TOP

Linux 系统安全相关(四)
2019-09-06 00:27:20 】 浏览:396次 本网站的内容取自网络,仅供学习参考之用,绝无侵犯任何人知识产权之意。如有侵犯请您及时与本人取得联系,万分感谢。
Tags:Linux 系统 安全 相关

host ~]$ sudo ifconfig ens33 192.168.128.188 We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for lisi: lisi is not in the sudoers file. This incident will be reported.
[lisi@localhost ~]$ ifconfig ens33
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.128.133  netmask 255.255.255.0  broadcast 192.168.128.255
        inet6 fe80::7d96:e043:e371:4943  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:5b:e0:09  txqueuelen 1000  (Ethernet)
        RX packets 32410  bytes 36735375 (35.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 13598  bytes 1141821 (1.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

3.使用root用户编辑/etc/sudoers,给lisi添加授权。

[root@localhost ~]# visudo
lisi localhost=/sbin/ifconfig

4.使用lisi用户再次尝试修改地址,成功修改。

[lisi@localhost ~]$ sudo ifconfig ens33 192.168.128.188
[sudo] password for lisi:
[lisi@localhost ~]$ ifconfig ens33
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.128.188  netmask 255.255.255.0  broadcast 192.168.128.255
        inet6 fe80::7d96:e043:e371:4943  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:5b:e0:09  txqueuelen 1000  (Ethernet)
        RX packets 33575  bytes 36955964 (35.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 13975  bytes 1187393 (1.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

5.使用sudo -l可以查看自己的sudo配置。

[lisi@localhost ~]$ sudo -l
[sudo] password for lisi:
Matching Defaults entries for lisi on localhost:
    !visiblepw, always_set_home, match_group_by_gid, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME
    LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",
    env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User lisi may run the following commands on localhost:
    (root) /sbin/ifconfig

GRUB 密码

默认情况下,CentOS 7启动时,是可以随意进入GRUB菜单修改引导参数的,为了安全,可以对其设置密码,只有拥有相应的用户与密码才可以进入。

Demo

1.备份需要修改的GRUB配置文件。

[root@localhost ~]# cp -p /boot/grub2/grub.cfg /boot/grub2/grub.cfg.bak
[root@localhost ~]# cp -p /etc/grub.d/00_header /etc/grub.d/00_header.bak

2.创建一个GRUB密码备用。

[root@localhost ~]# grub2-mkpasswd-pbkdf2
Enter password:
Reenter password:
PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.017517DF1145EF0A839EDB3E53A8D3E598D8E8477AFDC778DE66A97966F486B7C6017910C5BF1FAC9882F84E1F8697B56AB5E833480D616A7B28D4BA9F6C5B38.6C0516B81FDFF2382B3AA0FB700FA7FD716DF8B83EBA727349C36BEB9498201B795714429AA09641005C6A176324D16EB7FE63088D393FE1695269E34D20A3F3

3.修改/etc/grub.d/00_header,加入用户与对应的密码。

[root@localhost ~]# vim /etc/grub.d/00_header
cat << EOF
set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000.017517DF1145EF0A839EDB3E53A8D3E598D8E8477AFDC778DE66A97966F486B7C6017910C5BF1FAC9882F84E1F8697B56AB5E833480D616A7B28D4BA9F6C5B38.6C0516B81FDFF2382B3AA0FB700FA7FD716DF8B83EBA727349C36BEB9498201B795  
		

请关注公众号获取更多资料


Linux 系统安全相关(四) https://www.cppentry.com/bencandy.php?fid=103&id=250228

首页 上一页 1 2 3 4 5 6 7 下一页 尾页 4/8/8
】【打印繁体】【投稿】【收藏】 【推荐】【举报】【评论】 【关闭】 【返回顶部
上一篇openldap 之 客户端部署 下一篇VMware虚拟机安装Linux系统详细教..

评论

验 证 码:
表  情:
内  容: