#to delete a directory ,need to own w right to parent directory.
#rpm management
#ifdown eth0; ifup eth0
#comm symmetric encription
gpg-c install.log
gpg -d install.log.pgp
-----------
passwd
------------
openssl
--------------
#Asymmertric encryption I
based upon pubic/private key pair
recipient
Generate pub/pri
publish pub p , guard pri key s
sender
encrypts messages M with reciepeint public key
send P(M) to recipient
recipient
decrypts with secret key to recover: M = S(P(M))
---------------------------
#Asymmertric encryption II
Digital signature
sender
Generate P /S
publish P , Guard S
encryt message M with S
send recipient S(M)
recipient
decrpt with sender's S
---------------------------------
# public Key infrastructures
---------------------
Openssh
vi /etc/ssh/sshd_config
#PermitRootlogin yes
better change to no
#X11Forwarding yes
default open this one in redhat
#TCPkeepAlive yes
defalut should be no
#Allowusers user1, user2
#Denyusers
think of 2 ways when consider access restriction.
1. based on user's accessing control
2. based on host's accessing control
-------------
Port forwarding
ssh and sshd can forward TCP traffic
Obtuse syntax can be confusing
-L clientport: host: hostport
-R serverport: host : hostport
Can be used to bypass access controls
requess succuesful authtication t oremote sshd by client
AllowTcpForwarding
station 1 is server with telnet service
ssh -L 5000:station1:23 root@station1
create a channel to establish a connection , one way encypt by forwading
by ssh
------------
RPM
GPG public signature
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat*
rpm --checksig package_file name (or -K)
------------------------
SELinux
default context checking
#semanage -l fcontext |grep '/etc/tm'
check sebool value
#getsebool -a | grep mail | grep 'on$'
troubleshooting if selinux block us
check log file in : /var/log/messages
man -k selinux
service setroubleshoot status
rpm -q setroubleshoot
-----------------
# iptables basic operation
iptables -t filter -D INPUT 4
#transport protocol and port
-p tcp --dport 80
-p udp --sport 53
iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT
#service iptables stop
just flushing firewall rules:
vi /etc/rc.d/rc.local
#iptables -F
#iptables -F -t nat
#iptables -Z
#iptables -P INPUT DROP
#iptables -P
#rpm management
#ifdown eth0; ifup eth0
#comm symmetric encription
gpg-c install.log
gpg -d install.log.pgp
-----------
passwd
------------
openssl
--------------
#Asymmertric encryption I
based upon pubic/private key pair
recipient
Generate pub/pri
publish pub p , guard pri key s
sender
encrypts messages M with reciepeint public key
send P(M) to recipient
recipient
decrypts with secret key to recover: M = S(P(M))
---------------------------
#Asymmertric encryption II
Digital signature
sender
Generate P /S
publish P , Guard S
encryt message M with S
send recipient S(M)
recipient
decrpt with sender's S
---------------------------------
# public Key infrastructures
---------------------
Openssh
vi /etc/ssh/sshd_config
#PermitRootlogin yes
better change to no
#X11Forwarding yes
default open this one in redhat
#TCPkeepAlive yes
defalut should be no
#Allowusers user1, user2
#Denyusers
think of 2 ways when consider access restriction.
1. based on user's accessing control
2. based on host's accessing control
-------------
Port forwarding
ssh and sshd can forward TCP traffic
Obtuse syntax can be confusing
-L clientport: host: hostport
-R serverport: host : hostport
Can be used to bypass access controls
requess succuesful authtication t oremote sshd by client
AllowTcpForwarding
station 1 is server with telnet service
ssh -L 5000:station1:23 root@station1
create a channel to establish a connection , one way encypt by forwading
by ssh
------------
RPM
GPG public signature
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat*
rpm --checksig package_file name (or -K)
------------------------
SELinux
default context checking
#semanage -l fcontext |grep '/etc/tm'
check sebool value
#getsebool -a | grep mail | grep 'on$'
troubleshooting if selinux block us
check log file in : /var/log/messages
man -k selinux
service setroubleshoot status
rpm -q setroubleshoot
-----------------
# iptables basic operation
iptables -t filter -D INPUT 4
#transport protocol and port
-p tcp --dport 80
-p udp --sport 53
iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT
#service iptables stop
just flushing firewall rules:
vi /etc/rc.d/rc.local
#iptables -F
#iptables -F -t nat
#iptables -Z
#iptables -P INPUT DROP
#iptables -P
转载于:https://blog.51cto.com/johnnyxing/409651