Linux 常见安全检查方法

  • A+
所属分类:Linux
高性能企业级服务器首台5折

本文就云服务器 ECS Linux 常见安全检查方法进行概要说明:

一、检查系统密码文件,查看文件修改日期


1
<span class="hljs-meta">#</span><span class="bash"> ls -l /etc/passwd</span>

二、查看 passwd 文件中有哪些特权用户


1
<span class="hljs-meta">#</span><span class="bash"> awk -F: <span class="hljs-string">'$3==0 {print $1}'</span> /etc/passwd</span>

三、查看系统里有没有空口令帐户


1
# awk -F: '<span class="hljs-built_in">length</span>(<span class="hljs-variable">$2</span>)==0 {<span class="hljs-keyword">print</span> <span class="hljs-variable">$1}</span>' /etc/shadow

四、检查系统守护进程


1
# <span class="hljs-keyword">cat</span> /etc/inetd.<span class="hljs-keyword">conf</span> | <span class="hljs-keyword">grep</span> -v <span class="hljs-string">"^#"</span>

五、检查网络连接和监听端口


1
2
3
<span class="hljs-meta">#</span><span class="bash"> netstat –an</span>
<span class="hljs-meta">#</span><span class="bash"> netstat –rn</span>
<span class="hljs-meta">#</span><span class="bash"> ifconfig –a</span>

六、查看正常情况下登录到本机的所有用户的历史记录


1
<span class="hljs-meta">#</span><span class="bash"> last</span>

七、检查系统中的 core 文件


1
<span class="hljs-meta">#</span><span class="bash"> find / -name core -<span class="hljs-built_in">exec</span> ls -l {} \;</span>

八、检查系统文件完整性


1
2
3
4
<span class="hljs-meta">#</span><span class="bash"> rpm –qf /bin/ls</span>
<span class="hljs-meta">#</span><span class="bash"> rpm -qf /bin/login</span>
<span class="hljs-meta">#</span><span class="bash"> md5sum –b 文件名</span>
<span class="hljs-meta">#</span><span class="bash"> md5sum –t 文件名</span>

九、查找是否有后门


1
2
3
4
5
6
<span class="hljs-meta">#</span><span class="bash"> cat /etc/crontab</span>
<span class="hljs-meta">#</span><span class="bash"> ls /var/spool/cron/</span>
<span class="hljs-meta">#</span><span class="bash"> cat /etc/rc.d/rc.local</span>
<span class="hljs-meta">#</span><span class="bash"> ls /etc/rc.d</span>
<span class="hljs-meta">#</span><span class="bash"> ls /etc/rc3.d</span>
<span class="hljs-meta">#</span><span class="bash"> find / -<span class="hljs-built_in">type</span> f -perm 4000</span>

 

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: