localhost ~] # cd / home / / enter the user's home directory [root@localhost home] # ls / / View the user siti st11 sun [root@localhost home] # cd st11 / / enter the st11 user directory [root@localhost st11] # ls-a / / to see if the hidden files in the directory have .bash _ logout configuration files. .bash _ logout .bashrc .config .ICEauthority .Mozilla template picture download desktop.. .bash _ profile .cache .esd _ auth .local public video documentation music [root@localhost st11] # vim .bash _ logout / / enter the editing configuration file # ~ / .bash_logouthistory-c / / add command to clear history command clear / / add command to clear cache ~ ~ ~: wq / / Save exit 4. User switching and rights raising

Most Linux servers do not recommend that users log in directly as root. On the one hand, it can greatly reduce the damage caused by misoperation, on the other hand, it can also reduce the risk of privileged passwords being disclosed in insecure networks.

Su command su command: switch user su-command: switch user directly to user home directory [root@localhost /] # su siti / / switch to siti user [siti@localhost /] $/ / enter siti user [siti@localhost /] $su-root / / switch to root user And return to the home directory password: last login: March August 28 11:55:19 CST 2019 from the 192.168.144.1pts/0 [root@localhost ~] # / / into the root user, and home directory

PAM certification

PAM (Pluggable Authentication Modules), a pluggable authentication module in Linux system, is an efficient, flexible and convenient authentication method at the user level, and it is also a commonly used authentication method in current Linux servers.

Principle of PAM authentication

PAM authentication generally follows the order: Service (service) → PAM (configuration file) → pam_*.soPAM authentication first determines which service, then loads the corresponding PAM configuration file (under / etc/pam.d), and finally calls the authentication file (under / lib/security) for security authentication. When the user visits the server, one of the server's service programs sends the user's request to the PAM module for authentication. Different applications correspond to different PAM modules.

There are four types of PAM certification.

Authentication management: accept the user name and password, and then authenticate the user's password

Account management: check whether the account is allowed to log on to the system, whether the account has expired, whether the login of the account has a time limit, etc.

Password management: mainly used to change the user's password

Session management: mainly provides session management and bookkeeping.

Control type, which is used for the return result of the PAM validation type

Required verification still continues when it fails, but if it returns Failrequisite verification failure, the whole verification process ends immediately. If Failsufficient verification succeeds, it immediately returns and does not continue, otherwise ignore the result and continue optional is not used for verification, but only display information (usually used for session type)

You can view the service items that support PAM authentication by looking at the PAM profile directory

[root@localhost ~] # ls / etc/pam.d / / View the pam configuration file directory atd gdm-pin postlogin-ac suchfn gdm-smartcard ppp sudochsh ksu remote sudo-iconfig-util liveinst Runuser su-lcrond login runuser-l system-authcups other setup system-auth-acfingerprint-auth passwd smartcard-auth systemd-userfingerprint-auth-ac password-auth smartcard-auth-ac vlockgdm-autologin password-auth-ac smtp Vmtoolsdgdm-fingerprint pluto smtp.postfix xservergdm-launch-environment polkit-1 sshd gdm-password postlogin sssd-shadowutils / / Services that support authentication

Each service item is recorded with a different security authentication profile, and the security certification profile is also stored in the / etc/security directory.

[root@localhost ~] # ls / etc/securityaccess.conf console.handlers group.conf namespace.conf opasswd sepermit.confchroot.conf console.perms limits.conf namespace.d pam_env.conf time.confconsole.apps console.perms.d limits.d namespace.init pwquality.conf

Enter the directory service item directory under the pam configuration file to view the security authentication information.

[root@localhost ~] # vim / etc/pam.d/su#%PAM-1.0auth sufficient pam_rootok.so# Uncomment the following line to implicitly trust users in the "wheel" group.#auth sufficient pam_wheel.so trust use_uid# Uncomment the following line to require a user to be in the "wheel" group.#auth required pam_wheel.so use_uidauth substack system-authauth Include postloginaccount sufficient pam_succeed_if.so uid = 0 use_uid quietaccount include system-authpassword include system-authsession include system-authsession include postloginsession optional pam_xauth.so

Each line is a separate authentication process; each line can be divided into three fields:

Auth: authentication type

Sufficient: control typ

Pam_rook.so:PAM module and its parameters

Turn on pam authentication in this mode.

