Shulou(Shulou.com)06/03 Report--

System Security and Application of Linux/Centos7 system Management

1. Account security control

two。 System boot and login control

3. Weak password detection

4. Port scan

I. account Security Control 1.1 basic Security measures 1.1.1 system account cleanup

​ (1) in the Linux system, in addition to the various accounts created manually by the user, there are also a large number of other accounts generated with the installation process of the system or program. Except for root users, most non-login users (bin, daemon, adm, nobody, lp, apache, etc.) cannot log in.

Use the grep command to view non-logged-in users as follows:

[root@localhost ~] # grep "/ sbin/nologin$" / etc/passwdbin:x:1:1:bin:/bin:/sbin/nologindaemon:x:2:2:daemon:/sbin:/sbin/nologinadm:x:3:4:adm:/var/adm:/sbin/nologinlp:x:4:7:lp:/var/spool/lpd:/sbin/nologinmail:x:8:12:mail:/var/spool/mail:/sbin/nologinoperator:x:11:0:operator:/root : / sbin/nologingames:x:12:100:games:/usr/games:/sbin/nologinftp:x:14:50:FTP User:/var/ftp:/sbin/nologinnobody:x:99:99:Nobody:/:/sbin/nologinsystemd-network:x:192:192:systemd Network Management:/:/sbin/nologindbus:x:81:81:System message bus:/:/sbin/nologinpolkitd:x:999:998:User for polkitd:/:/sbin/nologinabrt:x:173:173::/etc / abrt:/sbin/nologinlibstoragemgmt:x:998:996:daemon account for libstoragemgmt:/var/run/lsm:/sbin/nologinrpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologincolord:x:997:995:User for colord:/var/lib/colord:/sbin/nologinsaslauth:x:996:76:Saslauthd user:/run/saslauthd:/sbin/nologinrtkit:x:172:172:RealtimeKit:/proc:/sbin/nologinpulse:x:171:171:PulseAudio System Daemon:/ Var/run/pulse:/sbin/nologinchrony:x:995:991::/var/lib/chrony:/sbin/nologinrpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologinnfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologinntp:x:38:38::/etc/ntp:/sbin/nologintss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologinusbmuxd:x : 113:113:usbmuxd user:/:/sbin/nologingeoclue:x:994:989:User for geoclue:/var/lib/geoclue:/sbin/nologinqemu:x:107:107:qemu user:/:/sbin/nologinradvd:x:75:75:radvd user:/:/sbin/nologinsetroubleshoot:x:993:988::/var/lib/setroubleshoot:/sbin/nologinsssd:x:992:987:User for sssd:/:/sbin/nologingdm:x:42:42::/var/lib/gdm:/ Sbin/nologingnome-initial-setup:x:991:986::/run/gnome-initial-setup/:/sbin/nologinsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologiavahi:x:70:70:Avahi mDNS/DNS-SD Stack:/var/run/avahi-daemon:/sbin/nologinpostfix:x:89:89::/var/spool/postfix:/sbin/nologintcpdump:x:72:72::/:/sbin/nologin

​ (2) but for the user account that has not been used for a long time in the Linux server, if you are not sure whether it should be deleted, you can lock it temporarily.

[root@localhost ~] # usermod-L zhangsan [root@localhost ~] # passwd-S zhangsanzhangsan LK 2019-11-150 99999 7-1 (password is locked.) [root@localhost ~] # passwd-u zhangsan unlocks the password of user zhangsan. Passwd: the operation was successful

​ (3) of course, if the user account is fixed and no longer changed in the server, you can also lock the account profile and use the chattr (change attribution-change file state) command.

[root@localhost ~] # chattr + I / etc/passwd / etc/shadow [root@localhost ~] # lsattr / etc/passwd / etc/shadow----i- / etc/passwd----i- / etc/shadow [root@localhost ~] # useradd lisiuseradd: unable to open / etc/passwd [root@localhost ~] # chattr-I / etc/passwd / etc/shadow [root@localhost ~] # lsattr / etc/passwd / etc/shadow- / etc/passwd- / etc/shadow [root@localhost ~] # useradd lisi

Command explanation: + I means locked,-I means unlocked, and lsattr indicates viewing status

1.1.2 password security control

The method of setting password period in ​ is illustrated with an example.

