其他
【运维必看】Linux安全运维准则
查找文件:find / -type f -perm -2 -o -perm -20 |xargs ls -al 查找目录:find / -type d -perm -2 -o -perm -20 |xargs ls –ld
find / -type f -perm -4000 -o -perm -2000 -print | xargs ls –al
find / -user root -perm -2000 -print -exec md5sum {} ; find / -user root -perm -4000 -print -exec md5sum {} ;
find / -nouser -o –nogroup
[root@server ~]# mv /var/tmp/* /tmp [root@server ~]# ln -s /tmp /var/tmp
[root@server ~]# dd if=/dev/zero of=/dev/tmpfs bs=1M count=10000 [root@server ~]# mke2fs -j /dev/tmpfs [root@server ~]# cp -av /tmp /tmp.old [root@server ~]# mount -o loop,noexec,nosuid,rw /dev/tmpfs /tmp [root@server ~]# chmod 1777 /tmp [root@server ~]# mv -f /tmp.old/* /tmp/ [root@server ~]# rm -rf /tmp.old
/dev/tmpfs /tmp ext3 loop,nosuid,noexec,rw 0 0
[root@server chkrootkit]# /usr/local/chkrootkit/chkrootkit Checking `ifconfig'... INFECTED Checking `ls'... INFECTED Checking `login'... INFECTED Checking `netstat'... INFECTED Checking `ps'... INFECTED Checking `top'... INFECTED Checking `sshd'... not infected Checking `syslogd'... not tested
检测rootkit使用的二进制和系统工具文件 检测特洛伊木马程序的特征码 检测常用程序的文件属性是否异常 检测系统相关的测试 检测隐藏文件 检测可疑的核心模块LKM 检测系统已启动的监听端口
[root@server ~]# /usr/local/bin/rkhunter --check --skip-keypress
30 09 * * * root /usr/local/bin/rkhunter --check --cronjob
[root@server ~]# pidof sshd 13276 12942 4284
[root@server ~]# ls -al /proc/13276/exe lrwxrwxrwx 1 root root 0 Oct 4 22:09 /proc/13276/exe -> /usr/sbin/sshd
[root@server ~]# ls -al /proc/13276/fd
[root@server ~]# rpm -Va ....L... c /etc/pam.d/system-auth S.5..... c /etc/security/limits.conf S.5....T c /etc/sysctl.conf S.5....T /etc/sgml/docbook-simple.cat S.5....T c /etc/login.defs S.5..... c /etc/openldap/ldap.conf S.5....T c /etc/sudoers
信息时代,怎能不关注网络安全?