Linux and Security--linux Basic practice one, practice one: Master the maintenance method of the software source, configure the system to use the software source image in the education network. Master the method of finding, installing, uninstalling and updating software through the software source. 1. How to maintain the software source
The list of Ubuntu software sources is stored in/etc/apt/sourcers.list, and for security reasons, we back up the software source before we operate on the source file.
Open terminal, enter command
sudo cp/etc/apt/sources.list/etc/apt/backup_sources.list
That is, the files backed up by the software source are stored in the APT folder backup_sources.list
Next, we upgrade the software source, enter the command
sudo apt-get update
This command is used to update the source of the software, and the system will automatically look for resources from the Web and download them.
Upgrade software version, enter command
sudo apt-get update &&sudo apt-get Upgrade
View Source list, enter command
sudo gedit/etc/apt/sources.list
As can be seen, this file consists of a comment and a soft source address two parts. The role of the software source is to let the system automatically search for the required software at these URLs, we can understand that the use of the Apt-get command is a software store under the Linux platform, and the software source is the software we want to download, the directory where the download files.
2. Configure the system to use the software source image within the education network
Commonly used in-school update sources
#电子科技大学deb http://Ubuntu.uestc.edu.cn/ubuntu/natty main restricted universe multiverseDeb http://ubuntu.uestc.edu.cn/ubuntu/natty-backports main restricted universe multiverseDeb http://ubuntu.uestc.edu.cn/ubuntu/natty-proposed main restricted universe multiverseDeb http://ubuntu.uestc.edu.cn/ubuntu/natty-security main restricted universe multiverseDeb http://ubuntu.uestc.edu.cn/ubuntu/natty-updates main restricted universe multiverseDEB-SRC http://Ubuntu.uestc.edu.cn/ubuntu/natty main restricted universe multiverseDEB-SRC http://ubuntu.uestc.edu.cn/ubuntu/natty-backports main restricted universe multiverseDEB-SRC http://ubuntu.uestc.edu.cn/ubuntu/natty-proposed main restricted universe multiverseDEB-SRC http://ubuntu.uestc.edu.cn/ubuntu/natty-security main restricted universe multiverseDEB-SRC http://ubuntu.uestc.edu.cn/ubuntu/natty-updates main restricted universe multiverse# China University of Science and Technology Deb http://Debian.ustc.edu.cn/ubuntu/natty main restricted universe multiverseDeb http://debian.ustc.edu.cn/ubuntu/natty-backports restricted universe multiverseDeb http://debian.ustc.edu.cn/ubuntu/natty-proposed main restricted universe multiverseDeb http://debian.ustc.edu.cn/ubuntu/natty-security main restricted universe multiverseDeb http://debian.ustc.edu.cn/ubuntu/natty-updates main restricted universe multiverseDEB-SRC http://Debian.ustc.edu.cn/ubuntu/natty main restricted universe multiverseDEB-SRC http://debian.ustc.edu.cn/ubuntu/natty-backports main restricted universe multiverseDEB-SRC http://debian.ustc.edu.cn/ubuntu/natty-proposed main restricted universe multiverseDEB-SRC http://debian.ustc.edu.cn/ubuntu/natty-security main restricted universe multiverseDEB-SRC http://debian.ustc.edu.cn/ubuntu/natty-updates main restricted universe multiverse# Beijing Institute Deb http://Mirror.bjtu.edu.cn/ubuntu/natty main Multiverse restricted universeDeb http://mirror.bjtu.edu.cn/ubuntu/natty-backports main Multiverse restricted universeDeb http://mirror.bjtu.edu.cn/ubuntu/natty-proposed main Multiverse restricted universeDeb http://mirror.bjtu.edu.cn/ubuntu/natty-security main Multiverse restricted universeDeb http://mirror.bjtu.edu.cn/ubuntu/natty-updates main Multiverse restricted universeDEB-SRC http://Mirror.bjtu.edu.cn/ubuntu/natty main Multiverse restricted universeDEB-SRC http://mirror.bjtu.edu.cn/ubuntu/natty-backports main Multiverse restricted universeDEB-SRC http://mirror.bjtu.edu.cn/ubuntu/natty-proposed main Multiverse restricted universeDEB-SRC http://mirror.bjtu.edu.cn/ubuntu/natty-security main Multiverse restricted universeDEB-SRC http://mirror.bjtu.edu.cn/ubuntu/natty-updates main Multiverse restricted universe# Lanzhou University deb ftp://Mirror.lzu.edu.cn/ubuntu/natty main Multiverse restricted universeDeb ftp://mirror.lzu.edu.cn/ubuntu/natty-backports main Multiverse restricted universeDeb ftp://mirror.lzu.edu.cn/ubuntu/natty-proposed main Multiverse restricted universeDeb ftp://mirror.lzu.edu.cn/ubuntu/natty-security main Multiverse restricted universeDeb ftp://mirror.lzu.edu.cn/ubuntu/natty-updates main Multiverse restricted universeDeb ftp://Mirror.lzu.edu.cn/ubuntu-cn/natty main Multiverse restricted universe# Shanghai Jiaotong University deb http://Ftp.sjtu.edu.cn/ubuntu/natty main Multiverse restricted universeDeb http://ftp.sjtu.edu.cn/ubuntu/natty-backports main Multiverse restricted universeDeb http://ftp.sjtu.edu.cn/ubuntu/natty-proposed main Multiverse restricted universeDeb http://ftp.sjtu.edu.cn/ubuntu/natty-security main Multiverse restricted universeDeb http://ftp.sjtu.edu.cn/ubuntu/natty-updates main Multiverse restricted universeDeb http://Ftp.sjtu.edu.cn/ubuntu-cn/natty main Multiverse restricted universeDEB-SRC http://Ftp.sjtu.edu.cn/ubuntu/natty main Multiverse restricted universeDEB-SRC http://ftp.sjtu.edu.cn/ubuntu/natty-backports main Multiverse restricted universeDEB-SRC http://ftp.sjtu.edu.cn/ubuntu/natty-proposed main Multiverse restricted universeDEB-SRC http://ftp.sjtu.edu.cn/ubuntu/natty-security main Multiverse restricted universeDEB-SRC http://ftp.sjtu.edu.cn/ubuntu/natty-updates main Multiverse restricted universe