[root@localhost ~] # head-25 / etc/login.defs | tail-1PASS_MAX_DAYS 99999 [root@localhost ~] # vim / etc/login.defs [root@localhost ~] # head-25 / etc/login.defs | tail-1PASS_MAX_DAYS 30 [root@localhost ~] # useradd wangwu [root@localhost ~] # passwd wangwu change the password of user wangwu. New password: invalid password: password less than 8 characters re-enter the new password: passwd: all authentication tokens have been successfully updated. [root@localhost ~] # tail-1 / etc/shadowwangwu:$6 $pDVLca5K$iy9JAb4PzbG14d3XfG8ei7dV0YnJFjOwRJVMzs3bMFyp.XPEkv0WO5XaGViv.4.n1jp5fPSCDHanJh3j3Am4f1:18215:0:30:7:::

Operation explanation: check the 25th line of the / etc/login.defs file, use the vim editor to modify it, change it to 30, indicating the longest use time, that is, the password is valid for 30 days. This method is only for users who are newly created later, so what about the original users? The answer is using the chage command.

[root@localhost] # tail-3 / etc/passwdzhangsan:x:1001:1001::/home/zhangsan:/bin/bashlisi:x:1002:1002::/home/lisi:/bin/bashwangwu:x:1003:1003::/home/wangwu:/bin/bash [root@localhost ~] # chage-M 20 lisi [root@localhost ~] # chage-M 20 wangwu [root@localhost ~] # tail-3 / etc/shadowzhangsan:$6$ WsyIZguS$ZsJObVyyFzwxT2p0RoIemdrQjLUmoKDkzY8DlrtctYLBzxl0ja3rcp84BP3D5MTHfK.pj1IKAZpezYUwv1d/p0:18215:0:99999:7::: Lisi:$6 $yo1cSlqf$tR5J63h7yOdhqearLDVb8nOfpBlJE6Oem9h5bkREzCRDBA.7OsT.wsX5zJ3I.BUbHxfaw56JbP0IkDyAGwbCi0:18215:0:20:7:::wangwu:$6 $pDVLca5K$iy9JAb4PzbG14d3XfG8ei7dV0YnJFjOwRJVMzs3bMFyp.XPEkv0WO5XaGViv.4.n1jp5fPSCDHanJh3j3Am4f1:18215:0:20:7:::

Of course, if users created in bulk must set their own password when they log in for the first time, the administrator enforces the policy so that the password must be changed the next time they log in. Use "chage-d 0 username" to set up.

1.1.3 Command history, automatic logout

In general, the history command defaults to record 1000 entries. For newly logged-in users, modify the / etc/profile file and change the HISTSIZE.

The current user changes directly on the current bash terminal: export HISTSIZE=100

[root@localhost ~] # echo "HISTSIZE=10" > > / etc/profile / / for new login users [root@localhost ~] # tail-1 / etc/profileHISTSIZE=10 [root@localhost ~] # su-lisi [lisi@localhost ~] $history 22 clear 23 ls 24 cd / etc/ 25 ls 26 cd. 27 cd 28 ls 29 history 30 ls 31 history [root@localhost ~] # export HISTSIZE=5 / / for the current bash end user [root@localhost ~] # history 6 grub2-mkconfig-o / boot/grub2/grub.cfg 7 init 6 8 cd 9 export HISTSIZE=5 10 history

Of course, you can also modify the ~ /. Bash_logout file in the user's host directory, and the recorded history commands will be emptied automatically when the user exits.

