服務安全與監控3

審計概念：

審計的案例：

1.2 配置審計服務

[root@host53 ~]# yum -y install audit

[root@host53 ~]# grep -n "log_file" /etc/audit/auditd.conf # 查看日誌文件
7:log_file = /var/log/audit/audit.log
12:max_log_file = 8
19:max_log_file_action = ROTATE
[root@host53 ~]# systemctl status auditd

[root@host53 ~]# systemctl enable auditd
1.3自定義規則

定義臨時規則 ( 立即有效）

[root@host53 ~]# auditctl -D 清空所有的規則

[root@host53 ~]# auditctl -l #查看所有的規則

[root@host53 ~]# auditctl -s #查看狀態

[root@host53 ~]# auditctl -w /etc/selinux/ -p wa -k plj_selinux #--w 需要審計的目錄， -p 權限 -k 自定義日誌名字
[root@host53 ~]# auditctl -w /usr/sbin/fdisk -p x -k plj_disk

[root@host53 ~]# auditctl -l
-w /etc/passwd -p wa -k plj_passwd
-w /etc/selinux -p wa -k plj_selinux
-w /usr/sbin/fdisk -p x -k plj_disk

定義永久規則
[root@host53 ~]# vim /etc/audit/rules.d/audit.rules

-w /etc/passwd -p wa -k plj_passwd
-w /etc/selinux -p wa -k plj_selinux
-w /usr/sbin/fdisk -p x -k plj_disk

查看審計日誌

[root@host53 ~]# useradd userc

[root@host53 ~]# fdisk
[root@host53 ~]# ausearch -k plj_disk
[root@host53 ~]# ausearch -k plj_disk

1.5 分析審計日誌

time 日誌產生的時間

common 命令名

exec 命令的絕對路徑

uid 用戶名

exit 返回值是0 表示命令執行成功

comm="useradd" exe="/usr/sbin/useradd"

二服務安全

2.1 網站安全

2.1.1 安裝源碼nginx服務

nginx (php)

】# yum -y install gcc pcre-devel zlib-devel openssl-devel

2]# tar -zxvf nginx-1.12.2.tar.gz
]# cd nginx-1.12.2/
]# ./configure && make && make install

[root@host50 nginx-1.12.2]# echo "AAA" > /usr/local/nginx/html/a.html
[root@host50 nginx-1.12.2]# echo "B" > /usr/local/nginx/html/b.html
[root@host50 nginx-1.12.2]# echo "C" > /usr/local/nginx/html/c.html
[root@host50 nginx-1.12.2]# /usr/local/nginx/sbin/nginx # 啓動服務
[root@host50 nginx-1.12.2]#
[root@host50 nginx-1.12.2]# netstat -anptul | grep :80
[root@host50 nginx-1.12.2]# curl http://192.168.4.50/a.html 驗證能訪問
AAA

2.1.2 nginx安全配置

1 禁用不需要的模塊 -without-http_autoindex_module 默認沒有禁止

]# mkdir /usr/local/nginx/html/game
]# echo "one" > /usr/local/nginx/html/game/a1.html
]# echo "two" > /usr/local/nginx/html/game/a2.html
]# vim /usr/local/nginx/conf/nginx.conf
server {
autoindex on ; 開啓自動索引
:wq
]# /usr/local/nginx/sbin/nginx -s stop
]# /usr/local/nginx/sbin/nginx

]#firefox http://192.168.4.50/game 列出了目錄下的所有網頁文件

]# /usr/local/nginx/sbin/nginx -s stop
]# vim /usr/local/nginx/conf/nginx.conf
server {
#autoindex on ;
:wq
]#./configure --without-http_autoindex_module 配置時禁用autoindex模塊
]# make && make install

]# /usr/local/nginx/sbin/nginx 啓動服務
]#firefox http://192.168.4.50/game 報錯（訪問必須輸入網頁名）/game/a1.html game/a2.html 才能顯示網頁

