Day01
First, SELinux security protection
Ii. Data encryption and decryption
Three, grasping the bag and scanning
++++++++++++++++++++++++++++++
First, SELinux security protection
1.1 SELinux Introduction
1.2 Linux security protection model?
1.3 Viewing the status of the current system SELinux
[Email protected] ~]# Sestatus
1.4 SELinux configuration file
[Email protected] ~]# Cat/etc/selinux/config
1.5 Viewing the security context
View Process PS Aux-z
PS Aux-z | Grep-i Process Name
View files Ls-lz file names
View Directory Ls-ldz directory name
1.6 The composition of the security context?
System_u:object_r:passwd_file_t:s0
System_u:object_r:net_conf_t:s0
User: Role: Access type: Parameter
1.7 Common types of access?
1.8 What is the general operating rule after SELinux is enabled?
When you create a new file, the new file inherits the security context of the parent directory.
Keep the original security context intact when moving files
When copying files, inherit the security context of the destination directory
1.9 Modify the access type?
]# chcon-r-T access type directory name//recursive modification
]# chcon-t Access Type file name
]# chcon-t httpd_sys_content_t/var/www/html/test1.html
1.10 Recover file access types?
]# restorecon-r Directory Name//recursive recovery
]# Restorecon file name
]# restorecon/var/www/html/test2.html
Practice file changes to the SELinux access type (for example, Web services files)
1.11 SELinux Boolean value (function switch)
viewing bool values
#getsebool-A
#getsebool-A | Grep-i FTP
modifying bool values
#setsebool-P option =1|0
#setsebool-P option On|off
Environment ready, start VSFTPD Service, configure Allow anonymous FTP user, can upload and download files into/var/ftp/shardir directory.
[Email protected] ~]# sed-n ' 29p '/etc/vsftpd/vsftpd.conf
Anon_upload_enable=yes
[Email protected] ~]#
[Email protected] ~]# Mkdir/var/ftp/shardir
[Email protected] ~]# chmod o+w/var/ftp/shardir
[Email protected] ~]# systemctl restart VSFTPD
592 Setsebool-p ftpd_anon_write=1
593 Setsebool-p Ftpd_full_access on
594 Getenforce-a | Grep-i FTP
597 Setenforce 1
Client:
Yum-y Install FTP
LCD switch to Native directory
Get download
Put upload
+++++++++++++++++++++++++++++++++++++
Enable SELinux log program to record error messages:
After SELinux is enabled, modify the port number used by the site service to 8090.
[Email protected] ~]# Cat/var/log/messages | Grep-n-I. Setroubleshoot | Tail-1
37272:jan 22:38:31 host50 Setroubleshoot:selinux is preventing/usr/sbin/httpd from Name_bind access on the Tcp_socket Port 8090. For complete SELinux messages. Run Sealert-l A9DB74EE-FF0D-45C7-8A4D-34D4BF5BC3C4
[Email protected] ~]# sealert-l A9DB74EE-FF0D-45C7-8A4D-34D4BF5BC3C4
]# semanage port-a-t http_port_t-p TCP 8090
+++++++++++++++++++++++++++++++
Ii. Data encryption and decryption
2.1 Why Encrypt?
2.2 What encryption? What is decryption?
Sender Encryption Receiver Decryption
2.3 What is an algorithm? Add/Decrypt Calculation rules
Secret key (public key encryption private key decryption)
|--> can be an instruction or a section of code
2.4 Encryption Method?
Symmetric encryption: Encryption and decryption use the same calculation rules
Asymmetric encryption: Encryption and decryption use a different calculation rule
Symmetric encryption algorithm: DES AES
Asymmetric encryption algorithm: RSA DSA
Hash hashing technology to ensure the integrity of the data. MD5 Sha
++++++++++++++++++++++++++++++
GPG Symmetric encryption-c-d
Hair Collection
UserA--------------> UserB
UserA Encrypting gpg-c File name
UserB decrypting gpg-d file name
++++++++++++++++++++++++++
GPG Asymmetric encryption (using a key pair)
Public Key Cryptography
Private key decryption
Hair Collection
UserA--------------> UserB
UserB (decryption)
1 Creating a key pair ~/.gnupg/
#gpg--gen-key
#ls ~/.gnupg/
2 Export the public key and pass the public key file to UserA
[Email protected] ~]$ GPG--export-a >/tmp/userb.pub
[Email protected] ~]$ cat/tmp/userb.pub
UserA (encrypted)
1 Importing a public key file ~/.gnupg
[Email protected] ~]$ GPG--import/tmp/userb.pub
[[email protected] ~]$ ls ~/.GNUPG
2 Use the public key to encrypt the file, the encrypted file to UserB
[Email protected] ~]$ gpg-e-R UserA b.txt
[Email protected] ~]$ MV b.txt.gpg/tmp/
3 UserB Decryption
Calling the private key to decrypt the decrypted file
[Email protected] ~]$ gpg-d/tmp/b.txt.gpg > U.txt
Cat U.txt
++++++++++++++++++++++++++++++++++
GPG digital Signature function verifies data integrity
-B--verify--fingerprint
UserB
Private key Signature
Vim C.txt
Gpg-b C.txt
LS c.
