第1章 知识概述
提纲:
各种命令
与用户有关的文件和目录
如何让普通用户具有root用户的权限
行为审计
1.1 用户的分类
root用户 皇帝 UID:0
特点:权限最高 想干啥就干啥
虚拟用户 (傀儡) UID:1-499
特点:每个服务、程序运行的时+候都需要一个用户
傀儡用户不需要用来登录系统(无法登陆)
傀儡用户
grep nobody /etc/passwd
su - nobody
[root@test ~]# grep nobody /etc/passwd
nobody:x:99:99:Nobody:/:/sbin/nologin #虚拟用户的命令解释器与普通用户的不同
[root@test ~]# su - nobody
This account is currently not available.
[root@test ~]# grep mysql /etc/passwd
mysql:x:503:503::/home/mysql:/sbin/nogin/
[root@test ~]# su - mysql
su: warning: cannot change directory to/home/mysql: No such file or directory
su: /sbin/nogin/: No such file or directory
普通用户 贫民 UID:500+(UID从500开始)
[root@test ~]# grep baoge /etc/passwd
baoge:x:505:505::/home/baoge:/bin/bash
特点:可以登录系统,但执行命令时需要授权才行
1.2 与用户有关的文件或目录
1.2.1 与用户有关的文件
/etc/passwd ###存放用户的信息
/etc/shadow ###存放用户密码信息
/etc/group ###存放用户组的信息
/etc/gshadow ###存放用户组密码信息
ls-l /etc/passwd /etc/shadow /etc/group /etc/gshadow
[root@test ~]# ls -l /etc/passwd /etc/shadow /etc/group /etc/gshadow
-rw-r--r-- 1 root root 625 Nov 17 00:17 /etc/group
---------- 1 root root 509 Nov 17 00:17 /etc/gshadow
-rw-r--r-- 1 root root 1215 Nov 17 00:17/etc/passwd
---------- 1 root root 1099 Nov 17 00:18/etc/shadow
###当往系统里添加一个用户后可以看到这四个文件的修改时间发生了改变
[root@test ~]# ls -l /etc/passwd /etc/shadow /etc/group /etc/gshadow
-rw-r--r-- 1 root root 642 Nov 18 05:45 /etc/group
---------- 1 root root 523 Nov 18 05:45 /etc/gshadow
-rw-r--r-- 1 root root 1262 Nov 18 05:45/etc/passwd
---------- 1 root root 1131 Nov 18 05:45/etc/shadow
###/etc/passwd文件每一列的意思
[root@test ~]# head -2 /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
用户名:密码:UID:GID:用户的说明信息:家目录:用户使用的shell/命令解释器
###/etc/shadow文件内容存放用户真实的密码
[root@test /]# head -5 /etc/shadow
root:$6$HNvpPdkF3RQwb5.I$XIvA1gY0NdjayrekrQXYtj33TPX16TiRHNr4a1PVHEiulhiwfib1msnUtR43ReZCij1M5ibNs/1cFCVCVMaIg/:17486:0:99999:7:::
bin:*:17246:0:99999:7:::
daemon:*:17246:0:99999:7:::
adm:*:17246:0:99999:7:::
lp:*:17246:0:99999:7:::
###/etc/group文件内容
[root@test /]# head -5 /etc/group
root:x:0:
bin:x:1:bin,daemon
daemon:x:2:bin,daemon
sys:x:3:bin,adm
adm:x:4:adm,daemon
###/etc/gshadow文件内容
[root@test /]# head -5 /etc/gshadow
root:::
bin:::bin,daemon
daemon:::bin,daemon
sys:::bin,adm
adm:::adm,daemon
###系统中可以使用的命令解释器
[root@test ~]# cat /etc/shells
/bin/sh
/bin/bash
/sbin/nologin
/bin/dash
/bin/tcsh
/bin/csh
###/bin/sh与/bin/bash的关系
[root@test ~]# ls -l /bin/sh /bin/bash
-rwxr-xr-x 1 root root942200 Mar 23 2017 /bin/bash
lrwxrwxrwx. 1 root root 4 Nov 16 13:45 /bin/sh -> bash
/bin/sh是/bin/bash的软链接 但是给用户设置命令解释器时不能设置为/bin/sh
1.2.2 与用户有关的目录
/etc/skel所有新用户老家的模板
/etc/skel目录中有什么 我们添加一个新用户的家目录中就有什么
添加新用户的时候系统会把目录中的文件复制到新用户家里
[root@test /]# ls -l /etc/skel
total 0
###显示目录中的隐藏文件 参数-a的作用
[root@test /]# ls -a /etc/skel
. .. .bash_logout .bash_profile .bashrc
显示目录中的隐藏文件的详细信息
[root@test /]# ls -la /etc/skel
total 20
drwxr-xr-x. 2 root root 4096 Nov 16 13:45 .