[root@localhost ~] # vim / etc/pam.d/su#%PAM-1.0auth sufficient pam_rootok.so# Uncomment the following line to implicitly trust users in the "wheel" group.#auth sufficient pam_wheel.so trust use_uid# Uncomment the following line to require a user to be in the "wheel" group.auth required pam_wheel.so use_uid / / remove this message currently # enabled Pam certification auth substack system-authauth include postloginaccount sufficient pam_succeed_if.so uid = 0 use_uid quietaccount include system-authpassword include system-authsession include system-authsession include postloginsession optional pam_xauth.so

Wheel group

In Linux, a wheel group is similar to a group of administrators. When pam authentication is enabled, only users in the wheel group can enter the root user interface through the root user password through the su command. Ordinary users who are not in the wheel group cannot use the su command to switch to root users even if they have a root password. This also greatly improves the security of root users.

[root@localhost ~] # vim / etc/group / / View group... / / omit some content... mem:x:8:kmem:x:9:wheel:x:10:sun / / wheel group Now only sun user cdrom:x:11:mail:x:12:postfixman:x:15:dialout:x:18:...// omits part of the content. [root@localhost ~] # su-sun / / switch to sun user's last login: March August 28th 16:22:56 on CST 2019pts/0 [sun@localhost ~] $su-root / / switch to Root user password: last login: March August 28th 16:23:23 on CST 2019pts/0 [root@localhost ~] # su-siti / / switch to siti user Last login: March August 28th 16:23:14 on CST 2019pts/0 [siti@localhost ~] $su-root / / switch to root user password: su: deny permission / / unable to switch Deny access to [siti@localhost ~] $

Sudo raises the right

You can easily switch to another user with the su command, but only if you know the login password of the target user. For a Linux server in a production environment, each additional person who knows the privileged password increases the security risk. At this point, you can use the sudo command to increase the execution permissions. However, the administrator needs to authorize in advance which users are allowed to execute which commands as superusers (or other ordinary users).

Add authorization to the configuration file / etc/sudoers or visudo

Basic configuration format of authorization record

List of user hostnames = list of command programs

User: directly authorize the specified user name, or in the form of "% group name" (authorize all users of a group).

Host: the name of the host that uses this profile. This part is mainly to facilitate the sharing of the same sudoers file among multiple hosts, which is generally set to localhost or the actual hostname.

Command: a privileged command that allows authorized users to execute through sudo. The full path of the command program is required. Multiple commands are separated by commas.

First, we look at the members of the wheel group, and then log in to the system with users who are not in the wheel group to execute the instructions to change the network address to see if it can be changed.

[root@localhost ~] # vim / etc/group...// omits part of the content... lp:x:7:mem:x:8:kmem:x:9:wheel:x:10:sun / / only sun user cdrom:x:11:mail:x:12:postfixman:x:15:dialout:x:18:ppy:x:19:...// omits part of the content. [siti@localhost ~] $ifconfig / / check the network card information ens33: flags=4163 mtu 1500 inet 192.168.144.133 netmask 255.255.255.0 broadcast 192.168.144.255 inet6 fe80::a85a:c203:e2e:3f3c prefixlen 64 scopeid 0x20 ether 00:0c:29:5b:d3:a0 txqueuelen 1000 (Ethernet) RX packets 49 bytes 7062 (6.8 KiB) RX errors 0 dropped 0 frame 0 TX packets 86 bytes 9493 (9. 2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0.bind / omit part of the content. [siti@localhost ~] $ifconfig ens33 192.168.144.138 / change ens33 network card IP address SIOCSIFADDR: disallowed operation / / prompt disallowed operation SIOCSIFFLAGS: disallowed operation [siti@ Localhost ~] $sudo ifconfig ens33 192.168.144.138 / execute [sudo] siti password with sudo: siti is not in the sudoers file. The matter will be reported. / / not in sudo, cannot execute [siti@localhost ~] $ifconfig / / View Nic See if the IP address is changed ens33: flags=4163 mtu 1500 inet 192.168.144.133 netmask 255.255.255.0 broadcast 192.168.144.255 inet6 fe80::a85a:c203:e2e:3f3c prefixlen 64 scopeid 0x20 ether 00:0c:29:5b:d3:a0 txqueuelen 1000 (Ethernet) RX packets 27 bytes 5649 (5.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 89 bytes 9710 (9.4 KiB ) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6:: 1 prefixlen 128 scopeid 0x10. / / omit part of the content.

At this time, let's add authorization entries for root users to siti users.

[root@localhost ~] # vim / etc/sudoers...// omits part of the content. # # Sudoers allows particular users to run various commands as## the root user, without needing the root password.#ar groups## (ie, from files, LDAP, NIS, etc) in this file-just use% groupname # # rather than USERALIAS# User_Alias ADMINS = jsmith, mikemsiti localhost = / sbin/ifconfig / / enter the authorization record Note: the command path should be written in full # # Command Aliases...// omitted. # # Installation and management of software# Cmnd_Alias SOFTWARE = / bin/rpm, / usr/bin/up2date / usr/bin/yum## Services@ @: W! / / Force Save Exit after entering: Q

After the completion of the operation, log out of the system, log in with the siti user, use sudo to lift the rights, and then change the IP address to see if it can be changed.

