Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Linux system security check notes on performance     - Using Maven to download Spring (Linux)

- Swift rewrite initialize method of navigation controller class (Programming)

- PHP call a Python program (Programming)

- Kickstart automated installation and deployment RHEL 7.0 (Linux)

- Linux common network tools: ping host sweep (Linux)

- Redis configuration file interpretation (Database)

- Use Vagrant up a local development environment tutorials (Server)

- Using open source software to build XWiki Wiki system installed within the company (Linux)

- Linux command in the dialog whiptail (Linux)

- Zabbix monitoring disk IO status (Server)

- Use SecureCRT to transfer files between Linux and Windows (Linux)

- CentOS6 5 source compiler installation Hadoop2.5.1 (Server)

- ORA-00845: MEMORY_TARGET not supported on this system Problem (Database)

- MySQL Error Code Complete (Database)

- Oracle 12C modify spfile path (Database)

- Linux System Getting Started Tutorial: How to Force Change your password at next logon Linux (Linux)

- Linux under HAProxy + Keepalived dual-availability program (Server)

- Subquery Oracle study notes (Database)

- Writing Better Bash build script 8 (Programming)

- Linux basis: a comprehensive study pwd command (Linux)

 
         
  Linux system security check notes on performance
     
  Add Date : 2018-11-21      
         
         
         
  Linux system security performance check notes:

1. Check Accounts

# Less / etc / passwd

# Grep: 0: / etc / passwd

Note that the new user, and the UID, GID is 0 users.

2. Log inspection

Note "entered promiscuous mode"

Note that the error message

Note that the Remote Procedure Call (rpc) programs with a log entry that includes a large number (> 20) strange characters (- ^ PM- ^ PM- ^ PM- ^ PM- ^ PM- ^ PM- ^ PM- ^ PM)

The last one is currently not understand, did not come across, please give pointers.

3. Check Processes

# Ps -aux

Note that the UID is 0

# Lsof -p process ID suspect

View the processes and files open ports

4. Check Files

# Find / -uid 0 -perm -4000 -print

# Find / -size + 10000k -print

# Find / -name "..." -print

# Find / -name ".." -print

# Find / -name "." -print

# Find / -name "" -print

Note that SUID file suspicious greater than 10M ,. . . . . . And spaces file

5. Rpm inspection

# Rpm -Va

Output formats:

S - File size differs

M - Mode differs (permissions)

5 - MD5 sum differs

D - Device number mismatch

L - readLink path mismatch

U - user ownership differs

G - group ownership differs

T - modification time differs

Note that these associated / sbin, / bin, / usr / sbin, and / usr / bin

When you install a third-party documents usually develop the habit of check MD5, Oh, to be less horrible

Running time will be a lot 5 or missing tips, if not pass the directory above, not too much attention

6. Network inspection

# Ip link | grep PROMISC

Normal network card should not be in promisc mode, except of course the security server, otherwise someone may have broken in sniffer

# Lsof -i

# Netstat -nap

View unusual open TCP / UDP ports, hey, need usually note that comparison, if I have not had such intentions :)

# Arp -a

The more horrible, as people do document all of the MAC address of the first

7. Schedule Check

Note that root and the UID is schedule 0

# Crontab -u root -l

# Cat / etc / crontab

# Ls /etc/cron.*
     
         
         
         
  More:      
 
- OpenGL Superb Learning Notes - Fragment Shader (Programming)
- CentOS 6.6 command-line automatic completion (Linux)
- Using open source software to build XWiki Wiki system installed within the company (Linux)
- Linux, MySQL / MariaDB Galera Cluster Setup Process (Database)
- RedHat Performance Tuning (Server)
- Ubuntu terminal command - see the port occupied and off (Linux)
- Manually create Oracle Database Explanations (Database)
- How to use Android Studio to play more package names APK (Programming)
- Linux, how to filter, split, and merge pcap file (Linux)
- Ubuntu 14.04 virtual machine switching desktop environments (Linux)
- Linux environment RabbitMQ installation and monitoring of plug-in installation (Linux)
- Network Security Basics Linux command (Linux)
- Oracle Automatic Diagnostic Repository (Automatic Diagnostic Repository, ADR) (Database)
- JavaScript notes --Objects (Programming)
- Oracle Client Dedicated and Shared connection mode (Database)
- Kubernetes resolve application deployment model (Server)
- How to understand the difference between synchronous and asynchronous non-blocking blocking (Programming)
- GitLab Installation Guide -Ubuntu 14.04 LTS (Server)
- Linux server startup and logon security settings (Linux)
- Flow control message transmission between RAC (Database)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.