drwxr-xr-x. 78 root root 4096 Nov 16 23:09 ..
-rw-r--r--. 1 root root 18 Mar 23 2017 .bash_logout
-rw-r--r--. 1 root root 176 Mar 23 2017 .bash_profile #/etc/profile 用户自己的环境变量和别名
-rw-r--r--. 1 root root 124 Mar 23 2017 .bashrc #/etc/bashrc 别名 这个用户生效
1.2.2.1【企业故障案例1】登录用户时出现-bash-4.1$怎么解决??
故障模拟
###切换到alex用户下
[root@test ~]# su - alex
###发疯打自己
###或者rm-rf .bash* rm ~/.* -fr
[alex@test ~]$ rm -rf /*
rm: cannot remove `/bin/false': Permission denied
rm: cannot remove `/bin/stty': Permission denied
rm: cannot remove `/bin/unicode_start': Permissiondenied
rm: cannot remove `/bin/kill': Permission denied
rm: cannot remove `/bin/traceroute6': Permissiondenied
rm: cannot remove `/bin/cpio': Permission denied
rm: cannot remove `/bin/env': Permission denied
......
rm: cannot remove `/var/cache/man/X11R6/cat9':Permission denied
rm: cannot remove `/var/cache/man/cat1':Permission denied
rm: cannot remove `/var/cache/man/cat9':Permission denied
rm: cannot remove `/var/cache/abrt-di': Permissiondenied
rm: cannot remove `/var/cache/ldconfig':Permission denied
rm: cannot remove `/var/account/pacct': Permissiondenied
rm: cannot remove `/var/empty/sshd': Permissiondenied
[alex@test ~]$ su root
Password:
[root@test alex]#
###再次进到alex用户下可以发现故障出现了
[root@test alex]# su - alex
-bash-4.1$
-bash-4.1$ pwd
/home/alex
-bash-4.1$ ls
-bash-4.1$ whoami
alex
-bash-4.1$ ls -l /data
total 0
-bash-4.1$ ls -ld /data
drwxr-xr-x. 2 root root 4096 Nov 16 13:56 /data
-bash-4.1$ ls -l /home
total 16
drwx------ 2 alex alex 4096 Nov 18 06:13 alex
drwx------ 2 baoge baoge 4096 Nov 17 00:05 baoge
drwx------ 2 oldboy oldboy 4096 Nov 17 10:04 oldboy
drwx------ 2 xiaoyanzi xiaoyanzi 4096 Nov 18 05:45xiaoyanzi
可以发现命令可以用
原因与解决办法
原因:与用户环境变量有关的文件被删除
解决办法:从哪里复制一份/etc/skel /home/oldboy
退出有问题的用户重新登录
[root@test alex]# su - alex
-bash-4.1$
-bash-4.1$ cp /etc/skel/.bash* ~
-bash-4.1$ logout
[root@test alex]#
###问题已经解决
[root@test alex]# su alex
[alex@test ~]$
1.2.2.2以点开头的文件或目录
###国法
/etc/profile √
/etc/bashrc
###家规
~/.bash_profile
~/.bashrc
1.3 linux系统用户管理(与用户有关的命令)
查看当前linux系统的版本、内核等信息,命令如下
查看系统版本号
cat /etc/redhat-release
查看系统版本号
[root@test /]# cat /etc/redhat-release
CentOS release 6.9 (Final)
查看内核版本号
[root@test /]# uname -r
2.6.32-696.el6.x86_64
表示系统是64位
[root@test /]# uname -m
x86_64
1.3.1 useradd添加用户
添加普通用户
[root@test /]# useradd oldboy
[root@test /]# id oldboy
uid=504(oldboy) gid=504(oldboy) groups=504(oldboy)y
uid=890(oldboy) gid=890(oldboy) groups=890(oldboy)
命令参数:
-u 指定用户的UID(数字 唯一相当于人的×××号)
-s 指定用户使用的shell(命令解释器)
/bin/sh 默认的shell
