月份: 2017 年 4 月

Lynis 是一套可用於各種 UNIX Based System 的系統安全檢測工具，它能找出系統安全需要補強的地方, 同時提供許多提升系統安全的作法與建議。
lynix 官方網站：https://cisofy.com/lynis/
參考網頁：
Lynis：Linux 安全性掃描檢測工具，找出系統漏洞、弱點與惡意程式 – G. T. Wang
網路系統組 / Network Systems [security:lynis]

1. 安裝
# yum install lynis –enablerepo=epel

2. 可用參數
# /bin/lynis –help[@more@]3. 進行檢查
–check-all 檢查整個系統
–quick 快速模式，不等待使用者互動確認
# /bin/lynis –check-all –quick
# /bin/lynis -c -Q

4. 將檢查結果輸出到檔案
# /bin/lynis –check-all –quick –no-colors > /tmp/lynis.txt

5. 列出 警告 & 建議事項
    內定是輸出到 /var/log/lynis.log
# egrep ‘Warning|Suggestion’ /var/log/lynis.log

6. 加入到工作排程
# crontab -e
30 2 * * * /bin/lynis -c -Q –auditor “automated” –cronjob

7. 依建議事項進行修改
2017-03-05 13:01:27 Suggestion: Change the allow_url_fopen line to: allow_url_fopen = Off, to disable downloads via PHP [test:PHP-2376] [details:-] [solution:-]

# sed -i ‘s/allow_url_fopen = On/allow_url_fopen = Off/’ /etc/php.ini
# systemctl restart httpd.service

除了使用 htpasswd 設定密碼也保護 nagios 使用安全外，也可以使用 ip 來限制來源


1. 註解 Require all
# sed -i ‘s/Require all/#Require all/’ /etc/httpd/conf.d/nagios.conf[@more@]
2. 在後面插入二行
# sed -i -e ‘/#Require all/atRequire all deniedntRequire ip 192.168.1.0/24’ /etc/httpd/conf.d/nagios.conf

3. 查看設定
# cat /etc/httpd/conf.d/nagios.conf
ScriptAlias /nagios/cgi-bin/ “/usr/lib64/nagios/cgi-bin/”

<Directory “/usr/lib64/nagios/cgi-bin/”>
#  SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   <IfVersion >= 2.3>
      <RequireAll>
         #Require all granted
        Require all denied
        Require ip 192.168.1.0/24
#        Require host 127.0.0.1

         AuthName “Nagios Access”
         AuthType Basic
         AuthUserFile /etc/nagios/passwd
         Require valid-user
      </RequireAll>
   </IfVersion>
</Directory>

Alias /nagios “/usr/share/nagios/html”

<Directory “/usr/share/nagios/html”>
#  SSLRequireSSL
   Options None
   AllowOverride None
   <IfVersion >= 2.3>
      <RequireAll>
         #Require all granted
        Require all denied
        Require ip 192.168.1.0/24
#        Require host 127.0.0.1

         AuthName “Nagios Access”
         AuthType Basic
         AuthUserFile /etc/nagios/passwd
         Require valid-user
      </RequireAll>
   </IfVersion>
</Directory>

4. 重新啟動 Web Server
# systemctl restart httpd.service

閒來無事，打發時間製作，以 Windows 10 1703 x86 為底

Windows 10 1703 整合至 1703 build 15063.250 + Office 2016

[@more@]Windows 7 SP1 更新整合至 2017-04-28

Windows 7 SP1 整合 Office 2010 SP2

參考網頁：
Install And Configure Nagios 4 On CentOS 7 | Unixmen
CentOS 7 : Nagios : Install : Server World
Configuring and Installing Nagios Core 4 on CentOS 6 – nuxref
Nagios Core 4.x Setup for CentOS 7.x – nuxref
Configuring and Installing NRPE and NSCA into Nagios Core 4 on CentOS 6 – nuxref
Control Protocol: Nagios issues, duh.

