默认计划
930人加入学习
(23人评价)
Linux安全基础
价格 ¥ 399.00
该课程属于 高校公益行 | 网络安全实践训练营 请加入后再学习

pxe远程批量部署 Linux

  1.安装配置dhcp服务器

   yum -y  install dhcp

cp dhcpd.conf.example /etc/dhcp/dhcpd.conf

vim /etc/dhcp/dhcp/dhcpd.conf

default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet   ip地址 netmask 255.255.255.0 {
range  ;
option routers  xxx.xxx ;
option broadcast-address 5;
default-lease-time 600;
max-lease-time 7200;
next-server 服务器地址;

2.安装tftp-Server与syslinux,配置

yum -y install syslinux
 yum -y install tftp-server
 vim /etc/xinetd.d/tftp
“disable = yes”修改成disable=no

systemctl start xinetd

cd /var/lib/tftpboot

 cp /usr/share/syslinux/pxelinux.0 ./
 cp /var/ftp/yum/isolinux/vmlinuz ./
 cp /var/ftp/yum/isolinux/initrd.img ./
 cp /var/ftp/yum/isolinux/vesamenu.c32./    cp /var/ftp/yum/isolinux/boot.msg ./

mkdir pxelinux.cfg

编辑启动菜单配置文件

cp /var/ftp/yum/isolinux/ioslinux.cfg ./pxelinux.cfg/default

vim pxelinux.cfg/default

“label linux”这一行前添加:
label centos     //创建标签
menu label ^Install CentOS 7.1
menu default
kernel vmlinuz
append initrd=initrd.img inst.stage2=ftp://yumip/yum inst.ks=ftp://yumip/ks.cfg quiet

找到“menu label Test this ^media & install CentOS 7”,后面的
“menu default”行删除
3.安装Kickstart,配置自动化安装

yum -y install system-config-kickstart

system-config-kickstart

Kickstart配置   时区的选择 

安装方法 选择ftp  安装新的引导  分区选项

 安装后脚本

system-config-kickstart

mkdir /etc/yum.repos.d/old
cp -rf /etc/yum.repos.d/*
/etc/yum/repos.d/old/
rm -f /etc/yum.repos.d/*
echo '[base]
name= CentOS 7.1 Setup
baseurl=ftp://yum ip/yum
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7'>
/etc/yum.repos.d/CentOS7Setup.repo

保存 root/ks.cfg

vim anaconda-ks.cfg

复制
“%packages
@base
……
@x11
%end”段

vim  ks.cfg

在“part / --fstype="xfs" --grow --size=1
%post --interpreter=/bin/bash”两行之间粘贴“%packages … … %end”段

cp ks.cfg  /var/ftp/

firewall-cmd --permanent --add-service=dhcp success
 firewall-cmd --permanent --add-service=ftp success
 firewall-cmd --permanent --add-port=69/udp success
 firewall-cmd --reload

 

 

 

 

 
 
G
M
T
 
 
  Detect languageAfrikaansAlbanianArabicArmenianAzerbaijaniBasqueBelarusianBengaliBosnianBulgarianCatalanCebuanoChichewaChinese (Simplified)Chinese (Traditional)CroatianCzechDanishDutchEnglishEsperantoEstonianFilipinoFinnishFrenchGalicianGeorgianGermanGreekGujaratiHaitian CreoleHausaHebrewHindiHmongHungarianIcelandicIgboIndonesianIrishItalianJapaneseJavaneseKannadaKazakhKhmerKoreanLaoLatinLatvianLithuanianMacedonianMalagasyMalayMalayalamMalteseMaoriMarathiMongolianMyanmar (Burmese)NepaliNorwegianPersianPolishPortuguesePunjabiRomanianRussianSerbianSesothoSinhalaSlovakSlovenianSomaliSpanishSundaneseSwahiliSwedishTajikTamilTeluguThaiTurkishUkrainianUrduUzbekVietnameseWelshYiddishYorubaZulu
 
