Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Commonly used Linux system camouflage method     - Management DB2 logs (Database)

- Installing PHP Memcache extension under Linux (Server)

- How to enable fbcon in Debian (Linux)

- Using nmcli commands to manage network in RedHat / CentOS 7.x (Linux)

- Oracle 11g manually create a database (Database)

- Compile and install LNMP under CentOS 6.5 (Server)

- NET Developers need to know some Linux commands (Linux)

- Ubuntu 15.04 installed Nvidia Quadro series graphics driver (Linux)

- How to Install Puppet in the Ubuntu 15.04 (Server)

- Linux reserves the rest of the file to delete several (Linux)

- PSUADE installation under Linux (Linux)

- Git common skills (Linux)

- Workaround CentOS error message during compilation PHP5 common (Linux)

- Let OS X support NTFS write file (Linux)

- CentOS 7 x64 compiler installation Tengine 2.0.3 Comments (Server)

- Getting Started with Linux system to learn: how to get the process ID (PID) in the script (Linux)

- Go Languages Reviews (Programming)

- Seven kinds of DDoS attack methods and techniques Defensive (Linux)

- CentOS 6.5 install Maven and Nexus warehouse agent (Server)

- Formatted output printf command (Programming)

  
         
  Commonly used Linux system camouflage method
     
  Add Date : 2017-04-13      
         
         
         
  Computers on the network can easily be used by hackers to scan tool or other means to find loopholes in the system, and then attack for the vulnerability.
Through camouflage Linux system, set the system to hackers false, you can increase the difficulty of hacking the system analysis, to lure them astray, so as to further improve the security of computer systems. The following Red Hat Linux as an example, some of the commonly used methods Linux system camouflage for several common ways hackers.

For HTTP service
By analyzing the type of Web server, generally we can infer the type of operating system, for example, Windows uses IIS to provide HTTP services, and Linux, the most common is Apache.
The default Apache configuration where there is no information protection mechanism, and allow directory browsing. Browse through the directory, you can usually get a similar "Apache / 1.3.27 Server at apache.linuxforum.net Port 80" or "Apache / 2.0.49 (Unix) PHP / 4.3.8" information.
By modifying the configuration file ServerTokens parameters Apache related information can be hidden. However, Apache Red Hat Linux running a compiled program, prompt information is compiled in a program to hide this information need to modify the Apache source code, then recompile the installer to achieve the prompt replacement of the contents inside.
In Apache 2.0.50, for example, edit ap_release.h file, modify the "#define AP_SERVER_BASEPRODUCT \\" Apache \\ "" to "#define AP_SERVER_BASEPRODUCT \\" Microsoft-IIS / 5.0 \\ "". Edit os / unix / os.h file, modify the "#define PLATFORM \\" Unix \\ "" to "#define PLATFORM \\" Win32 \\ "". After modification, recompile, install Apache.
Apache After installation is complete, modify the httpd.conf configuration file, "ServerTokens Full" to "ServerTokens Prod"; the "ServerSignature On" to "ServerSignature Off", then save and exit. After restarting Apache, scan tool, findings suggest that information has been shown in the operating system for Windows.

For the FTP service
Through FTP service, you can speculate the type of operating system, for example, the FTP service under Windows mostly Serv-U, and Linux, commonly used vsftpd, proftpd and pureftpd software.
In proftpd, for example, modify the configuration file proftpd.conf, add the following:
ServerIdent on \\ "Serv-U FTP Server v5.0 for WinSock ready ... \\"
Save and exit, restart the proftpd service, log on to modify the message FTP server for testing:
C: \\> ftp 192.168.0.1
Connected to 192.168.0.1.
220 Serv-U FTP Server v5.0 for WinSock ready ...
User (192.168.0.1:(none)):
331 Password required for (none).
Password:
530 Login incorrect.
Login failed.
ftp> quit
221 Goodbye.
Thus the surface, the server is a running Serv-U of Windows up.

The return value for the TTL
You can use the ping command to detect a host, according to TTL base can speculate the type of operating system. For a gateway and routing without any network, directly to ping TTL value obtained by the other system, called the "TTL base." Network, each packet through a router, TTL will be minus 1, when the TTL is 0, the packet is discarded. 		     
         
         
         
  More:      
 
- Python Flask environment to build (Linux)
- To install Scribus 1.4.4 under ubuntu (Linux)
- VMware installed Linux system and JDK deployment (Linux)
- ethtool implementation framework and application in Linux (Linux)
- xCAT line installation on CentOS 6.X (Linux)
- Linux run queue process scheduling (Programming)
- C ++ thread creates transmission parameters are changed (Programming)
- SpringMVC garbage processing (Programming)
- RHEL5 establish a local yum source (Linux)
- Linux iptables firewall settings whitelist (RHEL 6 and CentOS 7) (Linux)
- RHEL / CentOS / Fedora Install Nagios 4.0.1 (Linux)
- Install Python 3.3.4 under CentOS 6.4 (Linux)
- Postmodern systems programming language (Programming)
- Linux Apache server configure to protect system security (Linux)
- Struts2 study notes -Valuestack (value stack) and OGNL expression (Programming)
- Install the latest Pinta graphics editing software on Ubuntu 14.04 (Linux)
- Why did not Oracle privileges can also log in with sysdba (Database)
- Linux Beginner Guide: Installing packages on Ubuntu and Fedora (Linux)
- Cacti monitoring service Nginx (Linux)
- Shorewall firewall settings under Ubuntu (Linux)
      
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.