RH413企业安全加固 第11章 加强控制台安全 第二节
2016-01-21 19:56
525 查看
第11章加强控制台安全 第二节(注意:红字)
1、grub使用md5加密
[root@teachers ~]# grub-md5-crypt
Password:
Retype password:
$1$GPadc$agAaeT94MKWLYFzgLKv.O.
2、将加密的md5密钥写到/etc/grub.conf配置文件下
[root@teachers ~]# cat /etc/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda3
# initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
password --md5 $1$GPadc$agAaeT94MKWLYFzgLKv.O.
title Red Hat Enterprise Linux (2.6.32-358.el6.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32-358.el6.x86_64 ro root=UUID=9fdb7ed8-e3c2-48eb-bd12-ac60d65ca227 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
initrd /initramfs-2.6.32-358.el6.x86_64.img
password --md5 $1$GPadc$agAaeT94MKWLYFzgLKv.O.
3、使用reboot命令重启系统
4、查看默认内核启动方式
[root@student ~]# cat /proc/cmdline
ro root=UUID=918ef4ea-cbc8-4f97-b362-5b74b203465c rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
5、查看单用户启动方式的配置文件
[root@student ~]# cat /etc/sysconfig/init
# color => new RH6.0 bootup
# verbose => old-style bootup
# anything else => new style bootup without ANSI colors or positioning
BOOTUP=color
# column to start "[ OK ]" label in
RES_COL=60
# terminal sequence to move to that column. You could change this
# to something like "tput hpa ${RES_COL}" if your terminal supports it
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
# terminal sequence to set color to a 'success' color (currently: green)
SETCOLOR_SUCCESS="echo -en \\033[0;32m"
# terminal sequence to set color to a 'failure' color (currently: red)
SETCOLOR_FAILURE="echo -en \\033[0;31m"
# terminal sequence to set color to a 'warning' color (currently: yellow)
SETCOLOR_WARNING="echo -en \\033[0;33m"
# terminal sequence to reset to the default color.
SETCOLOR_NORMAL="echo -en \\033[0;39m"
# Set to anything other than 'no' to allow hotkey interactive startup...
PROMPT=yes
# Set to 'yes' to allow probing for devices with swap signatures
AUTOSWAP=no
# What ttys should gettys be started on?
ACTIVE_CONSOLES=/dev/tty[1-6]
# Set to '/sbin/sulogin' to prompt for password on single-user mode --需要输入密码
# Set to '/sbin/sushell' otherwise --不需要输入密码
SINGLE=/sbin/sushell--单用户启动的方式
6、gconftool --用户信息配置数据库
1)安装gconf-editor包
[root@student ~]# yum install gconf-editor
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package gconf-editor.x86_64 0:2.28.0-3.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================
Installing:
gconf-editor x86_64 2.28.0-3.el6 aa 1.0 M
Transaction Summary
=============================================================================================================================================================
Install 1 Package(s)
Total download size: 1.0 M
Installed size: 2.1 M
Is this ok [y/N]: y
Downloading Packages:
gconf-editor-2.28.0-3.el6.x86_64.rpm | 1.0 MB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : gconf-editor-2.28.0-3.el6.x86_64 1/1
Verifying : gconf-editor-2.28.0-3.el6.x86_64 1/1
Installed:
gconf-editor.x86_64 0:2.28.0-3.el6
Complete!
2)在图形界面使用gconf-editor
以上就是linux图形界面下的注册表
3)字符界面下的查看linux注册表
[root@student ~]# gconftool-2 --all-dirs /
/schemas
/system
/desktop
/apps
4)修改注册表中的gdm参数
① Banner_message_enable 启用界面消息
② Banner_message_text 启用界面消息的内容
③ Disable_restart_buttons 阻止重新启动按钮
④ Disable_user_list 阻止登录显示用户信息
将以上4项全部设置强制性
5)将Xorg kill掉
[root@student ~]# killall Xorg
6)查看登录界面
1、grub使用md5加密
[root@teachers ~]# grub-md5-crypt
Password:
Retype password:
$1$GPadc$agAaeT94MKWLYFzgLKv.O.
