審計概念:
審計的案例:
1.2 配置審計服務
[root@host53 ~]# yum -y install audit
[root@host53 ~]# grep -n "log_file" /etc/audit/auditd.conf # 查看日誌文件
7:log_file = /var/log/audit/audit.log
12:max_log_file = 8
19:max_log_file_action = ROTATE
[root@host53 ~]# systemctl status auditd
[root@host53 ~]# systemctl enable auditd
1.3自定義規則
定義臨時規則 ( 立即有效)
[root@host53 ~]# auditctl -D 清空所有的規則
[root@host53 ~]# auditctl -l #查看所有的規則
[root@host53 ~]# auditctl -s #查看狀態
[root@host53 ~]# auditctl -w /etc/selinux/ -p wa -k plj_selinux #--w 需要審計的目錄, -p 權限 -k 自定義日誌名字
[root@host53 ~]# auditctl -w /usr/sbin/fdisk -p x -k plj_disk
[root@host53 ~]# auditctl -l
-w /etc/passwd -p wa -k plj_passwd
-w /etc/selinux -p wa -k plj_selinux
-w /usr/sbin/fdisk -p x -k plj_disk
定義永久規則
[root@host53 ~]# vim /etc/audit/rules.d/audit.rules
-w /etc/passwd -p wa -k plj_passwd
-w /etc/selinux -p wa -k plj_selinux
-w /usr/sbin/fdisk -p x -k plj_disk
wq
查看審計日誌
[root@host53 ~]# useradd userc
[root@host53 ~]# fdisk
[root@host53 ~]# ausearch -k plj_disk
[root@host53 ~]# ausearch -k plj_disk
1.5 分析審計日誌
time 日誌產生的時間
common 命令名
exec 命令的絕對路徑
uid 用戶名
exit 返回值是0 表示命令執行成功
comm="useradd" exe="/usr/sbin/useradd"
二服務安全
2.1 網站安全
2.1.1 安裝源碼nginx服務
nginx (php)
】# yum -y install gcc pcre-devel zlib-devel openssl-devel
2]# tar -zxvf nginx-1.12.2.tar.gz
]# cd nginx-1.12.2/
]# ./configure && make && make install
[root@host50 nginx-1.12.2]# echo "AAA" > /usr/local/nginx/html/a.html
[root@host50 nginx-1.12.2]# echo "B" > /usr/local/nginx/html/b.html
[root@host50 nginx-1.12.2]# echo "C" > /usr/local/nginx/html/c.html
[root@host50 nginx-1.12.2]# /usr/local/nginx/sbin/nginx # 啓動服務
[root@host50 nginx-1.12.2]#
[root@host50 nginx-1.12.2]# netstat -anptul | grep :80
[root@host50 nginx-1.12.2]# curl http://192.168.4.50/a.html 驗證能訪問
AAA
2.1.2 nginx安全配置
1 禁用不需要的模塊 -without-http_autoindex_module 默認沒有禁止
]# mkdir /usr/local/nginx/html/game
]# echo "one" > /usr/local/nginx/html/game/a1.html
]# echo "two" > /usr/local/nginx/html/game/a2.html
]# vim /usr/local/nginx/conf/nginx.conf
server {
autoindex on ; 開啓自動索引
:wq
]# /usr/local/nginx/sbin/nginx -s stop
]# /usr/local/nginx/sbin/nginx
]#firefox http://192.168.4.50/game 列出了目錄下的所有網頁文件
]# /usr/local/nginx/sbin/nginx -s stop
]# vim /usr/local/nginx/conf/nginx.conf
server {
#autoindex on ;
:wq
]#./configure --without-http_autoindex_module 配置時禁用autoindex模塊
]# make && make install
]# /usr/local/nginx/sbin/nginx 啓動服務
]#firefox http://192.168.4.50/game 報錯(訪問必須輸入網頁名)/game/a1.html game/a2.html 才能顯示網頁
修改版信息:
[root@host50 nginx-1.12.2]# curl -I http://192.168.4.50/
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 29 May 2019 07:49:10 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 29 May 2019 07:16:34 GMT
Connection: keep-alive
ETag: "5cee31d2-264"
Accept-Ranges: bytes
[root@host50 nginx-1.12.2]# vim +48 src/http/ngx_http_header_filter_module.c
static u_char ngx_http_server_string[] = "Server: GETOUT" CRLF; # 修改紅色字體的
static u_char ngx_http_server_full_string[] = "Server: GETOUT" CRLF;
static u_char ngx_http_server_build_string[] = "Server: GETOUT" CRLF;
[root@host50 nginx-1.12.2]# ./configure --without-http_autoindex_module && make && make install
[root@host50 nginx-1.12.2]# /usr/local/nginx/sbin/nginx
[root@host50 nginx-1.12.2]# curl -I http://192.168.4.50
HTTP/1.1 200 OK
Server: GETOUT
Date: Wed, 29 May 2019 07:58:49 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 29 May 2019 07:16:34 GMT
Connection: keep-alive
ETag: "5cee31d2-264"
Accept-Ranges: bytes
限制併發
壓力測試:
[root@host50 nginx-1.12.2]# ab -c 100 -n 100 http://192.168.4.50/a.html
ocument Length: 4 bytes
Concurrency Level: 100
Time taken for tests: 0.024 seconds
Complete requests: 100
Failed requests: 0
Write errors: 0
定義 客戶端存儲空間 客戶端ip 地址 內置變量 內存
同一個ip 地址 1S只處理一個 1r/s
burst 5 放在內存5個 # 同一個ip 只同時處理6個
[root@host50 nginx-1.12.2]# vim /usr/local/nginx/conf/nginx.conf
http {