/sbin/nologin 虚拟用户(傀儡用户)的shell
-M 表示不创建家目录一般创建虚拟用户使用
-g 指定用户属于的组(组的名字)
###创建虚拟用户
[root@test baoge]# useradd -u 888 -s /sbin/nologin-M mysql888
[root@testbaoge]# id mysql888
uid=888(mysql888) gid=888(mysql888)groups=888(mysql888)
### -s /sbin/nologin 不让这个用户登录系统
[root@test baoge]# grep mysql888 /etc/passwd
mysql888:x:888:888::/home/mysql888:/sbin/nologin
[root@test baoge]# ls /home/mysql888
ls: cannot access /home/mysql888: No such file or directory
问题:
[root@test baoge]# useradd -u 888 -s /sbin/nologin-M mysql777
useradd: UID 888 is not unique
表示用户的UID 888不是唯一的已经被占用 此时应该换一个UID号就可解决这个问题
[root@test baoge]# useradd -u 889 -s /sbin/nologin -M mysql777
[root@test baoge]# id mysql777
uid=889(mysql777) gid=889(mysql777) groups=889(mysql777)
[root@test baoge]# useradd -s /sbin/nologin -M mysql
Creating mailbox file: File exists
[root@test baoge]# id mysql
uid=890(mysql) gid=890(mysql) groups=890(mysql)
[root@test baoge]# ls /home/
alex baoge oldboy xiaoyanzi
[root@test baoge]# ls /home/mysql
ls: cannot access /home/mysql: No such file or directory
1.3.2 userdel删除用户
在/etc/passwd中注释掉这个用户的一行也相当于把这个用户删除了
userdel默认不删除用户的家目录和邮箱
-r 递归删除与用户有关的所有信息(家目录)
1.3.3 usermod 修改用户的信息(已经存在的用户)
-s 修改用户使用的shell
-g 属于的家庭
-c 给用户添加说明信息
-stdin 从管道中获取用户的密码(非交互式设置的密码)
[root@test ~]# su mysql
This account is currently not available.
[root@test ~]# grep mysql /etc/passwd
mysql:x:890:890::/home/mysql:/sbin/nologin
[root@test ~]# grep mysql /etc/passwd
mysql777:x:889:889::/home/mysql777:/sbin/nologin
mysql:x:890:890::/home/mysql:/sbin/nologin
[root@test ~]# usermod -s /bin/bash mysql
[root@test ~]# grep mysql /etc/passwd
mysql:x:890:890::/home/mysql:/bin/bash
[root@test ~]# su mysql
bash-4.1$ #cp /etc/skel/.bash* ~
cp: target `/home/mysql' is not a directory
###由于虚拟用户没有家目录 所以即使改变了它的shell,还是无法使用
-c参数 useradd命令在创建用户时也可以用该参数
[root@test ~]# usermod -c "The user is lbh" baoge
[root@test ~]# grep baoge /etc/passwd
baoge:x:505:505:Theuser is lbh:/home/baoge:/bin/bash
1.3.4 passwd 为用户创建密码
为用户创建密码
[root@test /]# passwd oldboy
Changing password for user oldboy.
New password: #123456
Retype new password: #123456
passwd: all authentication tokens updated successfully.
注意
一般情况下,在企业生产环境中应该尽量避免直接切到root用户下操作,除非有超越普通用户权限的系统维护要求。
还可以通过下面的命令一步到位设置密码(其中,oldboy为用户名,密码为123456),
[root@test /]# useradd baoge
[root@test /]# id baoge
uid=505(baoge) gid=505(baoge)groups=505(baoge)
###另一种添加用户密码的方法
[root@test /]# echo"123456"|passwd --stdin baoge && history -c
Changing password for user baoge.
passwd: all authentication tokens updatedsuccessfully.