You can also set an idle timeout-automatically log out as long as you don't operate (modify the TMOUT variable, not recommended)

[root@localhost] # cat ~ / .bash_logout # / .bash_ logout [root @ localhost ~] # echo "history-c" > > ~ / .bash_logout [root@localhost ~] # echo "clear" > > ~ / .bash_logout [root@localhost ~] # cat ~ / .bash_logout # / .bash_logouthistory-cclear [root@localhost ~] # source ~ / .bash_logout [root@localhost ~] # history 3 history [root@localhost ~] # 1.2 user switching and empowerment

​ in general, most Linux servers do not recommend that users log in directly as root users. On the one hand, it can greatly reduce the damage caused by misoperation, on the other hand, it can also reduce the risk of privileged passwords being disclosed in insecure networks.

​ provides us with su and sudo commands on the Linux system, in which the su command is mainly used to switch users, while the sudo command is used to enhance the authority of execution.

1.2.1 su command-switch users

The ​ su command, which can be switched to another specified user, thus having all the permissions of that user. The option "-" means to enter the login shell environment of the target user after switching users. If this option is not selected, only the users will be switched, not the user environment. For switching to a root user, "root" can be omitted.

​ by default, any user is allowed to use the su command, thus having the opportunity to try other users' login passwords over and over again, posing a security risk. In order to strengthen the control of the use of su commands, only individual users are allowed to switch using su commands with the help of pam_wheel authentication module. Specific examples are as follows:

[root@localhost ~] # su-lisi Last login: [lisi@localhost ~] $su-password: last login: November 15 10:25:26 on CST 2019pts/0 CST 2019 from 192.168.68.1pts/1 [root@localhost ~] # su zhangsan [zhangsan@localhost root] $su password: [root@localhost ~] # gpasswd-a zhangsan wheel is adding the user "zhangsan" to the "wheel" group [root @ localhost ~] # grep wheel / etc/groupwheel:x:10:zhangsan [root@localhost ~] # head-6 / etc/pam.d/su | tail-1#auth required pam_wheel.so use_ uid [root @ localhost ~] # vim / etc/pam.d/su [root@localhost ~] # head-6 / etc/pam.d/su | tail-1auth required pam_wheel.so use_ uid [root @ localhost ~] # su-lisi last login [lisi@localhost ~] $su-password: su: deny permission [lisi@localhost ~] $exit logout [root@localhost ~] # su-zhangsan Last login: last failed login on lisi@localhost at 10:49:10 on November 15 on CST 2019pts/1-password: on November 15 at 10:56:24 on the CST 2019pts/1 there was the last failed login attempt after a successful login. [zhangsan@localhost ~] $su-password: last login: last failed login on the CST 2019pts/1 at 10:49:17 on November 15: on the CST 2019pts/1 at 10:57:26 on November 15, the most successful login was followed by two failed login attempts.

The command explains:

​ uses the gpasswd command to add the zhangsan user to the wheel group, edit the / etc/pam.d/su file, delete the # on line 6, and try to switch to other users. Because lisi is not in the wheel group, permission is denied, but Zhang San can switch to root normally because he is in the wheel group. The execution of the su command will be recorded in the security log / var/log/secure.

