用戶管理知識
第1章 知識概述
提綱:
各種命令
與用戶有關的文件和目錄
如何讓普通用戶具有root用戶的權限
行為審計
1.1 用戶的分類
root用戶 皇帝 UID:0
特點:權限最高 想幹啥就幹啥
虛擬用戶 (傀儡) UID:1-499
特點:每個服務、程序運行的時+候都需要一個用戶
傀儡用戶不需要用來登錄系統(無法登陸)
傀儡用戶
grep nobody /etc/passwd
su - nobody
[root@test ~]# grep nobody /etc/passwd
nobody:x:99:99:Nobody:/:/sbin/nologin #虛擬用戶的命令解釋器與普通用戶的不同
[root@test ~]# su - nobody
This account is currently not available.
[root@test ~]# grep mysql /etc/passwd
mysql:x:503:503::/home/mysql:/sbin/nogin/
[root@test ~]# su - mysql
su: warning: cannot change directory to/home/mysql: No such file or directory
su: /sbin/nogin/: No such file or directory
普通用戶 貧民 UID:500+(UID從500開始)
[root@test ~]# grep baoge /etc/passwd
baoge:x:505:505::/home/baoge:/bin/bash
特點:可以登錄系統,但執行命令時需要授權才行
1.2 與用戶有關的文件或目錄
1.2.1 與用戶有關的文件
/etc/passwd ###存放用戶的信息
/etc/shadow ###存放用戶密碼信息
/etc/group ###存放用戶組的信息
/etc/gshadow ###存放用戶組密碼信息
ls-l /etc/passwd /etc/shadow /etc/group /etc/gshadow
[root@test ~]# ls -l /etc/passwd /etc/shadow /etc/group /etc/gshadow
-rw-r--r-- 1 root root 625 Nov 17 00:17 /etc/group
---------- 1 root root 509 Nov 17 00:17 /etc/gshadow
-rw-r--r-- 1 root root 1215 Nov 17 00:17/etc/passwd
---------- 1 root root 1099 Nov 17 00:18/etc/shadow
###當往系統裏添加一個用戶後可以看到這四個文件的修改時間發生了改變
[root@test ~]# ls -l /etc/passwd /etc/shadow /etc/group /etc/gshadow
-rw-r--r-- 1 root root 642 Nov 18 05:45 /etc/group
---------- 1 root root 523 Nov 18 05:45 /etc/gshadow
-rw-r--r-- 1 root root 1262 Nov 18 05:45/etc/passwd
---------- 1 root root 1131 Nov 18 05:45/etc/shadow
###/etc/passwd文件每一列的意思
[root@test ~]# head -2 /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
用戶名:密碼:UID:GID:用戶的說明信息:家目錄:用戶使用的shell/命令解釋器
###/etc/shadow文件內容存放用戶真實的密碼
[root@test /]# head -5 /etc/shadow
root:$6$HNvpPdkF3RQwb5.I$XIvA1gY0NdjayrekrQXYtj33TPX16TiRHNr4a1PVHEiulhiwfib1msnUtR43ReZCij1M5ibNs/1cFCVCVMaIg/:17486:0:99999:7:::
bin:*:17246:0:99999:7:::
daemon:*:17246:0:99999:7:::
adm:*:17246:0:99999:7:::
lp:*:17246:0:99999:7:::
###/etc/group文件內容
[root@test /]# head -5 /etc/group
root:x:0:
bin:x:1:bin,daemon
daemon:x:2:bin,daemon
sys:x:3:bin,adm
adm:x:4:adm,daemon
###/etc/gshadow文件內容
[root@test /]# head -5 /etc/gshadow
root:::
bin:::bin,daemon
daemon:::bin,daemon
sys:::bin,adm
adm:::adm,daemon
###系統中可以使用的命令解釋器
[root@test ~]# cat /etc/shells
/bin/sh
/bin/bash
/sbin/nologin
/bin/dash
/bin/tcsh
/bin/csh
###/bin/sh與/bin/bash的關系
[root@test ~]# ls -l /bin/sh /bin/bash
-rwxr-xr-x 1 root root942200 Mar 23 2017 /bin/bash
lrwxrwxrwx. 1 root root 4 Nov 16 13:45 /bin/sh -> bash
/bin/sh是/bin/bash的軟鏈接 但是給用戶設置命令解釋器時不能設置為/bin/sh
1.2.2 與用戶有關的目錄
/etc/skel所有新用戶老家的模板
/etc/skel目錄中有什麽 我們添加一個新用戶的家目錄中就有什麽
添加新用戶的時候系統會把目錄中的文件復制到新用戶家裏
[root@test /]# ls -l /etc/skel
total 0
###顯示目錄中的隱藏文件 參數-a的作用
[root@test /]# ls -a /etc/skel
. .. .bash_logout .bash_profile .bashrc
顯示目錄中的隱藏文件的詳細信息
[root@test /]# ls -la /etc/skel
total 20
drwxr-xr-x. 2 root root 4096 Nov 16 13:45 .
