Lynis:面向Linux系统的安全审查和扫描工具

 

Lynis是一款功能非常强大的开源审查工具,面向类似Unix/Linux的操作系统。它可以扫描系统,查找安全信息、一般的系统信息、已安装软件及可用软件信息、配置错误、安全问题、没有设密码的用户帐户、错误的文件许可权限以及防火墙审查等。

Lynis是一款功能非常强大的开源审查工具,面向类似Unix/Linux的操作系统。它可以扫描系统,查找安全信息、一般的系统信息、已安装软件及可用软件信息、配置错误、安全问题、没有设密码的用户帐户、错误的文件许可权限以及防火墙审查等。

Lynis 2.2.0 :面向Linux系统的安全审查和扫描工具

Lynis是最可靠的自动化审查工具之一,可用于基于Unix/Linux的系统中的软件补丁管理、恶意软件扫描和安全漏洞检测。这款工具适用于审查人员、网络及系统管理员、安全专家和渗透测试人员。

经过几个月开发后,现在发布了一个新的主要升级版:Lynis 2.2.0,它随带一些新的功能和测试以及许多小的改进之处。我鼓励所有Linux用户测试并升级到Lynis的这个最新版本。

我们在本文中将介绍在Linux系统中如何使用tarball源文件安装Lynis 2.2.0(Linux审查工具)。 继续阅读

Nginx配置WebService、MySQL、SQL Server、ORACLE等代理

nginx配置webservice

#user  nobody;
worker_processes  4;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    upstream esbServer {   
        server 127.0.0.1:8083 weight=1 max_fails=2 fail_timeout=30s;   
    }

    #gzip  on;

    server {
        listen       8081;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location /ladder_web {
            proxy_set_header X-real-ip $remote_addr;
            proxy_pass http://esbServer;
        }

       
    }

}

nginx 配置mysql代理 — 基于nginx1.9以上 stream module 继续阅读

理解 Python 装饰器

讲 Python 装饰器前,我想先举个例子,虽有点污,但跟装饰器这个话题很贴切。

每个人都有的内裤主要功能是用来遮羞,但是到了冬天它没法为我们防风御寒,咋办?我们想到的一个办法就是把内裤改造一下,让它变得更厚更长,这样一来,它不仅有遮羞功能,还能提供保暖,不过有个问题,这个内裤被我们改造成了长裤后,虽然还有遮羞功能,但本质上它不再是一条真正的内裤了。于是聪明的人们发明长裤,在不影响内裤的前提下,直接把长裤套在了内裤外面,这样内裤还是内裤,有了长裤后宝宝再也不冷了。装饰器就像我们这里说的长裤,在不影响内裤作用的前提下,给我们的身子提供了保暖的功效。 继续阅读

Command Line-Version (SetACL.exe) – Syntax and Description

For a quick start, tell SetACL the following:

  • Object name (-on): This is the path to the object SetACL should operate on (file/directory/registry key/network share/service/printer).
  • Object type (-ot): What kind of object does the object name refer to: file or directory (file), registry key (reg), service (srv), printer (prn), network share (shr)?
  • Action (-actn): What should SetACL do with the object specified?

Example:

SetACL.exe -on c:\Windows -ot file -actn list

SetACL.exe -on c:\Windows -ot file -actn list

This lists the permissions set on the Windows directory in the default list format (CSV).

Have a look at the examples section to get an idea what more complex commands look like. 继续阅读

Makefiles Tutorial

GNU Make is key utility in building applications.It is available on any operating systems. Its main purpose is to determine automatically which pieces of a program need to be recompiled, and issue the commands to build them

While working with open source project, Make is the common tool because almost any IDE can work with it. Make is a very powerful tool – in one command you can issue a series of tasks and working with it can make developers life easier. 继续阅读

CentOS / RHEL 7 : How to disable IPv6

https://wiki.centos.org/FAQ/CentOS7

Upstream employee Daniel Walsh recommends not disabling the ipv6 module, as that can cause issues with SELinux and other components, but adding the following to /etc/sysctl.conf:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

To disable in the running system:

echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
echo 1 > /proc/sys/net/ipv6/conf/default/disable_ipv6

or

sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1

Additional note #1: If problems with X forwarding are encountered on systems with IPv6 disabled, edit /etc/ssh/sshd_config and make either of the following changes:

(1) Change the line

#AddressFamily any

to

AddressFamily inet

(inet is ipv4 only; inet6 is ipv6 only)

or

(2) Remove the hash mark (#) in front of the line

#ListenAddress 0.0.0.0

Then restart ssh.