[siti@localhost ~] $sudo ifconfig ens33 192.168.144.138 / / use the sudo command to lift the password of the command [sudo] siti: [siti@localhost ~] $ifconfig / / check whether the IP changes ens33: flags=4163 mtu 1500 inet 192.168.144.138 netmask 255.255.255.0 broadcast 192.168.144.255 inet6 fe80::a85a:c203:e2e:3f3c prefixlen 64 scopeid 0x20 ether 00:0c:29:5b: D3:a0 txqueuelen 1000 (Ethernet) RX packets 445 bytes 39033 (38.1KiB) RX errors 0 dropped 0 overruns 0 frame 0. Safety control of switch

Adjust BIOS boot settin

Set the first priority boot device to the disk where the current system is located. Other devices are prohibited from booting the system, and the corresponding setting item is "Disabled". Change the BIOS security level to "setup" and set the administrative password to prevent unauthorized modifications. Restrict the change of GRUB boot parameters using grub2-mkpasswd-pbkdf2 generation key modification / etc/grub.d/00_header file Add password record to generate a new grud.cfg configuration file [root@localhost ~] # cp / boot/grub2/grub.cfg / boot/grub2/grub.cfg.bak / / backup configuration file [root@localhost ~] # cp / etc/grub.d/00_header / etc/grub.d/00_header.bak / / backup configuration file [root@localhost ~] # grub2-mkpasswd-pbkdf2 / / make the hash password input password for grub: / / enter the password Reenter password: / / enter the confirmation password PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.DFD8DA01D53B3B06F6023E9FF1D2C293B897FB5240235A28FD2B3633E53AEFA3920E8F04F59054995C305A00BE0EAC51381199F61351D3B75522B0D8FF9024E6.FB8C7B18FB79AC3AD20C1D5F580791DAB4C63A31DAD407E4F35DD2CBBA9C3AA6305B4B9DFBEC8743ECE211EBBC1ECD9E62241D80936E3602B17C1E1DA145394B / / the generated hash password again Copy the section after PBKDF2 hash of your password is [root@localhost ~] # vim / etc/grub.d/00_header / / Edit the header configuration file of grub. / / omit some of the contents. Echo "play ${GRUB_INIT_TUNE}" fiif ["x$ {GRUB_BADRAM}"! = "x"] Then echo "badram ${GRUB_BADRAM}" ficat is checking for transactions-> package gcc.x86_64.0.4.8.5-36.el7_6.2 will be installed-- > processing dependencies libgomp = 4.8.5-36.el7_6.2, which is partially omitted by package gcc-4.8.5-3. / / return to the previous directory [root@localhost john-1.8.0] # ls / / View doc README run src [root@localhost john-1.8.0] # cd src / / enter the source code package [root@localhost src] # ls / / to see if there is source code information AFS_fmt.c charset.h DES_std.c john.asm MD5_fmt.c pa-risc.h signals.c unshadow.calpha .h common.c DES_std.h john.c MD5_std.c path.c signals.h vax.halpha.S common.h detect.c john.com MD5_std.h path.h single.c wordlist.cbatch.c compiler.c dummy.c john.h memory.c ppc32alt.h single.h wordlist.h...// omits part of the content. [root@ Localhost src] # make linux-x86-64 / / compile ln-sf x86-64.h arch.hmake.. / run/john.. / run/unshadow.. / run/unafs.. / run/unique\ JOHN_OBJS= "DES_fmt.o DES_std.o DES_bs.o DES_bs_b.o BSDI_fmt.o MD5_fmt.o MD5_std.o BF_fmt.o BF_std.o AFS_fmt.o LM directly under the source package directory _ fmt.o trip_fmt.o dummy.o batch.o bench.o charset.o common.o compiler.o config.o cracker.o crc32.o external.o formats.o getopt.o idle.o inc.o john.o list.o loader.o logger.o math.o memory.o misc.o options.o params.o path.o recovery.o rpp.o rules.o signals.o single.o status.o tty.o wordlist.o unshadow.o unafs.o unique.o c3_fmt.o x86 -64.o "\ CFLAGS="-c-Wall-Wdeclaration-after-statement-O2-fomit-frame-pointer-DHAVE_CRYPT "\ LDFLAGS="-s-lcrypt "make [1]: enter the directory" / mnt/john-1.8.0/src "gcc-c-Wall-Wdeclaration-after-statement-O2-fomit-frame-pointer-DHAVE_CRYPT-funroll-loops DES_fmt.c...// omit some contents... rm- F.. / run/unshadowln-s john.. / run/unshadowrm-f.. / run/unafsln-s john.. / run/unafsrm-f.. / run/uniqueln-s john.. / run/uniquemake [1]: leave the directory "/ mnt/john-1.8.0/src" / / compile completed [root@localhost src] # cd / mnt/john-1.8.0/run/ enter the run directory [root@localhost run] ] # ls / / check whether the executable script file appears in the ascii.chr john lm_ascii.chr makechr relbench uniquedigits.chr john.conf mailer password.lst unafs unshadow// directory to successfully compile the john execution script file In this way, the installation of john has been successfully completed. Use john software to detect the weak password [root@localhost ~] # cd / mnt/john-1.8.0/run / / enter the run directory [root@localhost run] # ls / / View the execution to determine the executable script ascii.chr john lm_ascii.chr makechr relbench uniquedigits.chr john.conf mailer password.lst unafs unshadow [root@localhost run] # / john / Etc/shadow / / execute john software to check user password storage directory shadow directory Loaded 2 password hashes with 2 different salts (crypt Generic crypt (3) [? / 64]) Press'q' or Ctrl-C to abort Almost any other key for status123123 (root) / / successfully detected a user weak password 123123 (sun) 2g 0sun 00lv 0015% 2pm 3max "--show" option to display all of the cracked passwords reliablySession completed network port scan