drwxr-xr-x. 78 root root 4096 Nov 16 23:09 ..
-rw-r--r--. 1 root root 18 Mar 23 2017 .bash_logout
-rw-r--r--. 1 root root 176 Mar 23 2017 .bash_profile #/etc/profile 用戶自己的環境變量和別名
-rw-r--r--. 1 root root 124 Mar 23 2017 .bashrc #/etc/bashrc 別名 這個用戶生效
1.2.2.1【企業故障案例1】登錄用戶時出現-bash-4.1$怎麽解決??
故障模擬
###切換到alex用戶下
[root@test ~]# su - alex
###發瘋打自己
###或者rm-rf .bash* rm ~/.* -fr
[alex@test ~]$ rm -rf /*
rm: cannot remove `/bin/false‘: Permission denied
rm: cannot remove `/bin/stty‘: Permission denied
rm: cannot remove `/bin/unicode_start‘: Permissiondenied
rm: cannot remove `/bin/kill‘: Permission denied
rm: cannot remove `/bin/traceroute6‘: Permissiondenied
rm: cannot remove `/bin/cpio‘: Permission denied
rm: cannot remove `/bin/env‘: Permission denied
......
rm: cannot remove `/var/cache/man/X11R6/cat9‘:Permission denied
rm: cannot remove `/var/cache/man/cat1‘:Permission denied
rm: cannot remove `/var/cache/man/cat9‘:Permission denied
rm: cannot remove `/var/cache/abrt-di‘: Permissiondenied
rm: cannot remove `/var/cache/ldconfig‘:Permission denied
rm: cannot remove `/var/account/pacct‘: Permissiondenied
rm: cannot remove `/var/empty/sshd‘: Permissiondenied
[alex@test ~]$ su root
Password:
[root@test alex]#
###再次進到alex用戶下可以發現故障出現了
[root@test alex]# su - alex
-bash-4.1$
-bash-4.1$ pwd
/home/alex
-bash-4.1$ ls
-bash-4.1$ whoami
alex
-bash-4.1$ ls -l /data
total 0
-bash-4.1$ ls -ld /data
drwxr-xr-x. 2 root root 4096 Nov 16 13:56 /data
-bash-4.1$ ls -l /home
total 16
drwx------ 2 alex alex 4096 Nov 18 06:13 alex
drwx------ 2 baoge baoge 4096 Nov 17 00:05 baoge
drwx------ 2 oldboy oldboy 4096 Nov 17 10:04 oldboy
drwx------ 2 xiaoyanzi xiaoyanzi 4096 Nov 18 05:45xiaoyanzi
可以發現命令可以用
原因與解決辦法
原因:與用戶環境變量有關的文件被刪除
解決辦法:從哪裏復制一份/etc/skel /home/oldboy
退出有問題的用戶重新登錄
[root@test alex]# su - alex
-bash-4.1$
-bash-4.1$ cp /etc/skel/.bash* ~
-bash-4.1$ logout
[root@test alex]#
###問題已經解決
[root@test alex]# su alex
[alex@test ~]$
1.2.2.2以點開頭的文件或目錄
###國法
/etc/profile √
/etc/bashrc
###家規
~/.bash_profile
~/.bashrc
1.3 linux系統用戶管理(與用戶有關的命令)
查看當前linux系統的版本、內核等信息,命令如下
查看系統版本號
cat /etc/redhat-release
查看系統版本號
[root@test /]# cat /etc/redhat-release
CentOS release 6.9 (Final)
查看內核版本號
[root@test /]# uname -r
2.6.32-696.el6.x86_64
表示系統是64位
[root@test /]# uname -m
x86_64
1.3.1 useradd添加用戶
添加普通用戶
[root@test /]# useradd oldboy
[root@test /]# id oldboy
uid=504(oldboy) gid=504(oldboy) groups=504(oldboy)y
uid=890(oldboy) gid=890(oldboy) groups=890(oldboy)
命令參數:
-u 指定用戶的UID(數字 唯一相當於人的身份證號)
-s 指定用戶使用的shell(命令解釋器)
/bin/sh 默認的shell
