本站用于记录日常工作内容,虚拟化云计算,系统运维,数据库DBA,网络与安全。
一、背景云鼎实验室曾分析不少入侵挖矿案例,研究发现入侵挖矿行为都比较粗暴简单,通过 top 等命令可以直接看到恶意进程,挖矿进程不会被刻意隐藏;而现在,我们发现黑客开始不断使用一些隐藏手段去隐藏挖矿进程而使它获得更久存活,今天分析的内容是我们过去一个月内捕获的一起入侵挖矿事件。 二、入侵分析本次捕获案例的入侵流程与以往相比,没有特殊的地方,也是利用通用漏洞入侵服务器并获得相关权限,从而植入挖矿程序再进行隐藏。通过对几个案例的分析,我们发现黑客主要是利用 Redis 未授权访问问题进行入侵,对于该问题的说明可以参考我们过去做的一些分析:https://mp.weixin.qq.com/s/inazTPN5mHJYnt2QDliv8w在服务器被入侵后,首先可以明显感觉到服务器的资源被占用而导致的操作迟缓等问题,通过一些常规手段可以发现一些异常信息,但又看不到进程信息:通过 top 命令,可以看到显示的 CPU 使用率较低,但 ni 值为 100 ;同时通过 /proc/stat 计算 CPU 使用率又基本是 100% 。通过 netstat 查看端口监听情况,也可以看到异常的连接。通过在 Virustotal 查询 IP,可以看到 DNS 指向为矿池域名。通过 find 命令查找入侵时间范围内变更的文件,对变更文件的排查...
 
0
您所在的组无权查看该日志
6.3. IPsec InstallationImplementing IPsec requires that the ipsec-tools RPM package be installed on all IPsec hosts (if using a host-to-host configuration) or routers (if using a network-to-network configuration). The RPM package contains essential libraries, daemons, and configuration files to aid in setup of the IPsec connection, including:/sbin/setkey — manipulates the key management and security attributes of IPsec in the kernel. This executable is controlled by the racoon key management daemon. For more information on setkey, refer to the setkey(8) man page./sbin/racoon — the IKE key management daemon, used to manage and control security associations and key sharing between IPsec-connected systems. This daemon can be configured by editing the /etc/racoon/racoon.conf file. For more information about racoon, refer to the racoon(8) man page./etc/racoon/racoon.conf — the racoon daemon configuration file used to configure various aspects of the IPsec connection, including auth...
IPSec VPN Configuration & Setup on CentOS/RHEL 7/6/5 Step by step with details are given below:What is IPSec?IPsec is a set of extensions to the IP protocol familyIt provides cryptographic security servicesIPSec Working principleIPSec works at layer 3 of the OSI model and provides the following services.ConfidentialityIntegrityAuthenticityReplay protectionHow IPSec works?The IPSec VPN tunnel can be created between two Firewalls , for data transfer and resource sharing between the two networks.The firewall has to be configured with the static public IP address of the remote firewall and the network address of the network behind the remote firewall.If a resource from the remote network has to be accessed, the local firewall would encrypt the request and send it through the VPN tunnel to the remote firewall, which would decrypt the request and permit the access to requested resource.What is VPN?The VPN is abbreviated as virtual private network.It extends a non-public network across a...
在 Linux 内使用 IPSEC 配置网络对网络和点对点的 VPN 连接 简介目前,全球的许多组织都在使用各种可用的物理连接方法来连接各个办公室。可使用的方式有专用数字线路和虚拟专用网 (Virtual Private Networks, VPN),而后者要比物理线路便宜很多。VPN 与专线部署的方式几乎相同,但却可以将几个 LAN 组合成一个并可对流量进行加密以隐藏所传输的数据。当在 VPN 技术中部署加密时,通常会使用开放标准。这涉及到在 IP 上传输并使用数据报 (datagram) 作为传输层的流量。 从技术角度来看,VPN 可通过使用软件和硬件来实现。在 Linux® 内,经常使用安全协议 IPSEC (Internet Protocol Security) 的标准实现来部署 FreeS/Wan 技术。这些使用软硬件实现的解决方案,在 VPN 连接终端充当路由器。当数据包由客户机传输时,它会被发送到这个专用的路由器,该路由器会向其添加一个验证头 (Authentication Header, AH)。在数据被加密且解密和处理它的指令被添加...
1.7  IPsec典型配置举例 1.7.1  采用手工方式建立保护IPv4报文的IPsec隧道 1. 组网需求 在 Router A和 Router B之间建立一条 IPsec隧道,对 Host A所在的子网(10.1.1.0/24)与 Host B所在的子网(10.1.2.0/24)之间的数据流进行安全保护。具体要求如下: 1-25 •  封装形式为隧道模式。 •  安全协议采用 ESP协议。 •  加密算法采用采用 128比特的 AES,认证算法采用 HMAC-SHA1。 •  手工方式建立 IPsec SA。 2. 组网图 图1-7 保护 IPv4报文的 IPsec配置组网图 3. 配置步骤 (1)  配置 Router A # 配置各接口的 IP地址,具体略。 # 配置一个 ACL,定义要保护由子网 10.1.1.0/24去往子网 10.1.2.0/24的数据流。 <RouterA> system-view [RouterA] acl number 3101 [RouterA-acl-adv-3101] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255 [RouterA-acl-adv-3101] quit # 配置到达 Host B所在子网的静态路由。2.2.2.3为本例中的直连下一跳地址,实际使用中请以具体组网情况为准。 [RouterA] ip route-static 10.1.2.0 255.255.255.0 gigabitethernet 2/1/2 2.2.2.3 # 创建 IPsec安全提议 tran1。 [Router...
RHEL 7 / CentOS 7: How to get started with Firewalld Hello All,Today I was trying to learn and know about Systemd. I have found one of the great Article about firewalld, Sharing with you guys, It will help you to understand this biggest and major change in RHEL and CentOS 7.This article is not mine, I found on internet and felt that this is wonderful Article so Sharing with you all, Thanks to Original author, Given credit to him at the end of article.firewalldPresentationFirewalld is the new userland interface in RHEL 7. It replaces the iptables interface and connects to the netfilter kernel code. It mainly improves the security rules management by allowing configuration changes without stopping the current connections.To know if Firewalld is running, type:# systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: active (running) since Tue 2014-...
How To Install Snort NIDS On CentOS 7 IntroductionThere are few and straight forward administration guides are available for snort on the web. Today, we will try to explain anatomy of snort step by step. Snort is an NIDS (Network Intrusion and Detection System) used to detects and prevent intrusions over the network. Through protocol searching, content analysis and various preprocessors, snort detects thousands of worms and vulnerability attempts. Snort comes with an excellent feature including detection of various types of attacks, buffer overflow, stealth port scan, CGI Attacks etc.Configuration file of Snort configuration is /etc/snort/snort.conf in which information of network under investigation is determined.Sample configuration fileSnort can be configured in three modes.A. Sniffer ModeOutput will dump to the terminal in this mode, it is used to display packets in continuous flow to the user in live mode, in live mode or sniffe...
1、安装openvpnyum install -y openvpnyum install -y easy-rsa2、配置openvpn拷贝配置文件cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf  /etc/openvpn编辑配置文件vim /etc/openvpn/server.conf主要修改以下几个配置,把前边的分号注释去掉,其中DNS配置项,改成阿里公共DNS地址。################################################## Sample OpenVPN 2.0 config file for            ## multi-client server.                          ##                                               ## This file is for the server side           &nb...
您所在的组无权查看该日志
    总共14页,当前第1页 | 页数:
  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10
  11. 11