[root@localhost] # vim / var/log/secure 1 Nov 14 11:43:22 localhost polkitd: Loading rules from directory / etc/polkit-1/rules.d 2 Nov 14 11:43:22 localhost polkitd: Loading rules from directory / usr/share/polkit-1/rules.d 3 Nov 14 11:43:22 localhost polkitd: Finished loading Compiling and executing 8 rules 4 Nov 14 11:43:22 localhost polkitd [572]: Acquired the name org.freedesktop.PolicyKit1 on the system bus 5 Nov 14 11:43:23 localhost sshd [1030]: Server listening on 0.0.0.0 port 22. 6 Nov 14 11:43:23 localhost sshd [1030]: Server listening on:: port 22. 7 Nov 14 11:44:00 localhost polkitd: Registered AuthenticationAgent for unix-process:10820:4415 (system bus name: 1.133 [/ usr/bin/pkttyagent-- no tify-fd 5-- fallback], object path / org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) 8 Nov 14 11:44:00 localhost polkitd: Unregistered AuthenticationAgent for unix-process:10820:4415 (system bus name: 1.133, object path / org/freedesktop/PolicyKit1/AuthenticationAgent Locale zh_CN.UTF-8) (disconnected from bus) 9 Nov 14 11:44:00 localhost polkitd: Registered AuthenticationAgent for unix-process:10843:4423 (system bus name: 1.134 [/ usr/bin/pkttyagent-- no tify-fd 5-- fallback], object path / org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) 10 Nov 14 11:44:00 localhost polkitd [572]: Unregistered AuthenticationAgent for unix-process:10843:4423 (system bus name: 1.134) Object path / org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) (disconnected from bus) 11 Nov 14 11:44:00 localhost gdm-launch-environment]: pam_unix (gdm-launch-environment:session): session opened for user gdm by (uid=0) 12 Nov 14 11:44:01 localhost polkitd: Registered AuthenticationAgent for unix-session:c1 (system bus name: 1.140 [/ usr/bin/gnome-shell], object path / org/freedesktop/PolicyKit1/AuthenticationAgent Locale zh_CN.UTF-8) 13 Nov 14 11:44:11 localhost gdm-password]: pam_unix (gdm-password:session): session opened for user root by (uid=0) 14 Nov 14 11:44:11 localhost polkitd: Unregistered AuthenticationAgent for unix-session:c1 (system bus name: 1.140, object path / org/freedesktop/P olicyKit1/AuthenticationAgent Locale zh_CN.UTF-8) (disconnected from bus) 15 Nov 14 11:44:12 localhost polkitd: Registered AuthenticationAgent for unix-session:1 (system bus name: 1.161 [/ usr/bin/gnome-shell], object pat h / org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) 16 Nov 14 20:21:09 localhost polkitd [572]: Registered AuthenticationAgent for unix-process:19734:78501 (system bus name: 1.254 [/ usr/bin/pkttyagent-n otify-fd 5-- fallback] Object path / org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) 17 Nov 14 20:21:11 localhost polkitd: Unregistered AuthenticationAgent for unix-process:19734:78501 (system bus name: 1.254, object path / org/freedesktop/PolicyKit1/AuthenticationAgent) Locale zh_CN.UTF-8) (disconnected from bus) 18 Nov 14 20:21:25 localhost sshd [20138]: Accepted password for root from 192.168.68.1 port 59169 ssh3 19 Nov 14 20:21:25 localhost sshd [20138]: pam_unix (sshd:session): session opened for user root by (uid=0) 20 Nov 14 20:21:46 localhost sshd [20138]: pam_unix (sshd:session): session closed for user root 21 Nov 15 09:24:35 localhost polkitd [20138]: Registered Authentication Agent for unix-process:24514:117799 (system bus name: 1.302 [/ usr/bin/pkttyagent-- notify-fd 5-- fallback] Object path / org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) 22 Nov 15 09:25:41 localhost polkitd: Loading rules from directory / etc/polkit-1/rules.d 23 Nov 15 09:25:41 localhost polkitd: Loading rules from directory / usr/share/polkit-1/rules.d 24 Nov 15 09:25:41 localhost polkitd [555]: Finished loading Compiling and executing 8 rules 25 Nov 15 09:25:41 localhost polkitd [555]: Acquired the name org.freedesktop.PolicyKit1 on the system bus 26 Nov 15 09:25:42 localhost sshd [951]: Server listening on 0.0.0.0 port 22. 27 Nov 15 09:25:42 localhost sshd [951]: Server listening on:: port 22.

Note: be sure to edit the / etc/pam.d/su file! In order to operate normally, otherwise it will be switched normally by default.

1.2.2sudo command-- elevate execution permissions

(1) add authorization to the configuration file / etc/sudoers (note: wq! Force save)

First, let's take a look at this configuration file.

