#to delete a directory ,need to own w right to parent directory.
#rpm management
#ifdown eth0; ifup eth0
#comm symmetric encription
gpg-c install.log
gpg -d install.log.pgp
-----------
passwd
------------
openssl
--------------
#Asymmertric encryption I
based upon pubic/private key pair
recipient
Generate pub/pri
publish pub p , guard pri key s
sender
encrypts messages M with reciepeint public key
send P(M) to recipient
recipient
decrypts with secret key to recover: M = S(P(M))
---------------------------
#Asymmertric encryption II
Digital signature
sender
Generate P /S
publish P , Guard S
encryt message M with S
send recipient S(M)
recipient
decrpt with sender's S
---------------------------------
# public Key infrastructures
---------------------
Openssh
vi /etc/ssh/sshd_config
#PermitRootlogin yes
better change to no
#X11Forwarding yes
default open this one in redhat
#TCPkeepAlive yes
defalut should be no
#Allowusers user1, user2
#Denyusers
think of 2 ways when consider access restriction.
1. based on user's accessing control
2. based on host's accessing control
-------------
Port forwarding
ssh and sshd can forward TCP traffic
Obtuse syntax can be confusing
-L clientport: host: hostport
-R serverport: host : hostport
Can be used to bypass access controls
requess succuesful authtication t oremote sshd by client
AllowTcpForwarding
station 1 is server with telnet service
ssh -L 5000:station1:23 root@station1
create a channel to establish a connection , one way encypt by forwading
by ssh
------------
RPM
GPG public signature
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat*
rpm --checksig package_file name (or -K)
------------------------
SELinux
default context checking
#semanage -l fcontext |grep '/etc/tm'
check sebool value
#getsebool -a | grep mail | grep 'on$'
troubleshooting if selinux block us
check log file in : /var/log/messages
man -k selinux
service setroubleshoot status
rpm -q setroubleshoot
-----------------
# iptables basic operation
iptables -t filter -D INPUT 4
#transport protocol and port
-p tcp --dport 80
-p udp --sport 53
iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT
#service iptables stop
just flushing firewall rules:
vi /etc/rc.d/rc.local
#iptables -F
#iptables -F -t nat
#iptables -Z
#iptables -P INPUT DROP
#iptables -P
redhat training
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章
Linux基本操作命令
wbzjacky
2019-02-24 13:12:38
真實的模擬***綜合實驗
wbzjacky
2019-02-24 13:12:37
三層交換機的HSRP、vlan、端口聚合
wbzjacky
2019-02-24 13:12:37
如果同事暗中傷害你,應該怎麼辦?
這個饅頭有餡
2019-02-24 13:59:08
職場中,抱怨越多的員工,越被領導瞧不起!
這個饅頭有餡
2019-02-24 13:59:08
老程序員被裁,應屆生卻能月薪 1.3 萬?這你能忍?
前端高達
2019-02-24 13:48:04
遇到到處蹭吃卻從不請客吃飯的主怎麼辦?
樑軍年
2019-02-24 13:26:35
高標準機房綜合配線安裝
wbzjacky
2019-02-24 13:12:38
IPsec ***實驗
wbzjacky
2019-02-24 13:12:37
CISCO路由AAA的Easy ***
wbzjacky
2019-02-24 13:12:37
CISCO訪問控制列表 企業網絡管理的必殺技
wbzjacky
2019-02-24 13:12:37
Linux-常見環境變量及其作用
思莊學習中心
2019-02-24 13:55:06