筆記4

[root@localhost ~]# nmcli g status  查看網絡的鏈接狀態算法

----------------------------------------------------------------------------------------------------------vim

狀態    CONNECTIVITY  WIFI-HW  WIFI    WWAN-HW  WWAN   鏈接的  所有          已啓用   已啓用  已啓用   已啓用安全

----------------------------------------------------------------------------------------------------------網絡

迴歸傳統命名方式 [root@localhost ~]# vim /etc/default/grub    1.編輯/etc/default/grub文件併發

----------------------------------------------------------------------------------------------------------dom

GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"ssh

GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console"函數

GRUB_CMDLINE_LINUX="net.ifnames=0 rhgb quiet"     修改了 GRUB_DISABLE_RECOVERY="true"工具

----------------------------------------------------------------------------------------------------------oop

[root@localhost ~]# grub2-mkconfig -o /etc/grub2.cfg    2.爲grub2生成其配置文件  3.重啓系統

----------------------------------------------------------------------------------------------------------

 [root@localhost ~]# nmcli device status 設備  類型      狀態    CONNECTION eth0  ethernet  鏈接的  有線鏈接 1 lo    loopback  未管理 

------------------------------------------------------------------------------------------------------------

[root@localhost ~]# nmcli device show eth0 GENERAL.設備:                           eth0 GENERAL.類型:                           ethernet GENERAL.硬盤:                           00:0C:29:FB:06:62 GENERAL.MTU:                            1500 GENERAL.狀態:                           100 (鏈接的) GENERAL.CONNECTION:                     有線鏈接 1 GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/ActiveConnection/0 WIRED-PROPERTIES.容器:                  開 IP4.地址[1]:                            172.16.252.197/16 IP4.網關:                               172.16.0.1 IP4.DNS[1]:                             172.16.0.1 IP4.域[1]:                              magedu.com IP6.地址[1]:                            fe80::6a54:1888:62:c1a8/64 IP6.網關:       

----------------------------------------------------------------------------------------------------------

  142  nmcli device status   143  nmcli device show eth0  指明接口eth0   查看網絡的狀態   144  nmcli connection hel

----------------------------------------------------------------------------------------------------------

[root@localhost ~]# nmcli connection show 名稱        UUID                                  類型            設備 有線鏈接 1  a8f1aaf4-6047-3a88-8d3a-de7abd8a108b  802-3-ethernet  eth0 ens33       a2223610-cbaa-4098-927c-6af442aaccc4  802-3-ethernet 

------------------------------------------------------------------------------------------------------------

[root@localhost ~]# localectl list-locales  能夠顯示全部的locales的值    

----------------------------------------------------------------------------------------------------------

aa_DJ aa_DJ.iso88591 aa_DJ.utf8 aa_ER aa_ER.utf8 aa_ER.utf8@saaho aa_ER@saaho

----------------------------------------------------------------------------------------------------------

[root@localhost sysconfig]# LANG=en_US.UTF-8     將中文修改成英文臨時生效

----------------------------------------------------------------------------------------------------------

[root@localhost sysconfig]# localectl set-locale LANG=en_US.UTF-8    永久生效   重啓後生效

----------------------------------------------------------------------------------------------------------

[root@localhost sysconfig]# vim /etc/local  修改配置文件永久生效

----------------------------------------------------------------------------------------------------------

LANG=en_US.UTF-8

哈希算法將任意長度的二進制值映射爲固定長度的較小二進制值,這個小的二進制值稱爲哈希值。哈希值是一段數據惟一且極其緊湊的數值表示形式。若是散列一段明文並且哪怕只更改該段落的一個字母,隨後的哈希都將產生不一樣的值。要找到散列爲同一個值的兩個不一樣的輸入,在計算上來講基本上是不可能的。

消息身份驗證代碼 (MAC) 哈希函數一般與數字簽名一塊兒用於對數據進行簽名,而消息檢測代碼 (MDC) 哈希函數則用於數據完整性。 中文名 哈希值 外文名 Hash Function 隨機數生成 許多加密操做不可分割的組成部分 以    便 使生成的密鑰很難再現 示    例 哈希函數以確保數據完整性

