{"id":350,"date":"2024-11-05T19:02:32","date_gmt":"2024-11-05T11:02:32","guid":{"rendered":"http:\/\/danielw.top\/?p=350"},"modified":"2025-10-31T10:49:40","modified_gmt":"2025-10-31T02:49:40","slug":"centos%e6%93%8d%e4%bd%9c%e7%b3%bb%e7%bb%9f%e7%ae%80%e4%bb%8b%ef%bc%9a","status":"publish","type":"post","link":"http:\/\/danielw.top\/?p=350","title":{"rendered":"Centos\u64cd\u4f5c\u7cfb\u7edf\u7b80\u4ecb\uff1a"},"content":{"rendered":"<p><font size=\"5\"><strong>Centos\u64cd\u4f5c\u7cfb\u7edf\u7b80\u4ecb\uff1a<\/strong><\/font><br \/>\n<font  size=\"2\"><\/p>\n<ul>\n<li>CentOS\u662f\u4e00\u4e2a\u57fa\u4e8eLinux\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\uff0c\u4e8e2004\u5e74\u63a8\u51fa\u3002\u5b83\u662fRed Hat Enterprise Linux\uff08RHEL\uff09\u7684\u4e00\u4e2a\u53d8\u79cd\uff0c\u9002\u7528\u4e8e\u670d\u52a1\u5668\u548c\u4f01\u4e1a\u73af\u5883\u3002CentOS\u7684\u540d\u79f0\u4ee3\u8868&quot;Community Enterprise Operating System&quot;\u3002 <\/font><\/li>\n<li><a href=\"http:\/\/172.18.1.201\" target=\"_blank\"  rel=\"nofollow\" >Linux\u5e38\u7528\u547d\u4ee4<\/a><\/li>\n<li><a href=\"http:\/\/172.18.1.253\" target=\"_blank\"  rel=\"nofollow\" >\u5b9e\u9a8c\u73af\u5883\u5821\u5792\u673a<\/a><\/li>\n<li><a href=\"http:\/\/172.18.1.248:8889\" target=\"_blank\"  rel=\"nofollow\" >\u5b9e\u9a8c\u5de5\u5177\u548c\u8f6f\u4ef6\u5206\u4eab<\/a><\/li>\n<\/ul>\n<hr \/>\n<p><font size=\"5\"><strong>\u5b9e\u9a8c\u5185\u5bb9\uff1a<\/strong><\/font><\/p>\n<hr \/>\n<h3><font color=\"#dd0000\" size=\"3\">1. \u8eab\u4efd\u9274\u522b<\/font><br \/><\/h3>\n<hr \/>\n<p><font color=\"#0000dd\" size=\"2\">a\uff09\u5e94\u5bf9\u767b\u5f55\u7684\u7528\u6237\u8fdb\u884c\u8eab\u4efd\u6807\u8bc6\u548c\u9274\u522b\uff0c\u8eab\u4efd\u6807\u8bc6\u5177\u6709\u552f\u4e00\u6027\uff0c\u8eab\u4efd\u9274\u522b\u4fe1\u606f\u5177\u6709\u590d\u6742\u5ea6\u8981\u6c42\u5e76\u5b9a\u671f\u66f4\u6362\uff1b<\/font><br \/>\n1\uff09\u67e5\u770b\u7528\u6237\u767b\u5f55\u670d\u52a1\u5668\u7684\u8fc7\u7a0b\uff0c\u662f\u5426\u5bf9\u7528\u6237\u8fdb\u884c\u8eab\u4efd\u9274\u522b\uff1b<br \/>\n2\uff09\u4f7f\u7528\u547d\u4ee4<code>more \/etc\/passwd<\/code>\uff0c\u67e5\u770b\u662f\u5426\u5b58\u5728\u91cd\u590d\u7684\u7528\u6237\u540d\u6216UID\uff1b<\/p>\n<pre><code class=\"language-bash\">[root@ENST ~]# more \/etc\/passwd\nroot:x:0:0:root:\/root:\/bin\/bash\nbin:x:1:1:bin:\/bin:\/sbin\/nologin\ndaemon:x:2:2:daemon:\/sbin:\/sbin\/nologin\nadm:x:3:4:adm:\/var\/adm:\/sbin\/nologin\nlp:x:4:7:lp:\/var\/spool\/lpd:\/sbin\/nologin\nsync:x:5:0:sync:\/sbin:\/bin\/sync\nshutdown:x:6:0:shutdown:\/sbin:\/sbin\/shutdown\nhalt:x:7:0:halt:\/sbin:\/sbin\/halt\nmail:x:8:12:mail:\/var\/spool\/mail:\/sbin\/nologin\noperator:x:11:0:operator:\/root:\/sbin\/nologin\ngames:x:12:100:games:\/usr\/games:\/sbin\/nologin\nftp:x:14:50:FTP User:\/var\/ftp:\/sbin\/nologin\nnobody:x:99:99:Nobody:\/:\/sbin\/nologin\nsystemd-network:x:192:192:systemd Network Management:\/:\/sbin\/nologin\ndbus:x:81:81:System message bus:\/:\/sbin\/nologin\npolkitd:x:999:998:User for polkitd:\/:\/sbin\/nologin\nsshd:x:74:74:Privilege-separated SSH:\/var\/empty\/sshd:\/sbin\/nologin\npostfix:x:89:89::\/var\/spool\/postfix:\/sbin\/nologin\nchrony:x:998:996::\/var\/lib\/chrony:\/sbin\/nologin\nzhaoliang:x:1000:1000:zhaoliang:\/home\/zhaoliang:\/bin\/bash<\/code><\/pre>\n<p><font size=\"2\">3\uff09\u6838\u67e5\u7528\u6237\u53e3\u4ee4\u662f\u5426\u5177\u6709\u590d\u6742\u5ea6\u8981\u6c42\u548c\u957f\u5ea6\u8981\u6c42\uff1a\u6267\u884c<code>more \/etc\/pam.d\/system-auth<\/code>\uff0c\u67e5\u770b<code>pam_cracklib.so<\/code>\u6216<code>pam_pwquality.so<\/code> \u540e\u662f\u5426\u8fdb\u884c\u590d\u6742\u5ea6\u548c\u957f\u5ea6\u914d\u7f6e\uff1b<br \/>\n\u3010\u6ce8\u3011\uff1a<br \/>\n<code>pam_cracklib.so<\/code>\u6216<code>pam_pwquality.so<\/code>\u540e\u8bbe\u7f6e\u7684\u53c2\u6570\u5305\u62ec minlen=8\uff08\u6700\u5c0f\u957f\u5ea6\u4e3a8\u4f4d\uff09 \u3001 dcredit=-1\uff08\u81f3\u5c11\u5305\u62ec\u4e00\u4e2a\u6570\u5b57\uff09\u3001lcredit=-1\uff08\u81f3\u5c11\u5305\u62ec\u4e00\u4e2a\u5c0f\u5199\u5b57\u6bcd\uff09\u3001ucredit=-1\uff08\u81f3\u5c11\u5305\u62ec\u4e00\u4e2a\u5927\u5199\u5b57\u6bcd\uff09\u3001ocredit=-1\uff08\u81f3\u5c11\u5305\u62ec\u4e00\u4e2a\u7279\u6b8a\u5b57\u7b26\uff09\u3001enforce_for_root\uff08\u5373\u4f7f\u662froot\u7528\u6237\u8bbe\u7f6e\u5bc6\u7801\uff0c\u4e5f\u5f3a\u5236\u6267\u884c\u590d\u6742\u6027\u7b56\u7565\uff09\uff1b<br \/>\n<code>auth required pam_tally2.so<\/code> deny=a\uff08a\u4e3a\u5931\u8d25\u767b\u5f55\u6b21\u6570\u9600\u503c\uff09 unlock_time=b\uff08b\u4e3a\u8d85\u51fa\u5931\u8d25\u767b\u5f55\u6b21\u6570\u9650\u5236\u540e\uff0c\u89e3\u9501\u7684\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\uff09 even_deny_root\uff08root\u7528\u6237\u5931\u8d25\u767b\u5f55\u6b21\u6570\uff0c\u8d85\u8fc7deny=a\u6b21\u540e\u62d2\u7edd\u8bbf\u95ee\uff09 root_unlock_time=c \uff08\u4e0eeven_deny_root\u76f8\u5bf9\u5e94\u7684\u9009\u9879\uff0cc\u4e3aroot\u7528\u6237\u5728\u767b\u5f55\u5931\u8d25\u6b21\u6570\u8d85\u8fc7\u9650\u5236\u540e\u88ab\u9501\u5b9a\u6307\u5b9a\u65f6\u95f4\uff0c\u5355\u4f4d\u4e3a\u79d2\uff09<br \/>\n\u3010\u8865\u5145\u8bf4\u660e\u3011\uff1a<br \/>\n\u5173\u4e8ePAMLinux-PAM (Pluggable Authentication Modules for Linux)\u53ef\u63d2\u62d4\u8ba4\u8bc1\u6a21\u5757\u3002Linux-PAM\u662f\u4e00\u5957\u9002\u7528\u4e8eLinux\u7684\u8eab\u4efd\u9a8c\u8bc1\u5171\u4eab\u5e93\u7cfb\u7edf\uff0c\u5b83\u4e3a\u7cfb\u7edf\u4e2d\u7684\u5e94\u7528\u7a0b\u5e8f\u6216\u670d\u52a1\u63d0\u4f9b\u52a8\u6001\u8eab\u4efd\u9a8c\u8bc1\u6a21\u5757\u652f\u6301\u3002\u5728Linux\u4e2d\uff0cPAM\u662f\u53ef\u52a8\u6001\u914d\u7f6e\u7684\uff0c\u672c\u5730\u7cfb\u7edf\u7ba1\u7406\u5458\u53ef\u4ee5\u81ea\u7531\u9009\u62e9\u5e94\u7528\u7a0b\u5e8f\u5982\u4f55\u5bf9\u7528\u6237\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002PAM\u5e94\u7528\u5728\u8bb8\u591a\u7a0b\u5e8f\u4e0e\u670d\u52a1\u4e0a\uff0c\u6bd4\u5982\u767b\u5f55\u7a0b\u5e8f(login\u3001su)\u7684PAM\u8eab\u4efd\u9a8c\u8bc1\uff08\u53e3\u4ee4\u8ba4\u8bc1\u3001\u9650\u5236\u767b\u5f55\uff09\uff0cpasswd\u5f3a\u5236\u5bc6\u7801\uff0c\u7528\u6237\u8fdb\u7a0b\u5b9e\u65f6\u7ba1\u7406\uff0c\u5411\u7528\u6237\u5206\u914d\u7cfb\u7edf\u8d44\u6e90\u7b49\u3002<br \/>\nPAM\u7684\u4e3b\u8981\u7279\u5f81\u662f\u8ba4\u8bc1\u7684\u6027\u8d28\u662f\u53ef\u52a8\u6001\u914d\u7f6e\u7684\u3002PAM\u7684\u6838\u5fc3\u90e8\u5206\u662f\u5e93\uff08libpam\uff09\u548cPAM\u6a21\u5757\u7684\u96c6\u5408\uff0c\u5b83\u4eec\u662f\u4f4d\u4e8e\u6587\u4ef6\u5939\/lib\/security\/\u4e2d\u7684\u52a8\u6001\u94fe\u63a5\u5e93(.so)\u6587\u4ef6\uff0c\u4ee5\u53ca\u4f4d\u4e8e\/etc\/pam.d\/\u76ee\u5f55\u4e2d\uff08\u6216\u8005\u662f\/etc\/pam.conf\u914d\u7f6e\u6587\u4ef6\uff09\u7684\u5404\u4e2aPAM\u6a21\u5757\u914d\u7f6e\u6587\u4ef6\u3002\/etc\/pam.d\/\u76ee\u5f55\u4e2d\u5b9a\u4e49\u4e86\u5404\u79cd\u7a0b\u5e8f\u548c\u670d\u52a1\u7684PAM\u914d\u7f6e\u6587\u4ef6\uff0c\u5176\u4e2d<code>system-auth<\/code>\u6587\u4ef6\u662fPAM\u6a21\u5757\u7684\u91cd\u8981\u914d\u7f6e\u6587\u4ef6\uff0c\u5b83\u4e3b\u8981\u8d1f\u8d23\u7528\u6237\u767b\u5f55\u7cfb\u7edf\u7684\u8eab\u4efd\u8ba4\u8bc1\u5de5\u4f5c\uff0c\u4e0d\u4ec5\u5982\u6b64\uff0c\u5176\u4ed6\u7684\u5e94\u7528\u7a0b\u5e8f\u6216\u670d\u52a1\u53ef\u4ee5\u901a\u8fc7include\u63a5\u53e3\u6765\u8c03\u7528\u5b83\uff08\u8be5\u6587\u4ef6\u662fsystem-auth-ac\u7684\u8f6f\u94fe\u63a5\uff09\u3002\u6b64\u5916password-auth\u914d\u7f6e\u6587\u4ef6\u4e5f\u662f\u4e0e\u8eab\u4efd\u9a8c\u8bc1\u76f8\u5173\u7684\u91cd\u8981\u914d\u7f6e\u6587\u4ef6\uff0c\u6bd4\u5982\u7528\u6237\u7684\u8fdc\u7a0b\u767b\u5f55\u9a8c\u8bc1(SSH\u767b\u5f55)\u5c31\u901a\u8fc7\u5b83\u8c03\u7528\u3002\u800c\u5728Ubuntu\u3001SuSE Linux\u7b49\u53d1\u884c\u7248\u4e2d\uff0cPAM\u4e3b\u8981\u914d\u7f6e\u6587\u4ef6\u662f<code>common-auth<\/code>\u3001<code>common-account<\/code>\u3001<code>common-password<\/code>\u3001<code>common-session<\/code>\u8fd9\u56db\u4e2a\u6587\u4ef6\uff0c\u6240\u6709\u7684\u5e94\u7528\u7a0b\u5e8f\u548c\u670d\u52a1\u7684\u4e3b\u8981PAM\u914d\u7f6e\u90fd\u53ef\u4ee5\u901a\u8fc7\u5b83\u4eec\u6765\u8c03\u7528\u3002<\/font><\/p>\n<pre><code class=\"language-bash\">[root@ENST ~]# more \/etc\/pam.d\/system-auth\n#%PAM-1.0\n# This file is auto-generated.\n# User changes will be destroyed the next time authconfig is run.\nauth        required      pam_env.so\nauth        required      pam_faildelay.so delay=2000000\nauth        sufficient    pam_unix.so nullok try_first_pass\nauth        requisite     pam_succeed_if.so uid &gt;= 1000 quiet_success\nauth        required      pam_deny.so\n\naccount     required      pam_unix.so\naccount     sufficient    pam_localuser.so\naccount     sufficient    pam_succeed_if.so uid &lt; 1000 quiet\naccount     required      pam_permit.so\n\npassword    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=\npassword    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok\npassword    required      pam_deny.so\n\nsession     optional      pam_keyinit.so revoke\nsession     required      pam_limits.so\n-session     optional      pam_systemd.so\nsession     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid\nsession     required      pam_unix.so\n<\/code><\/pre>\n<p><font size=\"2\">4\uff09\u6838\u67e5\u7528\u6237\u53e3\u4ee4\u662f\u5426\u8fdb\u884c\u53e3\u4ee4\u957f\u5ea6\u548c\u6709\u6548\u671f\u914d\u7f6e\uff1a\u6267\u884c<code>more \/etc\/login.defs<\/code>|grep PASS_MAX_DAYS\u3001<code>more \/etc\/login.defs<\/code>|grep PASS_MIN_DAYS\uff0c<code>more \/etc\/login.defs<\/code>|grep PASS_MIN_LEN\u3001<code>more \/etc\/login.defs<\/code>|grep PASS_WARN_AGE\u67e5\u770b PASS_MAX_DAYS\u3001PASS_MIN_DAYS\u3001PASS_MIN_LEN \u3001 PASS_WARN_AGE\u7684\u503c\uff1b<br \/>\n\u3010\u6ce8\u3011\uff1a<br \/>\n<code>PASS\\_MAX\\_DAYS<\/code>\uff08\u5bc6\u7801\u6700\u957f\u6709\u6548\u671f\uff09 n \uff08n\u4ee3\u8868\u5929\u6570\uff0c&lt;=180\uff09<br \/>\n<code>PASS\\_MIN\\_DAYS<\/code>\uff08\u5bc6\u7801\u6700\u77ed\u6709\u6548\u671f\uff09 0 \uff08\u767b\u5f55\u5bc6\u7801\u6700\u77ed\u4fee\u6539\u65f6\u95f4\uff0c\u589e\u52a0\u53ef\u9632\u6b62\u975e\u6cd5\u7528\u6237\u77ed\u671f\u5185\u591a\u6b21\u4fee\u6539\u767b\u5f55\u5bc6\u7801\uff09<br \/>\n<code>PASS\\_MIN\\_LEN<\/code>\uff08\u5bc6\u7801\u6700\u77ed\u957f\u5ea6\uff09 m \uff08m \u4ee3\u8868\u957f\u5ea6\uff0c&gt;=8\uff09<br \/>\n<code>PASS\\_WARN\\_AGE<\/code>\uff08\u767b\u5f55\u5bc6\u7801\u8fc7\u671f\u524d\u591a\u5c11\u5929\u63d0\u793a\u4fee\u6539\uff09 s \uff08s \u4ee3\u8868\u5929\u6570\uff0c&gt;=5\uff09<\/font><\/p>\n<pre><code class=\"language-bash\">[root@ENST ~]# more \/etc\/login.defs\n# Password aging controls:\n#\n#   PASS_MAX_DAYS   Maximum number of days a password may be used.\n#   PASS_MIN_DAYS   Minimum number of days allowed between password changes.\n#   PASS_MIN_LEN    Minimum acceptable password length.\n#   PASS_WARN_AGE   Number of days warning given before a password expires.