Linux and Security--linux Basic practice

Source: Internet
Author: User
Tags readable ssh server

Linux and Security--linux Basic practice one, practice one: Master the maintenance method of the software source, configure the system to use the software source image in the education network. Master the method of finding, installing, uninstalling and updating software through the software source. 1. How to maintain the software source

The list of Ubuntu software sources is stored in/etc/apt/sourcers.list, and for security reasons, we back up the software source before we operate on the source file.

Open terminal, enter command

sudo cp/etc/apt/sources.list/etc/apt/backup_sources.list

That is, the files backed up by the software source are stored in the APT folder backup_sources.list

Next, we upgrade the software source, enter the command

sudo apt-get update

This command is used to update the source of the software, and the system will automatically look for resources from the Web and download them.

Upgrade software version, enter command

sudo apt-get update &&sudo apt-get Upgrade

View Source list, enter command

sudo gedit/etc/apt/sources.list

As can be seen, this file consists of a comment and a soft source address two parts. The role of the software source is to let the system automatically search for the required software at these URLs, we can understand that the use of the Apt-get command is a software store under the Linux platform, and the software source is the software we want to download, the directory where the download files.

2. Configure the system to use the software source image within the education network

Commonly used in-school update sources

#电子科技大学deb http://Ubuntu.uestc.edu.cn/ubuntu/natty main restricted universe multiverseDeb http://ubuntu.uestc.edu.cn/ubuntu/natty-backports main restricted universe multiverseDeb http://ubuntu.uestc.edu.cn/ubuntu/natty-proposed main restricted universe multiverseDeb http://ubuntu.uestc.edu.cn/ubuntu/natty-security main restricted universe multiverseDeb http://ubuntu.uestc.edu.cn/ubuntu/natty-updates main restricted universe multiverseDEB-SRC http://Ubuntu.uestc.edu.cn/ubuntu/natty main restricted universe multiverseDEB-SRC http://ubuntu.uestc.edu.cn/ubuntu/natty-backports main restricted universe multiverseDEB-SRC http://ubuntu.uestc.edu.cn/ubuntu/natty-proposed main restricted universe multiverseDEB-SRC http://ubuntu.uestc.edu.cn/ubuntu/natty-security main restricted universe multiverseDEB-SRC http://ubuntu.uestc.edu.cn/ubuntu/natty-updates main restricted universe multiverse# China University of Science and Technology Deb http://Debian.ustc.edu.cn/ubuntu/natty main restricted universe multiverseDeb http://debian.ustc.edu.cn/ubuntu/natty-backports restricted universe multiverseDeb http://debian.ustc.edu.cn/ubuntu/natty-proposed main restricted universe multiverseDeb http://debian.ustc.edu.cn/ubuntu/natty-security main restricted universe multiverseDeb http://debian.ustc.edu.cn/ubuntu/natty-updates main restricted universe multiverseDEB-SRC http://Debian.ustc.edu.cn/ubuntu/natty main restricted universe multiverseDEB-SRC http://debian.ustc.edu.cn/ubuntu/natty-backports main restricted universe multiverseDEB-SRC http://debian.ustc.edu.cn/ubuntu/natty-proposed main restricted universe multiverseDEB-SRC http://debian.ustc.edu.cn/ubuntu/natty-security main restricted universe multiverseDEB-SRC http://debian.ustc.edu.cn/ubuntu/natty-updates main restricted universe multiverse# Beijing Institute Deb http://Mirror.bjtu.edu.cn/ubuntu/natty main Multiverse restricted universeDeb http://mirror.bjtu.edu.cn/ubuntu/natty-backports main Multiverse restricted universeDeb http://mirror.bjtu.edu.cn/ubuntu/natty-proposed main Multiverse restricted universeDeb http://mirror.bjtu.edu.cn/ubuntu/natty-security main Multiverse restricted universeDeb http://mirror.bjtu.edu.cn/ubuntu/natty-updates main Multiverse restricted universeDEB-SRC http://Mirror.bjtu.edu.cn/ubuntu/natty main Multiverse restricted universeDEB-SRC http://mirror.bjtu.edu.cn/ubuntu/natty-backports main Multiverse restricted universeDEB-SRC http://mirror.bjtu.edu.cn/ubuntu/natty-proposed main Multiverse restricted universeDEB-SRC http://mirror.bjtu.edu.cn/ubuntu/natty-security main Multiverse restricted universeDEB-SRC http://mirror.bjtu.edu.cn/ubuntu/natty-updates main Multiverse restricted universe# Lanzhou University deb ftp://Mirror.lzu.edu.cn/ubuntu/natty main Multiverse restricted universeDeb ftp://mirror.lzu.edu.cn/ubuntu/natty-backports main Multiverse restricted universeDeb ftp://mirror.lzu.edu.cn/ubuntu/natty-proposed main Multiverse restricted universeDeb ftp://mirror.lzu.edu.cn/ubuntu/natty-security main Multiverse restricted universeDeb ftp://mirror.lzu.edu.cn/ubuntu/natty-updates main Multiverse restricted universeDeb ftp://Mirror.lzu.edu.cn/ubuntu-cn/natty main Multiverse restricted universe# Shanghai Jiaotong University deb http://Ftp.sjtu.edu.cn/ubuntu/natty main Multiverse restricted universeDeb http://ftp.sjtu.edu.cn/ubuntu/natty-backports main Multiverse restricted universeDeb http://ftp.sjtu.edu.cn/ubuntu/natty-proposed main Multiverse restricted universeDeb http://ftp.sjtu.edu.cn/ubuntu/natty-security main Multiverse restricted universeDeb http://ftp.sjtu.edu.cn/ubuntu/natty-updates main Multiverse restricted universeDeb http://Ftp.sjtu.edu.cn/ubuntu-cn/natty main Multiverse restricted universeDEB-SRC http://Ftp.sjtu.edu.cn/ubuntu/natty main Multiverse restricted universeDEB-SRC http://ftp.sjtu.edu.cn/ubuntu/natty-backports main Multiverse restricted universeDEB-SRC http://ftp.sjtu.edu.cn/ubuntu/natty-proposed main Multiverse restricted universeDEB-SRC http://ftp.sjtu.edu.cn/ubuntu/natty-security main Multiverse restricted universeDEB-SRC http://ftp.sjtu.edu.cn/ubuntu/natty-updates main Multiverse restricted universe