[root@test ~]# echo 654321|passwd --stdin baoge
Changing password for user baoge.
passwd: all authentication tokens updatedsuccessfully.
###让密码更安全
[root@test ~]# echo 123456|passwd --stdin baoge&& history -c
Changing password for user baoge.
passwd: all authentication tokens updatedsuccessfully.
[root@test ~]# ls -l .bash*
-rw-------. 1 root root 10049 Nov 18 08:17.bash_history
-rw-r--r--. 1 root root 18 May 20 2009 .bash_logout
-rw-r--r--. 1 root root 176 May 20 2009 .bash_profile
-rw-r--r--. 1 root root 176 Sep 23 2004 .bashrc
###在当前用户的家目录中的.bash_history 文件中存放的是使用命令的历史记录
[root@test ~]# head .bash_history
ls
cd /
ls
mkdir -p data oldboy
ls
id
ls
ifconfig
setup
ifup eth0
[root@test ~]# tail .bash_history
sh bj.sh 10 10 10
vim bj.sh
sh bj.sh 10 10 10
sh bj.sh 10 8
sh bj.sh 10 20
sh bj.sh 10 10
su mysql888
grep mysql888 /etc/passwd
usermod -s /bin/bash mysql888
su mysql888
1.3.4.1【企业密码管理要求】
密码复杂12位以上字母数字特殊字符
保存密码:(两款软件)
keepass(软件,密码存放在本地,本地保险柜)
lastpass(在线版本,银行的保险柜)
大的企业用户和密码统一管理(相当于活动目录 AD)openldap域)
动态密码:动态口令,第三方提供自己开发也很简单。
更安全的方法
/var/log/secure日志的分析:failure failed
锁头chattr +i +a lsattr锁定命令或文件
指纹(find+md5sum+定时任务)监视常用命令和文件
md5sum-c/--check
【企业面试题】
批量添加10个用户stu01,stu02....stu10,并设置8位随机密码(禁止使用for,while等循环)
方法1:
[root@oldboy/]# echo stu{01..10}|tr " " "\n"|sed -r 's#(.*)#useradd \1; pass=$((RANDOM+10000000)); echo "$pass"|passwd --stdin \1; echo -e"\1 \t `echo "$pass"`">>/tmp/oldboy.log#g'|bash
方法2:
echostu{11..12}|xargs -n1 useradd ;echo stu{11..12}:`cat /dev/urandom|tr -dc0-9|fold -w8|head -1`|xargs -n1|tee -a pass.txt|chpasswd
方法3:
echostu{21..30} | tr ' ' '\n' | sed -e 's/^/useradd /' -e 's/\(stu[0-9]\{2\}\)$/\1\&\& echo "\1:`echo $[$RANDOM**3] | cut -c1-8`" | tee -auserInfo.txt | cut -d: -f2 | passwd --stdin \1/' | bash
方法4:
echostu{01..10} |tr ' ' '\n'|sed -rn 's@^(.*)$@useradd \1 ; echo $RANDOM|md5sum|cut-c 1-8 >/data/\1;cat /data/\1|passwd --stdin \1@gp'|bash
1.3.5 groupadd创建用户组
-g 指定用户组的gid数字
1.3.6 用户查询命令
1.3.6.1id查看用户的信息
一个用户是否存在
查询用户的UID和GID
属于哪个用户组
[root@test ~]# id alex;idbaoge;id oldboy;id xiaoyanzi;id mysql
uid=506(alex) gid=506(alex) groups=506(alex)
uid=505(baoge) gid=505(baoge) groups=505(baoge)
uid=504(oldboy) gid=504(oldboy) groups=504(oldboy)
uid=507(xiaoyanzi) gid=507(xiaoyanzi) groups=507(xiaoyanzi)
uid=890(mysql) gid=890(mysql) groups=890(mysql)
1.3.6.2w 显示系统中已经远程登录的用户干了些啥
[root@test baoge]# w
10:25:20 up1 day, 11:22, 3 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - Thu23 35:21m 0.01s 0.01s -bash
root pts/0 10.0.0.253 05:33 1:55 0.71s 0.20s bash
root pts/1 10.0.0.253 06:29 0.00s 0.24s 0.00s w
开俩窗口,在其中的一个里面执行man别退出
[root@test baoge]# w