AfrikaansAlbanianArabicArmenianAzerbaijaniBasqueBelarusianBengaliBosnianBulgarianCatalanCebuanoChichewaChinese (Simplified)Chinese (Traditional)CroatianCzechDanishDutchEnglishEsperantoEstonianFilipinoFinnishFrenchGalicianGeorgianGermanGreekGujaratiHaitian CreoleHausaHebrewHindiHmongHungarianIcelandicIgboIndonesianIrishItalianJapaneseJavaneseKannadaKazakhKhmerKoreanLaoLatinLatvianLithuanianMacedonianMalagasyMalayMalayalamMalteseMaoriMarathiMongolianMyanmar (Burmese)NepaliNorwegianPersianPolishPortuguesePunjabiRomanianRussianSerbianSesothoSinhalaSlovakSlovenianSomaliSpanishSundaneseSwahiliSwedishTajikTamilTeluguThaiTurkishUkrainianUrduUzbekVietnameseWelshYiddishYorubaZulu
 
 
 
 
 
 
 
 
 
Text-to-speech function is limited to 200 characters
 
 
 
Options : History : Feedback : Donate Close
 
 
G
M
T
 
 
  Detect languageAfrikaansAlbanianArabicArmenianAzerbaijaniBasqueBelarusianBengaliBosnianBulgarianCatalanCebuanoChichewaChinese (Simplified)Chinese (Traditional)CroatianCzechDanishDutchEnglishEsperantoEstonianFilipinoFinnishFrenchGalicianGeorgianGermanGreekGujaratiHaitian CreoleHausaHebrewHindiHmongHungarianIcelandicIgboIndonesianIrishItalianJapaneseJavaneseKannadaKazakhKhmerKoreanLaoLatinLatvianLithuanianMacedonianMalagasyMalayMalayalamMalteseMaoriMarathiMongolianMyanmar (Burmese)NepaliNorwegianPersianPolishPortuguesePunjabiRomanianRussianSerbianSesothoSinhalaSlovakSlovenianSomaliSpanishSundaneseSwahiliSwedishTajikTamilTeluguThaiTurkishUkrainianUrduUzbekVietnameseWelshYiddishYorubaZulu
 
AfrikaansAlbanianArabicArmenianAzerbaijaniBasqueBelarusianBengaliBosnianBulgarianCatalanCebuanoChichewaChinese (Simplified)Chinese (Traditional)CroatianCzechDanishDutchEnglishEsperantoEstonianFilipinoFinnishFrenchGalicianGeorgianGermanGreekGujaratiHaitian CreoleHausaHebrewHindiHmongHungarianIcelandicIgboIndonesianIrishItalianJapaneseJavaneseKannadaKazakhKhmerKoreanLaoLatinLatvianLithuanianMacedonianMalagasyMalayMalayalamMalteseMaoriMarathiMongolianMyanmar (Burmese)NepaliNorwegianPersianPolishPortuguesePunjabiRomanianRussianSerbianSesothoSinhalaSlovakSlovenianSomaliSpanishSundaneseSwahiliSwedishTajikTamilTeluguThaiTurkishUkrainianUrduUzbekVietnameseWelshYiddishYorubaZulu
 
 
 
 
 
 
 
 
 
Text-to-speech function is limited to 200 characters
 
 
 
Options : History : Feedback : Donate Close
 
 
G
M
T
 
 
Detect languageAfrikaansAlbanianArabicArmenianAzerbaijaniBasqueBelarusianBengaliBosnianBulgarianCatalanCebuanoChichewaChinese (Simplified)Chinese (Traditional)CroatianCzechDanishDutchEnglishEsperantoEstonianFilipinoFinnishFrenchGalicianGeorgianGermanGreekGujaratiHaitian CreoleHausaHebrewHindiHmongHungarianIcelandicIgboIndonesianIrishItalianJapaneseJavaneseKannadaKazakhKhmerKoreanLaoLatinLatvianLithuanianMacedonianMalagasyMalayMalayalamMalteseMaoriMarathiMongolianMyanmar (Burmese)NepaliNorwegianPersianPolishPortuguesePunjabiRomanianRussianSerbianSesothoSinhalaSlovakSlovenianSomaliSpanishSundaneseSwahiliSwedishTajikTamilTeluguThaiTurkishUkrainianUrduUzbekVietnameseWelshYiddishYorubaZulu
 