The first part of Debtype represents the Deb package type
- Deb represents a binary package
- DEB-SRC means the source package
The second part address type means access to the types of addresses, common types are: Http,ftp,file,cdrom, etc.
Part III distribution represents various releases of Ubuntu, such as Dapper,feisty.
Part IV Compomet represents the package component category, which is a type divided by the degree of technical support, and one or more of the main,restricted,universe and multisive can be selected, typically using main.
(1) Method one: automatic configuration
Click the menu in the top right corner of the Ubuntu system
Click Software Updates, the Update Manager interface appears, click Settings at the bottom left, the software source menu appears, and select the last two options
Click the Add button to add a software source in the new window's input box, such as add:
Deb http://Debian.ustc.edu.cn/ubuntu/natty main restricted universe multiverse
(2) Method two: manual configuration
Enter the following command in the terminal to open the software source file sources.list and edit
sudo gedit/etc/apt/sources.list
Paste the new source address in the file
Save exit, enter the following command in the terminal to update the source information
sudo apt-get update
3. Learn how to find, install, uninstall, and update software through a software source (1) Find a package that contains some keywords
sudo apt-cache search PackageName
Take Skype Software as an example
(2) Installing the Software
sudo apt-get Install PackageName
(3) Uninstalling the Software
sudo apt-get Remove PackageName
(4) Upgrade package
sudo apt-get -u install PackageName
Because it is the latest installed package, it cannot be upgraded.
Second, practice two: Grasp the concept of Linux rights Management. Master the meaning and setting method of 9bit related to rights management. Master the use of Chmod,chown instructions. Master the user and user group maintenance methods. Modify the boot script or write the script. Understand and modify the PATH environment variable. The concept of 1.Linux rights management
Linux is a multi-user multitasking operating system compared to Windows, which allows multiple users to be built on the system, while multiple users can log on to the same system to perform their own different tasks at the same time. In order to ensure the non-impact,Linux file Permissions Division and management, each user in the scope of permission to complete the different tasks. User rights are divided into three types: Read, write and execute. The generic file only has read and write permissions, and the executable adds execute permissions.
2.The meaning and setting method of 9bit related to rights management
The owner of a file in Linux can set the Access property of a file to 3 different access rights: readable (R), writable (w), and executable (x).
The file has 3 different user levels: the file owner (U), the owning user Group (g), and the other user in the System (O).
The first character displays the type of file.
"-" indicates a normal file. "D" represents a catalog file. "L" means the linked file. "C" indicates a character device. "B" represents a block device. "P" indicates a named pipe, such as a FIFO file (first-in, in-out). "F" represents a stack file, such as LIFO (LIFO). "S" represents the socket.
After the first character there are three three-bit character groups:
The first three-bit character group represents the file owner (U) permissions on the file.
The second three-bit character group represents the file user group (g) permissions on the file.
The third three-bit character group represents the permissions of other users of the System (O) to the file.
If the user group does not have permission for this, the "-" character is generally displayed.
Note: There are some differences in directory permissions and file permissions. For directory permissions, r means that files and subdirectories under that directory are allowed to be listed, and W represents the permission to generate and delete files in that directory, and X represents the permission to access the directory.
Use of 3.chmod,chown instructions (1) chmod
Function: Change the access mode of one or more files
<1> text setting method with letters and operator expressions
Format: chmod [who] [opt] [mode] File/directory Name
Where who represents an object, is one or a combination of the following letters:
+-
mode, however, represents the authority:
R: Readable w: writable x: Executable
For example: Write a simple script file test.sh, because the script file cannot be executed directly, only dash test.sh to execute the instruction, because TEST.SH does not have execute permission and Dash has. Here we can test the chmod directive, and after the test.sh is added, the test.sh can be executed directly.