[root@localhost ~] # grep-v "^ #" / etc/sudoers / / retrieve content that does not begin with the # sign Defaults! visiblepwDefaults always_set_homeDefaults match_group_by_gidDefaults env_resetDefaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS" Defaults env_keep + = "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE" Defaults env_keep + = "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES" Defaults env _ keep + = "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE" Defaults env_keep + = "LC_TIME LC_ALL LANGUAGE LINGUAS _ XKB_CHARSET XAUTHORITY" Defaults secure_path = / sbin:/bin:/usr/sbin:/usr/binroot ALL= (ALL) ALL%wheel ALL= (ALL) ALL

In ​, we look at the last two, root and% wheel, respectively, indicating that root users can exercise all permissions, and members of the wheel group can also exercise all permissions.

​ then we use a user who does not belong to the wheel group and give him permission to modify the ip address to verify.

[root@localhost ~] # vim / etc/sudoers / / add a command to this file: lisi localhost=/sbin/ifconfig [root@localhost ~] # su-lisi Last login: November 15 10:55:54 on CST 2019pts/1 [lisi@localhost ~] $su-password: su: deny permission [lisi@localhost ~] $ifconfig ens33 1.1.1.1 / / SIOCSIFADDR cannot operate without using sudo: not allowed Allowed operation SIOCSIFFLAGS: disallowed operation [lisi@localhost ~] $sudo ifconfig ens33 1.1.1.1 / / you need to enter your own password for the first time As long as you do not exceed the 5min, you do not need to type again that we trust that you have learned the daily considerations from your system administrator. To sum up, there are three points: # 1) respect other people's privacy. # 2) consider (consequences and risks) before entering. # 3) the greater the power, the greater the responsibility. Password for [sudo] lisi: [lisi@localhost ~] $ifconfigens33: flags=4163 mtu 1500 inet 1.1.1.1 netmask 255.0.0.0 broadcast 1.255.255.255 inet6 fe80::7eb1:2dde:8a54:6927 prefixlen 64 scopeid 0x20 ether 00:0c:29:56:d3:4a txqueuelen 1000 (Ethernet) RX packets 3105 bytes 231965 (226.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 981 Bytes 150502 (146.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6:: 1 prefixlen 128 scopeid 0x10 loop txqueuelen 1 (Local Loopback) RX packets 16 bytes 1752 (1.7 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 16 bytes 1752 (1.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0virbr0: flags=4099 mtu 1500 inet 192.168.122.1 netmask 255.255.255.255.0 broadcast 192.168.122.255 ether 52VIED 5400VlV 71V 09txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 01.3PAM Security Certification 1.3.1PAM and its function

​ PAM (Pluggable Authentication Modules) is a pluggable authentication module for Linux systems.

​ (1) is an efficient and flexible user-level authentication method, which is also widely used in Linux servers.

​ (2) it provides a central mechanism for authentication of all services, suitable for login, remote login, etc.

​ (3) system administrators make different authentication policies for different applications through PAM configuration files.

Four management interfaces supported by 1.3.2PAM:

​ 1, Certification Management (authentication management)

​ mainly accepts the user name and password, then authenticates the user's password and is responsible for setting some secrets of the user.

​ information.

​ 2, account Management (account management)

​ mainly checks whether the account is allowed to log in to the system, whether the account has expired, and whether there is a time period for the login of the account.

​ restrictions and so on.

​ 3, password Management (password management)

​ is mainly used to change users' passwords.

​ 4, session Management (session management)

​ mainly provides session management and accounting (accounting).

Principle of 1.3.3PAM authentication

​ (1) PAM authentication generally follows the following order: Service (service) → PAM (configuration file) → pam_*.so

​ (2) PAM authentication first determines which service, then loads the corresponding PAM configuration file (under / etc/pam.d), and finally calls the authentication file (under / lib/security) for security authentication.

The composition of 1.3.4PAM certification

For example, view the PAM configuration file of su

[root@localhost ~] # cat / etc/pam.d/su#%PAM-1.0auth sufficient pam_rootok.so# Uncomment the following line to implicitly trust users in the "wheel" group.#auth sufficient pam_wheel.so trust use_uid# Uncomment the following line to require a user to be in the "wheel" group.#auth required pam_wheel.so use_uidauth substack system-authauth include postloginaccount sufficient pam_succeed_if. So uid = 0 use_uid quietaccount include system-authpassword include system-authsession include system-authsession include postloginsession optional pam_xauth.so

(1) each line is an independent authentication process.

