拓扑图
1.根据拓扑图配置IP地址
1.)配置gateway(网关)
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# ls
ifcfg-ens32 ifdown-ppp ifup-ib ifup-Team
ifcfg-lo ifdown-routes ifup-ippp ifup-TeamPort
ifdown ifdown-sit ifup-ipv6 ifup-tunnel
ifdown-bnep ifdown-Team ifup-isdn ifup-wireless
ifdown-eth ifdown-TeamPort ifup-plip init.ipv6-global
ifdown-ib ifdown-tunnel ifup-plusb network-functions
ifdown-ippp ifup ifup-post network-functions-ipv6
ifdown-ipv6 ifup-aliases ifup-ppp
ifdown-isdn ifup-bnep ifup-routes
ifdown-post ifup-eth ifup-sit
配置ens32
[root@localhost network-scripts]# vim ifcfg-ens32
TYPE=Ethernet
BOOTPROTO=dhcp
NAME=ens32
DEVICE=ens32
ONBOOT=yes
:wq
配置ens33
cp ifcfg-ens32 ifcfg-ens33
[root@localhost network-scripts]# vim ifcfg-ens33
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.1.254
NETMASK=255.255.255.0
#GATEWAY=192.168.1.254
DNS1=114.114.114.114
DNS2=8.8.8.8
重启网卡,查看配置
[root@localhost network-scripts]# ifdown ens32
Device 'ens32' successfully disconnected.
[root@localhost network-scripts]# ifup ens32
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/30)
[root@localhost network-scripts]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:89:f2:09 brd ff:ff:ff:ff:ff:ff
inet 192.168.221.128/24 brd 192.168.221.255 scope global noprefixroute dynamic ens32
valid_lft 1796sec preferred_lft 1796sec
inet6 fe80::20c:29ff:fe89:f209/64 scope link
valid_lft forever preferred_lft forever
配置ens34
[root@localhost network-scripts]# cp ifcfg-ens33 ifcfg-ens34
[root@localhost network-scripts]# vim ifcfg-ens34
TYPE=Ethernet
BOOTPROTO=static
NAME=ens34
DEVICE=ens34
ONBOOT=yes
IPADDR=172.16.1.254
NETMASK=255.255.255.0
#GATEWAY=172.16.1.254
DNS1=114.114.114.114
DNS2=8.8.8.8
重启网卡,查看
[root@localhost network-scripts]# systemctl restart network
[root@localhost network-scripts]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:89:f2:09 brd ff:ff:ff:ff:ff:ff
inet 192.168.221.128/24 brd 192.168.221.255 scope global noprefixroute dynamic ens32
valid_lft 1790sec preferred_lft 1790sec
inet6 fe80::20c:29ff:fe89:f209/64 scope link
valid_lft forever preferred_lft forever
3: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:89:f2:13 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe89:f213/64 scope link
valid_lft forever preferred_lft forever
4: ens34: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:89:f2:1d brd ff:ff:ff:ff:ff:ff
inet 172.16.1.254/24 brd 172.16.1.255 scope global noprefixroute ens34
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe89:f21d/64 scope link
valid_lft forever preferred_lft forever
server1
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# ls
ifcfg-ens32
[root@localhost network-scripts]# vim ifcfg-ens32
TYPE=Ethernet
BOOTPROTO=static
NAME=ens32
DEVICE=ens32
ONBOOT=yes
IPADDR=172.16.1.100
NETMASK=255.255.255.0
GATEWAY=172.16.1.254
DNS1=114.114.114.114
DNS2=8.8.8.8
:wq
[root@localhost network-scripts]# systemctl restart network
[root@localhost network-scripts]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:57:63:a2 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.100/24 brd 172.16.1.255 scope global noprefixroute ens32
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe57:63a2/64 scope link
valid_lft forever preferred_lft forever
[root@localhost network-scripts]#ping 172.16.1.254
PING 172.16.1.254 (172.16.1.254) 56(84) bytes of data.
64 bytes from 172.16.1.254: icmp_seq=1 ttl=64 time=0.428 ms
64 bytes from 172.16.1.254: icmp_seq=2 ttl=64 time=0.580
pc1
开启路由转发功能
[root@localhost ~]# vim /etc/sysctl.conf
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1
成功
ping 172.168.1.100
2.telnet与SSH 远程管理安全性分析
Telnet远程管理
客户端安装Telnet客户端
[root@localhost yum.repos.d]# yum install telnet -y
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Installed:
telnet.x86_64 1:0.17-64.el7
Complete!