\n#\nPASS_MAX_DAYS   99999\nPASS_MIN_DAYS   0\nPASS_MIN_LEN    5\nPASS_WARN_AGE   7\n<\/code><\/pre>\n<p><font size=\"2\">5\uff09\u6838\u67e5\u662f\u5426\u5b58\u5728\u7a7a\u53e3\u4ee4:\u6267\u884c<code>more \/etc\/shadow<\/code>\uff1a\u67e5\u770b\u6bcf\u4e00\u884c\u7b2c\u4e8c\u5217\u7684\u503c\u662f\u5426\u4e3a\u7a7a\uff1b<br \/>\n\u3010\u6ce8\u3011\uff1a<br \/>\nshadow\u6bcf\u4e00\u884c\u7b2c\u4e8c\u5217\u4e3a\uff1a\u7a7a\uff0c\u8bf4\u660e\u5b58\u5728\u7a7a\u53e3\u4ee4\uff1b\u51dd\u601d\u64cd\u4f5c\u7cfb\u7edf\u9ed8\u8ba4\u53e3\u4ee4\uff1a<strong>R0ck9<\/strong><\/font><\/p>\n<pre><code class=\"language-bash\">[root@ENST ~]# more \/etc\/shadow\nroot:$6$Exl9dqTNTKYeTHDg$wyb.2C.LOTCVd7XQlxCVa70aovIVq1lFp4AunNNjilmOP8.A1q.::0:999\n99:7:::\nbin:*:18353:0:99999:7:::\ndaemon:*:18353:0:99999:7:::\nadm:*:18353:0:99999:7:::\nlp:*:18353:0:99999:7:::\nsync:*:18353:0:99999:7:::\nshutdown:*:18353:0:99999:7:::\nhalt:*:18353:0:99999:7:::\nmail:*:18353:0:99999:7:::\noperator:*:18353:0:99999:7:::\ngames:*:18353:0:99999:7:::\nftp:*:18353:0:99999:7:::\nnobody:*:18353:0:99999:7:::\nsystemd-network:!!:19954::::::\ndbus:!!:19954::::::\npolkitd:!!:19954::::::\nsshd:!!:19954::::::\npostfix:!!:19954::::::\nchrony:!!:19954::::::\nzhaoliang:$6$PJVxMe45nz70HBUk$SaODQXIpt2KFNyOrIQdqTgmw3GQQbYj5RnM\/::0:99999:7::::<\/code><\/pre>\n<p><font size=\"2\">6)\u7ed3\u5408\u5de5\u5177\u9a8c\u8bc1\u7684\u7ed3\u679c\uff0c\u662f\u5426\u5b58\u5728\u7a7a\u53e3\u4ee4\u6216\u5f31\u53e3\u4ee4\u3002<br \/>\n7)\u5b58\u5728\u5f31\u53e3\u4ee4\u3001\u7a7a\u53e3\u4ee4\u6216\u65e0\u8eab\u4efd\u9274\u522b\u673a\u5236\u7684\u60c5\u51b5\uff0c\u5224\u4e3a\u9ad8\u98ce\u9669\u3002<br \/>\n\u3010\u8bf4\u660e\uff1a\u4e3b\u8981\u662f\u770b\u6e17\u900f\u6d4b\u8bd5\u662f\u5426\u53d1\u73b0\u5f31\u53e3\u4ee4\uff0c\u4f7f\u7528\u6f0f\u6d1e\u626b\u63cf\u8bbe\u5907\u5b58\u5728\u7528\u6237\u88ab\u9501\u7684\u98ce\u9669\uff0c\u8bf7\u614e\u91cd\u3002\u3011<\/font><br \/>\n<font color=\"#0000dd\" size=\"2\">b)\u5e94\u5177\u6709\u767b\u5f55\u5931\u8d25\u5904\u7406\u529f\u80fd\uff0c\u5e94\u914d\u7f6e\u5e76\u542f\u7528\u7ed3\u675f\u4f1a\u8bdd\u3001\u9650\u5236\u975e\u6cd5\u767b\u5f55\u6b21\u6570\u548c\u5f53\u767b\u5f55\u8fde\u63a5\u8d85\u65f6\u81ea\u52a8\u9000\u51fa\u7b49\u76f8\u5173\u63aa\u65bd\u3002<\/font><br \/>\n<font size=\"2\">1)\u7531\u4e8epam\u6a21\u5757\u4e2d\u5176\u4ed6\u9650\u5236\u591a\u901a\u8fc7incloud\u5e94\u7528system-auth\u6587\u4ef6\u914d\u7f6e\uff0c\u672c\u6b21\u6267\u884c\u547d\u4ee4<code>more \/etc\/pam.d\/system-auth<\/code>\u67e5\u770b\u914d\u7f6e\u53c2\u6570\uff0c<code>more \/etc\/pam.d\/login<\/code>\u6216<code>more \/etc\/sshd<\/code>\u67e5\u770b\u662f\u5426\u5f15\u7528\uff0c\u6838\u67e5\u662f\u5426\u8fdb\u884c\u4e86\u672c\u5730\u767b\u5f55\u5931\u8d25\u8d85\u51fa\u4e00\u5b9a\u6b21\u6570\uff0c\u8d26\u6237\u9501\u5b9a\u4e00\u6bb5\u65f6\u95f4\u7684\u914d\u7f6e\uff1b<br \/>\n\u3010\u6ce8\u3011\uff1a<br \/>\n<code>more \/etc\/pam.d\/system-auth<\/code>\u5728\u8eab\u4efd\u9274\u522ba)\u4e2d\u5df2\u7ecf\u5c55\u793a\uff0c\u4e0d\u518d\u91cd\u590d\u5c55\u793a\uff1b<\/font><\/p>\n<pre><code class=\"language-bash\">[root@ENST ~]# more \/etc\/pam.d\/login \n#%PAM-1.0\nauth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so\nauth       substack     system-auth\nauth       include      postlogin\naccount    required     pam_nologin.so\naccount    include      system-auth\npassword   include      system-auth\n# pam_selinux.so close should be the first session rule\nsession    required     pam_selinux.so close\nsession    required     pam_loginuid.so\nsession    optional     pam_console.so\n# pam_selinux.so open should only be followed by sessions to be executed in the user context\nsession    required     pam_selinux.so open\nsession    required     pam_namespace.so\nsession    optional     pam_keyinit.so force revoke\nsession    include      system-auth\nsession    include      postlogin\n-session   optional     pam_ck_connector.so\n<\/code><\/pre>\n<pre><code class=\"language-bash\">[root@ENST ~]# more \/etc\/pam.d\/sshd \n#%PAM-1.0\nauth       required pam_sepermit.so\nauth       substack     password-auth\nauth       include      postlogin\n# Used with polkit to reauthorize users in remote sessions\n-auth      optional     pam_reauthorize.so prepare\naccount    required     pam_nologin.so\naccount    include      password-auth\npassword   include      password-auth\n# pam_selinux.so close should be the first session rule\nsession    required     pam_selinux.so close\nsession    required     pam_loginuid.so\n# pam_selinux.so open should only be followed by sessions to be executed in the user context\nsession    required     pam_selinux.so open env_params\nsession    required     pam_namespace.so\nsession    optional     pam_keyinit.so force revoke\nsession    include      password-auth\nsession    include      postlogin\n# Used with polkit to reauthorize users in remote sessions\n-session   optional     pam_reauthorize.so prepare<\/code><\/pre>\n<p><font size=\"2\">2\uff09\u6267\u884c\u547d\u4ee4<code>more \/etc\/profile|grep TMOUT<\/code>\uff0c\u6838\u67e5\u662f\u5426\u8fdb\u884c\u4e86\u4f1a\u8bdd\u7a7a\u95f2\u8d85\u65f6\u9000\u51fa\u529f\u80fd\u7684\u914d\u7f6e\u3002<br \/>\n\u3010\u6ce8\u3011\uff1a<br \/>\n\/etc\/profile\u4e2d\u5bf9\u4f1a\u8bdd\u7a7a\u95f2\u8d85\u65f6\u9000\u51fa\u529f\u80fd\u8fdb\u884c\u4e86\u914d\u7f6e\uff1aTMOUT=n\uff0c\uff08n\u7684\u5355\u4f4d\u4e3a\u79d2\uff09<font size=\"2\"><\/p>\n<pre><code class=\"language-bash\">[root@ENST ~]# more \/etc\/profile\n# \/etc\/profile\n\n# System wide environment and startup programs, for login setup\n# Functions and aliases go in \/etc\/bashrc\n\n# It&#039;s NOT a good idea to change this file unless you know what you\n# are doing. It&#039;s much better to create a custom.sh shell script in\n# \/etc\/profile.d\/ to make custom changes to your environment, as this\n# will prevent the need for merging in future updates.\n\npathmunge () {\n    case &quot;:${PATH}:&quot; in\n        *:&quot;$1&quot;:*)\n            ;;\n        *)\n            if [ &quot;$2&quot; = &quot;after&quot; ] ; then\n                PATH=$PATH:$1\n            else\n                PATH=$1:$PATH\n            fi\n    esac\n}\n\nif [ -x \/usr\/bin\/id ]; then\n    if [ -z &quot;$EUID&quot; ]; then\n        # ksh workaround\n        EUID=`\/usr\/bin\/id -u`\n        UID=`\/usr\/bin\/id -ru`\n    fi\n    USER=&quot;`\/usr\/bin\/id -un`&quot;\n    LOGNAME=$USER\n    MAIL=&quot;\/var\/spool\/mail\/$USER&quot;\nfi\n\n# Path manipulation\nif [ &quot;$EUID&quot; = &quot;0&quot; ]; then\n    pathmunge \/usr\/sbin\n    pathmunge \/usr\/local\/sbin\nelse\n    pathmunge \/usr\/local\/sbin after\n    pathmunge \/usr\/sbin after\nfi\n\nHOSTNAME=`\/usr\/bin\/hostname 2&gt;\/dev\/null`\nHISTSIZE=1000\nif [ &quot;$HISTCONTROL&quot; = &quot;ignorespace&quot; ] ; then\n    export HISTCONTROL=ignoreboth\nelse\n    export HISTCONTROL=ignoredups\nfi\n\nexport PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL\n\n# By default, we want umask to get set. This sets it for login shell\n# Current threshold for system reserved uid\/gids is 200\n# You could check uidgid reservation validity in\n# \/usr\/share\/doc\/setup-*\/uidgid file\nif [ $UID -gt 199 ] &amp;&amp; [ &quot;`\/usr\/bin\/id -gn`&quot; = &quot;`\/usr\/bin\/id -un`&quot; ]; then\n    umask 002\nelse\n    umask 022\nfi\n\nfor i in \/etc\/profile.d\/*.sh \/etc\/profile.d\/sh.local ; do\n    if [ -r &quot;$i&quot; ]; then\n        if [ &quot;${-#*i}&quot; != &quot;$-&quot; ]; then \n            . &quot;$i&quot;\n        else\n            . &quot;$i&quot; &gt;\/dev\/null\n        fi\n    fi\ndone\n\nunset i\nunset -f pathmunge\n<\/code><\/pre>\n<p><font size=\"2\">\u5224\u4f8b\u573a\u666f\uff1a<br \/>\n1\uff09\u5185\u90e8\u5c40\u57df\u7f51\u7684\u7cfb\u7edf\uff0c\u767b\u5f55\u6a21\u5757\u65e0\u767b\u5f55\u5931\u8d25\u5904\u7406\u529f\u80fd\uff0c\u6709\u53e3\u4ee4\u957f\u5ea6\u3001\u590d\u6742\u5ea6\u6821\u9a8c\u673a\u5236\uff0c\u53ef\u5224\u90e8\u5206\u7b26\u5408\uff0c\u4f4e\u98ce\u9669\uff1b<br \/>\n2\uff09\u5185\u90e8\u5c40\u57df\u7f51\u7684\u7cfb\u7edf\uff0c\u767b\u5f55\u6a21\u5757\u65e0\u767b\u5f55\u5931\u8d25\u5904\u7406\u529f\u80fd\uff0c\u65e0\u53e3\u4ee4\u957f\u5ea6\u3001\u590d\u6742\u5ea6\u6821\u9a8c\u673a\u5236\uff0c\u53ef\u5224\u90e8\u5206\u7b26\u5408\uff0c\u4e2d\u98ce\u9669\uff1b<br \/>\n3\uff09\u82e5\u4e1a\u52a1\u7cfb\u7edf\u4e0e\u4e92\u8054\u7f51\u6709\u901a\u8baf\uff0c\u4e14\u7cfb\u7edf\u767b\u9646\u6a21\u5757\u672a\u63d0\u4f9b\u6709\u6548\u7684\u53e3\u4ee4\u66b4\u529b\u7834\u89e3\u9632\u8303\u673a\u5236\uff0c\u53ef\u5224\u4e0d\u7b26\u5408\uff0c\u9ad8\u98ce\u9669\u3002<\/font><br \/>\n<font color=\"#0000dd\" size=\"2\">c)\u5f53\u8fdb\u884c\u8fdc\u7a0b\u7ba1\u7406\u65f6\uff0c\u5e94\u91c7\u53d6\u5fc5\u8981\u63aa\u65bd\u9632\u6b62\u9274\u522b\u4fe1\u606f\u5728\u7f51\u7edc\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u88ab\u7a83\u542c\uff1b<\/font><br \/>\n<font size=\"2\">1\uff09\u6838\u67e5\u5728\u8fdc\u7a0b\u7ba1\u7406\u8fc7\u7a0b\u4e2d\uff0c\u901a\u8fc7\u54ea\u4e9b\u8fc7\u7a0b\u8fdb\u884c\u767b\u5f55\uff0c\u6bcf\u4e2a\u9636\u6bb5\u662f\u5426\u90fd\u4fdd\u8bc1\u4e86\u9274\u522b\u4fe1\u606f\u4f20\u8f93\u7684\u4fdd\u5bc6\u6027\uff0c\u662f\u5426\u91c7\u7528\u4e86\u52a0\u5bc6\u7684\u534f\u8bae\u8fdb\u884c\u901a\u4fe1\uff0c\u6216\u662f\u5426\u5bf9\u7528\u6237\u53e3\u4ee4\u7b49\u4fe1\u606f\u8fdb\u884c\u4f20\u8f93\u52a0\u5bc6\uff1b\u5982\u679c\u670d\u52a1\u5668\u4f7f\u7528SSH\u534f\u8bae\uff0c\u6267\u884c\u547d\u4ee4<code>ssh -V<\/code>\uff0c\u6838\u67e5SSH\u534f\u8bae\u662f\u5426\u662f\u5b89\u5168\u53ef\u9760\u7684\uff1b<\/font><\/p>\n<pre><code class=\"language-bash\">[root@ENST ~]# ssh -V\nOpenSSH_7.4p1, OpenSSL 1.0.2k-fips  26 Jan 2017\n<\/code><\/pre>\n<p><font size=\"2\">2\uff09\u4f7f\u7528\u547d\u4ee4<code>systemctl list-unit-files|grep enabled<\/code>\u6216<code>chkconfig --list<\/code>\uff0c\u6838\u67e5telnet\u662f\u5426\u5f00\u673a\u542f\u52a8\uff1b\u4f7f\u7528\u547d\u4ee4<code>netstat -a |grep 23<\/code>\u67e5\u770b\uff0c\u6838\u67e5telnet\u670d\u52a1\u5f53\u524d\u662f\u5426\u8fd0\u884c\u3002<br \/>\n\u3010\u6ce8\u3011\uff1a<br \/>\n\u8f93\u51fa\u7684\u5f00\u673a\u542f\u52a8\u9879\u91cc\u4e0d\u5b58\u5728telnet\u670d\u52a1\uff1btelnet\u670d\u52a1\u5f53\u524d\u672a\u8fd0\u884c\u3010\u6ce8\u610f\uff1a\u8f93\u51fa<code>grep --color=auto telnet<\/code>\uff0c\u662f\u67e5\u8be2telnet\u7684\u8fdb\u7a0b\uff0c\u4e0d\u662ftelnet\u670d\u52a1\u7684\u8fdb\u7a0b\u3011\u3002<\/font><\/p>\n<pre><code class=\"language-bash\">root@ENST ~]# systemctl list-unit-files|grep enabled\nauditd.service                                enabled \nautovt@.service                               enabled \nchronyd.service                               enabled \ncrond.service                                 enabled \ndbus-org.fedoraproject.FirewallD1.service     enabled \ndbus-org.freedesktop.nm-dispatcher.service    enabled \nfirewalld.service                             enabled \ngetty@.service                                enabled \nirqbalance.service                            enabled \nkdump.service                                 enabled \nlvm2-monitor.service                          enabled \nmicrocode.service                             enabled \nNetworkManager-dispatcher.service             enabled \nNetworkManager-wait-online.service            enabled \nNetworkManager.service                        enabled \npostfix.service                               enabled \nrhel-autorelabel-mark.service                 enabled \nrhel-autorelabel.service                      enabled \nrhel-configure.service                        enabled \nrhel-dmesg.service                            enabled \nrhel-domainname.service                       enabled \nrhel-import-state.service                     enabled \nrhel-loadmodules.service                      enabled \nrhel-readonly.service                         enabled \nrsyslog.service                               enabled \nsshd.service                                  enabled \nSVT.service                                   enabled \nsystemd-readahead-collect.service             enabled \nsystemd-readahead-drop.service                enabled \nsystemd-readahead-replay.service              enabled \ntuned.service                                 enabled \ndm-event.socket                               enabled \nlvm2-lvmetad.socket                           enabled \nlvm2-lvmpolld.socket                          enabled \ndefault.target                                enabled \nmulti-user.target                             enabled \nremote-fs.target                              enabled \nrunlevel2.target                              enabled \nrunlevel3.target                              enabled \nrunlevel4.target                              enabled \n<\/code><\/pre>\n<pre><code class=\"language-bash\">[root@ENST ~]# chkconfig --list\n\n\u6ce8\uff1a\u8be5\u8f93\u51fa\u7ed3\u679c\u53ea\u663e\u793a SysV \u670d\u52a1\uff0c\u5e76\u4e0d\u5305\u542b\n\u539f\u751f systemd \u670d\u52a1\u3002SysV \u914d\u7f6e\u6570\u636e\n\u53ef\u80fd\u88ab\u539f\u751f systemd \u914d\u7f6e\u8986\u76d6\u3002 \n\n      \u8981\u5217\u51fa systemd \u670d\u52a1\uff0c\u8bf7\u6267\u884c &#039;systemctl list-unit-files&#039;\u3002\n      \u67e5\u770b\u5728\u5177\u4f53 target \u542f\u7528\u7684\u670d\u52a1\u8bf7\u6267\u884c\n      &#039;systemctl list-dependencies [target]&#039;\u3002\n\nnetconsole      0:\u5173 1:\u5173 2:\u5173 3:\u5173 4:\u5173 5:\u5173 6:\u5173\nnetwork         0:\u5173 1:\u5173 2:\u5f00 3:\u5f00 4:\u5f00 5:\u5f00 6:\u5173<\/code><\/pre>\n<pre><code class=\"language-bash\">root@ENST:~# netstat -tan | grep 22\ntcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN\ntcp        0     52 172.18.2.14:22          172.18.200.100:46095    ESTABLISHED\ntcp6       0      0 :::22                   :::*                    LISTEN\nroot@ENST:~# netstat -tan | grep 23\ntcp        0      0 0.0.0.0:23              0.0.0.0:*               LISTEN\n<\/code><\/pre>\n<p><font size=\"2\">3\uff09\u5728\u4e0d\u53ef\u63a7\u7f51\u7edc\u4e2d\u91c7\u7528\u660e\u6587\u65b9\u5f0f\u8fdb\u884c\u8fdc\u7a0b\u7ba1\u7406\uff0c\u9274\u522b\u4fe1\u606f\u660e\u6587\u4f20\u8f93\u65f6\uff0c\u5224\u4e0d\u7b26\u5408\uff0c\u9ad8\u98ce\u9669\u3002<br \/>\n\u3010\u6ce8\u3011\uff1a<br \/>\n\u82e5\u4ec5\u5141\u8bb8\u672c\u5730\u7ba1\u7406\uff0c\u4e0d\u5141\u8bb8\u8fdc\u7a0b\u7ba1\u7406\uff0c\u73b0\u573a\u63cf\u8ff0\u9700\u4e0e\u5165\u4fb5\u9632\u8303C\u9879\u4ee5\u53ca\u6570\u636e\u5b8c\u6574\u6027\u3001\u4fdd\u5bc6\u6027\u63cf\u8ff0\u4e00\u81f4\u3002<\/font><\/p>\n<p><font color=\"#0000dd\" size=\"2\">d)\u5e94\u91c7\u7528\u53e3\u4ee4\u3001\u5bc6\u7801\u6280\u672f\u3001\u751f\u7269\u6280\u672f\u7b49\u4e24\u79cd\u6216\u4e24\u79cd\u4ee5\u4e0a\u7ec4\u5408\u7684\u9274\u522b\u6280\u672f\u5bf9\u7528\u6237\u8fdb\u884c\u8eab\u4efd\u9274\u522b\uff0c\u4e14\u5176\u4e2d\u4e00\u79cd\u9274\u522b\u6280\u672f\u81f3\u5c11\u5e94\u4f7f\u7528\u5bc6\u7801\u6280\u672f\u6765\u5b9e\u73b0\uff1b<\/font><br \/>\n<font size=\"2\">1\uff09\u6838\u67e5\u662f\u5426\u91c7\u7528\u9759\u6001\u53e3\u4ee4\uff08\u7528\u6237\u540d\/\u53e3\u4ee4\uff09\u3001\u5bc6\u7801\u6280\u672f\uff08\u6570\u5b57\u8bc1\u4e66\u3001\u52a8\u6001\u53e3\u4ee4\uff09\u548c\u751f\u7269\u6280\u672f\uff08\u6307\u7eb9\u3001\u89c6\u7f51\u819c\u3001\u4eba\u8138\u8bc6\u522b\uff09\u4e09\u79cd\u4e2d\u7684\u4e24\u79cd\u6216\u4e24\u79cd\u4ee5\u4e0a\u9274\u522b\u6280\u672f\u5bf9\u7528\u6237\u8fdb\u884c\u8eab\u4efd\u9274\u522b\uff1b<br \/>\n2\uff09\u6838\u67e5\u91c7\u7528\u7684\u9274\u522b\u6280\u672f\u4e2d\u662f\u5426\u6709\u4e00\u79cd\u9274\u522b\u6280\u672f\u4f7f\u7528\u4e86\u5bc6\u7801\u6280\u672f\u5b9e\u73b0\uff0c\u4f7f\u7528\u7684\u5bc6\u7801\u4ea7\u54c1\u662f\u5426\u5177\u6709\u9500\u552e\u8bb8\u53ef\u8bc1\u6216\u68c0\u6d4b\u8bc1\u4e66\u3002<br \/>\n\u3010\u6ce8\u610f\uff1a\u5982\u679c\u4f7f\u7528\u9759\u6001\u53e3\u4ee4\uff08\u7528\u6237\u540d\/\u53e3\u4ee4\uff09\u548c\u751f\u7269\u6280\u672f\uff08\u6307\u7eb9\u3001\u89c6\u7f51\u819c\u3001\u4eba\u8138\u8bc6\u522b\uff09\u5bf9\u7528\u6237\u8fdb\u884c\u8eab\u4efd\u9274\u522b\uff0c\u7ed9\u4e2d\u98ce\u9669\u3002\u3011<\/font><\/p>\n<hr \/>\n<h3><font color=\"#dd0000\" size=\"3\">2. \u8bbf\u95ee\u63a7\u5236<\/font><\/h3>\n<hr \/>\n<p><font color=\"#0000dd\" size=\"2\">a)\u5e94\u5bf9\u767b\u5f55\u7684\u7528\u6237\u5206\u914d\u8d26\u6237\u548c\u6743\u9650\uff1b<\/font><br \/>\n<font size=\"2\">1\uff09\u6267\u884c\u547d\u4ee4<code>more \/etc\/passwd<\/code>\uff0c\u6838\u67e5\u7cfb\u7edf\u4e2d\u80fd\u591f\u767b\u5f55\u7684\u8d26\u6237\uff0c\u8bbf\u8c08\u5404\u8d26\u6237\u7684\u6743\u9650\uff0c\u67e5\u770bUID\u4e3a0\u7684\u7528\u6237\uff1b\uff08\u8be6\u60c5\u67e5\u770b\u8eab\u4efd\u9274\u522ba)\uff09<br \/>\n2\uff09\u6267\u884c\u547d\u4ee4<code>more \/etc\/ssh\/sshd\\_config |grep PermitRootLogin<\/code>\uff0c\u6838\u67e5\u662f\u5426\u7981\u6b62root\u8d26\u6237\u8fdc\u7a0b\u767b\u5f55\uff1b<\/font> <\/p>\n<pre><code class=\"language-bash\">[root@ENST ~]# more \/etc\/ssh\/sshd_config\n#   $OpenBSD: sshd_config,v 1.100 2016\/08\/15 12:32:04 naddy Exp $\n\n# This is the sshd server system-wide configuration file.  See\n# sshd_config(5) for more information.\n\n# This sshd was compiled with PATH=\/usr\/local\/bin:\/usr\/bin\n\n# The strategy used for options in the default sshd_config shipped with\n# OpenSSH is to specify options with their default value where\n# possible, but leave them commented.  Uncommented options override the\n# default value.\n\n# If you want to change the port on a SELinux system, you have to tell\n# SELinux about this change.\n# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER\n#\n#Port 22\n#AddressFamily any\n#ListenAddress 0.0.0.0\n#ListenAddress ::\n\nHostKey \/etc\/ssh\/ssh_host_rsa_key\n#HostKey \/etc\/ssh\/ssh_host_dsa_key\nHostKey \/etc\/ssh\/ssh_host_ecdsa_key\nHostKey \/etc\/ssh\/ssh_host_ed25519_key\n\n# Ciphers and keying\n#RekeyLimit default none\n\n# Logging\n#SyslogFacility AUTH\nSyslogFacility AUTHPRIV\n#LogLevel INFO\n\n# Authentication:\n\n#LoginGraceTime 2m\n#PermitRootLogin yes     #\u6b64\u5904\u662f\u7528#\u6ce8\u91ca\u6389\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u5141\u8bb8root\u8d26\u6237\u8fdc\u7a0b\u767b\u5f55\n#StrictModes yes\n#MaxAuthTries 6\n#MaxSessions 10\n\n#PubkeyAuthentication yes\n<\/code><\/pre>\n<p><font size=\"2\">3\uff09\u5982\u679c\u5f00\u542f\u4e86ftp\u670d\u52a1\uff0c\u6267\u884c\u547d\u4ee4<code>more \/etc\/vsftpd\/vsftpd.conf |grep anonymous\\_enable<\/code> \u6838\u67e5\u662f\u5426\u542f\u7528\u4e86ftp\u670d\u52a1\u7684\u533f\u540d\u8d26\u6237\u3002<\/font><br \/>\n<font color=\"#0000dd\" size=\"2\">b)\u5e94\u91cd\u547d\u540d\u6216\u5220\u9664\u9ed8\u8ba4\u8d26\u6237\uff0c\u4fee\u6539\u9ed8\u8ba4\u8d26\u6237\u7684\u9ed8\u8ba4\u53e3\u4ee4\uff1b<\/font><br \/>\n<font size=\"2\">1\uff09\u6267\u884c\u547d\u4ee4<code>more \/etc\/passwd<\/code>\uff0c\u6838\u67e5\u80fd\u591f\u767b\u5f55\u7684\u9ed8\u8ba4\u8d26\u6237root\u662f\u5426\u88ab\u4fee\u6539\u4e86\u8d26\u6237\u540d\uff1b\uff08\u8be6\u60c5\u67e5\u770b\u8eab\u4efd\u9274\u522ba)<br \/>\n2\uff09\u8bbf\u8c08\u548c\u6838\u67e5\u662f\u5426\u4fee\u6539\u4e86root\u7528\u6237\u7684\u9ed8\u8ba4\u53e3\u4ee4\uff0c\u5e76\u6267\u884c\u547d\u4ee4<code>passwd -S root<\/code>\uff0c\u6838\u67e5root\u8d26\u6237\u7684\u9ed8\u8ba4\u53e3\u4ee4\u662f\u5426\u88ab\u4fee\u6539\u3002<br \/>\n\u3010\u6ce8\u3011\uff1a<br \/>\n<code>PS = Passworded<\/code>\uff0c\u8868\u793a\u5df2\u8bbe\u7f6e\u5bc6\u7801 <code>LK = Locked<\/code> \uff0c\u8868\u793a\u5df2\u9501\u4f4f\u5bc6\u7801 <code>NP = No Password<\/code>\uff0c\u8868\u793a\u65e0\u5bc6\u7801<\/font><\/p>\n<pre><code class=\"language-javascript\">[root@ENST ~]# passwd -S root\nroot PS 1969-12-31 0 99999 7 -1 (\u5bc6\u7801\u5df2\u8bbe\u7f6e\uff0c\u4f7f\u7528 SHA512 \u7b97\u6cd5\u3002)<\/code><\/pre>\n<p><font color=\"#0000dd\" size=\"2\">c)\u5e94\u53ca\u65f6\u5220\u9664\u6216\u505c\u7528\u591a\u4f59\u7684\u3001\u8fc7\u671f\u7684\u8d26\u6237\uff0c\u907f\u514d\u5171\u4eab\u8d26\u6237\u7684\u5b58\u5728\uff1b<\/font><br \/>\n<font size=\"2\">1\uff09\u6267\u884c\u547d\u4ee4<code>more \/etc\/passwd<\/code>\uff0c\u6838\u67e5\u7cfb\u7edf\u4e2d\u7684\u8d26\u6237\uff0c\u8bbf\u8c08\u7cfb\u7edf\u7ba1\u7406\u5458\u662f\u5426\u5b58\u5728\u591a\u4f59\u7684\u3001\u8fc7\u671f\u7684\u8d26\u6237\uff1b\uff08\u8be6\u60c5\u67e5\u770b\u8eab\u4efd\u9274\u522ba)<br \/>\n2\uff09\u6838\u67e5\u7cfb\u7edf\u4e2d\u7684\u8d26\u6237\uff0c\u8bbf\u8c08\u7cfb\u7edf\u7ba1\u7406\u5458\u662f\u5426\u5b58\u5728\u5171\u4eab\u8d26\u6237\uff0c\u662f\u5426\u5b9e\u73b0\u8d26\u6237\u4e0e\u81ea\u7136\u4eba\u7684\u4e00\u4e00\u5bf9\u5e94\u3002<br \/>\n\u3010\u6ce8\u3011\uff1a<br \/>\n\u6709\u65f6\u5373\u4f7f\u662f\u7a7a\u53e3\u4ee4\uff0c\u901a\u8fc7ssh\u4e5f\u4e0d\u4e00\u5b9a\u80fd\u767b\u5f55\uff0c\u6838\u67e5\/etc\/ssh\/sshd\\_config\u6587\u4ef6 PasswordAuthentication yes PermitEmptyPasswords yes\u52a0\u4e0a\u8fd9\u4e9b\u914d\u7f6e\u53ef\u4ee5\u7a7a\u53e3\u4ee4SSH\u767b\u5f55<\/font> <\/p>\n<pre><code class=\"language-bash\">[root@ENST ~]# chage -l root\n\u6700\u8fd1\u4e00\u6b21\u5bc6\u7801\u4fee\u6539\u65f6\u95f4          \uff1a\u4ece\u4e0d\n\u5bc6\u7801\u8fc7\u671f\u65f6\u95f4                  \uff1a\u4ece\u4e0d\n\u5bc6\u7801\u5931\u6548\u65f6\u95f4                  \uff1a\u4ece\u4e0d\n\u5e10\u6237\u8fc7\u671f\u65f6\u95f4                      \uff1a\u4ece\u4e0d\n\u4e24\u6b21\u6539\u53d8\u5bc6\u7801\u4e4b\u95f4\u76f8\u8ddd\u7684\u6700\u5c0f\u5929\u6570     \uff1a0\n\u4e24\u6b21\u6539\u53d8\u5bc6\u7801\u4e4b\u95f4\u76f8\u8ddd\u7684\u6700\u5927\u5929\u6570     \uff1a99999\n\u5728\u5bc6\u7801\u8fc7\u671f\u4e4b\u524d\u8b66\u544a\u7684\u5929\u6570    \uff1a7\n<\/code><\/pre>\n<hr \/>\n<pre><code class=\"language-bash\">[root@ENST ~]# lastlog\n\u7528\u6237\u540d           \u7aef\u53e3     \u6765\u81ea             \u6700\u540e\u767b\u9646\u65f6\u95f4\nroot             pts\/0    192.168.56.205   \u4e09 9\u6708 25 15:14:35 +0800 2024\nbin                                        **\u4ece\u672a\u767b\u5f55\u8fc7**\ndaemon                                     **\u4ece\u672a\u767b\u5f55\u8fc7**\nadm                                        **\u4ece\u672a\u767b\u5f55\u8fc7**\nlp                                         **\u4ece\u672a\u767b\u5f55\u8fc7**\nsync                                       **\u4ece\u672a\u767b\u5f55\u8fc7**\nshutdown                                   **\u4ece\u672a\u767b\u5f55\u8fc7**\nhalt                                       **\u4ece\u672a\u767b\u5f55\u8fc7**\nmail                                       **\u4ece\u672a\u767b\u5f55\u8fc7**\noperator                                   **\u4ece\u672a\u767b\u5f55\u8fc7**\ngames                                      **\u4ece\u672a\u767b\u5f55\u8fc7**\nftp                                        **\u4ece\u672a\u767b\u5f55\u8fc7**\nnobody                                     **\u4ece\u672a\u767b\u5f55\u8fc7**\nsystemd-network                            **\u4ece\u672a\u767b\u5f55\u8fc7**\ndbus                                       **\u4ece\u672a\u767b\u5f55\u8fc7**\npolkitd                                    **\u4ece\u672a\u767b\u5f55\u8fc7**\nsshd                                       **\u4ece\u672a\u767b\u5f55\u8fc7**\npostfix                                    **\u4ece\u672a\u767b\u5f55\u8fc7**\nchrony                                     **\u4ece\u672a\u767b\u5f55\u8fc7**\n<\/code><\/pre>\n<pre><code