/sbin/nologin 虛擬用戶(傀儡用戶)的shell
-M 表示不創建家目錄一般創建虛擬用戶使用
-g 指定用戶屬於的組(組的名字)
###創建虛擬用戶
[root@test baoge]# useradd -u 888 -s /sbin/nologin-M mysql888
[root@testbaoge]# id mysql888
uid=888(mysql888) gid=888(mysql888)groups=888(mysql888)
### -s /sbin/nologin 不讓這個用戶登錄系統
[root@test baoge]# grep mysql888 /etc/passwd
mysql888:x:888:888::/home/mysql888:/sbin/nologin
[root@test baoge]# ls /home/mysql888
ls: cannot access /home/mysql888: No such file or directory
問題:
[root@test baoge]# useradd -u 888 -s /sbin/nologin-M mysql777
useradd: UID 888 is not unique
表示用戶的UID 888不是唯一的已經被占用 此時應該換一個UID號就可解決這個問題
[root@test baoge]# useradd -u 889 -s /sbin/nologin -M mysql777
[root@test baoge]# id mysql777
uid=889(mysql777) gid=889(mysql777) groups=889(mysql777)
[root@test baoge]# useradd -s /sbin/nologin -M mysql
Creating mailbox file: File exists
[root@test baoge]# id mysql
uid=890(mysql) gid=890(mysql) groups=890(mysql)
[root@test baoge]# ls /home/
alex baoge oldboy xiaoyanzi
[root@test baoge]# ls /home/mysql
ls: cannot access /home/mysql: No such file or directory
1.3.2 userdel刪除用戶
在/etc/passwd中註釋掉這個用戶的一行也相當於把這個用戶刪除了
userdel默認不刪除用戶的家目錄和郵箱
-r 遞歸刪除與用戶有關的所有信息(家目錄)
1.3.3 usermod 修改用戶的信息(已經存在的用戶)
-s 修改用戶使用的shell
-g 屬於的家庭
-c 給用戶添加說明信息
-stdin 從管道中獲取用戶的密碼(非交互式設置的密碼)
[root@test ~]# su mysql
This account is currently not available.
[root@test ~]# grep mysql /etc/passwd
mysql:x:890:890::/home/mysql:/sbin/nologin
[root@test ~]# grep mysql /etc/passwd
mysql777:x:889:889::/home/mysql777:/sbin/nologin
mysql:x:890:890::/home/mysql:/sbin/nologin
[root@test ~]# usermod -s /bin/bash mysql
[root@test ~]# grep mysql /etc/passwd
mysql:x:890:890::/home/mysql:/bin/bash
[root@test ~]# su mysql
bash-4.1$ #cp /etc/skel/.bash* ~
cp: target `/home/mysql‘ is not a directory
###由於虛擬用戶沒有家目錄 所以即使改變了它的shell,還是無法使用
-c參數 useradd命令在創建用戶時也可以用該參數
[root@test ~]# usermod -c "The user is lbh" baoge
[root@test ~]# grep baoge /etc/passwd
baoge:x:505:505:Theuser is lbh:/home/baoge:/bin/bash
1.3.4 passwd 為用戶創建密碼
為用戶創建密碼
[root@test /]# passwd oldboy
Changing password for user oldboy.
New password: #123456
Retype new password: #123456
passwd: all authentication tokens updated successfully.
註意
一般情況下,在企業生產環境中應該盡量避免直接切到root用戶下操作,除非有超越普通用戶權限的系統維護要求。
還可以通過下面的命令一步到位設置密碼(其中,oldboy為用戶名,密碼為123456),
[root@test /]# useradd baoge
[root@test /]# id baoge
uid=505(baoge) gid=505(baoge)groups=505(baoge)
###另一種添加用戶密碼的方法
[root@test /]# echo"123456"|passwd --stdin baoge && history -c
Changing password for user baoge.
passwd: all authentication tokens updatedsuccessfully.