1. 安裝所需套件
# yum install nagios nagios-plugins-all php http

2. 設定開機時啟動服務
# systemctl enable httpd.service
# systemctl enable nagios.service
Created symlink from /etc/systemd/system/multi-user.target.wants/nagios.service to /usr/lib/systemd/system/nagios.service.
# systemctl start httpd.service
# systemctl start nagios.service[@more@]
3. 設定登入帳號及密碼
# /usr/bin/htpasswd -c /etc/nagios/passwd nagiosadmin
New password:
Re-type new password:
Adding password for user nagiosadmin

4. 檢查設定是否正確
# /usr/sbin/nagios -v /etc/nagios/nagios.cfg
Nagios Core 4.2.4
Copyright (c) 2009-present Nagios Core Development Team and Community Contributors
Copyright (c) 1999-2009 Ethan Galstad
Last Modified: 12-07-2016
License: GPL

Website: https://www.nagios.org
Reading configuration data…
   Read main config file okay…
   Read object config files okay…

Running pre-flight check on configuration data…

Checking objects…
        Checked 8 services.
        Checked 1 hosts.
        Checked 1 host groups.
        Checked 0 service groups.
        Checked 1 contacts.
        Checked 1 contact groups.
        Checked 24 commands.
        Checked 5 time periods.
        Checked 0 host escalations.
        Checked 0 service escalations.
Checking for circular paths…
        Checked 1 hosts
        Checked 0 service dependencies
        Checked 0 host dependencies
        Checked 5 timeperiods
Checking global event handlers…
Checking obsessive compulsive processor commands…
Checking misc settings…

Total Warnings: 0
Total Errors:   0

Things look okay – No serious problems were detected during the pre-flight check

5. 開啟瀏覽器 http://Server’IP/nagios
輸入設定的帳號及密碼

6. 登入後畫面

在 Web 介面可以選擇的語系，沒有 中文 zh_TW

可是明明有正體中文的語系
# ls -ld /usr/share/zabbix/locale/zh*
drwxr-xr-x 3 root root 4096 Mar  4 15:39 /usr/share/zabbix/locale/zh_CN
drwxr-xr-x 3 root root 4096 Mar  4 15:39 /usr/share/zabbix/locale/zh_TW[@more@]直接修改資料庫
# /usr/bin/mysql -u zabbix -p zabbixdb
MariaDB [zabbixdb]> select userid,alias,name,surname,lang from users;
+——–+———+———-+——————–+———+
| userid | alias   | name   | surname          | lang     |
+——–+———+———-+——————-+———-+
|      1   | Admin | Zabbix | Administrator  | zh_CN |
|      2   | guest   |             |                           | en_GB |
+——-+———-+———+——————–+———–+
2 rows in set (0.00 sec)

MariaDB [zabbixdb]> update users set lang=”zh_TW” where userid=”1″;
MariaDB [zabbixdb]> quit

操作介面已經改成正體中文了！

或
# sed -i ‘/zh_TW/s/false/true/’ /usr/share/zabbix/include/locales.inc.php

有 中文 zh_TW 可以選了！

主要是更新 KB4016240

更新完版本
[@more@]KB4016240 x86 下載:
http://download.windowsupdate.com/c/msdownload/update/software/crup/2017/04/windows10.0-kb4016240-x86_7c7fcf0d4018e4244561cde531c3fb583d9f3051.msu

KB4016240 x64 下載:
http://download.windowsupdate.com/c/msdownload/update/software/crup/2017/04/windows10.0-kb4016240-x64_0e60aebeb151d4b3598e4cfa9b4ccb1fc80e6e4d.msu

1. 選擇 Administration / Users

2. 選擇 Admin 使用者

[@more@]
3. 選擇 Change password

4. 最後按 Update 即可！

Zabbix 是一套企業級的網管軟體，讓網管人員可以輕鬆地利用網頁介面即可完全監控相關網路服務主機的現行狀態，並且在所設定的異常狀況發生時，立即以電子郵件等方法通知網管人員。
Zabbix 官方網站：http://www.zabbix.com/
參考網站：
企業級開源網管軟體 用Zabbix監控網路服務 – 技術專欄 – 網管人NetAdmin
CentOS 7 安裝Zabbix 3.2 | MIS的背影
RHEL / CentOS 安裝監測工具 — Zabbix – Linux 技術手札
zabbix server 安裝 | zabbix document

1. 首先先安裝好 LAMP
# yum install httpd mariadb mariadb-server php php-mysql php-gd php-pear php-xml php-xmlrpc php-mbstring php-soap[@more@]2. 安裝 zabbix 套件庫
# rpm -ivh http://repo.zabbix.com/zabbix/3.2/rhel/7/x86_64/zabbix-release-3.2-1.el7.noarch.rpm

3. 更新套件庫
# yum update

4.  安裝 zabbix
# yum install zabbix-server-mysql zabbix-web-mysql zabbix-web

5. 設定開機時啟動
# systemctl enable zabbix-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/zabbix-server.service to /usr/lib/systemd/system/zabbix-server.service.