class=\"language-bash\">[root@ENST ~]# last\nroot     pts\/0        192.168.56.205   Wed Sep 25 15:14   still logged in   \nroot     pts\/0        192.168.56.205   Tue Sep 24 23:37 - 02:13  (02:36)  \nroot     pts\/0        192.168.56.205   Tue Sep 24 16:47 - 20:31  (03:44)  \nreboot   system boot  3.10.0-1160.119. Tue Sep 10 10:22 - 15:34 (15+05:11)  \nreboot   system boot  3.10.0-1160.119. Sun Sep  1 15:28 - 10:22 (8+18:54)   \nreboot   system boot  3.10.0-1160.119. Thu Aug 29 16:56 - 10:22 (11+17:26)  \nreboot   system boot  3.10.0-1160.119. Fri Aug 23 17:02 - 13:00 (4+19:57)   \nroot     pts\/1        192.168.49.200   Tue Aug 20 10:33 - 20:48  (10:14)  \nroot     pts\/0        192.168.49.200   Tue Aug 20 09:17 - 12:28  (03:11)  \nroot     pts\/1        192.168.49.200   Mon Aug 19 22:17 - 23:44  (01:26)  \nroot     pts\/0        192.168.49.200   Mon Aug 19 21:31 - 00:34  (03:02)  \nroot     pts\/0        192.168.49.200   Mon Aug 19 17:54 - 18:10  (00:16)  \nroot     tty1                          Mon Aug 19 17:52 - 16:45 (3+22:52)   \nreboot   system boot  3.10.0-1160.119. Mon Aug 19 17:52 - 16:45 (3+22:53)   \nroot     pts\/0        192.168.49.200   Mon Aug 19 17:29 - crash  (00:23)  \nroot     tty1                          Mon Aug 19 17:26 - 17:42  (00:16)  \nreboot   system boot  3.10.0-1160.el7. Mon Aug 19 17:24 - 16:45 (3+23:20)   \nwtmp begins Mon Aug 19 17:24:47 2024\n<\/code><\/pre>\n<p><font color=\"#0000dd\" size=\"2\">d)\u5e94\u6388\u4e88\u7ba1\u7406\u7528\u6237\u6240\u9700\u7684\u6700\u5c0f\u6743\u9650\uff0c\u5b9e\u73b0\u7ba1\u7406\u7528\u6237\u7684\u6743\u9650\u5206\u79bb\uff1b<\/font><br \/>\n<font size=\"2\">1\uff09\u8bbf\u8c08\u5728\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u5efa\u7acb\u4e86\u54ea\u4e9b\u7ba1\u7406\u8d26\u6237\uff0c\u6838\u67e5\u5404\u7ba1\u7406\u8d26\u6237\u7684\u7ba1\u7406\u6743\u9650\u662f\u5426\u662f\u6240\u9700\u7684\u6700\u5c0f\u6743\u9650\uff1b\u8bbf\u8c08\u548c\u6838\u67e5\u662f\u5426\u901a\u8fc7\u7b2c\u4e09\u65b9\u7cfb\u7edf\uff08\u5982\u5821\u5792\u673a\u30013A\/4A\u3001\u6743\u9650\u7ba1\u7406\u7cfb\u7edf\u548c\u5ba1\u8ba1\u7cfb\u7edf\uff09\u5efa\u7acb\u4e86\u7ba1\u7406\u8d26\u6237\uff0c\u5e76\u6388\u4e88\u5404\u7ba1\u7406\u8d26\u6237\u6240\u9700\u7684\u6700\u5c0f\u6743\u9650\uff1b<br \/>\n2\uff09\u6838\u67e5\u5404\u7ba1\u7406\u8d26\u6237\u662f\u5426\u5b9e\u73b0\u4e86\u6743\u9650\u5206\u79bb\uff0c\u5404\u7ba1\u7406\u8d26\u6237\u662f\u5426\u5b9e\u73b0\u4e86\u6743\u9650\u7684\u76f8\u4e92\u5236\u7ea6\u3002<br \/>\n3\uff09\u9e92\u9e9f\u3001\u51dd\u601d\u7b49\u56fd\u4ea7\u64cd\u4f5c\u7cfb\u7edf\u8bbe\u7f6e\u4e86\u7cfb\u7edf\u7ba1\u7406\u5458sysadmin\u3001\u5b89\u5168\u7ba1\u7406\u5458secadmin\u3001\u5ba1\u8ba1\u7ba1\u7406\u5458auditadmin\uff0croot\u4ecd\u4e3a\u8d85\u7ea7\u7ba1\u7406\u5458\u3002\u9700\u6838\u5b9e\u7cfb\u7edf\u7ba1\u7406\u5458\u7ea7\u5b89\u5168\u7ba1\u7406\u5458\u5bf9\u4e8e<code>audit.log<\/code>\u3001<code>audit.rules<\/code>\u7b49\u6587\u4ef6\u7684\u8bbf\u95ee\u6743\u9650\u3002<\/font><br \/>\n<font color=\"#0000dd\" size=\"2\">e)\u5e94\u7531\u6388\u6743\u4e3b\u4f53\u914d\u7f6e\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\uff0c\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u89c4\u5b9a\u4e3b\u4f53\u5bf9\u5ba2\u4f53\u7684\u8bbf\u95ee\u89c4\u5219\uff1b<\/font><br \/>\n<font size=\"2\">1\uff09\u8bbf\u8c08\u548c\u6838\u67e5\u662f\u5426\u6307\u5b9a\u4e13\u95e8\u7684\u6388\u6743\u4eba\u5458\u914d\u7f6e\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\uff1b<br \/>\n2\uff09\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u67e5\u770b\u914d\u7f6e\u6587\u4ef6\u6743\u9650\uff1a <code>ls -al \/etc\/shadow<\/code> <code>ls -al \/etc\/passwd<\/code> <code>ls -al \/etc\/sudoers<\/code> <code>ls -al \/etc\/ssh\/sshd\\_config<\/code> <code>ls -al \/etc\/rsyslog.conf<\/code> <code>ls -al \/etc\/group<\/code> <code>ls -al \/etc\/audit\/audit.rules<\/code> <code>ls -al \/etc\/login.defs<\/code> \u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u67e5\u770b\u53ef\u6267\u884c\u6587\u4ef6\u6743\u9650\uff1als -al \/usr\/bin\/ ls -al \/usr\/sbin\/ \u6838\u67e5\u6388\u6743\u4e3b\u4f53\u662f\u5426\u6309\u7167\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u8bbe\u7f6e\u8bbf\u95ee\u89c4\u5219\uff0c\u662f\u5426\u8bbe\u7f6e\u4e86\u5408\u7406\u7684\u8bbf\u95ee\u63a7\u5236\u7b56\u7565\u3002\u6267\u884c\u547d\u4ee4\u201cumask\u201d\uff0c\u6838\u67e5\u6587\u4ef6\u9ed8\u8ba4\u6743\u9650\u662f\u5426\u5408\u7406\u3002<\/font><\/p>\n<pre><code class=\"language-bash\">[root@ENST ~]# umask\n0022\n<\/code><\/pre>\n<p><font size=\"2\">3\uff09\u6d4b\u8bd5\u9a8c\u8bc1\u7528\u6237\u662f\u5426\u6709\u53ef\u8d8a\u6743\u8bbf\u95ee\u60c5\u5f62\u3002<\/font><br \/>\n<font color=\"#0000dd\" size=\"2\">f)\u8bbf\u95ee\u63a7\u5236\u7684\u7c92\u5ea6\u5e94\u8fbe\u5230\u4e3b\u4f53\u4e3a\u7528\u6237\u7ea7\u6216\u8fdb\u7a0b\u7ea7\uff0c\u5ba2\u4f53\u4e3a\u6587\u4ef6\u3001\u6570\u636e\u5e93\u8868\u7ea7\uff1b<\/font><br \/>\n<font size=\"2\">\u6838\u67e5\u6216\u8bbf\u8c08\u8bbf\u95ee\u63a7\u5236\u7c92\u5ea6\u662f\u5426\u8fbe\u5230\u4e3b\u4f53\u4e3a\u7528\u6237\u7ea7\u6216\u8fdb\u7a0b\u7ea7\uff0c\u5ba2\u4f53\u4e3a\u6587\u4ef6\u3001\u6570\u636e\u5e93\u8868\u7ea7\u3002<\/font><br \/>\n<font color=\"#0000dd\" size=\"2\">g\uff09\u5e94\u5bf9\u4e3b\u4f53\u3001\u5ba2\u4f53\u8bbe\u7f6e\u5b89\u5168\u6807\u8bb0\uff0c\u5e76\u63a7\u5236\u4e3b\u4f53\u5bf9\u6709\u5b89\u5168\u6807\u8bb0\u4fe1\u606f\u8d44\u6e90\u7684\u8bbf\u95ee\u3002<\/font><br \/>\n<font size=\"2\">1\uff09\u6267\u884c\u547d\u4ee4<code>more \/etc\/selinux\/config|grep SELINUX<\/code>\uff0c\u6838\u67e5selinux\u7684\u914d\u7f6e\u60c5\u51b5\uff0c\u662f\u5426\u914d\u7f6e\u4e86\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u529f\u80fd\uff1b<br \/>\n2\uff09\u6267\u884c\u547d\u4ee4<code>more \/etc\/selinux\/config|grep SELINUXTYPE<\/code>\uff0c\u6838\u67e5SELINUXTYPE\u7684\u503c\uff0c\u662f\u5426\u6709\u6548\u5b9e\u73b0\u4e3b\u4f53\u5bf9\u6709\u5b89\u5168\u6807\u8bb0\u4fe1\u606f\u8d44\u6e90\u7684\u8bbf\u95ee\u3002<br \/>\n\u3010\u6ce8\u3011\uff1a<br \/>\n<code>SELINUX<\/code>\u7684\u503c\u4e3aenforcing\uff0c\u914d\u7f6e\u4e86\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236\u529f\u80fd\uff1b<br \/>\n<code>SELINUXTYPE<\/code>\u7684\u503c\u4e3atargeted\uff0c\u4f7f\u7528\u7b56\u7565\u4e3a\u9ed8\u8ba4\uff0c\u4e3b\u8981\u9650\u5236\u7f51\u7edc\u670d\u52a1\u3002\uff08\u90e8\u5206\u7b26\u5408\uff09<br \/>\n<code>SELINUXTYPE\u7684<\/code>\u503c\u4e3astrict\uff0c\u9650\u5236\u6bcf\u4e2a\u8fdb\u7a0b\u3002\uff08\u7b26\u5408\uff09<br \/>\n<code>SELINUXTYPE<\/code>\u7684\u503c\u4e3amimimum\uff0c\u9650\u5236\u90e8\u5206\u7f51\u7edc\u670d\u52a1\u3002\uff08\u90e8\u5206\u7b26\u5408\uff09<br \/>\n<code>SELINUXTYPE<\/code>\u7684\u503c\u4e3amls\uff0c\u591a\u7ea7\u5b89\u5168\u9650\u5236\uff0c\u8f83\u4e3a\u4e25\u683c\u3002\uff08\u7b26\u5408\uff09<\/font> <\/p>\n<pre><code class=\"language-bash\">[root@ENST ~]# more \/etc\/selinux\/config\n\n# This file controls the state of SELinux on the system.\n# SELINUX= can take one of these three values:\n#     enforcing - SELinux security policy is enforced.\n#     permissive - SELinux prints warnings instead of enforcing.\n#     disabled - No SELinux policy is loaded.\nSELINUX=enforcing\n# SELINUXTYPE= can take one of three values:\n#     targeted - Targeted processes are protected,\n#     minimum - Modification of targeted policy. Only selected processes are protected. \n#     mls - Multi Level Security protection.\nSELINUXTYPE=targeted <\/code><\/pre>\n<hr \/>\n<h3><font color=\"#dd0000\" size=\"3\">3. \u5b89\u5168\u5ba1\u8ba1<\/font><br \/><\/h3>\n<hr \/>\n<p><font color=\"#0000dd\" size=\"2\">a)\u5e94\u542f\u7528\u5b89\u5168\u5ba1\u8ba1\u529f\u80fd\uff0c\u5ba1\u8ba1\u8986\u76d6\u5230\u6bcf\u4e2a\u7528\u6237\uff0c\u5bf9\u91cd\u8981\u7684\u7528\u6237\u884c\u4e3a\u548c\u91cd\u8981\u5b89\u5168\u4e8b\u4ef6\u8fdb\u884c\u5ba1\u8ba1\uff1b<\/font><br \/>\n<font size=\"2\">1\uff09\u6267\u884c\u547d\u4ee4<code>systemctl status rsyslog<\/code>\uff0c\u6838\u67e5\u7cfb\u7edf\u65e5\u5fd7\u662f\u5426\u6b63\u5e38\u8fd0\u884c\uff1b\u6267\u884c\u547d\u4ee4<code>systemctl status auditd<\/code>\uff0c\u6838\u67e5\u65e5\u5fd7\u5ba1\u8ba1\u529f\u80fd\u662f\u5426\u6b63\u5e38\u8fd0\u884c\uff1b<br \/>\n\u6267\u884c\u547d\u4ee4\u201csystemctl list-unit-files|grep enabled|grep rsyslog\u201d\u548c\u201csystemctl list-unit-files|grep enabled|grep auditd\u201d\uff0c\u6838\u67e5rsyslog\u548cauditd\u662f\u5426\u52a0\u5165\u5f00\u542f\u542f\u52a8\u9879\uff1b<br \/>\n\u6267\u884c\u547d\u4ee4\u201cuptime\u201d \uff0c\u6838\u67e5\u7cfb\u7edf\u65f6\u949f\u662f\u5426\u6b63\u786e\u3002<br \/>\n\u3010\u6ce8\u3011\uff1a<br \/>\nrsyslog\u6216syslog\u8fd0\u884c\u60c5\u51b5\u4e3arunning\uff1b auditd\u8fd0\u884c\u60c5\u51b5\u4e3arunning\uff1b rsyslog\u548cauditd\u7684\u5bf9\u5e94\u503c\u4e3aenabled\uff1b \u7cfb\u7edf\u65f6\u949f\u6b63\u786e\u3002<\/font><\/p>\n<pre><code class=\"language-bash\">root@ENST:~# systemctl status rsyslog\n\u25cf rsyslog.service - System Logging Service\n   Loaded: loaded (\/lib\/systemd\/system\/rsyslog.service; enabled)\n   Active: active (running) since \u4e09 2024-10-02 09:27:51 CST; 1 weeks 6 days ago\n     Docs: man:rsyslogd(8)\n           http:\/\/www.rsyslog.com\/doc\/\n Main PID: 613 (rsyslogd)\n   CGroup: \/system.slice\/rsyslog.service\n           \u2514\u2500613 \/usr\/sbin\/rsyslogd -n\n\nWarning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.\n<\/code><\/pre>\n<hr \/>\n<pre><code class=\"language-bash\">root@ENST:~# systemctl status auditd\n\u25cf auditd.service - Security Auditing Service\n   Loaded: loaded (\/lib\/systemd\/system\/auditd.service; enabled)\n   Active: active (running) since \u4e09 2024-10-02 09:27:49 CST; 1 weeks 6 days ago\n     Docs: man:auditd(8)\n           https:\/\/people.redhat.com\/sgrubb\/audit\/\n  Process: 339 ExecStartPost=\/sbin\/augenrules --load (code=exited, status=0\/SUCCESS)\n Main PID: 338 (auditd)\n   CGroup: \/system.slice\/auditd.service\n           \u2514\u2500338 \/sbin\/auditd -n\n\nWarning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.