Direct execution./test.sh, insufficient authority
Using the chmod command, enter the following command, and then enter the./test.sh, which can be executed
chmod u+rwx test.sh
Digital setting method for <2>
Format: chmod [mode] file name
Value of Mode:
We consider rwx as a binary number, if there are 1, no 0 means, then rwx r-x R-can be expressed as:
111 101 100
Then convert every three bits into a decimal number, which is 754.
As in the example, when you enter the command ls-l to view its 9bit, it is:
RWX rw-r--
can be expressed as 111 110 100
Convert to decimal number is 764
So we execute the command:
764 test.sh
4. User and user group maintenance methods
Change the root user method
sudo su
Create user
/ETC/PASSWD (Adds a line of records to the/etc/passwd file)
Create a group
Groupadd Group name grep Group name storage address (/etc/group)
Delete User
Userdel User Name
Delete a group
Groupdel Group Name
Set Password
passwd User Name
5. Modifying the boot script or scripting
(1) Go to the /etc/init folder, locate the rc-sysinit.conf file in it, and open it with root (this is read- only and cannot be edited if root permission is not used)
Enter the following command:
After opening the file, find the 14th line and you will see the Env default_runlevel=2
This statement means that the system is currently started after the runlevel is 2, where you can change the number, you can switch user mode to achieve the basic operation.
Ubuntu The runlevel level is defined as follows:
0 –halt, shutdown mode. The system default run level cannot be set to 0, otherwise it cannot be started. 1 –single, single-user mode. 2 -full multi-user with Display Manager (GUI). 3 -full multi-user with Display Manager (GUI). 4 -full multi-user with Display Manager (GUI). 5 -Full multi-user with Display Manager (GUI). 6 –reboot, restart. You cannot set the system default run level to 6, or it will restart all the time. You can seethat there is no difference between the 2 levels. They are multi-user mode
(2) Modify/ETC/RC2.D/SXXGDM to/ETC/RCX.D/KXXGDM
Available commands:
sudo mv SXXGDM KXXGDM
(3) Delete a boot file, available instructions
sudo update-rc.d–f xxx remove (where xxx is a non-numeric part except S and K in the file name)
6. Understand and modify the PATH environment variable
Environment variables are some of the values that are provided to the system and user applications, such as system directory locations, temporary file directories, and so on.
Here is an example of adding the/etc/apache/bin directory to path as follows:
(1) #PATH = $PATH:/etc/apache/bin
With this method, only the current session is valid, meaning that the PATH setting is invalidated whenever the system is logged out or logged off
(2) #vi/etc/profile
Add Path= $PATH in place:/etc/apache/bin (Note: = There can be no spaces on either side of the equals sign)
This method is best, unless you manually force the value of path to be modified, otherwise it will not be changed
Third, practice three: correctly install the SSH service, and understand the configuration file. Use the command line to start or stop the appropriate service, and from the test can be normal from remote Access 1. Install the SSH service and understand the configuration file
To install an SSH server using the Apt-get command
sudo apt-get Install Openssh-server
Open SSH Service
2. Use the command line to start or stop the service, and from the test can be normal from remote access
Enter a command to start the service
Service SSH Status
Enter a command to terminate the service
Service SSH Stop
To change the Allow root logon permission:
Use the SSH service in the host or other terminal (in this case using the Putty software in Windows access)
Connection succeeded:
Iv. practice four: Using username/password and certificate for authentication
The previous use of Putty login to save the IP address, click again login is a failure, we installed the certificate can not enter the password, the landing was successful.
First, enter the command in the terminal:
ssh-keygen–t RSA
Then go straight to-enter-enter
Then, ~.ssh/will generate id_rsa,id_rsa.pub this two files
Use the cat instruction to copy the public key information into the. Ssh/authorized_keys to make it visible in the WINSCP
Copy out these two files, in win below generate PPK file, it can be used to authenticate login;
Open WINSCP, open the tool in the lower left corner, run Puttygen
Open File-load Private Key, select All files, select the Id_rsa file,
Choose Save Private key
Fill in the file name and save the private key
In the WINSCP login screen, click Edit, Advanced, verify
Select the private key file that you just generated in the key file
Click Save, then log in, this time you can log in automatically
Five, practice five: Use WINSCP client connection and file transfer; Putty in Windows can run Xwindows Program 1. Use WINSCP Client connection and file transfer
Use WINSCP to transfer files, copy the test.sh I wrote to the Windows desktop
Putty in 2.Windows can run Xwindows program
Install Xming-6-9-0-31-setup.exe, double-click the icon to open the software and run in the background.
Then configure putty, tick enable X11 forwarding
Then use putty ssh to connect to the Linux host
Input Iceweasel, can start
Linux and Security--linux Basic practice