10:26:47 up1 day, 11:24, 3 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - Thu23 35:22m 0.01s 0.01s -bash
root pts/0 10.0.0.253 05:33 9.00s 0.78s 0.03s man ls
root pts/1 10.0.0.253 06:29 0.00s 0.25s 0.00s w
[root@test baoge]# w
10:30:45 up1 day, 11:28, 3 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - Thu23 35:26m 0.01s 0.01s -bash
root pts/0 10.0.0.253 05:33 7.00s 0.80s 0.08s htop
root pts/1 10.0.0.253 06:29 0.00s 0.25s 0.00s w
[root@test baoge]# w
10:38:22 up1 day, 11:35, 4 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - Thu23 35:34m 0.01s 0.01s -bash
root pts/0 10.0.0.253 05:33 7:44 2.82s 2.10s htop
root pts/1 10.0.0.253 06:29 0.00s 0.25s 0.00s w
baoge pts/2 10.0.0.253 10:37 13.00s 0.01s 0.01s -bash
[root@test baoge]# w
10:38:45 up1 day, 11:36, 4 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - Thu23 35:34m 0.01s 0.01s -bash
root pts/0 10.0.0.253 05:33 8:07 2.93s 2.21s htop
root pts/1 10.0.0.253 06:29 0.00s 0.25s 0.00s w
baoge pts/2 10.0.0.253 10:37 3.00s 0.01s 0.00s sl
[root@test baoge]# w
10:39:05 up1 day, 11:36, 4 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - Thu23 35:34m 0.01s 0.01s -bash
root pts/0 10.0.0.253 05:33 8:27 3.02s 2.30s htop
root pts/1 10.0.0.253 06:29 0.00s 0.25s 0.00s w
baoge pts/2 10.0.0.253 10:37 4.00s 0.03s 0.02s htop
何人 何处 干啥
1.3.6.3last 用户登录的信息
用户登录的信息 (哪个用户在什么时候在哪远程登录你的系统)
[root@test baoge]# last
baoge pts/2 10.0.0.253 Sat Nov 18 10:37 still logged in
root pts/1 10.0.0.253 Sat Nov 18 06:29 still logged in
root pts/0 10.0.0.253 Sat Nov 18 05:33 still logged in
root pts/0 10.0.0.253 Fri Nov 17 11:22 - 11:23 (00:00)
root pts/4 10.0.0.253 Fri Nov 17 08:14 - 22:31 (14:17)
root pts/3 10.0.0.253 Fri Nov 17 00:28 - 10:04 (09:36)
root pts/2 10.0.0.253 Fri Nov 17 00:27 - 10:04 (09:37)
root pts/2 10.0.0.253 Fri Nov 17 00:27 - 00:27 (00:00)
root pts/1 10.0.0.253 Fri Nov 17 00:26 - 10:04 (09:37)
root pts/0 10.0.0.253 Fri Nov 17 00:01 - 10:04 (10:03)
root pts/0 10.0.0.253 Thu Nov 16 23:04 - 00:01 (00:57)
root tty1 ThuNov 16 23:03 still logged in
reboot system boot 2.6.32-696.el6.x ThuNov 16 23:02 - 10:50 (1+11:47)
root pts/0 10.0.0.253 Thu Nov 16 14:39 - 18:48 (04:08)
root tty1 ThuNov 16 14:39 - crash (08:23)
reboot system boot 2.6.32-696.el6.x ThuNov 16 14:38 - 10:50 (1+20:11)
root pts/0 10.0.0.253 Thu Nov 16 14:33 - down (00:04)
root tty1 ThuNov 16 14:32 - down (00:05)
reboot system boot 2.6.32-696.el6.x ThuNov 16 14:31 - 14:38 (00:07)
root pts/0 10.0.0.253 Thu Nov 16 14:22 - down (00:08)
root pts/0 10.0.0.253 Thu Nov 16 14:18 - 14:21 (00:03)
root tty1 ThuNov 16 14:17 - down (00:12)