修改版信息：

[root@host50 nginx-1.12.2]# curl -I http://192.168.4.50/
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Wed, 29 May 2019 07:49:10 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 29 May 2019 07:16:34 GMT
Connection: keep-alive
ETag: "5cee31d2-264"
Accept-Ranges: bytes
[root@host50 nginx-1.12.2]# vim +48 src/http/ngx_http_header_filter_module.c

static u_char ngx_http_server_string[] = "Server: GETOUT" CRLF; # 修改紅色字體的
static u_char ngx_http_server_full_string[] = "Server: GETOUT" CRLF;
static u_char ngx_http_server_build_string[] = "Server: GETOUT" CRLF;
[root@host50 nginx-1.12.2]# ./configure --without-http_autoindex_module && make && make install

[root@host50 nginx-1.12.2]# /usr/local/nginx/sbin/nginx

[root@host50 nginx-1.12.2]# curl -I http://192.168.4.50
HTTP/1.1 200 OK
Server: GETOUT
Date: Wed, 29 May 2019 07:58:49 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 29 May 2019 07:16:34 GMT
Connection: keep-alive
ETag: "5cee31d2-264"
Accept-Ranges: bytes

限制併發

壓力測試：

[root@host50 nginx-1.12.2]# ab -c 100 -n 100 http://192.168.4.50/a.html

ocument Length: 4 bytes

Concurrency Level: 100
Time taken for tests: 0.024 seconds
Complete requests: 100
Failed requests: 0
Write errors: 0

定義客戶端存儲空間客戶端ip 地址內置變量內存

同一個ip 地址 1S只處理一個 1r/s

burst 5 放在內存5個 # 同一個ip 只同時處理6個

[root@host50 nginx-1.12.2]# vim /usr/local/nginx/conf/nginx.conf

http {

客戶端存儲空間客戶端ip 地址內置變量存儲客戶端ip地址的內存大小 10M，並命名one ,,
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

``````

server {
limit_req zone=one burst=5;

listen 80;
server_name localhost;
````
[root@host50 nginx-1.12.2]# /usr/local/nginx/sbin/nginx

10個請求 10個連接

[root@host50 nginx-1.12.2]# ab -c 10 -n 10 http://192.168.4.50/a.html

Concurrency Level: 10
Time taken for tests: 5.002 seconds
Complete requests: 10
Failed requests: 4
(Connect: 0, Receive: 0, Length: 4, Exceptions: 0)

~匹配

拒絕非法請求

vim /usr/local/nginx/conf/nginx.conf

server {

if ($request_method !~ ^(GET|POST)$) {
return 444;
[root@host50 nginx-1.12.2]# /usr/local/nginx/sbin/nginx -t #查看配置文件是否正確
[root@host50 nginx-1.12.2]# /usr/local/nginx/sbin/nginx
[root@host50 nginx-1.12.2]# curl -i -X GET http://192.168.4.50/a.html

HTTP/1.1 200 OK
Server: GETOUT
Date: Wed, 29 May 2019 09:23:03 GMT
Content-Type: text/html
Content-Length: 4
Last-Modified: Wed, 29 May 2019 07:19:30 GMT
Connection: keep-alive
ETag: "5cee3282-4"
Accept-Ranges: bytes

AAA

[root@host50 nginx-1.12.2]# curl -i -X HEAD http://192.168.4.50/a.html
curl: (52) Empty reply from server

2.2 數據庫服務（mariadb)

運行mariadb服務

[root@host50 nginx-1.12.2]# yum -y install mariadb mariadb-server
[root@host50 nginx-1.12.2]# systemctl start mariadb.service

[root@host50 nginx-1.12.2]# ss -anptul | grep :3306
tcp LISTEN 0 50 *:3306 *:* users:(("mysqld",pid=17034,fd=14))