[root@test ~]# echo 654321|passwd --stdin baoge
Changing password for user baoge.
passwd: all authentication tokens updatedsuccessfully.
###讓密碼更安全
[root@test ~]# echo 123456|passwd --stdin baoge&& history -c
Changing password for user baoge.
passwd: all authentication tokens updatedsuccessfully.
[root@test ~]# ls -l .bash*
-rw-------. 1 root root 10049 Nov 18 08:17.bash_history
-rw-r--r--. 1 root root 18 May 20 2009 .bash_logout
-rw-r--r--. 1 root root 176 May 20 2009 .bash_profile
-rw-r--r--. 1 root root 176 Sep 23 2004 .bashrc
###在當前用戶的家目錄中的.bash_history 文件中存放的是使用命令的歷史記錄
[root@test ~]# head .bash_history
ls
cd /
ls
mkdir -p data oldboy
ls
id
ls
ifconfig
setup
ifup eth0
[root@test ~]# tail .bash_history
sh bj.sh 10 10 10
vim bj.sh
sh bj.sh 10 10 10
sh bj.sh 10 8
sh bj.sh 10 20
sh bj.sh 10 10
su mysql888
grep mysql888 /etc/passwd
usermod -s /bin/bash mysql888
su mysql888
1.3.4.1【企業密碼管理要求】
密碼復雜12位以上字母數字特殊字符
保存密碼:(兩款軟件)
keepass(軟件,密碼存放在本地,本地保險櫃)
lastpass(在線版本,銀行的保險櫃)
大的企業用戶和密碼統一管理(相當於活動目錄 AD)openldap域)
動態密碼:動態口令,第三方提供自己開發也很簡單。
更安全的方法
/var/log/secure日誌的分析:failure failed
鎖頭chattr +i +a lsattr鎖定命令或文件
指紋(find+md5sum+定時任務)監視常用命令和文件
md5sum-c/--check
【企業面試題】
批量添加10個用戶stu01,stu02....stu10,並設置8位隨機密碼(禁止使用for,while等循環)
方法1:
[root@oldboy/]# echo stu{01..10}|tr " " "\n"|sed -r ‘s#(.*)#useradd \1; pass=$((RANDOM+10000000)); echo "$pass"|passwd --stdin \1; echo -e"\1 \t `echo "$pass"`">>/tmp/oldboy.log#g‘|bash
方法2:
echostu{11..12}|xargs -n1 useradd ;echo stu{11..12}:`cat /dev/urandom|tr -dc0-9|fold -w8|head -1`|xargs -n1|tee -a pass.txt|chpasswd
方法3:
echostu{21..30} | tr ‘ ‘ ‘\n‘ | sed -e ‘s/^/useradd /‘ -e ‘s/\(stu[0-9]\{2\}\)$/\1\&\& echo "\1:`echo $[$RANDOM**3] | cut -c1-8`" | tee -auserInfo.txt | cut -d: -f2 | passwd --stdin \1/‘ | bash
方法4:
echostu{01..10} |tr ‘ ‘ ‘\n‘|sed -rn ‘s@^(.*)$@useradd \1 ; echo $RANDOM|md5sum|cut-c 1-8 >/data/\1;cat /data/\1|passwd --stdin \1@gp‘|bash
1.3.5 groupadd創建用戶組
-g 指定用戶組的gid數字
1.3.6 用戶查詢命令
1.3.6.1id查看用戶的信息
一個用戶是否存在
查詢用戶的UID和GID
屬於哪個用戶組
[root@test ~]# id alex;idbaoge;id oldboy;id xiaoyanzi;id mysql
uid=506(alex) gid=506(alex) groups=506(alex)
uid=505(baoge) gid=505(baoge) groups=505(baoge)
uid=504(oldboy) gid=504(oldboy) groups=504(oldboy)
uid=507(xiaoyanzi) gid=507(xiaoyanzi) groups=507(xiaoyanzi)
uid=890(mysql) gid=890(mysql) groups=890(mysql)
1.3.6.2w 顯示系統中已經遠程登錄的用戶幹了些啥
[root@test baoge]# w
10:25:20 up1 day, 11:22, 3 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - Thu23 35:21m 0.01s 0.01s -bash
root pts/0 10.0.0.253 05:33 1:55 0.71s 0.20s bash
root pts/1 10.0.0.253 06:29 0.00s 0.24s 0.00s w
開倆窗口,在其中的一個裏面執行man別退出
[root@test baoge]# w