reboot system boot 2.6.32-696.el6.x ThuNov 16 14:16 - 14:30 (00:13)
root pts/0 10.0.0.253 Thu Nov 16 13:59 - down (00:16)
root tty1 ThuNov 16 13:55 - down (00:20)
reboot system boot 2.6.32-696.el6.x ThuNov 16 13:55 - 14:16 (00:20)
1.3.6.4lastlog显示linux中所有用户最近一次远程登录的信息
[root@test baoge]# lastlog
Username Port From Latest
root pts/1 10.0.0.253 Sat Nov 18 06:29:34 +0800 2017
bin **Neverlogged in**
daemon **Neverlogged in**
adm **Neverlogged in**
lp **Never logged in**
sync **Never loggedin**
shutdown **Neverlogged in**
halt **Neverlogged in**
mail **Neverlogged in**
uucp **Neverlogged in**
operator **Neverlogged in**
games **Neverlogged in**
gopher **Neverlogged in**
ftp **Neverlogged in**
nobody **Neverlogged in**
dbus **Neverlogged in**
vcsa **Neverlogged in**
abrt **Neverlogged in**
haldaemon **Neverlogged in**
ntp **Neverlogged in**
saslauth **Neverlogged in**
postfix **Neverlogged in**
sshd **Neverlogged in**
tcpdump **Neverlogged in**
oldboy **Neverlogged in**
baoge pts/2 10.0.0.253 Sat Nov 18 10:37:03 +0800 2017
alex **Neverlogged in**
xiaoyanzi **Neverlogged in**
mysql777 **Neverlogged in**
mysql **Neverlogged in**
1.3.7 su切换用户
[root@test /]# whoami
root
切换到oldboy用户下
[root@test /]# su oldboy
[oldboy@test /]$ whoami
oldboy
总结:su 与su -的区别
前者(su)在切换到 root 用户之后仍然保持旧的(或者说原始用户的)环境;
而后者(su -)则是创建一个新的环境(由 root 用户 ~/.bashrc 文件所设置的环境),相当于使用 root 用户正常登录(从登录屏幕登录)。
实例演示:
su
[root@test /]# cd data
[root@test data]# pwd
/data
[root@test data]# su oldboy
[oldboy@test data]$
[oldboy@test data]$ su root
Password:
[root@test data]# pwd
/data
与切换用户前位置不变
su -
[oldboy@test data]$ su - root
Password:
[root@test ~]# pwd
/root
使用su-后会回到初始位置,相当于重新登录了一次
[root@test ~]# su oldboy
[oldboy@test root]$ env |grep -i root
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
MAIL=/var/spool/mail/root
PWD=/root
[root@test ~]# su - oldboy
[oldboy@test ~]$ env |grep -i root
参考博客:
老男孩老师博客:http://oldboy.blog.51cto.com/2561410/1053606
1.4 sudo给普通用户提权
让某个用户运行某个命令的时候可以是root
[root@test ~]# su - baoge
[baoge@test ~]$ tail /var/log/cron
tail: cannot open `/var/log/cron' for reading:Permission denied
[baoge@test ~]$ ls -l /var/log/cron
-rw-------. 1 root root 33516 Nov 18 11:01/var/log/cron
##权限不够
解决办法:
##1.改变这些日志的权限 rw----r--
##3.给tail 加上suid权限
##sudo 给baoge一把尚方宝剑
看看我有什么尚方宝剑
[baoge@test root]$ sudo -l
We trust you have received the usual lecture from the localSystem
Administrator. It usually boils down to these three things:
#1) Respect theprivacy of others.
#2) Think before youtype.
#3) With great powercomes great responsibility.
[sudo] password for baoge:
sudo: 1 incorrect password attempts
Sorry, user baoge may not run sudo on test.