AfrikaansAlbanianArabicArmenianAzerbaijaniBasqueBelarusianBengaliBosnianBulgarianCatalanCebuanoChichewaChinese (Simplified)Chinese (Traditional)CroatianCzechDanishDutchEnglishEsperantoEstonianFilipinoFinnishFrenchGalicianGeorgianGermanGreekGujaratiHaitian CreoleHausaHebrewHindiHmongHungarianIcelandicIgboIndonesianIrishItalianJapaneseJavaneseKannadaKazakhKhmerKoreanLaoLatinLatvianLithuanianMacedonianMalagasyMalayMalayalamMalteseMaoriMarathiMongolianMyanmar (Burmese)NepaliNorwegianPersianPolishPortuguesePunjabiRomanianRussianSerbianSesothoSinhalaSlovakSlovenianSomaliSpanishSundaneseSwahiliSwedishTajikTamilTeluguThaiTurkishUkrainianUrduUzbekVietnameseWelshYiddishYorubaZulu
 
 
 
 
 
 
 
 
 
Text-to-speech function is limited to 200 characters
 
 
Options : History : Feedback : Donate Close
[展开全文]

YUM:Yellowdog Updater Modified:是基于RPM包【RPM:RPM Package Manager(RPM软件包管理器)的缩写 , 一种用于互联网下载包的打包及安装工具,它包含在某些Linux分发版中。 】的的软件更新机制可以自动解决RPM包安装的依赖关系,所有软件包由集中的YUM软件仓库提供。

软件仓库的提供方式:FTP服务,HTTP服务,本地目录。

RPM软件包的来源:官方发布、第三方发布、用户自定义

配置时 使用超级管理员登录:未列出中:用户名:root,MIMA

1、配置IP地址:cd /etc/sysconfig/network-scripts/

ls

查看本地网卡的配置文件,用vim打开。

(1)修改BOOTROT="static"

(2)IPV6INIT="no",……"no"

(3)IPADDR=10.11.11 .1

NETMASK=255.255.255.0

GATEWAT=10.11.11.254

(只为了生成默认路由)

 

 

[展开全文]

1.2   配置本地yum源

     配置固定ip地址

    cd /etc/sysconfig/network-scripts/

    挂载光盘 

    umount /dev/cdrom

   mount /dev/cdrom /media/cdrom/

  

 安装ftp

  cd /media/cdrom/Packages/

    rpm -Uvh vsftpd-3.0.2-22.el7.x86_64.rpm

cp -rf /media/cdrom/* ./

systemctl start vsftpd

 netstat -atpn | grep 21

配置 vsftpd 安全

vim /etc/vsftpd/vsftpd.conf  被动

设置 selinux规则

setsebool allow_ftpd_full_access 1

setsebool httpd_enable_ftp_server 1
添加端口

 

 

 

 

 

 

 
 
G
M
T
 
 
Detect languageAfrikaansAlbanianArabicArmenianAzerbaijaniBasqueBelarusianBengaliBosnianBulgarianCatalanCebuanoChichewaChinese (Simplified)Chinese (Traditional)CroatianCzechDanishDutchEnglishEsperantoEstonianFilipinoFinnishFrenchGalicianGeorgianGermanGreekGujaratiHaitian CreoleHausaHebrewHindiHmongHungarianIcelandicIgboIndonesianIrishItalianJapaneseJavaneseKannadaKazakhKhmerKoreanLaoLatinLatvianLithuanianMacedonianMalagasyMalayMalayalamMalteseMaoriMarathiMongolianMyanmar (Burmese)NepaliNorwegianPersianPolishPortuguesePunjabiRomanianRussianSerbianSesothoSinhalaSlovakSlovenianSomaliSpanishSundaneseSwahiliSwedishTajikTamilTeluguThaiTurkishUkrainianUrduUzbekVietnameseWelshYiddishYorubaZulu
 
AfrikaansAlbanianArabicArmenianAzerbaijaniBasqueBelarusianBengaliBosnianBulgarianCatalanCebuanoChichewaChinese (Simplified)Chinese (Traditional)CroatianCzechDanishDutchEnglishEsperantoEstonianFilipinoFinnishFrenchGalicianGeorgianGermanGreekGujaratiHaitian CreoleHausaHebrewHindiHmongHungarianIcelandicIgboIndonesianIrishItalianJapaneseJavaneseKannadaKazakhKhmerKoreanLaoLatinLatvianLithuanianMacedonianMalagasyMalayMalayalamMalteseMaoriMarathiMongolianMyanmar (Burmese)NepaliNorwegianPersianPolishPortuguesePunjabiRomanianRussianSerbianSesothoSinhalaSlovakSlovenianSomaliSpanishSundaneseSwahiliSwedishTajikTamilTeluguThaiTurkishUkrainianUrduUzbekVietnameseWelshYiddishYorubaZulu
 