6. 建立 zabbix 資料庫並設定資料庫的管理帳號及密碼
# /usr/bin/mysql -u root -p
> create databases zabbixdb;
> grant all privileges on zabbixdb.* to zabbix@localhost identified by “123456”;
> flush privileges;

7. 匯入資料庫
# gunzip /usr/share/doc/zabbix-server-mysql-3.2.4/create.sql.gz
# /usr/bin/mysql -u zabbix -p zabbixdb < /usr/share/doc/zabbix-server-mysql-3.2.4/create.sql

8. 修改設定檔 /etc/zabbix/zabbix_server.conf 及 /etc/php.ini
# cp /etc/zabbix/zabbix_server.conf /etc/zabbix/zabbix_server.conf.$(date +%F)
# sed -i ‘s/DBName=zabbix/DBName=zabbixdb/’ /etc/zabbix/zabbix_server.conf
# sed -i ‘s/# DBPassword=/DBPassword=123456/’ /etc/zabbix/zabbix_server.conf
# sed -i ‘s/;date.timezone =/date.timezone = Asia/Taipei/’ /etc/php.ini

# vim /etc/httpd/conf.d/zabbix.conf
把
# php_value date.timezone Europe/Riga
修改成
php_value date.timezone Asia/Taipei

9. 重新啟動 Web Server
# systemctl restart httpd.service

10. 啟動 Zabbix Server
# systemctl start zabbix-server.service

11. 進行安裝及設定 http://Server’IP/zabbix

預設登入的帳號及密碼：admin / zabbix

登入畫面

列出 UID > 499 的帳號及 UID
$ awk ‘BEGIN {FS=”:”}; $3 > 499 {print $1″t”$3}’ /etc/passwd
core    500
systemd-coredump        998

去除標題
$ ps a | awk ‘NR!=1 {print $0}’ | head
 1237 tty1     Ss     0:00 /bin/login —
 1238 ttyS0    Ss+    0:06 /sbin/agetty –keep-baud 115200 38400 9600 ttyS0 vt220
 1294 tty1     S+     0:00 -bash
14202 pts/0    Ss     0:00 -bash
14264 pts/0    R+     0:00 ps a
14265 pts/0    S+     0:00 awk NR!=1 {print $0}
14266 pts/0    S+     0:00 head[@more@]
列出第 2 行到第 5 行
$ ps a | awk ‘(NR>1 && NR<=5){print $0}’ | head
 1237 tty1     Ss     0:00 /bin/login —
 1238 ttyS0    Ss+    0:06 /sbin/agetty –keep-baud 115200 38400 9600 ttyS0 vt220
 1294 tty1     S+     0:00 -bash
14202 pts/0    Ss     0:00 -bash

列出某一使用者的 UID
$ awk -F “:” ‘/docker/ {print $3}’ /etc/passwd
996

區分大小寫
$ awk -F”:” ‘BEGIN{IGNORECASE=1}{if($1==”core”){print $3}}’ /etc/passwd
500

計算行數
$ awk ‘END{print NR}’ /etc/profile
59
 $ wc -l /etc/profile
59 /etc/profile
$ sed -n ‘$=’ /etc/profile
59
 $ grep -c “” /etc/profile
59

計算空白行數
# cat blankline.awk
#!/usr/bin/awk
/^$/ {
  x += 1
}
END {
     print x;
}