2、将加密的md5密钥写到/etc/grub.conf配置文件下
[root@teachers ~]# cat /etc/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda3
# initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
password --md5 $1$GPadc$agAaeT94MKWLYFzgLKv.O.
title Red Hat Enterprise Linux (2.6.32-358.el6.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32-358.el6.x86_64 ro root=UUID=9fdb7ed8-e3c2-48eb-bd12-ac60d65ca227 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
initrd /initramfs-2.6.32-358.el6.x86_64.img
password --md5 $1$GPadc$agAaeT94MKWLYFzgLKv.O.
3、使用reboot命令重启系统
4、查看默认内核启动方式
[root@student ~]# cat /proc/cmdline
ro root=UUID=918ef4ea-cbc8-4f97-b362-5b74b203465c rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
5、查看单用户启动方式的配置文件
[root@student ~]# cat /etc/sysconfig/init
# color => new RH6.0 bootup
# verbose => old-style bootup
# anything else => new style bootup without ANSI colors or positioning
BOOTUP=color
# column to start "[ OK ]" label in
RES_COL=60
# terminal sequence to move to that column. You could change this
# to something like "tput hpa ${RES_COL}" if your terminal supports it
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
# terminal sequence to set color to a 'success' color (currently: green)
SETCOLOR_SUCCESS="echo -en \\033[0;32m"
# terminal sequence to set color to a 'failure' color (currently: red)
SETCOLOR_FAILURE="echo -en \\033[0;31m"
# terminal sequence to set color to a 'warning' color (currently: yellow)
SETCOLOR_WARNING="echo -en \\033[0;33m"
# terminal sequence to reset to the default color.
SETCOLOR_NORMAL="echo -en \\033[0;39m"
# Set to anything other than 'no' to allow hotkey interactive startup...
PROMPT=yes
# Set to 'yes' to allow probing for devices with swap signatures
AUTOSWAP=no
# What ttys should gettys be started on?
ACTIVE_CONSOLES=/dev/tty[1-6]
# Set to '/sbin/sulogin' to prompt for password on single-user mode --需要输入密码
# Set to '/sbin/sushell' otherwise --不需要输入密码
SINGLE=/sbin/sushell--单用户启动的方式
6、gconftool --用户信息配置数据库
1)安装gconf-editor包
[root@student ~]# yum install gconf-editor
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package gconf-editor.x86_64 0:2.28.0-3.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================
Installing:
gconf-editor x86_64 2.28.0-3.el6 aa 1.0 M
Transaction Summary
=============================================================================================================================================================
Install 1 Package(s)
Total download size: 1.0 M
Installed size: 2.1 M
Is this ok [y/N]: y
Downloading Packages:
gconf-editor-2.28.0-3.el6.x86_64.rpm | 1.0 MB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : gconf-editor-2.28.0-3.el6.x86_64 1/1
Verifying : gconf-editor-2.28.0-3.el6.x86_64 1/1
Installed:
gconf-editor.x86_64 0:2.28.0-3.el6
Complete!
2)在图形界面使用gconf-editor
以上就是linux图形界面下的注册表
3)字符界面下的查看linux注册表
[root@student ~]# gconftool-2 --all-dirs /
/schemas
/system
/desktop
/apps
4)修改注册表中的gdm参数
① Banner_message_enable 启用界面消息
② Banner_message_text 启用界面消息的内容
③ Disable_restart_buttons 阻止重新启动按钮
④ Disable_user_list 阻止登录显示用户信息
将以上4项全部设置强制性
5)将Xorg kill掉
[root@student ~]# killall Xorg
6)查看登录界面
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 如何编写测试报告
- mysql概要(十四)索引(补充:外键级联操作)
- 使用WebRequest类下载文件
- anddroid 新建工程时遇到:Failed to Resolved: com.android.support:appcompat-v7:15.+
- java基础学习
- linux进程前后台切换及任务计划
- linux中的几点安全
- 计算程序/函数运行时间
- stm32 启动过程
- oracle第2天之sql
- SQL中利用DMV进行数据库性能分析
- POJ3292 筛法
- ZJU1058 Currency Exchange
- gcc常用编译选项
- Entity Framework 6 Recipes 2nd Edition(10-6)译 -> TPT继承模型中使用存储过程
- 怎么学习C++?
- JSON数据的格式及使用
- 函数及脚本的综合应用
- 10大基础实用算法及其图解(程序员必备)
- 1832: [AHOI2008]聚会 LCA