visudo给baoge一把尚方宝剑<=======> vim /etc/sudoers 编辑
[baoge@test root]$
###在root用户下执行visudo在92行添加
baoge /usr/bin/tail
###检查语法
[root@test ~]# visudo -c
/etc/sudoers: parsed OK
baoge用户下测试
[baoge@test root]$ sudo tail/var/log/cron
[sudo] password for baoge:
Nov 18 10:50:01 test CROND[7021]: (root)CMD (/usr/lib64/sa/sa1 1 1)
Nov 18 11:00:01 test CROND[7027]: (root)CMD (/usr/lib64/sa/sa1 1 1)
Nov 18 11:01:01 test CROND[7058]: (root)CMD (run-parts /etc/cron.hourly)
Nov 18 11:01:01 testrun-parts(/etc/cron.hourly)[7058]: starting 0anacron
Nov 18 11:01:01 testrun-parts(/etc/cron.hourly)[7067]: finished 0anacron
Nov 18 11:10:01 test CROND[7091]: (root)CMD (/usr/lib64/sa/sa1 1 1)
Nov 18 11:20:01 test CROND[7243]: (root)CMD (/usr/lib64/sa/sa1 1 1)
Nov 18 11:30:01 test CROND[7357]: (root)CMD (/usr/lib64/sa/sa1 1 1)
Nov 18 11:40:01 test CROND[7401]: (root)CMD (/usr/lib64/sa/sa1 1 1)
Nov 18 11:50:01 test CROND[7514]: (root)CMD (/usr/lib64/sa/sa1 1 1)
You have mail in /var/spool/mail/root
无密码
baoge ALL=(ALL) NOPASSWD:/usr/bin/tail
[baoge@test root]$ sudo tail/var/log/cron
Nov 18 10:40:01 test CROND[7016]: (root)CMD (/usr/lib64/sa/sa1 1 1)
Nov 18 10:50:01 test CROND[7021]: (root)CMD (/usr/lib64/sa/sa1 1 1)
Nov 18 11:00:01 test CROND[7027]: (root) CMD (/usr/lib64/sa/sa11 1)
Nov 18 11:01:01 test CROND[7058]: (root) CMD (run-parts/etc/cron.hourly)
Nov 18 11:01:01 test run-parts(/etc/cron.hourly)[7058]: starting0anacron
Nov 18 11:01:01 test run-parts(/etc/cron.hourly)[7067]: finished0anacron
Nov 18 11:10:01 test CROND[7091]: (root) CMD (/usr/lib64/sa/sa11 1)
Nov 18 11:20:01 test CROND[7243]: (root) CMD (/usr/lib64/sa/sa11 1)
Nov 18 11:30:01 test CROND[7357]: (root) CMD (/usr/lib64/sa/sa11 1)
Nov 18 11:40:01 test CROND[7401]: (root) CMD (/usr/lib64/sa/sa11 1)
让一个人用户不用密码使用所有命令
visudo
baoge ALL=(ALL) NOPASSWD: ALL
[baoge@test root]$ tail -2 /var/log/cron
tail: cannot open `/var/log/cron' for reading: Permission denied
[baoge@test root]$ sudo tail -2 /var/log/cron
Nov 18 12:01:01 test run-parts(/etc/cron.hourly)[7552]: starting0anacron
Nov 18 12:01:01 test run-parts(/etc/cron.hourly)[7561]: finished0anacron
[baoge@test root]$ sudo head -2 /var/log/cron
Nov 16 13:55:30 test crond[1521]: (CRON) STARTUP (1.4.4)
Nov 16 13:55:30 test crond[1521]: (CRON) INFO (RANDOM_DELAY willbe scaled with factor 17% if used.)
[baoge@test root]$ sudo ll /var/log/cron
sudo: ll: command not found
[baoge@test root]$ sudo ls -l /var/log/cron
-rw-------. 1 root root 34152 Nov 18 12:01 /var/log/cron
[baoge@test root]$ sudo ls -ld /var/log/cron
-rw-------. 1 root root 34152 Nov 18 12:01 /var/log/cron
[baoge@test root]$ sudo ls -la /var/log/cron
-rw-------. 1 root root 34152 Nov 18 12:01 /var/log/cron
alex上的操作
[alex@test ~]$ sudo -l
[sudo] password for alex:
We trust you have received the usual lecture fromthe local System
Administrator. It usually boils down to thesethree things:
#1)Respect the privacy of others.
#2)Think before you type.
#3) Withgreat power comes great responsibility. -spider man
Sorry, useralex may not run sudo on test.
抱歉, alex用户 不能在这台服务器运行sudo.