優化配置

   1 安全初始配置
           2 刪除/root/.mysql_history 文件
           3 數據備份與恢復
           4 授權普通連接用戶

安全初始配置

[root@host50 nginx-1.12.2]# mysql_secure_installation 執行初始化安全腳本

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

[root@host50 nginx-1.12.2]# mysql -uroot -p123456 # 現在只能用，你設置的密嗎登陸

修改密嗎：

[root@host50 nginx-1.12.2]# mysqladmin -u root -p123456 password 'mysql' # 把密嗎修改爲mysql

[root@host50 ~]# cat ~/.mysql_history # 查看之前在數據庫的操作，需要刪除
show grants;
exot
ex
;
exot ex;
show databases;
use test;
show tables;

mysql數據不加密

數據備份與恢復

授權普通連接用戶

tomcat 安全

隱藏版本信息：

[root@host50 lib]# /usr/local/tomcat/bin/shutdown.sh

[root@host50 lib]# cd /usr/local/tomcat/lib

[root@host50 lib]# yum -y install java-1.8.0-openjdk-devel

[root@host50 lib]# jar -xf catalina.jar #生成org目錄
[root@host50 lib]# vim org/apache/catalina/util/ServerInfo.properties
server.info=nginx 修改
server.number=9.0.30.0 修改
server.built=Dec 1 2015 22:30:46 UTC

[root@host50 lib]# vim /usr/local/tomcat/conf/server.xml

[root@host50 lib]#/usr/local/tomcat/bin/startup.sh

[root@host50 lib]# ps aux | grep -i java

降權啓動服務：

/usr/local/tomcat/bin/shutdown.sh

useradd tomcat
chown -R tomcat:tomcat /usr/local/tomcat/
su - -c "/usr/local/tomcat/bin/startup.sh" tomcat
su - -c "/usr/local/tomcat/bin/shutdown.sh" tomcat
ps -aux | grep -i java

補丁原理

A 主機操作
163 mkdir /demo
164 cd /demo/
165 mkdir {source1,source2}
167 echo "hello world" > source1/test.sh
168 echo "hello the world" > source2/test.sh
169 echo "test" > source2/tmp.txt
170 cp /bin/find source1/
171 cp /bin/find source2/
172 echo "1" >> source2/find

B主機操作 ]# mkdir /demo/source1

A 主機操作
scp -r /demo/source1/* [email protected]:/demo/source1/
]# diff -urN /demo/source1 /demo/source2
]# diff -urN /demo/source1 /demo/source2
]# diff -uraN /demo/source1 /demo/source2 > /root/all.patch 生成補丁文件一定要以 .patch
]# cat /root/all.patch
]# scp /root/all.patch [email protected]:/tmp/

B 主機操作
]# cat /tmp/all.patch
]# patch -p數字 < 補丁文件 //打補丁 #數字表示需要刪除多於的路徑：當前路徑 + 補丁路徑刪除重複的路徑最好在 /下打補丁，就只需要刪除 / 一個數字爲1

補丁路徑：[root@host51 ~]# cat /root/all.patch

diff -uraN /demo/source1/find /soft/v2/find
]# patch -RE < 補丁文件 //撤銷補丁

]# cd /demo/source1
]# patch -p3 < /tmp/all.patch 打補丁
   patching file find
   patching file test.sh
   patching file tmp.txt

[root@host51 source1]# ls
find test.sh tmp.txt

[root@host51 source1]# cat tmp.txt
test

[root@host51 source1]# cat test.sh
hello the world

[root@host51 source1]# patch -RE < /tmp/all.patch 撤銷補丁 #需要進入到所在的目錄下撤銷
[root@host51 source1]# ls
find test.sh

服務安全與監控3

tomcat 安全

補丁原理

Mysql視圖，

文件的權限和歸屬

部署LVS-DR集羣大致步驟

iscsi簡單配置步驟和原理

linux破解root密碼的方法

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結