By using the nmap tool to detect the ports connected to the network, we can find out the uncontrollable application services in the network and turn off the insecure services in time.

Reduce security risks.

1. Install the nmap tool [root@localhost run] # yum install nmap-y / / you can directly use the yum installation tool to load the plug-in: fastestmirror LangpacksLoading mirror speeds from cached hostfile * base: centos.ustc.edu.cn * extras: centos.ustc.edu.cn * updates: centos.ustc.edu.cn is resolving dependencies-- > checking transactions-- > package nmap.x86_64.2.6.40-16.el7 will be installed-- > processing dependencies nmap-ncat = 2centos.ustc.edu.cn 6.40-16.el7 It is required by the software package 2:nmap-6.40-16.el7.x86_64-- > is checking the transaction. / / omitting part of the content. .2 is to use your nmap tool to detect network ports.

Command format

Nmap [scan Type] [options]

Commonly used scanning types

-sS:TCP SYN scan, only sends SYN packets to the destination. If the SYN/ACK response packet is received, the destination port is considered to be listening and immediately disconnected; otherwise, the destination port is not open.

-sT:TCP connection scanning, which is a complete TCP scanning method, which is used to establish a TCP connection. If it is successful, the target port is listening to the service, otherwise the target port is not open.

-sF:TCP FIN scan, the open port will ignore the packet, and the closed port will respond to the RST packet.

-sU:UDP scanning: the speed of UDP scanning will be slow to detect what UDP services are provided by the target host.

-sP:ICMP scan: similar to ping detection, it quickly determines whether the target host is alive and does not do other scans.

-P0: skip ping detection: this method assumes that all the target hosts are alive, and when the other party does not respond to the ICMP request, it can avoid giving up scanning because it is unable to ping.

[root@localhost run] # nmap-sT 127.0.0.1 / / detect local open TCP port Starting Nmap 6.40 (http://nmap.org) at 2019-09-02 03:19 CSTNmap scan report for localhost (127.0.0.1) Host is up (0.00082s latency) .Not shown: 996 closed portsPORT STATE SERVICE22/tcp open ssh25/tcp open smtp111/tcp open rpcbind631/tcp open ippNmap done: 1 IP address (1 host up) scanned in 0.06 Seconds [root@localhost run] # nmap-sU 127.0.0.1 / detect local open TCP port Starting Nmap 6.40 (http://nmap.org) at 2019-09-02 03:21 CSTNmap scan report for localhost (127.0.0.1) Host is up (0.000049s latency). Not shown: 997 closed portsPORT STATE SERVICE68/udp open | filtered dhcpc111/udp open rpcbind5353/udp open | filtered zeroconfNmap done: 1 IP address (1 host up) ) scanned in 48.95 seconds [root@localhost run] # nmap-sP 192.168.31.12 / check whether the address host is alive Starting Nmap 6.40 (http://nmap.org) at 2019-09-02 03:24 CSTNmap scan report for 192.168.31.12Host is up (0.00067s latency) .Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds [root@localhost run] # nmap-sT 192.168.31.12 / Detection TCP port open to the destination address host Starting Nmap 6.40 (http://nmap.org) at 2019-09-02 03:30 CSTNmap scan report for 192.168.31.12Host is up (0.0019s latency) .Not shown: 995 filtered portsPORT STATE SERVICE135/tcp open msrpc139/tcp open netbios-ssn443/tcp open https445/tcp open microsoft-ds902/tcp open iss-realsecureNmap done: 1 IP address (1 host up) scanned in 9.32 seconds

Thank you for watching!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.