 
 
 
 
 
 
 
 
Text-to-speech function is limited to 200 characters
 
 
Options : History : Feedback : Donate Close
[展开全文]

1.VM 安装 centos7以及配置

 
 
G
M
T
 
 
Detect languageAfrikaansAlbanianArabicArmenianAzerbaijaniBasqueBelarusianBengaliBosnianBulgarianCatalanCebuanoChichewaChinese (Simplified)Chinese (Traditional)CroatianCzechDanishDutchEnglishEsperantoEstonianFilipinoFinnishFrenchGalicianGeorgianGermanGreekGujaratiHaitian CreoleHausaHebrewHindiHmongHungarianIcelandicIgboIndonesianIrishItalianJapaneseJavaneseKannadaKazakhKhmerKoreanLaoLatinLatvianLithuanianMacedonianMalagasyMalayMalayalamMalteseMaoriMarathiMongolianMyanmar (Burmese)NepaliNorwegianPersianPolishPortuguesePunjabiRomanianRussianSerbianSesothoSinhalaSlovakSlovenianSomaliSpanishSundaneseSwahiliSwedishTajikTamilTeluguThaiTurkishUkrainianUrduUzbekVietnameseWelshYiddishYorubaZulu
 
AfrikaansAlbanianArabicArmenianAzerbaijaniBasqueBelarusianBengaliBosnianBulgarianCatalanCebuanoChichewaChinese (Simplified)Chinese (Traditional)CroatianCzechDanishDutchEnglishEsperantoEstonianFilipinoFinnishFrenchGalicianGeorgianGermanGreekGujaratiHaitian CreoleHausaHebrewHindiHmongHungarianIcelandicIgboIndonesianIrishItalianJapaneseJavaneseKannadaKazakhKhmerKoreanLaoLatinLatvianLithuanianMacedonianMalagasyMalayMalayalamMalteseMaoriMarathiMongolianMyanmar (Burmese)NepaliNorwegianPersianPolishPortuguesePunjabiRomanianRussianSerbianSesothoSinhalaSlovakSlovenianSomaliSpanishSundaneseSwahiliSwedishTajikTamilTeluguThaiTurkishUkrainianUrduUzbekVietnameseWelshYiddishYorubaZulu
 
 
 
 
 
 
 
 
 
Text-to-speech function is limited to 200 characters
 
 
Options : History : Feedback : Donate Close

 

[展开全文]

YUM , Yellowdog Updater Modified

登陆linux系统尽量使用root(超级管理员),

获得最高权限以便操作

 

 

 

[展开全文]

SSH的用途:在通过网络远程访问另一个主机时 提供最大的保护。增加其他非安全协议的安全性。

远程访问:远程主机 shell 访问 ssh root@主机

使用 SFTP 或 SCP 传输文件:

通过 SCP 命令将文件在本地主机与远程服务器之间进行复制:scp root@主机:/etc/pssawd./

结合 SFTP,作为 FTP 文件传输的一个安全替代品:sftp root@主机:/opt/www/

结合 rsync 有效安全地备份、复制和镜像文件到一个本地或远程 主机:rsync -avz --delete root@主机:/opt/www/./

端口转发

远程主机转发x 会话编辑sshd_config 113和115行

sshfs远程挂载安全目录 安装工具 epel源

[展开全文]

centos 7 安装准备:

1、虚拟机式安装

centos 7 安装镜像

VMware Workstations

一步一步完成设置

2、双系统式安装

一个超4G U盘

软件:UltraISo Easy BCD

centos 7镜像文件

关键:压缩出一个空白卷,根据自己的需求分区吧!如果有相关经验就自己分,没有就选择自动分区。

一步一步完成设置

 

[展开全文]

1.克隆CentOS7

     1.

