等保测评常用命令

数据库测评

Oracle安全测评

登陆方法

终端输入：sqlplus

输入账号密码

口令复杂度

select limit from dba_profiles where profile='DEFAULT' and resource_name='PASSWORD_VERIFY_FUNCTION';

口令长度

utlpwdmg.sql存放位置$ORACLE_HOME/rdbms/admin

cat utlpwdmg.sql | grep length

口令定期周期

select limit from dba_profiles where profile='DEFAULT' and resource_name='PASSWORD_LIFE_TIME';

登陆失败限制策略

select limit from dba_profiles where profile='DEFAULT' and resource_name='FAILED_LOGIN_ATTEMPTS';

登陆失败锁定策略

select limit from dba_profiles where profile='DEFAULT' and resource_name='PASSWORD_LOCK_TIME';

登陆超时退出策略

select limit from dba_profiles where profile='DEFAULT' and resource_name='IDLE_TIME';

是否启用加密协议

cat $ORACLE_HOME/netwotk/admin/listener.ora

TCPS

cat $ORACLE_HOME/network/admin/tnsnames.ora

cat $ORACLE_HOME/network/admin/sqlnet.ora

示例文件路径：

$ORACLE_HOME/network/admin/samples/

弱口令

system：manager

sys：CHANGE_ON_INSTALL

oracle：oracle/admin/ora+版本号

system：oracle/admin

查看范例数据库账号

select username, account_status from dba_users;

是否创建了策略

select policy_name, status from DBA_SA_POLICIES;

是否创建了级别

select * from dba_sa_level order by level_num;

查看标签创建情况

select * from dba_sa_labels;

查看策略与模式、表的对应关系

select * from dba_sa_tables_policies;

是否开启审计功能

select value from v$parameter where name='audit_trail';

查询日志文件的位置

show parameter dump_dest;

查看数据库、表空间、对象的日志记录模式

select log_mode,force_logging from v$database;

select tablespace_name, logging,force_logging from dba_tablespaces;

select table_name,logging from user_tables;

检查审计权限是否被严格限制

alter system set audit_trail=none

限制远程链接IP地址

查看sqlnet.ora文件中的 tcp.validnode_checking、tcp、invited_nodes的配置参数

cat sqlnet.ora | grep tcp.avalidnode

查看oracle补丁安装情况

opatch lspatches

MySQL安全测评

查询账号

select user,host from mysql.user;

查询是否存在空口令用户

MySQL5.7之前：

select * from mysql.user where length(password) = 0 or password is null;

MySQL5.7之后：

select * from mysql.user where length(authentication_string)= 0 or authentication_string is null;

查看用户口令复杂度配置

show variables like 'validate%';

SHOW VARIABLES LIKE '%password%';

查看登陆失败处理功能

show variables like '%max_connect_errors%';

show variables like '%timeout%';

查看远程管理是否启用加密

show variables like '%have_ssl%';

查看账户分配和权限

select user,host from mysql.user;

show grants for 'xxxx'@'localhost';

查看root账户是否被重命名或删除

select user,host from mysql.user;

查看无关账户

select * from mysql.user where user=' ';

select user,host from mysql.user;

查看访问控制权限

select * from mysql.user\G;

select * from mysql.db\G;

select * from mysql.tables_priv\G;

select * from mysql.columns_priv\G;

查看日志内容

show variables like 'log_%';

查看用户登陆IP

show grants for root@localhost;

查看补丁安装情况

show variables where variable_name like "version";

操作系统测评

Linux测评

查看登录密码设置规则

cat /etc/login.defs

cat /etc/pam.d/login

查看是否配置登陆失败处理功能

cat /etc/pam.d/login 或 cat /etc/pam.d/system-auth

cat /etc/pam.d/sshd

查看远程登录

service --status-all | grep sshd

netstat -ant | grep 22

service --status-all | grep running

查看是否存在默认账户

cat /etc/shadow

查看root用户是否能远程登录

cat /etc/ssh/sshd_config

查看安全审计的守护进程

service auditd status

service rsyslog status

ps -ef |grep auditd

查看安全事件的配置

grep "@priv-ops" /etc/audit/filter.conf

more /etc/audit/audit.rules

cat /etc/hosts.allow

cat /etc/hosts.deny