10:26:47 up1 day, 11:24, 3 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - Thu23 35:22m 0.01s 0.01s -bash
root pts/0 10.0.0.253 05:33 9.00s 0.78s 0.03s man ls
root pts/1 10.0.0.253 06:29 0.00s 0.25s 0.00s w
[root@test baoge]# w
10:30:45 up1 day, 11:28, 3 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - Thu23 35:26m 0.01s 0.01s -bash
root pts/0 10.0.0.253 05:33 7.00s 0.80s 0.08s htop
root pts/1 10.0.0.253 06:29 0.00s 0.25s 0.00s w
[root@test baoge]# w
10:38:22 up1 day, 11:35, 4 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - Thu23 35:34m 0.01s 0.01s -bash
root pts/0 10.0.0.253 05:33 7:44 2.82s 2.10s htop
root pts/1 10.0.0.253 06:29 0.00s 0.25s 0.00s w
baoge pts/2 10.0.0.253 10:37 13.00s 0.01s 0.01s -bash
[root@test baoge]# w
10:38:45 up1 day, 11:36, 4 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - Thu23 35:34m 0.01s 0.01s -bash
root pts/0 10.0.0.253 05:33 8:07 2.93s 2.21s htop
root pts/1 10.0.0.253 06:29 0.00s 0.25s 0.00s w
baoge pts/2 10.0.0.253 10:37 3.00s 0.01s 0.00s sl
[root@test baoge]# w
10:39:05 up1 day, 11:36, 4 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - Thu23 35:34m 0.01s 0.01s -bash
root pts/0 10.0.0.253 05:33 8:27 3.02s 2.30s htop
root pts/1 10.0.0.253 06:29 0.00s 0.25s 0.00s w
baoge pts/2 10.0.0.253 10:37 4.00s 0.03s 0.02s htop
何人 何處 幹啥
1.3.6.3last 用戶登錄的信息
用戶登錄的信息 (哪個用戶在什麽時候在哪遠程登錄你的系統)
[root@test baoge]# last
baoge pts/2 10.0.0.253 Sat Nov 18 10:37 still logged in
root pts/1 10.0.0.253 Sat Nov 18 06:29 still logged in
root pts/0 10.0.0.253 Sat Nov 18 05:33 still logged in
root pts/0 10.0.0.253 Fri Nov 17 11:22 - 11:23 (00:00)
root pts/4 10.0.0.253 Fri Nov 17 08:14 - 22:31 (14:17)
root pts/3 10.0.0.253 Fri Nov 17 00:28 - 10:04 (09:36)
root pts/2 10.0.0.253 Fri Nov 17 00:27 - 10:04 (09:37)
root pts/2 10.0.0.253 Fri Nov 17 00:27 - 00:27 (00:00)
root pts/1 10.0.0.253 Fri Nov 17 00:26 - 10:04 (09:37)
root pts/0 10.0.0.253 Fri Nov 17 00:01 - 10:04 (10:03)
root pts/0 10.0.0.253 Thu Nov 16 23:04 - 00:01 (00:57)
root tty1 ThuNov 16 23:03 still logged in
reboot system boot 2.6.32-696.el6.x ThuNov 16 23:02 - 10:50 (1+11:47)
root pts/0 10.0.0.253 Thu Nov 16 14:39 - 18:48 (04:08)
root tty1 ThuNov 16 14:39 - crash (08:23)
reboot system boot 2.6.32-696.el6.x ThuNov 16 14:38 - 10:50 (1+20:11)
root pts/0 10.0.0.253 Thu Nov 16 14:33 - down (00:04)
root tty1 ThuNov 16 14:32 - down (00:05)
reboot system boot 2.6.32-696.el6.x ThuNov 16 14:31 - 14:38 (00:07)
root pts/0 10.0.0.253 Thu Nov 16 14:22 - down (00:08)
root pts/0 10.0.0.253 Thu Nov 16 14:18 - 14:21 (00:03)
root tty1 ThuNov 16 14:17 - down (00:12)