CP c./tmp/
--fingerprint GPG
UserA
Public key authentication Signature
#gpg--verify/tmp/c.txt.sig
#cat/tmp/c.txt
root# sed-i ' 1s/^/aaa/'/tmp/c.txt
UserA
#cat/tmp/c.txt
#gpg--verify/tmp/c.txt.sig
+++++++++++++++++++++++++++++++
Three, grasping the bag and scanning
3.1 Scanning Nmap
3.2 Grab Bag tcpdump
3.3 Use of protocol analysis software Wireshark
3.1 Scanning Nmap
Which Nmap
181 Rpm-qf/bin/nmap
182 Rpm-q Nmap
Man Nmap
Syntax format
#nmap [Scan type] [options] <IP address >
What are the scan types? -ss-st-su-sp
What are the options? -a-n-P
How is the IP address represented?
192.168.4.53
192.168.4.100-200
192.168.4.53,57,68
#nmap-SP 172.40.55.122
185 Nmap-sp 172.40.55.122
186 Nmap-sp 172.40.55.180
187 Nmap 172.40.55.180
188 Nmap-n-st-p 80 172.40.55.180
189 Nmap-n-st-p 25,80 172.40.55.180
Nmap-n-st-p 21-100,3306 172.40.55.180
191 Nmap-n-A 172.40.55.180
Nmap-n-sp 172.40.55.100-200--exclude 172.40.55.143,172.40.55.158
#vim/root/ip.txt
172.40.55.143
172.40.55.158
172.40.55.180
: Wq
Nmap-n-sp 172.40.55.100-200--excludefile/root/ip.txt
vim/root/web.sh
#/bin/bash
For IP in 180 143 158
Do
Nmap-n-ss-p 172.40.55. $ip | Grep-q Open
If [$?-eq 0];then
echo "172.40.55. $ip-Open"
Else
echo "172.40.55. $ip closed"
Fi
Done
: Wq
+++++++++++++++++++++++++++++
#mkdir/myself
#mv/root/web.sh/myself/checkweb
#chmod +x/myself/checkweb
#vim/etc/profile
....
Export path=/myself: $PATH
: Wq
#resource/etc/profile
#echo $PATH
#cd/usr/local/
#checkweb
++++++++++++++++++++++++++++++++++++
#checkweb 3306 112 130 129
#checkweb 11211 112 130 129
3.2 Grab Bag tcpdump
tcpdump [Options] [filter conditions]
Options
-I network interface name//do not specify the interface name, the default catch Eth0 interface in and out of the package
-C number//Specify the number of packets, not specified will always grab the bag
-A//crawl the packet in a readable manner
-w file name. Cap//Store the captured data in a file. The default is output to the screen.
-r file name. Cap//Read the contents of the capture package file
Tcpdump
Tcpdump-i BR1
113 Tcpdump-i Br1-c 2
Tcpdump-i br1-c 2-a
Tcpdump-i br1-c 2-a-w/tmp/tcpdump.cap
Tcpdump-a-r/tmp/tcpdump.cap
Filter condition: When the bag is caught, it will catch all incoming packets without filtering conditions. Conversely, only packets with compound conditions are caught.
[Email protected] ~]# tcpdump-i eth0-a
[[email protected] ~]# tcpdump-i eth0-a TCP port 8090
[[email protected] ~]# tcpdump-i eth0-a TCP port 8090 and host 192.168.4.53
[[Email protected] ~] #tcpdump-I eth0-a TCP port and net 192.168.4.0/24
[[Email protected] ~] #tcpdump-I eth0-a TCP port and not host 192.168.4.53
[[Email protected] ~] #tcpdump-I eth0-a
TCP port 8090 and host 192.168.4.53 or host 192.168.4.54
[[Email protected] ~] #tcpdump-I eth0-a
TCP Port 8090 and (host 192.168.4.53 or host 192.168.4.54)
[[Email protected] ~] #tcpdump-I eth0-a TCP port 25-w/tmp/mail2.cap
[[Email protected] ~] #tcpdump-A-r/tmp/mail2.cap
[Email protected] ~]# Scp/tmp/mail2.cap 192.168.4.254:/root/
3.3 Use of Protocol analysis software Wireshark (host)
Install packages
Yum-y Install Wireshark wireshark-gnomerpm-q wireshark wireshark-gnome
Open the graphical interface
Applications, Internet, software name---> File menu, open file/root/mail2.cap
TCP Transport protocol Token bit
SYN New Connection
ACK Confirm connection
FIN Disconnects
Push (P) transmits data
RST re-establish connection
Application Layer HTTP SMTP ftp
Transport Layer TCP UPD
Network Layer IP Packet
Physical layer Data Flow (0101)
Security 02: Encryption and decryption, scanning and capture, summary and troubleshooting, SELinux security Protection