Home | 簡體中文 | 繁體中文 | 雜文 | 打賞(Donations) | ITEYE 博客 | OSChina 博客 | Facebook | Linkedin | 知乎專欄 | Search | Email

部分 X. Security

目錄

142. Authentication
142.1. /etc/login.defs
142.2. PAM 插件認證
142.2.1. pam_tally2.so
142.2.2. pam_listfile.so
142.2.3. pam_access.so
142.2.4. pam_wheel.so
142.3. Network Authentication
142.3.1. Network Information Service (NIS)
142.3.1.1. 安裝NIS伺服器
142.3.1.2. Slave NIS Server
142.3.1.3. 客戶機軟件安裝
142.3.1.4. Authentication Configuration
142.3.1.5. application example
142.3.1.6. Mount /home volume from NFS
142.3.2. OpenLDAP
142.3.2.1. Server
142.3.2.2. Client
142.3.2.3. User and Group Management
142.3.3. Kerberos
142.3.3.1. Kerberos 安裝
142.3.3.1.1. CentOS 安裝
142.3.3.1.2. Install by apt-get
142.3.3.2. Kerberos Server
142.3.3.3. Kerberos Client
142.3.3.4. Kerberos Management
142.3.3.4.1. ktutil - Kerberos keytab file maintenance utility
142.3.3.4.2. klist - list cached Kerberos tickets
142.3.3.5. OpenSSH Authentications
142.3.3.5.1. Configuring the Application server system
142.3.3.5.2. Configuring the Application client system
142.3.4. FreeRADIUS (Remote Authentication Dial In User Service)
142.3.4.1. 安裝 FreeRADIUS
142.3.4.1.1. Ubuntu
142.3.4.1.2. 安裝 radiusd
142.3.4.2. ldap
142.3.4.3. mysql
142.3.4.4. WAP2 Enterprise
142.3.5. SASL (Simple Authentication and Security Layer)
142.3.6. GSSAPI (Generic Security Services Application Program Interface)
143. Sniffer
143.1. nmap - Network exploration tool and security / port scanner
143.1.1. 連接埠掃瞄
143.1.2. HOST DISCOVERY
143.1.2.1. -sP: Ping Scan - go no further than determining if host is online
143.1.3. SCAN TECHNIQUES
143.1.3.1. -sU: UDP Scan 掃瞄
143.1.3.2. -b <FTP relay host>: FTP bounce scan
143.1.4. PORT SPECIFICATION AND SCAN ORDER
143.1.4.1. -p <port ranges>: Only scan specified ports
143.1.5. SCRIPT SCAN
143.1.5.1. ftp-anon
143.1.5.2. mysql-info
143.1.5.3. http
143.1.5.4. snmp
143.1.5.5. SSHv1
143.1.5.6. --script-updatedb 更新腳本
143.1.6. OS DETECTION
143.1.6.1. -O: Enable OS detection 操作系統探測
143.1.7. OUTPUT
143.1.7.1. --open: Only show open (or possibly open) ports 操作系統探測
143.1.8. 排除指定的主機
143.1.9. 查看本地路由與介面
143.1.10. MISC
143.1.10.1. -6: Enable IPv6 scanning
143.1.10.2. -A: Enables OS detection and Version detection, Script scanning and Traceroute
143.1.11. Nmap Scripting Engine (NSE)
143.2. tcpdump - A powerful tool for network monitoring and data acquisition
143.2.1. 監控網絡適配器介面
143.2.2. 監控主機
143.2.3. 監控TCP連接埠
143.2.4. 監控協議
143.2.5. 輸出到檔案
143.2.6. src / dst
143.2.7. 保存結果
143.2.8. Cisco Discovery Protocol (CDP)
143.2.9. Flags
143.2.10. 案例
143.2.10.1. 監控80連接埠與icmp,arp
143.2.10.2. monitor mysql tcp package
143.2.10.3. HTTP 包
143.2.10.4. 顯示SYN、FIN和ACK-only包
143.2.10.5. 嗅探 Oracle 錯誤
143.2.10.6. smtp
143.3. cdpr - Cisco Discovery Protocol Reporter
143.4. ncat - Concatenate and redirect sockets
143.4.1. TCP 數據傳輸
143.4.2. UDP 數據傳輸
143.4.3. 始終保持伺服器開啟
143.4.4. 傳輸視頻流
143.5. ngrep - Network layer grep tool
143.5.1. 匹配關鍵字
143.5.2. 指定網絡介面
143.6. Unicornscan,Zenmap,nast
143.7. netstat-nat - Show the natted connections on a linux iptable firewall
143.8. Tcpreplay
143.9. Wireshark
144. sqlmap - automatic SQL injection and database takeover tool
144.1. Installation
144.2. 開始入住實驗
144.2.1. 測試腳本
144.2.2. sqlmap.ini
144.3. Request參數
144.3.1. --method, --data
144.3.2. --cookie
144.3.3. --referer
144.3.4. --user-agent
144.3.4.1. -a
144.3.5. --headers
144.3.6. --referer
144.3.7. auth
144.3.7.1. --auth-type
144.3.7.2. --auth-cred
144.3.8. --proxy
144.3.9. --threads
144.3.10. --delay
144.3.11. --timeout
144.4. Injection
144.4.1. --dbms
144.4.2. --prefix
144.4.3. --postfix
144.4.4. --string
144.4.5. --regexp
144.4.6. --excl-str
144.4.7. --excl-reg
144.5. Techniques
144.5.1. --stacked-test
144.5.2. --time-test
144.5.3. --union-test
144.5.4. --union-tech
144.5.5. --union-use
144.6. Enumeration
144.6.1. dbs
144.6.2. --count
144.6.3. --dump/--dump-all
144.6.4. --sql-query
144.6.5. --sql-shell
144.7. Miscellaneous
144.7.1. --update
144.7.2. --save
145. Vulnerability Scanner
145.1. Nessus
145.2. OpenVAS
146. Injection & Penetration
146.1. Backtrack Linux
147. SELinux
147.1. getsebool - get SELinux boolean value
147.2. sestatus - SELinux status tool
147.3. setsebool - set SELinux boolean value
147.4. chcon - change file SELinux security context
147.5. rsync
148. Suricata Engine
149. psad
150. fwknop
151. fwsnort
152. nftables
153. Haka