客戶端存儲空間 客戶端ip 地址 內置變量 存儲客戶端ip地址的內存大小 10M,並命名one ,,
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
``````
server {
limit_req zone=one burst=5;
listen 80;
server_name localhost;
````
[root@host50 nginx-1.12.2]# /usr/local/nginx/sbin/nginx
10個請求 10個連接
[root@host50 nginx-1.12.2]# ab -c 10 -n 10 http://192.168.4.50/a.html
Concurrency Level: 10
Time taken for tests: 5.002 seconds
Complete requests: 10
Failed requests: 4
(Connect: 0, Receive: 0, Length: 4, Exceptions: 0)
~匹配
拒絕非法請求
vim /usr/local/nginx/conf/nginx.conf
server {
if ($request_method !~ ^(GET|POST)$) {
return 444;
[root@host50 nginx-1.12.2]# /usr/local/nginx/sbin/nginx -t #查看配置文件是否正確
[root@host50 nginx-1.12.2]# /usr/local/nginx/sbin/nginx
[root@host50 nginx-1.12.2]# curl -i -X GET http://192.168.4.50/a.html
HTTP/1.1 200 OK
Server: GETOUT
Date: Wed, 29 May 2019 09:23:03 GMT
Content-Type: text/html
Content-Length: 4
Last-Modified: Wed, 29 May 2019 07:19:30 GMT
Connection: keep-alive
ETag: "5cee3282-4"
Accept-Ranges: bytes
AAA
[root@host50 nginx-1.12.2]# curl -i -X HEAD http://192.168.4.50/a.html
curl: (52) Empty reply from server
2.2 數據庫服務 (mariadb)
運行mariadb服務
[root@host50 nginx-1.12.2]# yum -y install mariadb mariadb-server
[root@host50 nginx-1.12.2]# systemctl start mariadb.service
[root@host50 nginx-1.12.2]# ss -anptul | grep :3306
tcp LISTEN 0 50 *:3306 *:* users:(("mysqld",pid=17034,fd=14))
優化配置
1 安全初始配置
2 刪除/root/.mysql_history 文件
3 數據備份與恢復
4 授權普通連接用戶
安全初始配置
[root@host50 nginx-1.12.2]# mysql_secure_installation 執行初始化安全腳本
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[root@host50 nginx-1.12.2]# mysql -uroot -p123456 # 現在只能用,你設置的密嗎登陸
修改密嗎 :
[root@host50 nginx-1.12.2]# mysqladmin -u root -p123456 password 'mysql' # 把密嗎修改爲mysql
[root@host50 ~]# cat ~/.mysql_history # 查看之前在數據庫的操作,需要刪除
show grants;
exot
ex
;
exot ex;
show databases;
use test;
show tables;
mysql數據不加密
數據備份與恢復
授權普通連接用戶
tomcat 安全
隱藏版本信息:
[root@host50 lib]# /usr/local/tomcat/bin/shutdown.sh
[root@host50 lib]# cd /usr/local/tomcat/lib
[root@host50 lib]# yum -y install java-1.8.0-openjdk-devel
[root@host50 lib]# jar -xf catalina.jar #生成org目錄
[root@host50 lib]# vim org/apache/catalina/util/ServerInfo.properties
server.info=nginx 修改
server.number=9.0.30.0 修改
server.built=Dec 1 2015 22:30:46 UTC
[root@host50 lib]# vim /usr/local/tomcat/conf/server.xml
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" server="jacob" />
[root@host50 lib]#/usr/local/tomcat/bin/startup.sh
[root@host50 lib]# ps aux | grep -i java
降權啓動服務:
/usr/local/tomcat/bin/shutdown.sh
useradd tomcat
chown -R tomcat:tomcat /usr/local/tomcat/
su - -c "/usr/local/tomcat/bin/startup.sh" tomcat
su - -c "/usr/local/tomcat/bin/shutdown.sh" tomcat
ps -aux | grep -i java
補丁原理
A 主機操作
163 mkdir /demo
164 cd /demo/
165 mkdir {source1,source2}
167 echo "hello world" > source1/test.sh
168 echo "hello the world" > source2/test.sh
169 echo "test" > source2/tmp.txt
170 cp /bin/find source1/
171 cp /bin/find source2/
172 echo "1" >> source2/find
B主機操作 ]# mkdir /demo/source1
A 主機操作
scp -r /demo/source1/* [email protected]:/demo/source1/
]# diff -urN /demo/source1 /demo/source2
]# diff -urN /demo/source1 /demo/source2
]# diff -uraN /demo/source1 /demo/source2 > /root/all.patch 生成補丁文件一定要以 .patch
]# cat /root/all.patch
]# scp /root/all.patch [email protected]:/tmp/
B 主機操作
]# cat /tmp/all.patch
]# patch -p數字 < 補丁文件 //打補丁 #數字表示需要刪除多於的路徑 :當前路徑 + 補丁路徑 刪除重複的路徑 最好在 /下打補丁, 就只需要刪除 / 一個 數字爲1
補丁路徑 :[root@host51 ~]# cat /root/all.patch
diff -uraN /demo/source1/find /soft/v2/find
]# patch -RE < 補丁文件 //撤銷補丁
]# cd /demo/source1
]# patch -p3 < /tmp/all.patch 打補丁
patching file find
patching file test.sh
patching file tmp.txt
[root@host51 source1]# ls
find test.sh tmp.txt
[root@host51 source1]# cat tmp.txt
test
[root@host51 source1]# cat test.sh
hello the world
[root@host51 source1]# patch -RE < /tmp/all.patch 撤銷補丁 #需要進入到所在的目錄下撤銷
[root@host51 source1]# ls
find test.sh