The first part of Debtype represents the Deb package type

    • Deb represents a binary package
    • DEB-SRC means the source package

The second part address type means access to the types of addresses, common types are: Http,ftp,file,cdrom, etc.

Part III distribution represents various releases of Ubuntu, such as Dapper,feisty.

Part IV Compomet represents the package component category, which is a type divided by the degree of technical support, and one or more of the main,restricted,universe and multisive can be selected, typically using main.

(1) Method one: automatic configuration

Click the menu in the top right corner of the Ubuntu system

Click Software Updates, the Update Manager interface appears, click Settings at the bottom left, the software source menu appears, and select the last two options

Click the Add button to add a software source in the new window's input box, such as add:

Deb http://Debian.ustc.edu.cn/ubuntu/natty main restricted universe multiverse

(2) Method two: manual configuration

Enter the following command in the terminal to open the software source file sources.list and edit

sudo gedit/etc/apt/sources.list

Paste the new source address in the file

Save exit, enter the following command in the terminal to update the source information

sudo apt-get update

3. Learn how to find, install, uninstall, and update software through a software source (1) Find a package that contains some keywords
sudo apt-cache search PackageName

Take Skype Software as an example

(2) Installing the Software
sudo apt-get Install PackageName

(3) Uninstalling the Software

sudo apt-get Remove PackageName

(4) Upgrade package

sudo apt-get -u install PackageName

Because it is the latest installed package, it cannot be upgraded.

Second, practice two: Grasp the concept of Linux rights Management. Master the meaning and setting method of 9bit related to rights management. Master the use of Chmod,chown instructions. Master the user and user group maintenance methods. Modify the boot script or write the script. Understand and modify the PATH environment variable. The concept of 1.Linux rights management

Linux is a multi-user multitasking operating system compared to Windows, which allows multiple users to be built on the system, while multiple users can log on to the same system to perform their own different tasks at the same time. In order to ensure the non-impact,Linux file Permissions Division and management, each user in the scope of permission to complete the different tasks. User rights are divided into three types: Read, write and execute. The generic file only has read and write permissions, and the executable adds execute permissions.

2.The meaning and setting method of 9bit related to rights management

The owner of a file in Linux can set the Access property of a file to 3 different access rights: readable (R), writable (w), and executable (x).

The file has 3 different user levels: the file owner (U), the owning user Group (g), and the other user in the System (O).

The first character displays the type of file.

"-" indicates a normal file. "D" represents a catalog file. "L" means the linked file. "C" indicates a character device. "B" represents a block device. "P" indicates a named pipe, such as a FIFO file (first-in, in-out). "F" represents a stack file, such as LIFO (LIFO). "S" represents the socket. 

After the first character there are three three-bit character groups:

The first three-bit character group represents the file owner (U) permissions on the file.

The second three-bit character group represents the file user group (g) permissions on the file.

The third three-bit character group represents the permissions of other users of the System (O) to the file.

If the user group does not have permission for this, the "-" character is generally displayed.

Note: There are some differences in directory permissions and file permissions. For directory permissions, r means that files and subdirectories under that directory are allowed to be listed, and W represents the permission to generate and delete files in that directory, and X represents the permission to access the directory.

Use of 3.chmod,chown instructions (1) chmod

Function: Change the access mode of one or more files

<1> text setting method with letters and operator expressions

Format: chmod [who] [opt] [mode] File/directory Name

Where who represents an object, is one or a combination of the following letters:

+-

mode, however, represents the authority:

R: Readable w: writable x: Executable

For example: Write a simple script file test.sh, because the script file cannot be executed directly, only dash test.sh to execute the instruction, because TEST.SH does not have execute permission and Dash has. Here we can test the chmod directive, and after the test.sh is added, the test.sh can be executed directly.