(2) each line can be divided into three fields: authentication type, control type and PAM module and its parameters.

II. System Boot and Login Control 2.1 switch Security Control 2.1.1 adjust BIOS Boot Settings set the first boot device to the current hard disk prohibit booting the system from other devices (CD, U disk, network) set the security level to isetup and set the administrator password

Note: it is forbidden to boot the system from other devices, feeling that if you forget your root password, you may not be able to change it from the CD-ROM drive, so you should proceed with caution.

2.1.2 restrict the change of GTUB boot parameters using grub2-mkpasswd-pbkdf2 generation key modification / etc/grub.d//00_header file, add password records to generate new grub.cfg configuration files 2.2 terminals and login control 2.2.1 prohibit root users from logging in

Modify the / etc/securetty file to prohibit root users from logging in from tty6 and comment out the line

[root@localhost ~] # vim / etc/securetty [root@localhost ~] # head-18 / etc/securetty | tail-1#tty62.2.2 prohibits ordinary users from logging in

You only need to create a / etc/nologin file.

[root@localhost] # touch / etc/nologin III, weak password detection, Port scan 3.1 weak password Detection-- John the Ripper [root@localhost tarpkg] # lsapr-1.4.6.tar.gz apr-util-1.4.1.tar.gz httpd-2.4.2.tar.gz john-1.8.0.tar.gz [root@localhost tarpkg] # tar zxf john-1.8.0.tar.gz-C / opt/ decompressed to / opt [root@localhost tarpkg] # ls / opt/john -1.8.0 rh [root@localhost tarpkg] # cd / opt/john-1.8.0/ [root@localhost john-1.8.0] # lsdoc README run srcroot@localhost john-1.8.0] # cd src/ View file information According to the content, we know that we need to install the compiler [root@localhost src] # ls AFS_fmt.c config.c ia64.h MD5_fmt.c ppc64alt.h trip_fmt.calpha.h config.h idle.c MD5_std.c ppc64.h tty.calpha.S cracker.c idle.h MD5_std.h recovery.c tty.hbatch.c Cracker.h inc.c memory.c recovery.h unafs.cbatch.h crc32.c inc.h memory.h rpp.c unique.cbench.c crc32.h john.asm mips32.h rpp.h unshadow.cbench.h DES_bs_b.c john.c mips64.h rules.c vax.hbest.c DES_bs.c john.com Misc.c rules.h wordlist.cbest.sh DES_bs.h john.h misc.h sboxes.c wordlist.hBF_fmt.c DES_fmt.c list.c nonstd.c sboxes-s.c x86-64.hBF_std.c DES_std.c list.h options.c signals.c x86-64.SBF_std.h DES_std.h LM_fmt.c Options.h signals.h x86-any.hBSDI_fmt.c detect.c loader.c os.h single.c x86-mmx.hc3_fmt.c dummy.c loader.h params.c single.h x86-mmx.Scharset.c external.c logger.c params.h sparc32.h x86.Scharset.h external.h logger.h pa-risc.h sparc64.h x86-sse.hcommon.c Formats.c Makefile path.c status.c x86-sse.Scommon.h formats.h Makefile.dep path.h status.hcompiler.c getopt.c math.c ppc32alt.h symlink.ccompiler.h getopt.h math.h ppc32.h times.h [root@localhost src] # ls.. / run ascii.chr john.conf mailer password.lstdigits.chr lm_ascii.chr makechr relbench

(2) install the compiler, compile and install, get the executable file john, and then run it to crack the simple password.