reboot system boot 2.6.32-696.el6.x ThuNov 16 14:16 - 14:30 (00:13)
root pts/0 10.0.0.253 Thu Nov 16 13:59 - down (00:16)
root tty1 ThuNov 16 13:55 - down (00:20)
reboot system boot 2.6.32-696.el6.x ThuNov 16 13:55 - 14:16 (00:20)
1.3.6.4lastlog顯示linux中所有用戶最近一次遠程登錄的信息
[root@test baoge]# lastlog
Username Port From Latest
root pts/1 10.0.0.253 Sat Nov 18 06:29:34 +0800 2017
bin **Neverlogged in**
daemon **Neverlogged in**
adm **Neverlogged in**
lp **Never logged in**
sync **Never loggedin**
shutdown **Neverlogged in**
halt **Neverlogged in**
mail **Neverlogged in**
uucp **Neverlogged in**
operator **Neverlogged in**
games **Neverlogged in**
gopher **Neverlogged in**
ftp **Neverlogged in**
nobody **Neverlogged in**
dbus **Neverlogged in**
vcsa **Neverlogged in**
abrt **Neverlogged in**
haldaemon **Neverlogged in**
ntp **Neverlogged in**
saslauth **Neverlogged in**
postfix **Neverlogged in**
sshd **Neverlogged in**
tcpdump **Neverlogged in**
oldboy **Neverlogged in**
baoge pts/2 10.0.0.253 Sat Nov 18 10:37:03 +0800 2017
alex **Neverlogged in**
xiaoyanzi **Neverlogged in**
mysql777 **Neverlogged in**
mysql **Neverlogged in**
1.3.7 su切換用戶
[root@test /]# whoami
root
切換到oldboy用戶下
[root@test /]# su oldboy
[oldboy@test /]$ whoami
oldboy
總結:su 與su -的區別
前者(su)在切換到 root 用戶之後仍然保持舊的(或者說原始用戶的)環境;
而後者(su -)則是創建一個新的環境(由 root 用戶 ~/.bashrc 文件所設置的環境),相當於使用 root 用戶正常登錄(從登錄屏幕登錄)。
實例演示:
su
[root@test /]# cd data
[root@test data]# pwd
/data
[root@test data]# su oldboy
[oldboy@test data]$
[oldboy@test data]$ su root
Password:
[root@test data]# pwd
/data
與切換用戶前位置不變
su -
[oldboy@test data]$ su - root
Password:
[root@test ~]# pwd
/root
使用su-後會回到初始位置,相當於重新登錄了一次
[root@test ~]# su oldboy
[oldboy@test root]$ env |grep -i root
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
MAIL=/var/spool/mail/root
PWD=/root
[root@test ~]# su - oldboy
[oldboy@test ~]$ env |grep -i root
參考博客:
老男孩老師博客:http://oldboy.blog.51cto.com/2561410/1053606
1.4 sudo給普通用戶提權
讓某個用戶運行某個命令的時候可以是root
[root@test ~]# su - baoge
[baoge@test ~]$ tail /var/log/cron
tail: cannot open `/var/log/cron‘ for reading:Permission denied
[baoge@test ~]$ ls -l /var/log/cron
-rw-------. 1 root root 33516 Nov 18 11:01/var/log/cron
##權限不夠
解決辦法:
##1.改變這些日誌的權限 rw----r--
##3.給tail 加上suid權限
##sudo 給baoge一把尚方寶劍
看看我有什麽尚方寶劍
[baoge@test root]$ sudo -l
We trust you have received the usual lecture from the localSystem
Administrator. It usually boils down to these three things:
#1) Respect theprivacy of others.
#2) Think before youtype.
#3) With great powercomes great responsibility.
[sudo] password for baoge:
sudo: 1 incorrect password attempts
Sorry, user baoge may not run sudo on test.
visudo給baoge一把尚方寶劍<=======> vim /etc/sudoers 編輯
[baoge@test root]$
###在root用戶下執行visudo在92行添加
baoge /usr/bin/tail
###檢查語法
[root@test ~]# visudo -c
/etc/sudoers: parsed OK
baoge用戶下測試
[baoge@test root]$ sudo tail/var/log/cron
[sudo] password for baoge:
Nov 18 10:50:01 test CROND[7021]: (root)CMD (/usr/lib64/sa/sa1 1 1)
Nov 18 11:00:01 test CROND[7027]: (root)CMD (/usr/lib64/sa/sa1 1 1)
Nov 18 11:01:01 test CROND[7058]: (root)CMD (run-parts /etc/cron.hourly)
Nov 18 11:01:01 testrun-parts(/etc/cron.hourly)[7058]: starting 0anacron
Nov 18 11:01:01 testrun-parts(/etc/cron.hourly)[7067]: finished 0anacron
Nov 18 11:10:01 test CROND[7091]: (root)CMD (/usr/lib64/sa/sa1 1 1)
Nov 18 11:20:01 test CROND[7243]: (root)CMD (/usr/lib64/sa/sa1 1 1)
Nov 18 11:30:01 test CROND[7357]: (root)CMD (/usr/lib64/sa/sa1 1 1)
Nov 18 11:40:01 test CROND[7401]: (root)CMD (/usr/lib64/sa/sa1 1 1)
Nov 18 11:50:01 test CROND[7514]: (root)CMD (/usr/lib64/sa/sa1 1 1)
You have mail in /var/spool/mail/root
無密碼
baoge ALL=(ALL) NOPASSWD:/usr/bin/tail
[baoge@test root]$ sudo tail/var/log/cron
Nov 18 10:40:01 test CROND[7016]: (root)CMD (/usr/lib64/sa/sa1 1 1)
Nov 18 10:50:01 test CROND[7021]: (root)CMD (/usr/lib64/sa/sa1 1 1)
Nov 18 11:00:01 test CROND[7027]: (root) CMD (/usr/lib64/sa/sa11 1)
Nov 18 11:01:01 test CROND[7058]: (root) CMD (run-parts/etc/cron.hourly)
Nov 18 11:01:01 test run-parts(/etc/cron.hourly)[7058]: starting0anacron
Nov 18 11:01:01 test run-parts(/etc/cron.hourly)[7067]: finished0anacron
Nov 18 11:10:01 test CROND[7091]: (root) CMD (/usr/lib64/sa/sa11 1)
Nov 18 11:20:01 test CROND[7243]: (root) CMD (/usr/lib64/sa/sa11 1)
Nov 18 11:30:01 test CROND[7357]: (root) CMD (/usr/lib64/sa/sa11 1)
Nov 18 11:40:01 test CROND[7401]: (root) CMD (/usr/lib64/sa/sa11 1)
讓一個人用戶不用密碼使用所有命令
visudo
baoge ALL=(ALL) NOPASSWD: ALL
[baoge@test root]$ tail -2 /var/log/cron
tail: cannot open `/var/log/cron‘ for reading: Permission denied
[baoge@test root]$ sudo tail -2 /var/log/cron
Nov 18 12:01:01 test run-parts(/etc/cron.hourly)[7552]: starting0anacron
Nov 18 12:01:01 test run-parts(/etc/cron.hourly)[7561]: finished0anacron
[baoge@test root]$ sudo head -2 /var/log/cron
Nov 16 13:55:30 test crond[1521]: (CRON) STARTUP (1.4.4)
Nov 16 13:55:30 test crond[1521]: (CRON) INFO (RANDOM_DELAY willbe scaled with factor 17% if used.)
[baoge@test root]$ sudo ll /var/log/cron
sudo: ll: command not found
[baoge@test root]$ sudo ls -l /var/log/cron
-rw-------. 1 root root 34152 Nov 18 12:01 /var/log/cron
[baoge@test root]$ sudo ls -ld /var/log/cron
-rw-------. 1 root root 34152 Nov 18 12:01 /var/log/cron
[baoge@test root]$ sudo ls -la /var/log/cron
-rw-------. 1 root root 34152 Nov 18 12:01 /var/log/cron
alex上的操作
[alex@test ~]$ sudo -l
[sudo] password for alex:
We trust you have received the usual lecture fromthe local System
Administrator. It usually boils down to thesethree things:
#1)Respect the privacy of others.
#2)Think before you type.
#3) Withgreat power comes great responsibility. -spider man
Sorry, useralex may not run sudo on test.
抱歉, alex用戶 不能在這臺服務器運行sudo.