--------------------------------------------------------------------------------------------------------

md5sum命令

經常使用工具命令

md5sum命令採用MD5報文摘要算法(128位)計算和檢查文件的校驗和。通常來講,安裝了Linux後,就會有md5sum這個工具,直接在命令行終端直接運行。

MD5算法經常被用來驗證網絡文件傳輸的完整性,防止文件被人篡改。MD5 全稱是報文摘要算法(Message-Digest Algorithm 5),此算法對任意長度的信息逐位進行計算,產生一個二進制長度爲128位(十六進制長度就是32位)的「指紋」(或稱「報文摘要」),不一樣的文件產生相同的報文摘要的可能性是很是很是之小的。

--------------------------------------------------------------------------------------------------------

-b:二進制模式讀取文件; -t或--text:把輸入的文件做爲文本文件看待; -c:從指定文件中讀取MD5校驗和,並進行校驗; --status:驗證成功時不輸出任何信息; -w:當校驗不正確時給出警告信息。

--------------------------------------------------------------------------------------------------------

[root@ming mmm]# md5sum 1234  生成一個文件1234的md5值: 80b442b87c7a797e36f68ebb72409fa4  1234

--------------------------------------------------------------------------------------------------------

[root@ming mmm]# md5sum 1234 > 1234.md5   把文件1234的md5的值輸入到1234.md5文件中

--------------------------------------------------------------------------------------------------------

文件:指定保存着文件名和校驗和的文本文件。

--------------------------------------------------------------------------------------------------------

[root@ming mmm]# md5sum 1234 -c 1234.md5 檢查文件1234是否被修改過

--------------------------------------------------------------------------------------------------------

若是文件沒有變化,輸出應該輸出  1234: OK

--------------------------------------------------------------------------------------------------------

若是文件發生變化則輸出: md5sum: 1234: no properly formatted MD5 checksum lines found 1234: FAILED md5sum: WARNING: 1 of 1 computed checksum did NOT match

--------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------

[root@ming mmm]# openssl dgst -sha1 1234       計算1234文件的哈希值 SHA1(1234)= 88425da4bc1551dee3333e3ad9717f34cf35b3a7

--------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------

[root@ming mmm]# openssl passwd -1 -salt 123 ming  爲用戶ming生成含有123數字的隨機密碼  但不會更改原密碼

--------------------------------------------------------------------------------------------------------

[root@ming ~]# openssl rand -hex 1 出現2個隨機數

--------------------------------------------------------------------------------------------------------

[root@ming ~]# openssl rand -hex 2      出現4個隨機數

--------------------------------------------------------------------------------------------------------

[root@ming ~]# openssl rand -base64 1 出現的隨機數不可預測

--------------------------------------------------------------------------------------------------------

[root@ming ~]# openssl rand -base64 2 出現的隨機數不可預測

--------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------

[root@localhost ~]# scp 1232 root@172.16.252.125:123

--------------------------------------------------------------------------------------------------------

將本機1232文件以root的身份傳送到172.16.252.125中的123目錄下     scp只能傳送文件

--------------------------------------------------------------------------------------------------------

   scp的經常使用選項:

--------------------------------------------------------------------------------------------------------

 -r 遞歸複製 -p 保持源文件的權限信息  -q 靜默模式 -p PORT 指明遠程主機ssh協議監聽的端口

--------------------------------------------------------------------------------------------------------

[root@localhost ~]# sftp root@172.16.252.125    以root的身份登陸到172.16.252.125 

--------------------------------------------------------------------------------------------------------

Connected to 172.16.252.125. sftp> ls 111     123     下載  公共  圖片  文檔  桌面  模板  視頻  音樂 

--------------------------------------------------------------------------------------------------------

sftp> mget asdl           經過mget下載文件asdl到本機 Fetching /root/asdl to asdl

--------------------------------------------------------------------------------------------------------

sftp命令    安全的文件傳輸機制

--------------------------------------------------------------------------------------------------------