2.启动CentOS7克隆系统

    1.点未列出?-用户名,密码

3.网络适配器设置-VMware2

4.右键-打开终端

 

[展开全文]

1.安装VM虚拟机

2.下载CentOS7的镜像文件

3.新建虚拟机

    1.自定义

    2.稍后安装操作系统

    3.Linux-CentOS64位

    4.内核数量2

    5.2G内存

    6.使用网络地址转换

    7.SCS

    8.创建虚拟机磁盘60G

4.编辑虚拟机设置

    1.移除不需要的硬件

    2.网络适配器-自定义-VMware2(仅主机模式)

    3.CD-安装镜像文件

 5.启动虚拟机

    1.安装CentOS7

    2.语言选择简体中文

    3.日期和时间

    4.键盘-汉语+英语

    5.软件选择-带GUI的服务器-硬件监控工具、JAVA平台、大系统性能、性能工具、兼容性程序库、开发工具、安全性工具

    6.安装位置-我要配置分区-点最下面

    7.手动分区-点这里创建-浏览

    8.KDUMP禁用

    9.NETWORK-以太网开启

6.开始安装

    1.ROOT密码

        if(mima<strong)

            twice;

    2.创建用户

          

 

        

    

 

[展开全文]

CentOS 的安装

1. 下载镜像

2. 利用VMware Workstation 安装

3. 进行常规设置

 

 

[展开全文]
d4m1ts · 2018-05-22 · CentOS7安装 0

重置root密码

启动时按e进编辑模式

进入后,找到“linux16”开头的地按“end”键到最后, 输入“rd.break” ,按“ctrl+x”进入。重新挂载系统分区,改变跟,修改密码用“grub2-mkpasswd-pbkdf2”命令生成加密口令

[展开全文]

1. 安装依赖

yum install wget bzip2 texlive net-tools alien redis -y

2. 安装Atomicorp源

 wget -q -O - http://www.atomicorp.com/installers/atomic | sh

3. 配置启动Redis

vim /etc/redis.conf unixsocket /tmp/redis.sock unixsocketperm 700 //找到这两项,把前面的#号去掉

 

systemctl enable redis && systemctl restart redis

reboot

4. 安装 OPenVAS

yum install openvas -y

openvas-setup

 

5. 排错

openvas-check-setup

 

[展开全文]
taoist · 2018-05-21 · OPenVAS部署 0

需要超级管理员的登录

[展开全文]

针对所有账号在profile里面添加export TMOUT=时间

使用su -目标用户切换用户

启用pam.d/su认证模块将#号去除将用户添加到wheel :gpasswd -a 用户 wheel

sudo -u 机制提升权限以其他身份执行授权命令

配置sudo授权修改sudoers

[展开全文]

账号的基本安全

注释掉用户+#

原则是最小权限+最少服务=最大的安全

adm/lp/syszc/halt/ftp/注释掉

将非登录账号shell设为sbin/nologin usermod -s

锁定一段时间不是用的账号usermod -L

账号加锁chattr +i/解锁chattr -i

账号口令安全设置编辑login.defs只适用新账号

修改已存在chage -M有效期/下次登陆强制修改密码chage -d

减少记录命令条数profile、注销时自动清空历史记录~/ .bash_logout添加history -c 和clear

自动注销添加export TMOUT=时间

[展开全文]

配置本地YUM源--可保证使用过程中可快速软件安装

  • Yellowdog Updater Modified
  • 基于RPM包创建的软件更新机制,自动解决RPM软件依赖关系

查看本地配置文件

/etc/sysconfig/network-scripts

进行配置IP地址、

YUM源须有固定IP地址

  • 编辑本地网卡配置文件
  • 配置主机名 /etc/hostname
  • 配置主机记录
  • 重启网络服务,更新ip地址

配置本机YUM源

软件仓库提供方式:FTP,HTTP,

RPM软件包的来源:

卸载原光盘,

 

[展开全文]

Linux基本安全加固

1.CentOS7的 安装

使用VM

  • .ISO镜像文件
  • 语言,本地化,配置系统时间
  • 软件:设置安装源,更新软件
  • 系统:安装位置与网络主机名
  • 用户:root,创建新用户

选择网络连接的依据?Why VMnet2(仅主机)

KDump--内核

[展开全文]

YUN:配置本地yun源

1、察看网卡:cd /etc/sysconfig/network-scripts/

2、

[展开全文]

授课教师

高级讲师

课程特色

视频(35)
下载资料(3)