\n<\/code><\/pre>\n<hr \/>\n<pre><code class=\"language-bash\">[root@ENST ~]# systemctl list-unit-files|grep enabled|grep rsyslog\nrsyslog.service                               enabled \n[root@ENST ~]# systemctl list-unit-files|grep enabled|grep auditd\nauditd.service                                enabled \n[root@ENST ~]# \n<\/code><\/pre>\n<p><font size=\"2\">2\uff09\u6838\u67e5\u5b89\u5168\u5ba1\u8ba1\u529f\u80fd\u662f\u5426\u8986\u76d6\u5230\u7cfb\u7edf\u7684\u6240\u6709\u7528\u6237\uff1b<br \/>\n3\uff09\u6267\u884c\u547d\u4ee4<code>more \/etc\/audit\/audit.rules<\/code>\u6216<code>auditctl -l<\/code>\uff0c\u6838\u67e5\u662f\u5426\u5bf9\u91cd\u8981\u7528\u6237\u884c\u4e3a\u548c\u91cd\u8981\u5b89\u5168\u4e8b\u4ef6\u8fdb\u884c\u5ba1\u8ba1\u3002<br \/>\n\u6216\u901a\u8fc7\u8bbf\u8c08\u548c\u6838\u67e5\uff0c\u662f\u5426\u91c7\u7528\u7b2c\u4e09\u65b9\u5ba1\u8ba1\u7cfb\u7edf\uff0c\u5bf9\u6240\u6709\u7528\u6237\u884c\u4e3a\u8fdb\u884c\u5ba1\u8ba1\uff0c\u767b\u5f55\u7b2c\u4e09\u65b9\u5ba1\u8ba1\u7cfb\u7edf\uff0c\u5ba1\u8ba1\u5185\u5bb9\u662f\u5426\u8986\u76d6\u91cd\u8981\u7684\u7528\u6237\u884c\u4e3a\u548c\u91cd\u8981\u5b89\u5168\u4e8b\u4ef6\u3002<br \/>\n\u3010\u6ce8\u3011\uff1a<br \/>\naudit.rules\u8f93\u51fa\u7ed3\u679c\u5982\u4e0b\uff0c\u5373\u4e3a\u6ca1\u6709\u89c4\u5219\uff08no rules\uff09<\/font> <\/p>\n<pre><code class=\"language-bash\">[root@ENST ~]# more \/etc\/audit\/audit.rules\n## This file is automatically generated from \/etc\/audit\/rules.d\n-D\n-b 8192\n-f 1\n<\/code><\/pre>\n<hr \/>\n<pre><code class=\"language-bash\">[root@ENST ~]# auditctl -l\nNo rules\n<\/code><\/pre>\n<p><font size=\"2\">4\uff09LINUX\u4e3b\u673a\u548c\u6570\u636e\u5e93\u65e5\u5fd7\u548c\u5ba1\u8ba1\u662f\u5206\u5f00\u7684\uff0c\u5982\u679c\u53ea\u5f00\u542f\u4e86\u65e5\u5fd7\uff0c\u672a\u5f00\u542f\u5ba1\u8ba1\uff0c\u7b97\u90e8\u5206\u7b26\u5408\uff0c\u4e2d\u98ce\u9669\u3002<br \/>\n5\uff09\u65e5\u5fd7\u8bb0\u5f55\u4e0d\u5168\u3001\u6709\u5ba1\u8ba1\u6570\u636e\u4f46\u65e0\u6cd5\u76f4\u89c2\u5c55\u793a\u7b49\u60c5\u51b5\uff0c\u5224\u4e2d\u98ce\u9669\u3002<br \/>\n6\uff09\u5173\u952e\u8bbe\u5907\uff08\u8d44\u4ea7\u91cd\u8981\u7a0b\u5ea6\u4e3a\u975e\u5e38\u91cd\u8981\u7684\u8bbe\u5907\uff09\u65e0\u4efb\u4f55\u5ba1\u8ba1\u63aa\u65bd\uff0c\u6216\u672a\u5f00\u542f\u4efb\u4f55\u5ba1\u8ba1\u529f\u80fd\uff0c\u4e14\u672a\u91c7\u7528\u5821\u5792\u673a\u3001\u5ba1\u8ba1\u8bbe\u5907\u7b49\u63aa\u65bd\uff0c\u5224\u4e0d\u7b26\u5408\uff0c\u9ad8\u98ce\u9669\u3002<\/font><br \/>\n<font color=\"#0000dd\" size=\"2\">b)\u5ba1\u8ba1\u8bb0\u5f55\u5e94\u5305\u62ec\u4e8b\u4ef6\u7684\u65e5\u671f\u548c\u65f6\u95f4\u3001\u7528\u6237\u3001\u4e8b\u4ef6\u7c7b\u578b\u3001\u4e8b\u4ef6\u662f\u5426\u6210\u529f\u53ca\u5176\u4ed6\u4e0e\u5ba1\u8ba1\u76f8\u5173\u7684\u4fe1\u606f\uff1b<\/font><br \/>\n<font size=\"2\">\u6267\u884c\u547d\u4ee4<code>ausearch -i | less<\/code>\uff0c\u6838\u67e5\u5ba1\u8ba1\u8bb0\u5f55\u5185\u5bb9\u662f\u5426\u5305\u62ec\u4e8b\u4ef6\u7684\u65e5\u671f\u548c\u65f6\u95f4\u3001\u7528\u6237\u3001\u4e8b\u4ef6\u7c7b\u578b\u3001\u4e8b\u4ef6\u662f\u5426\u6210\u529f\u53ca\u5176\u4ed6\u4e0e\u5ba1\u8ba1\u76f8\u5173\u7684\u4fe1\u606f\u3002<br \/>\n\u3010\u6ce8\u3011\uff1a\u4e0a\u8ff0\u547d\u4ee4\u610f\u601d\u4e3a\u8f93\u51fa\u5ba1\u8ba1\u6587\u4ef6\u4e3a\u65b9\u4fbf\u4eba\u9605\u8bfb\u7684\u6a21\u5f0f\uff0c\u5e76\u901a\u8fc7\u7ba1\u9053\u7b26\uff0c\u5b9a\u4e49\u4e00\u9875\u4e00\u9875\u9605\u8bfb\u3002<\/font> <\/p>\n<pre><code class=\"language-bash\">[root@ENST ~]# ausearch -i | less<\/code><\/pre>\n<p><font color=\"#0000dd\" size=\"2\">c)\u5e94\u5bf9\u5ba1\u8ba1\u8bb0\u5f55\u8fdb\u884c\u4fdd\u62a4\uff0c\u5b9a\u671f\u5907\u4efd\uff0c\u907f\u514d\u53d7\u5230\u672a\u9884\u671f\u7684\u5220\u9664\u3001\u4fee\u6539\u6216\u8986\u76d6\u7b49\uff1b<\/font><br \/>\n<font size=\"2\">1\uff09\u6267\u884c\u547d\u4ee4<code>more \/etc\/rsyslog.conf<\/code>\uff0c\u6838\u67e5\u662f\u5426\u5c06\u7cfb\u7edf\u65e5\u5fd7\u8f6c\u53d1\u5230\u65e5\u5fd7\u670d\u52a1\u5668\u6216\u65e5\u5fd7\u7b2c\u4e09\u65b9\u65e5\u5fd7\u5ba1\u8ba1\u7cfb\u7edf\u4e2d\uff0c\u6838\u67e5\u65e5\u5fd7\u4fdd\u5b58\u65f6\u95f4\u662f\u5426\u5927\u4e8e6\u4e2a\u6708\u3002<br \/>\n\u3010\u6ce8\u3011\uff1a<br \/>\n\/etc\/rsyslog.conf\u4e2d\u8fdb\u884c\u4e86\u8f6c\u53d1\u914d\u7f6e\uff1a\u201c*.info;mail.none @IP\u201d\uff0c\u5c06\u65e5\u5fd7\u8f6c\u53d1\u5230\u65e5\u5fd7\u670d\u52a1\u5668\u4e2d\uff0c\u6216\u5b89\u88c5\u4e86\u7b2c\u4e09\u65b9\u5ba1\u8ba1\u7cfb\u7edf\u7684\u5ba2\u6237\u7aef\uff0c\u5c06\u65e5\u5fd7\u8f6c\u53d1\u5230\u5ba1\u8ba1\u7cfb\u7edf\u4e2d\uff1b\u65e5\u5fd7\u5728\u65e5\u5fd7\u670d\u52a1\u5668\u6216\u7b2c\u4e09\u65b9\u5ba1\u8ba1\u7cfb\u7edf\u7684\u4fdd\u5b58\u65f6\u95f4\u8d85\u8fc76\u4e2a\u6708\uff0c\u5982\u8fd0\u884c\u4e0d\u52306\u4e2a\u6708\uff0c\u8bb0\u5f55\u65e5\u5fd7\u5171\u4fdd\u5b58\u4e86\u51e0\u4e2a\u6708\u3002<\/font><\/p>\n<pre><code class=\"language-bash\">[root@ENST ~]# more \/etc\/rsyslog.conf\n# rsyslog configuration file\n\n# For more information see \/usr\/share\/doc\/rsyslog-*\/rsyslog_conf.html\n# If you experience problems, see http:\/\/www.rsyslog.com\/doc\/troubleshoot.html\n\n#### MODULES ####\n\n# The imjournal module bellow is now used as a message source instead of imuxsock.\n$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)\n$ModLoad imjournal # provides access to the systemd journal\n#$ModLoad imklog # reads kernel messages (the same are read from journald)\n#$ModLoad immark  # provides --MARK-- message capability\n\n# Provides UDP syslog reception\n#$ModLoad imudp\n#$UDPServerRun 514\n\n# Provides TCP syslog reception\n#$ModLoad imtcp\n#$InputTCPServerRun 514\n\n#### GLOBAL DIRECTIVES ####\n\n# Where to place auxiliary files\n$WorkDirectory \/var\/lib\/rsyslog\n\n# Use default timestamp format\n$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat\n\n# File syncing capability is disabled by default. This feature is usually not required,\n# not useful and an extreme performance hit\n#$ActionFileEnableSync on\n\n# Include all config files in \/etc\/rsyslog.d\/\n$IncludeConfig \/etc\/rsyslog.d\/*.conf\n\n# Turn off message reception via local log socket;\n# local messages are retrieved through imjournal now.\n$OmitLocalLogging on\n\n# File to store the position in the journal\n$IMJournalStateFile imjournal.state\n\n#### RULES ####\n\n# Log all kernel messages to the console.\n# Logging much else clutters up the screen.\n#kern.*                                                 \/dev\/console\n\n# Log anything (except mail) of level info or higher.\n# Don&#039;t log private authentication messages!\n*.info;mail.none;authpriv.none;cron.none                \/var\/log\/messages\n\n# The authpriv file has restricted access.\nauthpriv.*                                              \/var\/log\/secure\n\n# Log all the mail messages in one place.\nmail.*                                                  -\/var\/log\/maillog\n\n# Log cron stuff\ncron.*                                                  \/var\/log\/cron\n\n# Everybody gets emergency messages\n*.emerg                                                 :omusrmsg:*\n\n# Save news errors of level crit and higher in a special file.\nuucp,news.crit                                          \/var\/log\/spooler\n\n# Save boot messages also to boot.log\nlocal7.*                                                \/var\/log\/boot.log\n\n# ### begin forwarding rule ###\n# The statement between the begin ... end define a SINGLE forwarding\n# rule. They belong together, do NOT split them. If you create multiple\n# forwarding rules, duplicate the whole block!\n# Remote Logging (we use TCP for reliable delivery)\n#\n# An on-disk queue is created for this action. If the remote host is\n# down, messages are spooled to disk and sent when it is up again.\n#$ActionQueueFileName fwdRule1 # unique name prefix for spool files\n#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)\n#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown\n#$ActionQueueType LinkedList   # run asynchronously\n#$ActionResumeRetryCount -1    # infinite retries if host is down\n# remote host is: name\/ip:port, e.g. 192.168.0.1:514, port optional\n#*.* @@remote-host:514\n# ### end of the forwarding rule ###\n<\/code><\/pre>\n<p><font size=\"2\">2\uff09\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\uff0c\u6838\u67e5\u65e5\u5fd7\u6587\u4ef6\u7684\u6743\u9650\uff1a(\u9e92\u9e9f\u3001\u51dd\u601d\u7b49\u56fd\u4ea7\u64cd\u4f5c\u7cfb\u7edf\u9700\u6838\u67e5sysadmin\u4ee5\u53casecadmin\u5bf9\u4e8e\u4ee5\u4e0b\u6587\u4ef6\u7684\u8bbf\u95ee\u6743\u9650)<br \/>\nls -al \/var\/log\/audit\/audit.log<br \/>\nls -al \/var\/log\/messages<br \/>\nls -al \/var\/log\/secure<br \/>\n\u662f\u5426\u80fd\u5bf9\u65e5\u5fd7\u6587\u4ef6\u8fdb\u884c\u975e\u9884\u671f\u7684\u5220\u9664\u3001\u4fee\u6539\u6216\u8986\u76d6\u7b49\uff1b<br \/>\n\u9996\u5148\u5224\u65ad\u8bbe\u5907\u65e5\u5fd7\u7559\u5b58\u65f6\u95f4\u662f\u5426\u6ee1\u8db36\u4e2a\u6708\uff0c\u4e0d\u6ee1\u8db36\u4e2a\u6708\uff0c\u76f4\u63a5\u5224\u4e0d\u7b26\u5408\uff0c\u9ad8\u98ce\u9669\u3002\u6ee1\u8db36\u4e2a\u6708\u7684\u524d\u63d0\u4e0b\uff0c\u53c2\u7167\u4ee5\u4e0b\u60c5\u51b5\u5224\u5b9a\uff1a<br \/>\n\uff08\u82e5\u7cfb\u7edf\u6295\u8fd0\u4e0d\u8db36\u4e2a\u6708\uff0c\u5219\u5728\u7ed3\u679c\u8bb0\u5f55\u4e2d\u5e94\u63cf\u8ff0\u6295\u8fd0\u65f6\u95f4\u4ee5\u53ca\u65e5\u5fd7\u7559\u5b58\u65f6\u95f4\uff0c\u6309\u9ad8\u98ce\u9669\u5224\u5b9a\uff0c\u540e\u9762\u4fee\u6b63\uff09<br \/>\n\u2460\u8bbf\u8c08\u548c\u6838\u67e5\u65e5\u5fd7\u670d\u52a1\u5668\u548c\u7b2c\u4e09\u65b9\u5ba1\u8ba1\u7cfb\u7edf\u7684\u8bbe\u7f6e\u6743\u9650\uff0c\u662f\u5426\u80fd\u5bf9\u65e5\u5fd7\u6587\u4ef6\u8fdb\u884c\u975e\u9884\u671f\u7684\u5220\u9664\u3001\u4fee\u6539\u6216\u8986\u76d6\u7b49\u3002\u6709\u96c6\u4e2d\u5ba1\u8ba1\u6216\u65e5\u5fd7\u8f6c\u5b58\u3002\u5224\u7b26\u5408\u3002<br \/>\n\u2461\u6838\u67e5\u7cfb\u7edf\u4e2d\u662f\u5426\u90e8\u7f72\u7f51\u7edc\u5b89\u5168\u76d1\u6d4b\u88c5\u7f6e\uff0c\u662f\u5426\u5c06\u5173\u952e\uff08\u975e\u5e38\u91cd\u8981\uff09\u7f51\u7edc\u3001\u5b89\u5168\u8bbe\u5907\u5c06syslog\u53d1\u9001\u81f3\u7f51\u76d1\u88c5\u7f6e\u3002\u82e5\u90e8\u7f72\u4e86\u7f51\u7edc\u5b89\u5168\u76d1\u6d4b\u88c5\u7f6e\uff0c\u4e14\u4ea4\u6362\u673a\u3001\u7f51\u7edc\u8bbe\u5907\u65e5\u5fd7\u5747\u63a5\u5165\u7f51\u76d1\u88c5\u7f6e\uff0c\u53ef\u5224\u90e8\u7b26\u5408\uff0c\u4e2d\u98ce\u9669\u3002<br \/>\n\u2462\u6838\u67e5\u7cfb\u7edf\/\u8bbe\u5907\u662f\u5426\u5b9e\u73b0\u4e86\u65e5\u5fd7\u5b9a\u671f\u5907\u4efd\uff0c\u8bbf\u8c08\u8fd0\u7ef4\u4eba\u5458\u65e5\u5fd7\u5b9a\u671f\u5907\u4efd\u7684\u65b9\u5f0f\u4ee5\u53ca\u4fdd\u5b58\u7684\u5730\u70b9\uff0c\u4ee5\u53ca\u65e5\u5fd7\u5907\u4efd\u7684\u8d23\u4efb\u4eba\uff0c\u82e5\u7cfb\u7edf\/\u8bbe\u5907\u5df2\u5b9e\u73b0\u5b9a\u671f\u5907\u4efd\uff0c\u4e14\u6709\u4e13\u4eba\u8d1f\u8d23\uff0c\u80fd\u591f\u63a5\u89e6\u5230\u5907\u4efd\u65e5\u5fd7\u7684\u6743\u9650\u53ef\u63a7\uff0c\u53ef\u5224\u5b9a\u4e3a\u90e8\u5206\u7b26\u5408\uff0c\u4e2d\u98ce\u9669\uff1b<br \/>\n\u2463\u6838\u67e5\u7cfb\u7edf\/\u8bbe\u5907\u662f\u5426\u5b9e\u73b0\u4e86\u6743\u9650\u5206\u79bb\uff0c\u914d\u7f6e\u72ec\u7acb\u7684\u5ba1\u8ba1\u8d26\u6237\uff0c\u8d4b\u4e88\u5408\u7406\u7684\u6743\u9650\uff0c\u6838\u67e5\u5ba1\u8ba1\u7ba1\u7406\u5458\u662f\u5426\u53ef\u4ee5\u67e5\u770b\u3001\u64cd\u4f5c\u65e5\u5fd7\u8bb0\u5f55\uff0c\u82e5\u5b9e\u73b0\u4e86\u6743\u9650\u5206\u79bb\u4e14\u8d4b\u4e88\u4e86\u76f8\u5e94\u6743\u9650\uff0c\u53ef\u5224\u90e8\u5206\u7b26\u5408\uff0c\u4e2d\u98ce\u9669\uff0c\u4f46\u7ed3\u679c\u8bb0\u5f55\u4e2d\u9700\u63cf\u8ff0\u65e5\u5fd7\u5907\u4efd\u60c5\u51b5\u3002<br \/>\n\u2464\u6838\u67e5\u65e5\u5fd7\u6ca1\u6709\u5b9a\u671f\u5907\u4efd\u4e14\u8bbe\u5907\u6ca1\u6709\u6743\u9650\u5206\u79bb\uff08\u6ca1\u6709\u5ba1\u8ba1\u5e10\u6237\uff09\u3001\u8bbe\u5907\u65e5\u5fd7\u7b56\u7565\u4e0d\u6ee1\u8db3\u8981\u6c42\uff08\u65e5\u5fd7\u5185\u5bb9\u3001\u65e5\u5fd7\u5b58\u50a8\u5bb9\u91cf\u7b49\uff09\u7684\u60c5\u51b5\uff0c\u5224\u5b9a\u4e3a\u4e0d\u7b26\u5408\uff0c\u9ad8\u98ce\u9669\u3002<br \/>\n\u3010\u6ce8\u3011\uff1a<br \/>\n\/var\/*log\u3001\/var\/audit\/audit.log\u3001\/var\/messages\u3001\/var\/secure\u7b49\u65e5\u5fd7\u6587\u4ef6\u7684\u6743\u9650\u4e0d\u5927\u4e8e600\u3002\u3010\u8bf4\u660e\uff1a\u8fd9\u6761\u4e0d\u7b26\u5408\uff0c\u672c\u6d4b\u8bc4\u9879\u4e3a\u4e0d\u7b26\u5408\uff1b\u8fd9\u6761\u7b26\u5408\uff0c\u5176\u4ed6\u4e3a\u4e0d\u7b26\u5408\uff0c\u672c\u6d4b\u8bc4\u9879\u4e5f\u4e3a\u4e0d\u7b26\u5408\u3011\u65e5\u5fd7\u670d\u52a1\u5668\u6216\u7b2c\u4e09\u65b9\u5ba1\u8ba1\u7cfb\u7edf\u5177\u6709\u6743\u9650\u8bbe\u7f6e\uff0c\u975e\u5408\u7406\u7406\u7531\u65e0\u6cd5\u5220\u9664\u3001\u4fee\u6539\u6216\u8986\u76d6\u65e5\u5fd7\u6587\u4ef6\u3002<\/font><\/p>\n<p><font color=\"#0000dd\" size=\"2\">d)\u5e94\u5bf9\u5ba1\u8ba1\u8fdb\u7a0b\u8fdb\u884c\u4fdd\u62a4\uff0c\u9632\u6b62\u672a\u7ecf\u6388\u6743\u7684\u4e2d\u65ad\u3002<\/font><br \/>\n<font size=\"2\">1\uff09\u6267\u884c\u547d\u4ee4<code>more \/etc\/sudoers<\/code>\uff0c\u6838\u67e5\u662f\u5426\u5c06\u5ba1\u8ba1\u7ba1\u7406\u6743\u9650\u6388\u4e88\u9664\u5ba1\u8ba1\u7ba1\u7406\u5458\u4e4b\u5916\u5176\u4ed6\u7528\u6237\uff1b<\/font><\/p>\n<pre><code class=\"language-bash\">[root@ENST ~]# more \/etc\/sudoers\n## Sudoers allows particular users to run various commands as\n## the root user, without needing the root password.