#给alex用户授权 cat
visudo ##编辑sudo授权(root用户下授权)
#第92行 插入
alex ALL=(ALL) /bin/cat
[root@test ~] grep alex /etc/sudoers
alex ALL=(ALL) /bin/cat
###alex用户
[root@test ~] $ sudo -l
[sudo] password for alex:
Matching Defaults entries for alex on this host:
!visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAYHOSTNAME HISTSIZE INPUTRC KDEDIR
LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANGLC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE
LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES",env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER
LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS_XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User alex may run the following commands on thishost:
(ALL)/bin/cat
[alex@test ~]$ cat /var/log/cron
cat: /var/log/cron: Permission denied
[alex@test ~]$ sudo cat /var/log/cron
linux中的续行符号 \
[root@test ~]# echo133333333\aaaaaaaannnvvvvvvv\dddddddddddd1111111111111111111111\nnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
133333333aaaaaaaannnvvvvvvvdddddddddddd1111111111111111111111nnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
1.5 日志审计
记录用户的操作
奇治的堡垒机:商业产品
Python开发的开源产品
gateone web跳板机
跳板机(堡垒机)jumpserver部署
alex写的crazyEYE
shell跳板机
1.6 md5sum系统安全
给重要的文件或命令 做一个指纹 定时任务+md5sum定时检查
实例演示:
toucholdboy.txt
[root@test ~]# touch oldboy.txt
[root@test ~]#
1.6.1给这个文件创建指纹
文件的内容变化 === 指纹变化
[root@test ~]# md5sum oldboy.txt
d41d8cd98f00b204e9800998ecf8427e oldboy.txt
[root@test ~]# md5sum oldboy.txt
d41d8cd98f00b204e9800998ecf8427e oldboy.txt
[root@test ~]# echo hellobe baoge>>oldboy.txt
[root@test ~]# md5sum oldboy.txt
59f2acf5bd3704c8164cad952999fdd5 oldboy.txt
1.6.2如何快速的对比指纹
1.6.2.1把你的指纹记录下来
[root@test ~]# md5sum oldboy.txt
59f2acf5bd3704c8164cad952999fdd5 oldboy.txt
[root@test ~]# md5sum oldboy.txt>>zhiwen.log
[root@test ~]# cat zhiwen.log
59f2acf5bd3704c8164cad952999fdd5 oldboy.txt
1.6.2.2如何进行对比
[root@test ~]# md5sum -c zhiwen.log
oldboy.txt: OK
[root@test ~]# >oldboy.txt
[root@test ~]# md5sum -c zhiwen.log
oldboy.txt: FAILED
md5sum: WARNING: 1 of 1 computed checksum did NOTmatch
1.6.2.3【实例演示2】
把/etc/passwd /etc/shadow /etc/group /etc/gshadow 指纹放在 /tmp/zhiwen.log中
并进行指纹对比。
1. 创建指纹列表
[root@test ~]# md5sum /etc/passwd /etc/shadow/etc/group /etc/gshadow
22b439ca7da9b3bcf419b97053afaa44 /etc/passwd
7fce5901e768bea2b2b586a65fdcfcbe /etc/shadow
9e25c2328e6fc38da6dd6fd2445585ed /etc/group
bddcaff4debb54414b3b7e4a27444f95 /etc/gshadow
[root@test ~]# md5sum /etc/passwd /etc/shadow/etc/group /etc/gshadow >/tmp/zhiwen.log
[root@test ~]# cat /tmp/zhiwen.log
22b439ca7da9b3bcf419b97053afaa44 /etc/passwd
7fce5901e768bea2b2b586a65fdcfcbe /etc/shadow
9e25c2328e6fc38da6dd6fd2445585ed /etc/group
bddcaff4debb54414b3b7e4a27444f95 /etc/gshadow
2. 根据指纹列表对比文件内容是否变化
[root@test ~]# md5sum --check /tmp/zhiwen.log
/etc/passwd: OK
/etc/shadow: OK
/etc/group: OK
/etc/gshadow: OK
[root@test ~]# md5sum -c/tmp/zhiwen.log
/etc/passwd: OK
/etc/shadow: OK
/etc/group: OK
/etc/gshadow: OK
清空指纹存放文件再进行对比指纹
[root@test ~]# >/tmp/zhiwen.log
[root@test ~]# md5sum -c /tmp/zhiwen.log
md5sum: /tmp/zhiwen.log: no properlyformatted MD5 checksum lines found
转载于:https://blog.51cto.com/13131196/1983317
3765
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