#給alex用戶授權 cat
visudo ##編輯sudo授權(root用戶下授權)
#第92行 插入
alex ALL=(ALL) /bin/cat
[root@test ~] grep alex /etc/sudoers
alex ALL=(ALL) /bin/cat
###alex用戶
[root@test ~] $ sudo -l
[sudo] password for alex:
Matching Defaults entries for alex on this host:
!visiblepw, always_set_home, env_reset, env_keep="COLORS DISPLAYHOSTNAME HISTSIZE INPUTRC KDEDIR
LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANGLC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE
LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES",env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER
LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS_XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User alex may run the following commands on thishost:
(ALL)/bin/cat
[alex@test ~]$ cat /var/log/cron
cat: /var/log/cron: Permission denied
[alex@test ~]$ sudo cat /var/log/cron
linux中的續行符號 \
[root@test ~]# echo133333333\aaaaaaaannnvvvvvvv\dddddddddddd1111111111111111111111\nnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
133333333aaaaaaaannnvvvvvvvdddddddddddd1111111111111111111111nnnnnnnnnnnnnnnnnnnnnnnnnnnnnn
1.5 日誌審計
記錄用戶的操作
奇治的堡壘機:商業產品
Python開發的開源產品
gateone web跳板機
跳板機(堡壘機)jumpserver部署
alex寫的crazyEYE
shell跳板機
1.6 md5sum系統安全
給重要的文件或命令 做一個指紋 定時任務+md5sum定時檢查
實例演示:
toucholdboy.txt
[root@test ~]# touch oldboy.txt
[root@test ~]#
1.6.1給這個文件創建指紋
文件的內容變化 === 指紋變化
[root@test ~]# md5sum oldboy.txt
d41d8cd98f00b204e9800998ecf8427e oldboy.txt
[root@test ~]# md5sum oldboy.txt
d41d8cd98f00b204e9800998ecf8427e oldboy.txt
[root@test ~]# echo hellobe baoge>>oldboy.txt
[root@test ~]# md5sum oldboy.txt
59f2acf5bd3704c8164cad952999fdd5 oldboy.txt
1.6.2如何快速的對比指紋
1.6.2.1把你的指紋記錄下來
[root@test ~]# md5sum oldboy.txt
59f2acf5bd3704c8164cad952999fdd5 oldboy.txt
[root@test ~]# md5sum oldboy.txt>>zhiwen.log
[root@test ~]# cat zhiwen.log
59f2acf5bd3704c8164cad952999fdd5 oldboy.txt
1.6.2.2如何進行對比
[root@test ~]# md5sum -c zhiwen.log
oldboy.txt: OK
[root@test ~]# >oldboy.txt
[root@test ~]# md5sum -c zhiwen.log
oldboy.txt: FAILED
md5sum: WARNING: 1 of 1 computed checksum did NOTmatch
1.6.2.3【實例演示2】
把/etc/passwd /etc/shadow /etc/group /etc/gshadow 指紋放在 /tmp/zhiwen.log中
並進行指紋對比。
1. 創建指紋列表
[root@test ~]# md5sum /etc/passwd /etc/shadow/etc/group /etc/gshadow
22b439ca7da9b3bcf419b97053afaa44 /etc/passwd
7fce5901e768bea2b2b586a65fdcfcbe /etc/shadow
9e25c2328e6fc38da6dd6fd2445585ed /etc/group
bddcaff4debb54414b3b7e4a27444f95 /etc/gshadow
[root@test ~]# md5sum /etc/passwd /etc/shadow/etc/group /etc/gshadow >/tmp/zhiwen.log
[root@test ~]# cat /tmp/zhiwen.log
22b439ca7da9b3bcf419b97053afaa44 /etc/passwd
7fce5901e768bea2b2b586a65fdcfcbe /etc/shadow
9e25c2328e6fc38da6dd6fd2445585ed /etc/group
bddcaff4debb54414b3b7e4a27444f95 /etc/gshadow
2. 根據指紋列表對比文件內容是否變化
[root@test ~]# md5sum --check /tmp/zhiwen.log
/etc/passwd: OK
/etc/shadow: OK
/etc/group: OK
/etc/gshadow: OK
[root@test ~]# md5sum -c/tmp/zhiwen.log
/etc/passwd: OK
/etc/shadow: OK
/etc/group: OK
/etc/gshadow: OK
清空指紋存放文件再進行對比指紋
[root@test ~]# >/tmp/zhiwen.log
[root@test ~]# md5sum -c /tmp/zhiwen.log
md5sum: /tmp/zhiwen.log: no properlyformatted MD5 checksum lines found
本文出自 “決心書” 博客,請務必保留此出處http://13131196.blog.51cto.com/13121196/1983317
用戶管理知識