# awk -f blankline.awk /etc/profile
11

一些常用的用法
正解
# dig abcd.tces.ilc.edu.tw @140.111.74.xxx
追踪
# dig +trace abcd.tces.ilc.edu.tw
反解
# dig -x 140.111.74.xxx @140.111.74.xxx
IPv6
# dig aaaa abcd.tces.ilc.edu.tw @140.111.74.xxx
DNS Server
# dig -t ns tces.ilc.edu.tw @140.111.74.xxx[@more@]# dig ilc.edu.tw NS

# dig ilc.edu.tw A

更多用法：
# dig -h
Usage:  dig [@global-server] [domain] [q-type] [q-class] {q-opt}
            {global-d-opt} host [@local-server] {local-d-opt}
            [ host [@local-server] {local-d-opt} […]]
Where:  domain    is in the Domain Name System
        q-class  is one of (in,hs,ch,…) [default: in]
        q-type   is one of (a,any,mx,ns,soa,hinfo,axfr,txt,…) [default:a]
                 (Use ixfr=version for type ixfr)
        q-opt    is one of:
                 -x dot-notation     (shortcut for reverse lookups)
                 -i                  (use IP6.INT for IPv6 reverse lookups)
                 -f filename         (batch mode)
                 -b address[#port]   (bind to source address/port)
                 -p port             (specify port number)
                 -q name             (specify query name)
                 -t type             (specify query type)
                 -c class            (specify query class)
                 -k keyfile          (specify tsig key file)
                 -y [hmac:]name:key  (specify named base64 tsig key)
                 -4                  (use IPv4 query transport only)
                 -6                  (use IPv6 query transport only)
                 -m                  (enable memory usage debugging)
        d-opt    is of the form +keyword[=value], where keyword is:
                 +[no]vc             (TCP mode)
                 +[no]tcp            (TCP mode, alternate syntax)
                 +time=###           (Set query timeout) [5]
                 +tries=###          (Set number of UDP attempts) [3]
                 +retry=###          (Set number of UDP retries) [2]
                 +domain=###         (Set default domainname)
                 +bufsize=###        (Set EDNS0 Max UDP packet size)
                 +ndots=###          (Set NDOTS value)
                 +[no]edns[=###]     (Set EDNS version) [0]
                 +[no]search         (Set whether to use searchlist)
                 +[no]showsearch     (Search with intermediate results)
                 +[no]defname        (Ditto)
                 +[no]recurse        (Recursive mode)
                 +[no]ignore         (Don’t revert to TCP for TC responses.)
                 +[no]fail           (Don’t try next server on SERVFAIL)
                 +[no]besteffort     (Try to parse even illegal messages)
                 +[no]aaonly         (Set AA flag in query (+[no]aaflag))
                 +[no]adflag         (Set AD flag in query)
                 +[no]cdflag         (Set CD flag in query)
                 +[no]cl             (Control display of class in records)
                 +[no]cmd            (Control display of command line)
                 +[no]comments       (Control display of comment lines)
                 +[no]rrcomments     (Control display of per-record comments)
                 +[no]question       (Control display of question)
                 +[no]answer         (Control display of answer)
                 +[no]authority      (Control display of authority)
                 +[no]additional     (Control display of additional)
                 +[no]stats          (Control display of statistics)
                 +[no]short          (Disable everything except short
                                      form of answer)
                 +[no]ttlid          (Control display of ttls in records)
                 +[no]all            (Set or clear all display flags)
                 +[no]qr             (Print question before sending)
                 +[no]nssearch       (Search all authoritative nameservers)
                 +[no]identify       (ID responders in short answers)
                 +[no]trace          (Trace delegation down from root [+dnssec])
                 +[no]dnssec         (Request DNSSEC records)
                 +[no]nsid           (Request Name Server ID)
                 +[no]sigchase       (Chase DNSSEC signatures)
                 +trusted-key=####   (Trusted Key when chasing DNSSEC sigs)
                 +[no]topdown        (Do DNSSEC validation top down mode)
                 +[no]split=##       (Split hex/base64 fields into chunks)
                 +[no]multiline      (Print records in an expanded format)
                 +[no]onesoa         (AXFR prints only one soa record)
                 +[no]keepopen       (Keep the TCP socket open between queries)
        global d-opts and servers (before host name) affect all queries.
        local d-opts and servers (after host name) affect only that lookup.
        -h                           (print help and exit)
        -v                           (print version and exit)