\n##\n## Examples are provided at the bottom of the file for collections\n## of related commands, which can then be delegated out to particular\n## users or groups.\n## \n## This file must be edited with the &#039;visudo&#039; command.\n\n## Host Aliases\n## Groups of machines. You may prefer to use hostnames (perhaps using \n## wildcards for entire domains) or IP addresses instead.\n# Host_Alias     FILESERVERS = fs1, fs2\n# Host_Alias     MAILSERVERS = smtp, smtp2\n\n## User Aliases\n## These aren&#039;t often necessary, as you can use regular groups\n## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname \n## rather than USERALIAS\n# User_Alias ADMINS = jsmith, mikem\n\n## Command Aliases\n## These are groups of related commands...\n\n## Networking\n# Cmnd_Alias NETWORKING = \/sbin\/route, \/sbin\/ifconfig, \/bin\/ping, \/sbin\/dhclient, \/usr\/bin\/net, \/sbin\/iptables, \/usr\/b\nin\/rfcomm, \/usr\/bin\/wvdial, \/sbin\/iwconfig, \/sbin\/mii-tool\n\n## Installation and management of software\n# Cmnd_Alias SOFTWARE = \/bin\/rpm, \/usr\/bin\/up2date, \/usr\/bin\/yum\n\n## Services\n# Cmnd_Alias SERVICES = \/sbin\/service, \/sbin\/chkconfig, \/usr\/bin\/systemctl start, \/usr\/bin\/systemctl stop, \/usr\/bin\/sy\nstemctl reload, \/usr\/bin\/systemctl restart, \/usr\/bin\/systemctl status, \/usr\/bin\/systemctl enable, \/usr\/bin\/systemctl d\nisable\n\n## Updating the locate database\n# Cmnd_Alias LOCATE = \/usr\/bin\/updatedb\n\n## Storage\n# Cmnd_Alias STORAGE = \/sbin\/fdisk, \/sbin\/sfdisk, \/sbin\/parted, \/sbin\/partprobe, \/bin\/mount, \/bin\/umount\n\n## Delegating permissions\n# Cmnd_Alias DELEGATING = \/usr\/sbin\/visudo, \/bin\/chown, \/bin\/chmod, \/bin\/chgrp \n\n## Processes\n# Cmnd_Alias PROCESSES = \/bin\/nice, \/bin\/kill, \/usr\/bin\/kill, \/usr\/bin\/killall\n\n## Drivers\n# Cmnd_Alias DRIVERS = \/sbin\/modprobe\n\n# Defaults specification\n\n#\n# Refuse to run if unable to disable echo on the tty.\n#\nDefaults   !visiblepw\n\n#\n# Preserving HOME has security implications since many programs\n# use it when searching for configuration files. Note that HOME\n# is already set when the the env_reset option is enabled, so\n# this option is only effective for configurations where either\n# env_reset is disabled or HOME is present in the env_keep list.\n#\nDefaults    always_set_home\nDefaults    match_group_by_gid\n\n# Prior to version 1.8.15, groups listed in sudoers that were not\n# found in the system group database were passed to the group\n# plugin, if any. Starting with 1.8.15, only groups of the form\n# %:group are resolved via the group plugin by default.\n# We enable always_query_group_plugin to restore old behavior.\n# Disable this option for new behavior.\nDefaults    always_query_group_plugin\n\nDefaults    env_reset\nDefaults    env_keep =  &quot;COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS&quot;\nDefaults    env_keep += &quot;MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE&quot;\nDefaults    env_keep += &quot;LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES&quot;\nDefaults    env_keep += &quot;LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE&quot;\nDefaults    env_keep += &quot;LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY&quot;\n\n#\n# Adding HOME to env_keep may enable a user to run unrestricted\n# commands via sudo.\n#\n# Defaults   env_keep += &quot;HOME&quot;\n\nDefaults    secure_path = \/sbin:\/bin:\/usr\/sbin:\/usr\/bin\n\n## Next comes the main part: which users can run what software on \n## which machines (the sudoers file can be shared between multiple\n## systems).\n## Syntax:\n##\n##  user    MACHINE=COMMANDS\n##\n## The COMMANDS section may have other options added to it.\n##\n## Allow root to run any commands anywhere \nroot    ALL=(ALL)   ALL\n\n## Allows members of the &#039;sys&#039; group to run networking, software, \n## service management apps and more.\n# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS\n\n## Allows people in group wheel to run all commands\n%wheel  ALL=(ALL)   ALL\n\n## Same thing without a password\n# %wheel    ALL=(ALL)   NOPASSWD: ALL\n\n## Allows members of the users group to mount and unmount the \n## cdrom as root\n# %users  ALL=\/sbin\/mount \/mnt\/cdrom, \/sbin\/umount \/mnt\/cdrom\n\n## Allows members of the users group to shutdown this system\n# %users  localhost=\/sbin\/shutdown -h now\n\n## Read drop-in files from \/etc\/sudoers.d (the # here does not mean a comment)\n#includedir \/etc\/sudoers.d\n<\/code><\/pre>\n<p><font size=\"2\">2\uff09\u4f7f\u7528\u975e\u5ba1\u8ba1\u7ba1\u7406\u5458\u7684\u5176\u4ed6\u7528\u6237\u4e2d\u65ad\u5ba1\u8ba1\u8fdb\u7a0b\uff0c\u662f\u5426\u6210\u529f\uff1b<br \/>\n3\uff09\u8bbf\u8c08\u548c\u6838\u67e5\u662f\u5426\u90e8\u7f72\u7b2c\u4e09\u65b9\u76d1\u63a7\u7cfb\u7edf\u5bf9rsyslog\u3001auditd\u8fdb\u884c\u76d1\u63a7\uff0c\u53d1\u751f\u4e2d\u65ad\u65f6\u8fdb\u884c\u53ca\u65f6\u62a5\u8b66\u3002<\/font> <\/p>\n<hr \/>\n<h3><font color=\"#0000dd\" size=\"3\">4. \u5165\u4fb5\u9632\u8303<\/font><br \/><\/h3>\n<hr \/>\n<p><font color=\"#0000dd\" size=\"2\">a)\u5e94\u9075\u5faa\u6700\u5c0f\u5b89\u88c5\u7684\u539f\u5219\uff0c\u4ec5\u5b89\u88c5\u9700\u8981\u7684\u7ec4\u4ef6\u548c\u5e94\u7528\u7a0b\u5e8f\uff1b<\/font><br \/>\n<font size=\"2\">1\uff09\u6267\u884c\u547d\u4ee4\u201cdpkg -l\u201d\u67e5\u770b\u662f\u5426\u5b89\u88c5\u4e86\u591a\u4f59\u7684\u7ec4\u4ef6\u548c\u5e94\u7528\u7a0b\u5e8f\u3002<br \/>\n\u3010\u8bf4\u660e\uff1a\u672c\u6d4b\u8bc4\u9879\u4e00\u822c\u4e0d\u5b9c\u53d1\u73b0\u591a\u4f59\u7684\u7ec4\u4ef6\u548c\u5e94\u7528\u7a0b\u5e8f\uff0c\u5c0f\u6280\u5de7\uff1a\u6709\u4e9b\u7ec4\u4ef6\u6216\u5e94\u7528\u7a0b\u5e8f\u5728\u5b89\u88c5\u65f6\u4f1a\u751f\u6210\u4e00\u4e2a\u7528\u6237\uff0c\u53ef\u4ee5\u5728\u67e5\u8be2\u7528\u6237\u65f6\u3011<\/font><\/p>\n<pre><code class=\"language-bash\">root@ENST:~# dpkg -l\n<\/code><\/pre>\n<p><font color=\"#0000dd\" size=\"2\">b)\u5e94\u5173\u95ed\u4e0d\u9700\u8981\u7684\u7cfb\u7edf\u670d\u52a1\u3001\u9ed8\u8ba4\u5171\u4eab\u548c\u9ad8\u5371\u7aef\u53e3\uff1b<\/font><br \/>\n<font size=\"2\">1\uff09\u6267\u884c\u547d\u4ee4\u201c<code>systemctl list-unit-files|grep enabled<\/code>\u201d\uff0c\u6838\u67e5\u662f\u5426\u5f00\u673a\u542f\u52a8\u4e86\u591a\u4f59\u7684\u670d\u52a1\uff1b\uff08\u7701\u7565\uff09<br \/>\n\u6267\u884c\u547d\u4ee4\u201c<code>systemctl |grep running<\/code>&quot;\uff0c\u6838\u67e5\u5f53\u524d\u6b63\u5728\u8fd0\u884c\u7684\u670d\u52a1\u4e2d\u662f\u5426\u5b58\u5728\u591a\u4f59\u670d\u52a1\uff1b\u6216\u62bd\u53d6\u5e38\u89c1\u7684\u591a\u4f59\u670d\u52a1\uff0c\u6267\u884c\u547d\u4ee4\uff1a<br \/>\nps -ef | grep talk<br \/>\nps -ef | grep ntalk<br \/>\nps -ef | grep pop<br \/>\nps -ef | grep Imapd<br \/>\nps -ef | grep sendmail<br \/>\nps -ef | grep pop3<br \/>\nps -ef | grep cupsd<br \/>\nps -ef | grep bluetooth<\/font><\/p>\n<pre><code class=\"language-bash\">root@ENST:~# systemctl |grep running\n<\/code><\/pre>\n<p><font size=\"2\">2\uff09\u6267\u884c\u547d\u4ee4\u201c<code>netstat -anp<\/code>\u201d\uff0c\u6838\u67e5\u662f\u5426\u5f00\u542f\u4e86\u591a\u4f59\u7684\u3001\u9ad8\u5371\u7684\u7aef\u53e3\uff0c\u598221\u300123\u300125\u7b49\uff1b\u6267\u884c\u547d\u4ee4\u201c<code>firewall-cmd --list-all<\/code>\u201d\u6216\u201c<code>iptables -L<\/code>\u201d\uff0c\u6838\u67e5\u9632\u706b\u5899\u7b56\u7565\u914d\u7f6e\uff0c\u662f\u5426\u5173\u95ed\u4e86\u591a\u4f59\u7aef\u53e3\u3002<br \/>\n\u3010\u6ce8\u3011\uff1a\u547d\u4ee4\u8be6\u89e3\u89c1Linux\u5e38\u7528\u547d\u4ee4-<a href=\"http:\/\/172.18.1.201\/c\/netstat.html\" target=\"_blank\"  rel=\"nofollow\" >netstat<\/a><\/font><\/p>\n<pre><code class=\"language-bash\">[root@ENST ~]# netstat  -anp\nActive Internet connections (servers and established)\nProto Recv-Q Send-Q Local Address           Foreign Address         State       PID\/Program name    \ntcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1008\/sshd           \ntcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1319\/master         \ntcp        0     52 172.18.2.9:22           172.18.200.100:11698    ESTABLISHED 227478\/sshd: root@p \ntcp6       0      0 :::22                   :::*                    LISTEN      1008\/sshd           \ntcp6       0      0 ::1:25                  :::*                    LISTEN      1319\/master         \nudp        0      0 0.0.0.0:68              0.0.0.0:*                           818\/dhclient        \nudp        0      0 127.0.0.1:323           0.0.0.0:*                           666\/chronyd         \nudp6       0      0 ::1:323                 :::*                                666\/chronyd         \nraw6       0      0 :::58                   :::*                    7           693\/NetworkManager  \nActive UNIX domain sockets (servers and established)\nProto RefCnt Flags       Type       State         I-Node   PID\/Program name     Path\nunix  2      [ ACC ]     STREAM     LISTENING     13057    1\/systemd            \/run\/systemd\/private\nunix  2      [ ACC ]     STREAM     LISTENING     22286    1319\/master          public\/pickup\nunix  2      [ ACC ]     STREAM     LISTENING     22297    1319\/master          private\/tlsmgr\nunix  2      [ ACC ]     STREAM     LISTENING     22300    1319\/master          private\/rewrite\nunix  2      [ ACC ]     STREAM     LISTENING     22318    1319\/master          private\/proxymap\nunix  2      [ ACC ]     STREAM     LISTENING     22312    1319\/master          private\/verify\nunix  2      [ ACC ]     STREAM     LISTENING     22290    1319\/master          public\/cleanup\nunix  2      [ ]         DGRAM                    18720    666\/chronyd          \/var\/run\/chrony\/chronyd.sock\nunix  2      [ ACC ]     STREAM     LISTENING     22333    1319\/master          private\/error\nunix  2      [ ACC ]     STREAM     LISTENING     22336    1319\/master          private\/retry\nunix  2      [ ACC ]     STREAM     LISTENING     22339    1319\/master          private\/discard\nunix  2      [ ACC ]     STREAM     LISTENING     22303    1319\/master          private\/bounce\nunix  2      [ ACC ]     STREAM     LISTENING     22342    1319\/master          private\/local\nunix  2      [ ACC ]     STREAM     LISTENING     22345    1319\/master          private\/virtual\nunix  2      [ ACC ]     STREAM     LISTENING     22306    1319\/master          private\/defer\nunix  2      [ ACC ]     STREAM     LISTENING     22348    1319\/master          private\/lmtp\nunix  2      [ ACC ]     STREAM     LISTENING     18469    1\/systemd            \/run\/dbus\/system_bus_socket\nunix  2      [ ACC ]     STREAM     LISTENING     22351    1319\/master          private\/anvil\nunix  2      [ ACC ]     STREAM     LISTENING     22354    1319\/master          private\/scache\nunix  2      [ ACC ]     STREAM     LISTENING     22309    1319\/master          private\/trace\nunix  