配置计划.docx
- 文档编号:10136482
- 上传时间:2023-05-23
- 格式:DOCX
- 页数:26
- 大小:567.77KB
配置计划.docx
《配置计划.docx》由会员分享,可在线阅读,更多相关《配置计划.docx(26页珍藏版)》请在冰点文库上搜索。
配置计划
东升科技有限公司
操作系统安全配置计划
一、公司概况
公司相关用户在服务器分组如下图所示:
二、目录及文件权限
各用户目录和文件权限设置思路如下表所示:
1、以root登陆,建立目录:
2、将用户分组:
3、为每个用户建立工作目录:
4、为每个用户设置初始密码:
5、改变目录属主:
6、设置目录权限:
三、完整性检查
####################################################################
#安装tripwire
####################################################################
#实验环境
CentOS6.6
#编译软件
gccgcc-c++make
tripwire-2.4.2.2-src.tar.bz2
#软件安装
root登陆
[root@localhost桌面]#yum-yinstallwgetmakegccgcc-c++
[root@localhost桌面]#wget
[root@localhost桌面]#tar-jxvftripwire-2.4.2.2-src.tar.bz2
[root@localhost桌面]#cdtripwire-2.4.2.2-src
[root@localhosttripwire-2.4.2.2-src]#./configure--prefix=/etc/tripwire
[root@localhosttripwire-2.4.2.2-src]#make&&makeinstall
####################################################################
#配置tripwire
####################################################################
安装完成后其安装文件如下:
其中配置、策略文件位于/etc/tripwire/etc中
配置文件twcfg.txt确定Tripwire使用的变量(例如tripwire报告文件的位置、e-mail地址、报告级别)。
DBFILE=/etc/tripwire/lib/tripwire/$(HOSTNAME).twd
REPORTFILE=/etc/tripwire/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr
策略文件twpol.txt告诉Tripwire监视什么样的文件。
此时,不需要在它的当前位置保留twcfg.txt和twpol.txt文件。
提供密码进行解密,可以通过一个Tripwire实用工具访问文件的加密版本。
为了安全起见,我们还需要删除明文形式的策略和配置文件或移动到其他地方。
为了防止被篡改,Tripwire对其自身的一些重要文件进行了加密和签名处理。
这里涉及到两个密钥:
site密钥和local密钥。
其中,前者用于保护策略文件和配置文件,如果多台机器具有相同的策略和配置的话,那么它们就可以使用相同的site密钥;后者用于保护数据库和报告,因此不同的机器必须使用不同的local密钥。
密钥保证这个文件只有你自己才能生成(唯一性),且.pol和.cfg格式不是文本文件格式,不能再次被编辑(完整性)。
创建新策略文件
将原来的twpol.txt文件删除,创建 /etc/tripwire/etc/twpol.txt 的新文件,内容如下:
策略检测账户相关目录、员工工作目录、日志文件及相关二进制文件的异动,根据下面的清单可以了解
清单1.文件属性
aAccesstimestamp
bNumberofblocksallocated
cInodetimestamp(create/modify)
dIDofdeviceonwhichinoderesides
gFileowner'sgroupID
iInodenumber
lFileisincreasinginsize(a"growingfile")
mModificationtimestamp
nNumberoflinks(inodereferencecount)
pPermissionsandfilemodebits
rIDofdevicepointedtobyinode
(validonlyfordeviceobjects)
sFilesize
tFiletype
uFileowner'suserID
CCRC-32hashvalue
HHavalhashvalue
MMD5hashvalue
SSHAhashvalue
#附加的掩码也可以添加到属性中:
+docompareattribute
-ignoreattribute
#为了避免繁琐,先把环境变量改一下
[root@localhostetc]#PATH=$PATH:
/etc/tripwire/sbin/
#将原有加密策略文件tw.pol删除,然后将twpol.txt加密成新的策略文件,加密后将twpol.txt删除或移动到其他地方
[root@localhost桌面]#twadmin--create-polfile-S/etc/tripwire/etc/site.key/etc/tripwire/etc/twpol.txt
Pleaseenteryoursitepassphrase:
Wrotepolicyfile:
/etc/tripwire/etc/tw.pol
#看看是否生产了新更新的策略文件,以后也可以用此命令重定向恢复twpol.txt
[root@localhost桌面]#twadmin--print-polfile
#uesr
Account=+pinugtsdbmCM-rlacSH;
/etc/passwd->$(Account);
/etc/shadow->$(Account);
/etc/group->$(Account);
#workdirectory
Work=+pugt;
/tmp->$(Work);
/tmp/code_A->$(Work);
/tmp/code_B->$(Work);
/tmp/code_C->$(Work);
/tmp/saling->$(Work);
/tmp/plan->$(Work);
/tmp/client->$(Work);
/tmp/manager->$(Work);
/tmp/service->$(Work);
#logs
SysLogs=+p-lum;
/var/log/messages->$(SysLogs);
#binary
Bin=+pisug;
/bin/ls->$(Bin);
/bin/login->$(Bin);
#最后把原有的数据库删除了,这确保我们得到一个干净的数据库版本
[root@localhostetc]#tripwire--init
Pleaseenteryourlocalpassphrase:
Parsingpolicyfile:
/etc/tripwire/etc/tw.pol
Generatingthedatabase...
***ProcessingUnixFileSystem***
Wrotedatabasefile:
/etc/tripwire/lib/tripwire/localhost.localdomain.twd
Thedatabasewassuccessfullygenerated.