Additional note #2: If problems with starting postfix are encountered on systems with IPv6 disabled, either

(1) edit /etc/postfix/main.cf and comment out the localhost part of the config and use ipv4 loopback.

#inet_interfaces = localhost
inet_interfaces = 127.0.0.1

or

(2) take out the ipv6 localhost from /etc/hosts .

Additional Note #3 : To disable RPCBIND ipv6 (rpcbind, rpc.mountd, prc.statd) remark out the udp6 and tcp6 lines in /etc/netconfig:

udp        tpi_clts      v     inet     udp     -       -
tcp        tpi_cots_ord  v     inet     tcp     -       -
#udp6       tpi_clts      v     inet6    udp     -       -
#tcp6       tpi_cots_ord  v     inet6    tcp     -       -
rawip      tpi_raw       -     inet      -      -       -
local      tpi_cots_ord  -     loopback  -      -       -
unix       tpi_cots_ord  -     loopback  -      -       -

继续阅读

How To Setup SSH Keys on a Linux / Unix System

I recently read that SSH keys provide a secure way of logging into a Linux and Unix-based server. How do I set up SSH keys on a Linux or Unix based systems? In SSH for Linux/Unix, how do I set up public key authentication?

I am assuming that you are using Linux or Unix-like server and client with the following software:

  • OpenSSH SSHD server
  • OpenSSH ssh client and friends on Linux (Ubuntu, Debian, {Free,Open,Net}BSD, RHEL, CentOS, MacOS/OSX, AIX, HP-UX and co).

继续阅读

SSL证书格式转换工具

一. 转换PEM 证书

PEM to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

PEM to P7B

openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b 
-certfile CACert.cer

PEM to PFX

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in 
certificate.crt -certfile CACert.crt

二. 转换P7B 证书

继续阅读

How to change Registry Permissions with RegIni.exe (VBScript)

Today I’ll show how we can set the following permissions on a registry key with RegIni.exe and a VBScript:

– Creator Owner Full Control
– Users Full Control
– Power Users Full Control
– Administrators Full Control
– System Full Control

I will set the permissions here for testing purposes:

– HKEY_CLASSES_ROOT\AlejaCMaTypelib
– HKEY_LOCAL_MACHINE\Software\AlejaCMaCo\AlejaCMaApp

And for that I will need to create a special regini.exe script which will have the following contents:

HKEY_LOCAL_MACHINE\Software\Classes\AlejaCMaTypelib [1 5 7 11 17]
HKEY_LOCAL_MACHINE\Software\AlejaCMaCo\AlejaCMaApp [1 5 7 11 17]

Notes:
– With regini.exe I won’t be able to set Users Full Control, but Everyone Full Control.
– HKEY_CLASSES_ROOT = HKEY_LOCAL_MACHINE\Software\Classes 继续阅读

Webshell中的不死僵尸删除方法:解决“删除文件或文件夹时出错,无法删除找不到指定文件”

正 文:

今天有客户网站中毒,遂从FTP下载所谓木马文件,本地运行后,生成一个com7.h.asp的文件,在图形界面下无论如何都无法删除。提示“删除文件或文件夹时出错,无法删除 com7.h : 找不到指定文件”。     其实这是利用系统保留文件名来创建无法删除的webshell。

Webshell中的不死僵尸删除方法:解决“删除文件或文件夹时出错,无法删除找不到指定文件”

Windows 下不能够以下面这些字样来命名文件/文件夹:
aux|prn|con|nul|com1|com2|com3|com4|com5|com6|com7|com8|com9|lpt1|lpt2|lpt3|lpt4|lpt5|lpt6|lpt7|lpt8|lpt9    但是通过cmd的copy命令即可实现:

D:\>copy piaoyi.asp \\.\D:\lpt6.piaoyi.asp    前面必须有 \\.\

这类文件无法在图形界面删除,只能在命令行下删除:

D:\>del “\\.\D:\lpt6.piaoyi.asp”
D:\>del “\\.\D:\lpt3.1.asp;.jpg”

如果提示找不到文件错误,则可以先解除RHSA只读属性:

D:\>attrib -s -h -r “\\.\D:\lpt3.1.asp;.jpg”
D:\>del “\\.\D:\lpt3.1.asp;.jpg”

注意:因为路径中有分号; 所以需要用双引号,否则,路径找不到。
然而在IIS中,这种文件又是可以解析成功的。Webshell中的 “不死僵尸” 原理就在这。     删除这类文件可以用下面的方法:
最简单也是最方便的,通过命令删除:

del /f /a /q \\?\%1
rd /s /q \\?\%1

把上面的命令保存为.bat后缀名称的文件,然后把不能删除的文件或者文件夹拖到bat文件上就可以。