2      [ ACC ]     STREAM     LISTENING     15423    1\/systemd            \/run\/lvm\/lvmpolld.socket\nunix  2      [ ACC ]     STREAM     LISTENING     13131    1\/systemd            \/run\/lvm\/lvmetad.socket\nunix  2      [ ]         DGRAM                    13151    1\/systemd            \/run\/systemd\/shutdownd\nunix  2      [ ACC ]     STREAM     LISTENING     22327    1319\/master          private\/relay\nunix  2      [ ACC ]     SEQPACKET  LISTENING     15461    1\/systemd            \/run\/udev\/control\nunix  2      [ ACC ]     STREAM     LISTENING     21110    693\/NetworkManager   \/var\/run\/NetworkManager\/private-dhcp\nunix  2      [ ACC ]     STREAM     LISTENING     22321    1319\/master          private\/proxywrite\nunix  3      [ ]         DGRAM                    1429     1\/systemd            \/run\/systemd\/notify\nunix  3      [ ]         STREAM     CONNECTED     22341    1319\/master          \nunix  3      [ ]         STREAM     CONNECTED     21856    1\/systemd            \/run\/systemd\/journal\/stdout\nunix  3      [ ]         STREAM     CONNECTED     22305    1319\/master          \nunix  3      [ ]         STREAM     CONNECTED     18043    657\/systemd-logind  \n<\/code><\/pre>\n<p><font color=\"#0000dd\" size=\"2\">c)\u5e94\u901a\u8fc7\u8bbe\u5b9a\u7ec8\u7aef\u63a5\u5165\u65b9\u5f0f\u6216\u7f51\u7edc\u5730\u5740\u8303\u56f4\u5bf9\u901a\u8fc7\u7f51\u7edc\u8fdb\u884c\u7ba1\u7406\u7684\u7ba1\u7406\u7ec8\u7aef\u8fdb\u884c\u9650\u5236\uff1b<\/font><br \/>\n<font size=\"2\">1\uff09\u6267\u884c\u547d\u4ee4\u201ciptables -L\u201d\uff0c\u6838\u67e5\u662f\u5426\u5728\u7cfb\u7edf\u9632\u706b\u5899\u4e0a\u8fdb\u884c\u5bf9\u7ba1\u7406\u7ec8\u7aefIP\u8fdb\u884c\u9650\u5236\u3002\u6216\u6267\u884c\u547d\u4ee4\u201c<code>more \/etc\/hosts.deny<\/code>\u201d\u548c\u201c<code>more \/etc\/hosts.allow<\/code>\u201d\uff0c\u6838\u67e5\u662f\u5426\u5bf9\u7ba1\u7406\u7ec8\u7aefIP\u8fdb\u884c\u9650\u5236\uff1b<br \/>\n\u3010\u6ce8\u3011\uff1a\u82e5\u4ec5\u5141\u8bb8\u672c\u5730\u7ba1\u7406\uff0c\u4e0d\u5141\u8bb8\u8fdc\u7a0b\u7ba1\u7406\uff0c\u73b0\u573a\u63cf\u8ff0\u9700\u4e0e\u8eab\u4efd\u9274\u522bC\u9879\u4ee5\u53ca\u6570\u636e\u5b8c\u6574\u6027\u3001\u4fdd\u5bc6\u6027\u63cf\u8ff0\u4e00\u81f4 \u3002 <a href=\"http:\/\/172.18.1.201\/c\/iptables.html\" target=\"_blank\"  rel=\"nofollow\" >iptables\u8bf4\u660e\u89c1\u8be6\u89e3<\/a><\/font><\/p>\n<pre><code class=\"language-bash\">root@ENST:~# iptables -L\nChain INPUT (policy ACCEPT)\ntarget     prot opt source               destination         \n\nChain FORWARD (policy ACCEPT)\ntarget     prot opt source               destination         \n\nChain OUTPUT (policy ACCEPT)\ntarget     prot opt source               destination \n<\/code><\/pre>\n<hr \/>\n<pre><code class=\"language-bash\">root@ENST:~# more \/etc\/hosts.allow\n# \/etc\/hosts.allow: list of hosts that are allowed to access the system.\n#                   See the manual pages hosts_access(5) and hosts_options(5).\n#\n# Example:    ALL: LOCAL @some_netgroup\n#             ALL: .foobar.edu EXCEPT terminalserver.foobar.edu\n#\n# If you&#039;re going to protect the portmapper use the name &quot;rpcbind&quot; for the\n# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.\n#\n<\/code><\/pre>\n<hr \/>\n<pre><code class=\"language-bash\">root@ENST:~# more \/etc\/hosts.deny\n# \/etc\/hosts.deny: list of hosts that are _not_ allowed to access the system.\n#                  See the manual pages hosts_access(5) and hosts_options(5).\n#\n# Example:    ALL: some.host.name, .some.domain\n#             ALL EXCEPT in.fingerd: other.host.name, .other.domain\n#\n# If you&#039;re going to protect the portmapper use the name &quot;rpcbind&quot; for the\n# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.\n#\n# The PARANOID wildcard matches any host whose name does not match its\n# address.\n#\n# You may wish to enable this to ensure any programs that don&#039;t\n# validate looked up hostnames still leave understandable logs. In past\n# versions of Debian this has been the default.\n# ALL: PARANOID\n<\/code><\/pre>\n<p><font color=\"#0000dd\" size=\"2\">d)\u5e94\u63d0\u4f9b\u6570\u636e\u6709\u6548\u6027\u68c0\u9a8c\u529f\u80fd\uff0c\u4fdd\u8bc1\u901a\u8fc7\u4eba\u673a\u63a5\u53e3\u8f93\u5165\u6216\u901a\u8fc7\u901a\u4fe1\u63a5\u53e3\u8f93\u5165\u7684\u5185\u5bb9\u7b26\u5408\u7cfb\u7edf\u8bbe\u5b9a\u8981\u6c42\uff1b<\/font><br \/>\n<font size=\"2\">\u6b64\u9879\u4e3b\u8981\u9488\u5bf9\u5e94\u7528\u7cfb\u7edf\u3001\u7cfb\u7edf\u7ba1\u7406\u8f6f\u4ef6\u7684\u6d4b\u8bc4\uff0c\u4e0d\u9002\u7528\u3002<\/font><br \/>\n<font color=\"#0000dd\" size=\"2\">e)\u5e94\u80fd\u53d1\u73b0\u53ef\u80fd\u5b58\u5728\u7684\u5df2\u77e5\u6f0f\u6d1e\uff0c\u5e76\u5728\u7ecf\u8fc7\u5145\u5206\u6d4b\u8bd5\u8bc4\u4f30\u540e\uff0c\u53ca\u65f6\u4fee\u8865\u6f0f\u6d1e\uff1b<\/font><br \/>\n<font size=\"2\">1\uff09\u8bbf\u8c08\u8865\u4e01\u5206\u53d1\u7684\u65b9\u5f0f\uff0c\u6838\u67e5\u5b9a\u671f\u8fdb\u884c\u7cfb\u7edf\u6f0f\u6d1e\u626b\u63cf\u7684\u62a5\u544a\u548c\u6f0f\u6d1e\u4fee\u8865\u7684\u8bb0\u5f55\uff0c\u6838\u67e5\u8fdb\u884c\u6f0f\u6d1e\u4fee\u8865\u7684\u8bb0\u5f55\uff1b\u6267\u884c\u547d\u4ee4\u201c rpm -qa | grep patch\u201d\uff0c\u6838\u67e5\u8865\u4e01\u7248\u672c\uff1b<br \/>\n2\uff09\u672c\u64cd\u4f5c\u7cfb\u7edf\u5728\u6f0f\u6d1e\u626b\u63cf\u4e2d\uff0c\u662f\u5426\u53d1\u73b0\u9ad8\u98ce\u9669\u5b89\u5168\u6f0f\u6d1e\u3002<br \/>\n3\uff09\u82e5\u8be5\u7cfb\u7edf\u672a\u8fdb\u884c\u8fc7\u6f0f\u6d1e\u626b\u63cf\uff0c\u4e14\u653e\u5f03\u9a8c\u8bc1\u6d4b\u8bd5\u3002\u65e0\u6cd5\u786e\u8ba4\u8bbe\u5907\u662f\u5426\u5b58\u5728\u9ad8\u5371\u6f0f\u6d1e\u5e76\u53ca\u65f6\u4fee\u8865\u3002\u6309\u4e0d\u7b26\u5408\u7b97\uff0c\u5224\u9ad8\u98ce\u9669<\/font><br \/>\n<font color=\"#0000dd\" size=\"2\">f)\u5e94\u80fd\u591f\u68c0\u6d4b\u5230\u5bf9\u91cd\u8981\u8282\u70b9\u8fdb\u884c\u5165\u4fb5\u7684\u884c\u4e3a\uff0c\u5e76\u5728\u53d1\u751f\u4e25\u91cd\u5165\u4fb5\u4e8b\u4ef6\u65f6\u63d0\u4f9b\u62a5\u8b66\uff1b<\/font><br \/>\n<font size=\"2\">1\uff09\u8bbf\u8c08\u548c\u6838\u67e5\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u662f\u5426\u5b89\u88c5\u4e86\u4e3b\u673a\u5165\u4fb5\u68c0\u6d4b\u7ec4\u4ef6\uff1b<br \/>\n2\uff09\u67e5\u770b\u62d3\u6251\u56fe\uff0c\u6838\u67e5\u662f\u5426\u5728\u91cd\u8981\u7f51\u7edc\u8282\u70b9\u5904\u90e8\u7f72\u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf\u63a2\u9488\uff0c\u80fd\u591f\u5bf9\u672c\u670d\u52a1\u5668\u7684\u5165\u4fb5\u884c\u4e3a\u8fdb\u884c\u68c0\u6d4b\uff1b<br \/>\n3\uff09\u6838\u67e5\u90e8\u7f72\u7684\u5165\u4fb5\u68c0\u6d4b\u7cfb\u7edf\u5bf9\u4e25\u91cd\u5165\u4fb5\u884c\u4e3a\u662f\u5426\u5177\u6709\u62a5\u8b66\u529f\u80fd\u3002<br \/>\n4\uff09\u672a\u90e8\u7f72\u4e3b\u673a\u5165\u4fb5\u68c0\u6d4b\u7ec4\u4ef6\u6216\u529f\u80fd\uff0c\u4f46\u7f51\u7edc\u4e2d\u90e8\u7f72\u4e86\u5165\u4fb5\u68c0\u6d4b\u88c5\u7f6e\uff0c\u5224\u90e8\u5206\u7b26\u5408\uff0c\u4f4e\u98ce\u9669\u3002<br \/>\n5\uff09\u672a\u90e8\u7f72\u4e3b\u673a\u5165\u4fb5\u68c0\u6d4b\u7ec4\u4ef6\u6216\u52a8\u80fd\uff0c\u4e14\u7f51\u7edc\u4e2d\u4e5f\u672a\u90e8\u7f72\u5165\u4fb5\u68c0\u6d4b\u88c5\u7f6e\uff0c\u5224\u4e0d\u7b26\u5408\uff0c\u4e2d\u98ce\u9669\u3002<\/font><\/p>\n<hr \/>\n<h3><font color=\"#dd0000\" size=\"3\">5. \u6076\u610f\u4ee3\u7801\u9632\u8303<\/font><br \/><\/h3>\n<hr \/>\n<p><font color=\"#0000dd\" size=\"2\">\u5e94\u91c7\u7528\u514d\u53d7\u6076\u610f\u4ee3\u7801\u653b\u51fb\u7684\u6280\u672f\u63aa\u65bd\u6216\u4e3b\u52a8\u514d\u75ab\u53ef\u4fe1\u9a8c\u8bc1\u673a\u5236\u53ca\u65f6\u8bc6\u522b\u5165\u4fb5\u548c\u75c5\u6bd2\u884c\u4e3a\uff0c\u5e76\u5c06\u5176\u6709\u6548\u963b\u65ad<\/font><br \/>\n<font size=\"2\">1\uff09\u8bbf\u8c08\u548c\u6838\u67e5\u7cfb\u7edf\u662f\u5426\u5b89\u88c5\u4e86\u9632\u6076\u610f\u4ee3\u7801\u8f6f\u4ef6\uff0c\u5982clamav\uff0c\u4e14\u8fd0\u884c\u6b63\u5e38\uff1b<br \/>\n2\uff09\u6838\u67e5\u9632\u6076\u610f\u4ee3\u7801\u8f6f\u4ef6\u7684\u7248\u672c\u548c\u75c5\u6bd2\u5e93\u7248\u672c\u662f\u5426\u8fdb\u884c\u4e86\u53ca\u65f6\u7684\u66f4\u65b0\u3002<\/font><\/p>\n<hr \/>\n<h3><font color=\"#dd0000\" size=\"3\">6. \u6570\u636e\u5b8c\u6574\u6027<\/font><br \/><\/h3>\n<hr \/>\n<p><font color=\"#0000dd\" size=\"2\">a\uff09\u5e94\u91c7\u7528\u6821\u9a8c\u6280\u672f\u6216\u5bc6\u7801\u6280\u672f\u4fdd\u8bc1\u91cd\u8981\u6570\u636e\u5728\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u7684\u5b8c\u6574\u6027\uff0c\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\u9274\u522b\u6570\u636e\u3001\u91cd\u8981\u4e1a\u52a1\u6570\u636e\u3001\u91cd\u8981\u5ba1\u8ba1\u6570\u636e\u3001\u91cd\u8981\u914d\u7f6e\u6570\u636e\u3001\u91cd\u8981\u89c6\u9891\u6570\u636e\u548c\u91cd\u8981\u4e2a\u4eba\u4fe1\u606f\u7b49<\/font><br \/>\n<font size=\"2\">\u7ecf\u6838\u67e5\uff0c\u5916\u90e8\u4e0e\u4e3b\u673a\u8bbe\u5907\u64cd\u4f5c\u7cfb\u7edf\u7684\u6570\u636e\u4f20\u8f93\u5305\u62ec\uff1a<br \/>\n\u8fdc\u7a0b\u7ba1\u7406\u4e3b\u673a\u8bbe\u5907\u64cd\u4f5c\u7cfb\u7edf\uff0c\u4f7f\u7528\u7684\u4f20\u8f93\u534f\u8bae\uff0c\u662f\u5426\u80fd\u591f\u4fdd\u8bc1\u9274\u522b\u4fe1\u606f\u548c\u91cd\u8981\u914d\u7f6e\u6570\u636e\u5728\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u7684\u5b8c\u6574\u6027\uff1b<br \/>\n\u9488\u5bf9\u4f20\u8f93\u8fc7\u7a0b\uff0c\u4f7f\u7528\u547d\u4ee4\u201c<code>ssh -Q mac<\/code>\u201d\u67e5\u770bssh\u670d\u52a1\u652f\u6301\u7684\u6d88\u606f\u5b8c\u6574\u6027\u6821\u9a8c\u7b97\u6cd5\uff0c\u5305\u62ecMD5\u3001SHA-1\u7b49\u5bc6\u7801\u7b97\u6cd5\u7b49\uff0c\u901a\u8fc7\u8fd9\u4e9b\u7b97\u6cd5\u5bf9\u9274\u522b\u6570\u636e\u3001\u91cd\u8981\u914d\u7f6e\u6570\u636e\u7684\u5b8c\u6574\u6027\u8fdb\u884c\u4fdd\u62a4\u7684\u60c5\u51b5\uff0c\u53ef\u5224\u5b9a\u4e3a\u7b26\u5408\u3002<br \/>\n\u4e0e\u5176\u4ed6\u5916\u90e8\u4e3b\u673a\u8bbe\u5907\u662f\u5426\u6709\u9274\u522b\u6570\u636e\u548c\u91cd\u8981\u914d\u7f6e\u6570\u636e\u7684\u4f20\u8f93\uff0c\u5982\u679c\u6709\uff0c\u5728\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u4f7f\u7528\u901a\u4fe1\u534f\u8bae\uff0c\u662f\u5426\u80fd\u591f\u4fdd\u8bc1\u9274\u522b\u4fe1\u606f\u548c\u91cd\u8981\u914d\u7f6e\u6570\u636e\u5728\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u7684\u5b8c\u6574\u6027\u3002<\/font><\/p>\n<pre><code class=\"language-bash\">root@ENST:~# ssh -Q mac\nhmac-sha1\nhmac-sha1-96\nhmac-sha2-256\nhmac-sha2-512\nhmac-md5\nhmac-md5-96\numac-64@openssh.com\numac-128@openssh.com\nhmac-sha1-etm@openssh.com\nhmac-sha1-96-etm@openssh.com\nhmac-sha2-256-etm@openssh.com\nhmac-sha2-512-etm@openssh.com\nhmac-md5-etm@openssh.com\nhmac-md5-96-etm@openssh.com\numac-64-etm@openssh.com\numac-128-etm@openssh.com\n<\/code><\/pre>\n<p><font color=\"#0000dd\" size=\"2\">b\uff09\u5e94\u91c7\u7528\u6821\u9a8c\u6280\u672f\u6216\u5bc6\u7801\u6280\u672f\u4fdd\u8bc1\u91cd\u8981\u6570\u636e\u5728\u50a8\u5b58\u8fc7\u7a0b\u4e2d\u7684\u5b8c\u6574\u6027\uff0c\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\u9274\u522b\u6570\u636e\u3001\u91cd\u8981\u4e1a\u52a1\u6570\u636e\u3001\u91cd\u8981\u5ba1\u8ba1\u6570\u636e\u3001\u91cd\u8981\u914d\u7f6e\u6570\u636e\u3001\u91cd\u8981\u89c6\u9891\u6570\u636e\u548c\u91cd\u8981\u4e2a\u4eba\u4fe1\u606f\u7b49<\/font><br \/>\n<font size=\"2\">\u6267\u884c\u547d\u4ee4\u201c<code>more \/etc\/shadow<\/code>\u201d\uff0c\u67e5\u770b\u5bf9\u53e3\u4ee4\u52a0\u5bc6\u4f7f\u7528\u7684\u5bc6\u7801\u7b97\u6cd5\u3002\uff08\u7565\uff09<br \/>\n\u3010\u8bf4\u660e\uff1aLinux\u5728&quot;\/etc\/shadow&quot;\u4e2d\u5bf9\u53e3\u4ee4\u8fdb\u884c\u52a0\u5bc6\u5b58\u50a8\uff0c\u4f46\u6bcf\u4e2a\u7248\u672c\u4f7f\u7528\u7684\u52a0\u5bc6\u7b97\u6cd5\u4e0d\u4e00\u6837\uff0c\u4e3b\u8981\u6709\u4e09\u7c7b\uff1a$1\u8868\u793aMD5 ; $6 \u8868\u793aSHA-512 ; $5 SHA-256\u3002\u3011<br \/>\n\u9488\u5bf9\u5b58\u50a8\u8fc7\u7a0b\uff0c\u9274\u522b\u4fe1\u606f\u91c7\u7528MD5\u3001SHA-256\u3001SHA-512\u7b49\u5bc6\u7801\u7b97\u6cd5\uff08\u54c8\u5e0c\u7b97\u6cd5\uff09\u7684\u60c5\u51b5\uff0c\u53ef\u5224\u5b9a\u4e3a\u7b26\u5408\u3002<br \/>\n\u7ecf\u6838\u67e5\uff0c\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u5b58\u50a8\u7684\u9274\u522b\u4fe1\u606f\u662f\u5426\u4e3a\u91c7\u7528\u54c8\u5e0c\u8fd0\u7b97\u540e\u7684\u54c8\u5e0c\u503c\uff0c\u4fdd\u8bc1\u9274\u522b\u4fe1\u606f\u7684\u5b8c\u6574\u6027\uff1b<br \/>\n\u6216\u8005\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u90e8\u7f72\u4e86\u4fdd\u8bc1\u91cd\u8981\u6587\u4ef6\u5b8c\u6574\u6027\u7684\u7ec4\u4ef6\u6216\u8f6f\u4ef6\uff0c\u4fdd\u8bc1\u9274\u522b\u4fe1\u606f\u3001\u91cd\u8981\u914d\u7f6e\u6587\u4ef6\u7684\u5b8c\u6574\u6027\u3002\u672a\u91c7\u7528\u5bc6\u7801\u7b97\u6cd5\u7684\uff0c\u5224\u4f8b\u573a\u666f\u5982\u4e0b\uff1a1\u3001\u9274\u522b\u6570\u636e\u660e\u6587\u5b58\u50a8\uff0c\u5224\u4e0d\u7b26\u5408\u3002<\/font><\/p>\n<hr \/>\n<h3><font color=\"#dd0000\" size=\"3\">7. \u6570\u636e\u4fdd\u5bc6\u6027<\/font><br \/><\/h3>\n<hr \/>\n<p><font color=\"#0000dd\" size=\"2\">a)\u5e94\u91c7\u7528\u5bc6\u7801\u6280\u672f\u4fdd\u8bc1\u91cd\u8981\u6570\u636e\u5728\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u7684\u4fdd\u5bc6\u6027\uff0c\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\u9274\u522b\u6570\u636e\u3001\u91cd\u8981\u4e1a\u52a1\u6570\u636e\u548c\u91cd\u8981\u4e2a\u4eba\u4fe1\u606f\u7b49\uff1b<\/font><br \/>\n<font size=\"2\">1\uff09\u6838\u67e5\u5728\u8fdc\u7a0b\u7ba1\u7406\u8fc7\u7a0b\u4e2d\uff0c\u901a\u8fc7\u54ea\u4e9b\u8fc7\u7a0b\u8fdb\u884c\u767b\u5f55\uff0c\u6bcf\u4e2a\u9636\u6bb5\u662f\u5426\u90fd\u4fdd\u8bc1\u4e86\u9274\u522b\u4fe1\u606f\u4f20\u8f93\u7684\u4fdd\u5bc6\u6027\uff0c\u662f\u5426\u91c7\u7528\u4e86\u52a0\u5bc6\u7684\u534f\u8bae\u8fdb\u884c\u901a\u4fe1\uff0c\u6216\u662f\u5426\u5bf9\u7528\u6237\u53e3\u4ee4\u7b49\u4fe1\u606f\u8fdb\u884c\u4f20\u8f93\u52a0\u5bc6\uff1b\u5982\u679c\u670d\u52a1\u5668\u4f7f\u7528SSH\u534f\u8bae\uff0c\u6267\u884c\u547d\u4ee4\u201cssh -V\u201d\uff0c\u6838\u67e5SSH\u534f\u8bae\u662f\u5426\u662f\u5b89\u5168\u53ef\u9760\u7684\uff1b<br \/>\n2\uff09\u4f7f\u7528\u547d\u4ee4\u201c<code>systemctl list-unit-files|grep enabled<\/code>\u201d\u6216\u201c<code>chkconfig --list<\/code>\u201d\uff0c\u6838\u67e5telnet\u3001rsh\u3001rlogin\u662f\u5426\u5f00\u673a\u542f\u52a8\uff1b\u4f7f\u7528\u547d\u4ee4\u201cnetstat -an\u201d\u6216\u201cps -ef\u201d\u67e5\u770b\uff0c\u6838\u67e5telnet\u3001rsh\u3001rlogin\u670d\u52a1\u5f53\u524d\u662f\u5426\u8fd0\u884c\u3002<br \/>\n\u9488\u5bf9\u4f20\u8f93\u8fc7\u7a0b\uff0c\u4f7f\u7528\u547d\u4ee4\u201c<code>ssh -Q cipher<\/code>\u201d\u67e5\u770bssh\u670d\u52a1\u652f\u6301\u7684\u5bf9\u79f0\u52a0\u5bc6\u7b97\u6cd5\uff0c\u5305\u62ecAES\u30013DES\u7b49\u5bc6\u7801\u7b97\u6cd5\u7b49\uff0c\u901a\u8fc7\u8fd9\u4e9b\u7b97\u6cd5\u5bf9\u9274\u522b\u6570\u636e\u7684\u4fdd\u5bc6\u6027\u8fdb\u884c\u4fdd\u62a4\u7684\u60c5\u51b5\uff0c\u53ef\u5224\u5b9a\u4e3a\u7b26\u5408\u3002<br \/>\n\u672a\u91c7\u7528\u5bc6\u7801\u7b97\u6cd5\u7684\uff0c\u5224\u4f8b\u573a\u666f\u5982\u4e0b\uff1a<br \/>\n1\u3001\u9274\u522b\u6570\u636e\u660e\u6587\u4f20\u8f93\uff0c\u7f51\u7edc\u5c42\u5728\u8fdc\u7a0b\u901a\u4fe1\u6709\u673a\u5bc6\u6027\u4fdd\u62a4\u3002\u5224\u4f4e\u98ce\u9669<br \/>\n2\u3001\u5e94\u7528\u5c42\u53ef\u4ee5\u4fdd\u969c\u901a\u4fe1\u673a\u5bc6\u6027\u4fdd\u62a4\uff0c\u7f51\u7edc\u5c42\u65e0\u4fdd\u969c\u3002\u5224\u7b26\u5408<br \/>\n3\u3001\u7f51\u7edc\u5c42\u548c\u5e94\u7528\u5c42\u5747\u65e0\u673a\u5bc6\u6027\u4fdd\u62a4\u3002\u4f46\u7f51\u7edc\u53ef\u63a7\uff0c\u5224\u4e2d\u98ce\u9669\u3002<\/font><\/p>\n<pre><code class=\"language-bash\">root@ENST:~# ssh -Q cipher\n3des-cbc\naes128-cbc\naes192-cbc\naes256-cbc\nrijndael-cbc@lysator.liu.se\naes128-ctr\naes192-ctr\naes256-ctr\naes128-gcm@openssh.com\naes256-gcm@openssh.com\nchacha20-poly1305@openssh.com\n<\/code><\/pre>\n<p><font color=\"#0000dd\" size=\"2\">b)\u5e94\u91c7\u7528\u5bc6\u7801\u6280\u672f\u4fdd\u8bc1\u91cd\u8981\u6570\u636e\u5728\u5b58\u50a8\u8fc7\u7a0b\u4e2d\u7684\u4fdd\u5bc6\u6027\uff0c\u5305\u62ec\u4f46\u4e0d\u9650\u4e8e\u9274\u522b\u6570\u636e\u3001\u91cd\u8981\u4e1a\u52a1\u6570\u636e\u548c\u91cd\u8981\u4e2a\u4eba\u4fe1\u606f\u7b49\uff1b<\/font><br \/>\n<font size=\"2\">\u6267\u884c\u547d\u4ee4\u201c<code>more \/etc\/shadow<\/code>\u201d\uff0c\u67e5\u770b\u5bf9\u53e3\u4ee4\u52a0\u5bc6\u4f7f\u7528\u7684\u5bc6\u7801\u7b97\u6cd5\u3002<br \/>\n\u3010\u8bf4\u660e\uff1aLinux\u5728&quot;\/etc\/shadow&quot;\u4e2d\u5bf9\u53e3\u4ee4\u8fdb\u884c\u52a0\u5bc6\u5b58\u50a8\uff0c\u4f46\u6bcf\u4e2a\u7248\u672c\u4f7f\u7528\u7684\u52a0\u5bc6\u7b97\u6cd5\u4e0d\u4e00\u6837\uff0c\u4e3b\u8981\u6709\u4e09\u7c7b\uff1a$1\u8868\u793aMD5 ; $6 \u8868\u793aSHA-512 ; $5 SHA-256\u3002\u3011<br \/>\n\u6216\u8005\u4e3b\u673a\u64cd\u4f5c\u7cfb\u7edf\u4e0a\u90e8\u7f72\u4e86\u4fdd\u8bc1\u91cd\u8981\u6587\u4ef6\u673a\u5bc6\u6027\u7684\u7ec4\u4ef6\u6216\u8f6f\u4ef6\uff0c\u4fdd\u8bc1\u9274\u522b\u4fe1\u606f\u3001\u91cd\u8981\u914d\u7f6e\u6587\u4ef6\u7684\u4fdd\u5bc6\u6027\uff1b<br \/>\n\u9488\u5bf9\u5b58\u50a8\u8fc7\u7a0b\uff0c\u9274\u522b\u4fe1\u606f\u91c7\u7528MD5\u3001SHA-256\u3001SHA-512\u7b49\u5bc6\u7801\u7b97\u6cd5\uff08\u54c8\u5e0c\u7b97\u6cd5\uff09\u7684\u60c5\u51b5\uff0c\u53ef\u5224\u5b9a\u4e3a\u7b26\u5408\u3002<br \/>\n\u672a\u91c7\u7528\u5bc6\u7801\u7b97\u6cd5\u7684\uff0c\u5224\u4f8b\u573a\u666f\u5982\u4e0b\uff1a1\u3001\u9274\u522b\u6570\u636e\u660e\u6587\u5b58\u50a8\uff0c\u4f46\u7f51\u7edc\u53ef\u63a7\uff0c\u6709\u4e25\u683c\u7ba1\u7406\u63aa\u65bd\uff0c\u5224\u4e2d\u98ce\u9669\u3002<\/font><\/p>\n<hr \/>\n<h3><font color=\"#dd0000\" size=\"3\">8. \u6570\u636e\u5907\u4efd\u6062\u590d<\/font><br \/><\/h3>\n<hr \/>\n<p><font color=\"#0000dd\" size=\"2\">a)\u5e94\u63d0\u4f9b\u91cd\u8981\u6570\u636e\u7684\u672c\u5730\u6570\u636e\u5907\u4efd\u4e0e\u6062\u590d\u529f\u80fd\uff1b<\/font><br \/>\n<font size=\"2\">1\uff09\u6838\u67e5\u662f\u5426\u5bf9\u9274\u522b\u6570\u636e\u3001\u914d\u7f6e\u6570\u636e\uff08\u5982\uff1a\/etc\/pam.d\u3001\/etc\/passwd\u3001\/etc\/sudoers\u3001\/etc\/shadow\u3001\/etc\/ssh\/sshd_config\u7b49\uff09\u8fdb\u884c\u5907\u4efd\uff0c\u91c7\u7528\u4ec0\u4e48\u6570\u636e\u5907\u4efd\u65b9\u5f0f\uff1b<br \/>\n2\uff09\u6838\u67e5\u91cd\u8981\u914d\u7f6e\u6570\u636e\u7684\u5907\u4efd\u5468\u671f\u662f\u5426\u5408\u7406\uff0c\u5907\u4efd\u4f4d\u7f6e\u662f\u5426\u5408\u7406\uff1b<br \/>\n3\uff09\u6838\u67e5\u6570\u636e\u6062\u590d\u8bb0\u5f55\uff0c\u662f\u5426\u5b9a\u671f\u8fdb\u884c\u5907\u4efd\u6062\u590d\uff0c\u5907\u4efd\u6062\u590d\u662f\u5426\u6210\u529f\u3002<\/font><br \/>\n<font color=\"#0000dd\" size=\"2\">b)\u5e94\u63d0\u4f9b\u5f02\u5730\u5b9e\u65f6\u5907\u4efd\u529f\u80fd\uff0c\u5229\u7528\u901a\u4fe1\u7f51\u7edc\u5c06\u91cd\u8981\u6570\u636e\u5b9e\u65f6\u5907\u4efd\u81f3\u5907\u4efd\u3002<\/font><br \/>\n<font size=\"2\">\u670d\u52a1\u5668\u7684\u91cd\u8981\u914d\u7f6e\u6570\u636e\u65e0\u5f02\u5730\u5b9e\u65f6\u5907\u4efd\u9700\u6c42\uff0c\u4e0d\u9002\u7528\u3002<\/font><br \/>\n<font color=\"#0000dd\" size=\"2\">c)\u5e94\u63d0\u4f9b\u91cd\u8981\u6570\u636e\u5904\u7406\u7cfb\u7edf\u7684\u70ed\u5197\u4f59\uff0c\u4fdd\u8bc1\u7cfb\u7edf\u7684\u9ad8\u53ef\u7528\u6027\uff1b<\/font><br \/>\n<font size=\"2\">1\uff09\u8bbf\u8c08\u548c\u6838\u67e5\u662f\u5426\u662f\u91cd\u8981\u6570\u636e\u5904\u7406\u7cfb\u7edf\uff1b<br \/>\n2\uff09\u8bbf\u8c08\u548c\u6838\u67e5\u662f\u5426\u91c7\u53d6\u6280\u672f\u63aa\u65bd\u5b9e\u73b0\u70ed\u5197\u4f59\uff0c\u662f\u5426\u91c7\u7528\u6280\u672f\u63aa\u65bd\u4fdd\u8bc1\u7cfb\u7edf\u7684\u9ad8\u53ef\u7528\u6027\u3002<\/font><\/p>\n<hr \/>\n<h3><font color=\"#dd0000\" size=\"3\">9. \u5269\u4f59\u4fe1\u606f\u4fdd\u62a4<\/font><br \/><\/h3>\n<hr \/>\n<p><font color=\"#0000dd\" size=\"2\">b)\u5e94\u4fdd\u8bc1\u5b58\u6709\u654f\u611f\u6570\u636e\u7684\u5b58\u50a8\u7a7a\u95f4\u88ab\u91ca\u653e\u6216\u91cd\u65b0\u5206\u914d\u524d\u5f97\u5230\u5b8c\u5168\u6e05\u9664\uff1b<\/font><br \/>\n<font size=\"2\">1\uff09\u6267\u884c\u547d\u4ee4&quot;<code>more \/etc\/profile|grep HISTSIZE<\/code>&quot;\uff0c\u6838\u67e5history\u547d\u4ee4\u662f\u5426\u88ab\u7981\u7528\uff1b<br \/>\n\u3010\u6ce8\u3011\uff1a1\uff09HISTSIZE=0\u62161\u8868\u793aLinux\u7cfb\u7edf\u4e0d\u5b58\u50a8\u5386\u53f2\u64cd\u4f5c\u547d\u4ee4\uff0c\u5b58\u50a8\u654f\u611f\u6570\u636e\u7684\u5b58\u50a8\u7a7a\u95f4\u80fd\u88ab\u91ca\u653e<br \/>\n2\uff09HISTSIZE=\u5176\u4ed6\u6570\u636e\u8868\u793aLinux\u7cfb\u7edf\u5b58\u50a8\u5386\u53f2\u64cd\u4f5c\u547d\u4ee4<\/font><\/p>\n<pre><code class=\"language-bash\">root@ENST:~# history\n    1  20240820-135023:ifconfig\n    2  20240820-135405:vim \/etc\/ssh\/sshd_config \n    3  20240820-135445:\/etc\/init.d\/ssh restart\n    4  20240820-135527:mount \/dev\/sr0 \/mnt\n    5  20240820-135529:cd \/mnt\n    6  20240820-135530:ll\n    7  20240820-135533:.\/SMTX_VM_TOOLS_INSTALL.sh \n<\/code><\/pre>\n<hr \/>\n<h3><font color=\"#dd0000\" size=\"3\">10. \u4e2a\u4eba\u4fe1\u606f\u4fdd\u62a4<\/font><br \/><\/h3>\n<hr \/>\n<p><font color=\"#0000dd\" size=\"2\">a)\u5e94\u4ec5\u91c7\u96c6\u548c\u4fdd\u5b58\u4e1a\u52a1\u5fc5\u9700\u7684\u7528\u6237\u4e2a\u4eba\u4fe1\u606f\uff1b<\/font><\/p>\n<p><font color=\"#0000dd\" size=\"2\">b)\u5e94\u7981\u6b62\u672a\u6388\u6743\u8bbf\u95ee\u548c\u975e\u6cd5\u4f7f\u7528\u7528\u6237\u4e2a\u4eba\u4fe1\u606f\u3002<\/font><\/p>\n<p><font size=\"2\">\u6839\u636e\u30102021\u7248\u3011\u7f51\u5b89\u62a5\u544a\u6a21\u7248\u8981\u6c42\uff0c\u4e2a\u4eba\u4fe1\u606f\u5b89\u5168\u5728\u201c\u6570\u636e\u8d44\u6e90\u201d\u4e2d\u8fdb\u884c\u6d4b\u8bc4\uff0c\u6b64\u9879\u4e0d\u9002\u7528<\/font><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Centos\u64cd\u4f5c\u7cfb\u7edf\u7b80\u4ecb\uff1a CentOS\u662f\u4e00\u4e2a\u57fa\u4e8eLinux\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\uff0c\u4e8e2004\u5e74\u63a8\u51fa\u3002\u5b83\u662fRed Hat Enterpri &#8230;<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-350","post","type-post","status-publish","format-standard","hentry","category-4"],"_links":{"self":[{"href":"http:\/\/danielw.top\/index.php?rest_route=\/wp\/v2\/posts\/350","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/danielw.top\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/danielw.top\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/danielw.top\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/danielw.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=350"}],"version-history":[{"count":1,"href":"http:\/\/danielw.top\/index.php?rest_route=\/wp\/v2\/posts\/350\/revisions"}],"predecessor-version":[{"id":351,"href":"http:\/\/danielw.top\/index.php?rest_route=\/wp\/v2\/posts\/350\/revisions\/351"}],"wp:attachment":[{"href":"http:\/\/danielw.top\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=350"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/danielw.top\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=350"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/danielw.top\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=350"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}