Tripwire完整性检查
[root@localhost桌面]#tripwire--check
Parsingpolicyfile:
/etc/tripwire/etc/tw.pol
***ProcessingUnixFileSystem***
Performingintegritycheck...
Wrotereportfile:
/etc/tripwire/lib/tripwire/report/localhost.localdomain-20141107-104127.twr
OpenSourceTripwire(R)2.4.2.2IntegrityCheckReport
Reportgeneratedby:
root
Reportcreatedon:
2014年11月07日星期五10时41分27秒
Databaselastupdatedon:
Never
===============================================================================
ReportSummary:
===============================================================================
Hostname:
localhost.localdomain
HostIPaddress:
127.0.0.1
HostID:
None
Policyfileused:
/etc/tripwire/etc/tw.pol
Configurationfileused:
/etc/tripwire/etc/tw.cfg
Databasefileused:
/etc/tripwire/lib/tripwire/localhost.localdomain.twd
Commandlineused:
/etc/tripwire/sbin/tripwire--check
===============================================================================
RuleSummary:
===============================================================================
-------------------------------------------------------------------------------
Section:
UnixFileSystem
-------------------------------------------------------------------------------
RuleNameSeverityLevelAddedRemovedModified
-------------------------------------------
passwd0000
(/etc/passwd)
shadow0000
(/etc/shadow)
group0000
(/etc/group)
tmp0000
(/tmp)
code_A0000
(/tmp/code_A)
code_B0000
(/tmp/code_B)
code_C0000
(/tmp/code_C)
saling0000
(/tmp/saling)
plan0000
(/tmp/plan)
client0000
(/tmp/client)
manager0000
(/tmp/manager)
service0000
(/tmp/service)
messages0000
(/var/log/messages)
ls0000
(/bin/ls)
login0000
(/bin/login)
Totalobjectsscanned:
221
Totalviolationsfound:
0
===============================================================================
ObjectSummary:
===============================================================================
-------------------------------------------------------------------------------
#Section:
UnixFileSystem
-------------------------------------------------------------------------------
Noviolations.
===============================================================================
ErrorReport:
===============================================================================
NoErrors
-------------------------------------------------------------------------------
***Endofreport***
OpenSourceTripwire2.4Portionscopyright2000Tripwire,Inc.Tripwireisaregistered
trademarkofTripwire,Inc.ThissoftwarecomeswithABSOLUTELYNOWARRANTY;
fordetailsuse--version.Thisisfreesoftwarewhichmayberedistributed
ormodifiedonlyundercertainconditions;seeCOPYINGfordetails.
Allrightsreserved.
Integritycheckcomplete.
#可以看到没有检查到异动
#现在来做一点修改
[root@localhost桌面]#useraddtests
[root@localhost桌面]#chmod776/tmp/code_A
#现在来看看
[root@localhost桌面]#/etc/tripwire/sbin/tripwire--check
Parsingpolicyfile:
/etc/tripwire/etc/tw.pol
***ProcessingUnixFileSystem***
Performingintegritycheck...
Wrotereportfile:
/etc/tripwire/lib/tripwire/report/localhost.localdomain-20141107-104548.twr
OpenSourceTripwire(R)2.4.2.2IntegrityCheckReport
Reportgeneratedby:
root
Reportcreatedon:
2014年11月07日星期五10时45分48秒
Databaselastupdatedon:
Never
===============================================================================
ReportSummary:
===============================================================================
Hostname:
localhost.localdomain
HostIPaddress:
127.0.0.1
HostID:
None
Policyfileused:
/etc/tripwire/etc/tw.pol
Configurationfileused:
/etc/tripwire/etc/tw.cfg
Databasefileused:
/etc/tripwire/lib/tripwire/localhost.localdomain.twd
Commandlineused:
/etc/tripwire/sbin/tripwire--check
===============================================================================
RuleSummary:
===============================================================================
-------------------------------------------------------------------------------
Section:
UnixFileSystem
-------------------------------------------------------------------------------
RuleNameSeverityLevelAddedRemovedModified
-------------------------------------------
*passwd0001
(/etc/passwd)
*shadow0001
(/etc/shadow)
*group0001
(/etc/group)
tmp0000
(/tmp)
*code_A0001
(/tmp/code_A)
code_B0000
(/tmp/code_B)
code_C0000
(/tmp/code_C)
saling0000
(/tmp/saling)
plan0000
(/tmp/plan)
client0000
(/tmp/client)
manager0000
(/tmp/manager)
service0000
(/tmp/service)
messages0000
(/var/log/messages)
ls0000
(/bin/ls)
login0000
(/bin/login)
Totalobjectsscanned:
221
Totalviolationsfound:
4
===============================================================================
ObjectSummary:
===============================================================================
-------------------------------------------------------------------------------
#Section:
UnixFileSystem
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
RuleName:
passwd(/etc/passwd)
SeverityLevel:
0
-------------------------------------------------------------------------------
Modified:
"/etc/passwd"
-------------------------------------------------------------------------------
RuleName:
shadow(/etc/shadow)
SeverityLevel:
0
-------------------------------------------------------------------------------
Modified:
"/etc/shadow"
-------------------------------------------------------------------------------
RuleName:
group(/etc/group)
SeverityLevel:
0
-------------------------------------------------------------------------------
Modified:
"/etc/group"
-------------------------------------------------------------------------------
RuleName:
code_A(/tmp/code_A)
SeverityLevel:
0
-------------------------------------------------------------------------------
Modified:
"
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 配置 计划