Direct execution./test.sh, insufficient authority

Using the chmod command, enter the following command, and then enter the./test.sh, which can be executed

chmod u+rwx test.sh

Digital setting method for <2>

Format: chmod [mode] file name

Value of Mode:

We consider rwx as a binary number, if there are 1, no 0 means, then rwx r-x R-can be expressed as:

111 101 100

Then convert every three bits into a decimal number, which is 754.

As in the example, when you enter the command ls-l to view its 9bit, it is:

RWX rw-r--

can be expressed as 111 110 100

Convert to decimal number is 764

So we execute the command:

764 test.sh

4. User and user group maintenance methods

Change the root user method

sudo su

Create user

/ETC/PASSWD (Adds a line of records to the/etc/passwd file)

Create a group

Groupadd Group name grep Group name storage address (/etc/group)

Delete User

Userdel User Name

Delete a group

Groupdel Group Name

Set Password

passwd User Name

5. Modifying the boot script or scripting

(1) Go to the /etc/init folder, locate the rc-sysinit.conf file in it, and open it with root (this is read- only and cannot be edited if root permission is not used)

Enter the following command:

After opening the file, find the 14th line and you will see the Env default_runlevel=2

This statement means that the system is currently started after the runlevel is 2, where you can change the number, you can switch user mode to achieve the basic operation.

Ubuntu The runlevel level is defined as follows:

0 –halt, shutdown mode. The system default run level cannot be set to 0, otherwise it cannot be started.  1  –single, single-user mode.  2 -full multi-user with Display Manager (GUI).  3 -full multi-user with Display Manager (GUI).  4 -full multi-user with Display Manager (GUI).  5 -Full multi-user with Display Manager (GUI).  6  –reboot, restart. You cannot set the system default run level to 6, or it will restart all the time. You can seethat there is no difference between the 2 levels. They are multi-user mode

(2) Modify/ETC/RC2.D/SXXGDM to/ETC/RCX.D/KXXGDM

Available commands:

sudo mv SXXGDM KXXGDM

(3) Delete a boot file, available instructions

sudo update-rc.d–f xxx remove (where xxx is a non-numeric part except S and K in the file name)

6. Understand and modify the PATH environment variable

Environment variables are some of the values that are provided to the system and user applications, such as system directory locations, temporary file directories, and so on.

Here is an example of adding the/etc/apache/bin directory to path as follows:

(1) #PATH = $PATH:/etc/apache/bin

With this method, only the current session is valid, meaning that the PATH setting is invalidated whenever the system is logged out or logged off

(2) #vi/etc/profile

Add Path= $PATH in place:/etc/apache/bin (Note: = There can be no spaces on either side of the equals sign)


This method is best, unless you manually force the value of path to be modified, otherwise it will not be changed

Third, practice three: correctly install the SSH service, and understand the configuration file. Use the command line to start or stop the appropriate service, and from the test can be normal from remote Access 1. Install the SSH service and understand the configuration file

To install an SSH server using the Apt-get command

sudo apt-get Install Openssh-server

Open SSH Service

2. Use the command line to start or stop the service, and from the test can be normal from remote access

Enter a command to start the service

Service SSH Status

Enter a command to terminate the service

Service SSH Stop

To change the Allow root logon permission:

Use the SSH service in the host or other terminal (in this case using the Putty software in Windows access)

Connection succeeded:

Iv. practice four: Using username/password and certificate for authentication

The previous use of Putty login to save the IP address, click again login is a failure, we installed the certificate can not enter the password, the landing was successful.

First, enter the command in the terminal:

ssh-keygen–t RSA

Then go straight to-enter-enter

Then, ~.ssh/will generate id_rsa,id_rsa.pub this two files

Use the cat instruction to copy the public key information into the. Ssh/authorized_keys to make it visible in the WINSCP

Copy out these two files, in win below generate PPK file, it can be used to authenticate login;

Open WINSCP, open the tool in the lower left corner, run Puttygen

Open File-load Private Key, select All files, select the Id_rsa file,

Choose Save Private key

Fill in the file name and save the private key

In the WINSCP login screen, click Edit, Advanced, verify

Select the private key file that you just generated in the key file

Click Save, then log in, this time you can log in automatically

Five, practice five: Use WINSCP client connection and file transfer; Putty in Windows can run Xwindows Program 1. Use WINSCP Client connection and file transfer

Use WINSCP to transfer files, copy the test.sh I wrote to the Windows desktop

Putty in 2.Windows can run Xwindows program

Install Xming-6-9-0-31-setup.exe, double-click the icon to open the software and run in the background.

Then configure putty, tick enable X11 forwarding

Then use putty ssh to connect to the Linux host

Input Iceweasel, can start

Linux and Security--linux Basic practice

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.