[root@localhost yum.repos.d]#
安装telnet服务端
[root@localhost yum.repos.d]# yum install telnet-server -y
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Complete!
[root@localhost yum.repos.d]#
启动客户端成功
[root@localhost yum.repos.d]# telnet
telnet>
启动服务端
[root@localhost yum.repos.d]# netstat -anptl 查看端口号
[root@localhost yum.repos.d]# systemctl list-unit-files | grep "telnet"
telnet@.service static
telnet.socket disabled
[root@localhost yum.repos.d]# systemctl start telnet.socket
[root@localhost yum.repos.d]# netstat -anptl | grep "23"
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1234/master
tcp6 0 0 :::23 :::* LISTEN 1/systemd
tcp6 0 0 ::1:25 :::* LISTEN 1234/master
[root@localhost yum.repos.d]#
Telnet远程登录成功
在网关上安装wireshark
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# mkdir bak
[root@localhost yum.repos.d]# mv * bak
mv: cannot move ‘bak’ to a subdirectory of itself, ‘bak/bak’
[root@localhost yum.repos.d]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# vim localDVD.repo
[root@localhost yum.repos.d]# cd /misc/
[root@localhost misc]# ls
[root@localhost misc]# cd cd
[root@localhost cd]# yum install wireshark-gnome -y
抓取Telnet包(明文密码)
开启ssh远程登录服务
[root@localhost ~]# systemctl list-unit-files |grep "ssh"
anaconda-sshd.service static
sshd-keygen.service static
sshd.service enabled
sshd@.service static
sssd-ssh.service indirect
sshd.socket disabled
sssd-ssh.socket disabled
[root@localhost ~]# systemctl start sshd.service
[root@localhost ~]# netstat -anptl | grep "22"
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 940/sshd
tcp6 0 0 :::22 :::* LISTEN 940/sshd
[root@localhost ~]#
抓取ssh包(密文密码)
3.日志服务器建立
新建服务端配置IP
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# vim ifcfg-ens32
[root@localhost network-scripts]# systemctl restart network
[root@localhost network-scripts]# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:10:99:a4 brd ff:ff:ff:ff:ff:ff
inet 172.16.1.200/24 brd 172.16.1.255 scope global noprefixroute ens32
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe10:99a4/64 scope link
valid_lft forever preferred_lft forever
[root@localhost network-scripts]#
检查连接
ping 172.16.1.200
发送端配置
[root@localhost ~]# vim /etc/rsyslog.conf
90 authpriv.* @@172.16.1.200:514
[root@localhost ~]# systemctl restart rsyslog.service
[root@localhost ~]#
接收端配置
开启TCP 协议以及514 端口
[root@localhost network-scripts]# vim /etc/rsyslog.conf
19 $ModLoad imtcp
20 $InputTCPServerRun 514
添加规则。
:fromhost-ip,isequal,"172.16.1.100" /var/log/client_secure/172.16.1.100.log
[root@localhost network-scripts]# systemctl restart rsyslog
[root@localhost network-scripts]# ss -anptl | grep "514"
LISTEN 0 25 *:514 *:* users:(("rsyslogd",pid=3385,fd=3))
LISTEN 0 25 :::514 :::* users:(("rsyslogd",pid=3385,fd=4))
[root@localhost network-scripts]#
爆破查看日志
hydra -L dc_2 -P dc-2.dic ssh://172.16.1.100 -V -t 64 -f -e nsr
查看日志
[root@localhost ~]# less /var/log/secure
手动触发日志
通过命令logger,触发debug 日志。
[root@localhost ~]# logger -p authpriv.debug "=^_^="
[root@localhost ~]#
[root@localhost ~]# tail -f /var/log/secure
触发emerg 日志
[root@localhost ~]# logger -p authpriv.emerg "0_o.zzZZ..."
Broadcast message from systemd-journald@localhost.localdomain (Sat 2023-10-07 22:06:12 CST):
root[6964]: 0_o.zzZZ...
Message from syslogd@localhost at Oct 7 22:06:12 ...
root:0_o.zzZZ...
[root@localhost ~]#