[root@localhost src] # yum install-y gcc gcc-c++... / / the omission process is over! [root@localhost src] # rpm-Q gccgcc-4.8.5-39.el7.x86_64 [root@localhost src] # rpm-Q gcc-c+ [root@localhost src] # make linux-x86-64 / / compile. / / omit the process [root@localhost src] # cd.. / run [root@localhost run] # lsascii.chr john Lm_ascii.chr makechr relbench uniquedigits.chr john.conf mailer password.lst unafs unshadow [root@localhost run] #. / john / etc/passwd / etc/shadowLoaded 3 password hashes with 3 different salts (crypt Generic crypt (3) [? / 64]) Press'Q'or Ctrl-C to abort, almost any other key for status123456 (lokott) 123456 (root) 2g 000GOUR 01GROWTH 072AM3 0.03025g/s 284.7p/s 287.6c/s 287.6C/s pookie1..mary1Use the "--show" option to display all of the cracked passwords reliably

According to the above steps, we can get the passwords of root and lokott users.

3.2 Network scanning-NMAP

NMAP is a powerful security evaluation tool for port scanning, which detects huge networks with a large number of hosts, and supports many technologies such as ping scanning, multi-port detection, OS identification and so on. Using NMAP to scan the internal network regularly, we can find out the uncontrollable application services in the network, turn off the unsafe services in time, and reduce the security risk.

Nmap command

Command format: nmap [scan Type] [option]

-sS:TCP SYN scan (half open scan)

-sT:TCP connection scan

-sF:TCP FIN scan

-sU:UDP scan

-sP: ICMP scan

-P0: skip ping detection

[root@localhost ~] # rpm-Q nmapnmap-6.40-19.el7.x86_64 [root@localhost ~] # netstat-ntap / / View tcpActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0 nmapnmap-6.40 111 0.0.0.0 nmapnmap-6.40 * LISTEN 1/systemd tcp 0 0 192.168.122.1 LISTEN 942/sshd tcp 53 0.0.0.0 * LISTEN 1267/dnsmasq tcp 0 0 0.0.0.0 22 0.0.0.0 * LISTEN 942/sshd tcp 0 0127.0.0 .1ESTABLISHED 3578/sshd 631 0.0.0.0ESTABLISHED 3578/sshd * LISTEN 944/cupsd tcp 0 0127.0.0.1 ESTABLISHED 3578/sshd 25 0.0.0.0 ESTABLISHED 3578/sshd: Root@pts tcp6 0 0: 11 1:: * LISTEN 1/systemd tcp6 0 0: 22: * LISTEN 942/sshd tcp6 0 0:: 1 LISTEN 942/sshd tcp6 631: * LISTEN 944/cupsd tcp6 0 0:: 1:25: * LISTEN 1252/master [root@localhost ~] # netstat-nuap / / View udpActive Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp 0 0 0 PID/Program name udp 58802 0 0 0 3456/dhclient udp 0 0 0 3 0 0 0 563/avahi-daemon: r udp 0 0 192.168.122. 1:53 0.0.0.0 * 1267/dnsmasq udp 0 0 0.0.0.015 67 0.0.0.015 * 1267/dnsmasq udp 00 0.0.0.015 68 0.0.0.0 * 3456/dhclient udp 0 0 0.0.0 0 3456/dhclient udp 5353 0.0.0.0 3456/dhclient * 563/avahi-daemon: r udp6 0 0: 42353:: * 3456/dhclient

If we install a httpd service and start the httpd service, we will find that port 80 is in use.

[root@localhost ~] # yum install-y httpd loaded plug-ins: fastestmirror, langpacks... / / omit [root@localhost ~] # systemctl start httpd.service [root@localhost ~] # nmap-sT 127.0.0.1Starting Nmap 6.40 (http://nmap.org) at 2019-11-15 13:32 CSTNmap scan report for localhost (127.0.0.1) Host is up (0.00060s latency). Not shown: 995 closed portsPORT STATE SERVICE22/tcp open ssh25/tcp open smtp80/tcp open http111/tcp open rpcbind631/tcp open ippNmap done: 1 IP address (1 host up) scanned in 0.07 seconds IV

​ this paper mainly introduces the theoretical knowledge of system security and application in Linux/Centos7 system management, and strengthens the understanding of commands through example operation. Through the study of this article, it is convenient to find the hidden dangers of safety, so as to take targeted protective measures in time.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.