[root@localhost ~]# cd /etc/yum.repos.d/

[root@localhost yum.repos.d]# ls CentOS-Base.repo       CentOS-fasttrack.repo  CentOS-Vault.repo CentOS-CR.repo         CentOS-Media.repo CentOS-Debuginfo.repo  CentOS-Sources.repo [root@localhost yum.repos.d]# vim epel.repo     鏈接到教室的yum源 [epel] name=Fedora EPEL baseurl=http://172.16.0.1/fedora-epel/$releasever/$basearch/ gpgcheck=0

[root@localhost yum.repos.d]# yum repolist 已加載插件:fastestmirror, langpacks epel                                                 | 4.3 kB     00:00     (1/3): epel/7/x86_64/group_gz                          | 170 kB   00:00     (2/3): epel/7/x86_64/updateinfo                        | 757 kB   00:00     (3/3): epel/7/x86_64/primary_db                        | 4.6 MB   00:00     Loading mirror speeds from cached hostfile  * base: mirrors.neusoft.edu.cn  * extras: mirrors.neusoft.edu.cn  * updates: mirrors.neusoft.edu.cn 源標識                            源名稱                              狀態 base/7/x86_64                     CentOS-7 - Base                      9,363 epel/7/x86_64                     Fedora EPEL                         11,349 extras/7/x86_64                   CentOS-7 - Extras                      380 updates/7/x86_64                  CentOS-7 - Updates                   1,838 repolist: 22,930

-------------------------------------------------------------------------------------------------------- 並行的客戶端工具

-------------------------------------------------------------------------------------------------------- pssh: epel

-------------------------------------------------------------------------------------------------------- pssh pscp

--------------------------------------------------------------------------------------------------------

ssh服務的最佳實踐:

--------------------------------------------------------------------------------------------------------

1.不要使用默認端口

--------------------------------------------------------------------------------------------------------

2.禁止使用protocol verdion 1;    

--------------------------------------------------------------------------------------------------------

3.如今可登陸的用戶

--------------------------------------------------------------------------------------------------------

4.設定空閒會話超時時長

--------------------------------------------------------------------------------------------------------

5.利用防火牆設置ssh訪問策略

--------------------------------------------------------------------------------------------------------

6.僅監聽特定的IP地址

--------------------------------------------------------------------------------------------------------

7.基於口令認證時,使用強密碼策略

--------------------------------------------------------------------------------------------------------  

# tr -dc A-za-z0-9_ < /dev/urandom | head -c 30 | xargs   生成30位隨機數 jX_TJcwzaO5O8nkYX]FUZ9QoDIa1CZ

--------------------------------------------------------------------------------------------------------

8.使用基於祕鑰的認證

--------------------------------------------------------------------------------------------------------

9.禁止使用空密碼

--------------------------------------------------------------------------------------------------------

10.禁止root用戶直接登陸

--------------------------------------------------------------------------------------------------------

11.限制ssh的訪問頻度和併發在線數

--------------------------------------------------------------------------------------------------------

12.作好日誌,常常分析

--------------------------------------------------------------------------------------------------------

[root@localhost ~]# tail /var/log/secure 查看登陸日誌

--------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------

[root@localhost ~]# openssl enc -e -des3 -a -salt -in fstab -out fstab.ciphertext

--------------------------------------------------------------------------------------------------------

   加密fstab文件        加密後fstab.ciphertext的文件名     加密後文件名叫什麼無所謂

--------------------------------------------------------------------------------------------------------

enter des-ede3-cbc encryption password:   輸入des-ede3-cbc加密密碼: Verifying - enter des-ede3-cbc encryption password:   驗證-輸入--cbc加密密碼:

--------------------------------------------------------------------------------------------------------

[root@localhost ~]# openssl enc -d -des3 -a -salt -in fstab.ciphertext   解密fstab.ciphertext

--------------------------------------------------------------------------------------------------------

enter des-ede3-cbc decryption password:  進入des-ede3-cbc解密密碼:

相關文章
相關標籤/搜索