使用安全狗进行Linux主机安全加固

x33g5p2x  于10个月前 转载在 Linux  
字(3.4k)|赞(0)|评价(0)|浏览(92)

本文简述如何使用安全狗软件进行Linux主机的安全加固。

1. 安装软件

这款软件是免费的,官网下载Linux版,网址

在这里插入图片描述

    官网上没找到Linux版本的使用说明书,自己摸索吧。
    解压缩后运行 up.sh 脚本进行自动安装,需要使用root用户执行。

# sh up.sh 
extracting files ...
step 1/2, start install common lib                                                                [ok] 
step 2/2, start Install Server Defense Module                                                      
  step 2.1, checking os release version...                                                        [ok] 
  step 2.2, installing file...                                                                    [ok] 
  step 2.3, start service...                                                                      [ok] 
  step 2.4, save safedog install info...
  Tips: 
  (1)safedog install directory: /etc/safedog 
  (2)install safedog version: 2.8.21207 
install safedog completely
Installation is complete!
[x] finish to call safedog install script!

安装完毕的同时已经自动开始运行了,运行时有3个进程。

root       1218  0.1  0.0  17412    60 ?        Sl   08:59   0:17 sdmonitor
root       1449  0.0  0.7 439484  7244 ?        Sl   08:59   0:09 sdcc -d
root       1460  3.2  3.8 748332 38660 ?        Sl   08:59   5:10 sdsvrd -d

关闭方法

# /etc/init.d/safedog stop
stop sdsvrd server #
safedog serivce stopped!

有个小问题就是虽然关闭服务了,但 sdmonitor 和 sdcc 进程依然存在。

2. 端口扫描测试

尝试扫描测试主机 192.168.198.144 的端口,其中3000为grafana端口,用于测试。

# nmap 192.168.198.144

Starting Nmap 6.40 ( http://nmap.org ) at 2021-09-07 11:19 CST
Nmap scan report for 192.168.198.144
Host is up (0.00030s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
111/tcp  open  rpcbind
3000/tcp open  ppp
MAC Address: 00:0C:29:AF:64:6A (VMware)

Nmap done: 1 IP address (1 host up) scanned in 13.25 seconds

扫描被日志记录下来,日志位置 /etc/safedog/logs。

2021-09-07 11:19:48 [43066:13:DBG]  [sdalarm.cpp: 105:main]Alarm Description<
[{"time":"2021-09-07 11:19:47","attackerIp":"192.168.198.137","victimPort":0,"type":3,"ProtectMode":1}]>
2021-09-07 11:19:48 [43071:13:DBG]  [sdalarm.cpp:  41:main]------------------------------
2021-09-07 11:19:48 [43071:13:DBG]  [sdalarm.cpp:  45:main]sdalarm
2021-09-07 11:19:48 [43071:13:DBG]  [sdalarm.cpp:  45:main]-s
2021-09-07 11:19:48 [43071:13:DBG]  [sdalarm.cpp:  45:main]2001
...
2021-09-07 11:19:48 [43071:13:DBG]  [sdalarm.cpp: 105:main]Alarm Description<
[{"time":"2021-09-07 11:19:48","attackerIp":"192.168.198.137","victimPort":0,"type":2,"ProtectMode":1}]>

再次扫描已经扫不到端口了,而且无法通过网页打开grafana登录界面,说明 IP 已经被屏蔽。

# nmap 192.168.198.144

Starting Nmap 6.40 ( http://nmap.org ) at 2021-09-07 11:22 CST
Nmap scan report for 192.168.198.144
Host is up (0.00032s latency).
All 1000 scanned ports on 192.168.198.144 are filtered
MAC Address: 00:0C:29:AF:64:6A (VMware)

Nmap done: 1 IP address (1 host up) scanned in 34.58 seconds

攻击信息会被发送到后台。

2021/09/07 11:20:30:446 [1104988480] INFO  root - Post Data to http://client-server3.safedog.cn/innerIntf/sorsi.html,Response code:200,Return Err: 0,Request state:Success 
2021/09/07 11:20:30:447 [1104988480] INFO  root - AlarmInfo: {
    "Description": "[{\"time\":\"2021-09-07 11:19:47\",\"attackerIp\":\"192.168.198.137\",\"victimPort\":0,\"type\":3,\"ProtectMode\":1}]",
    "version": 2,
    "SafedogType": 2,
    "AlarmType": 2001,
    "AlarmTime": "2021-09-07 11:19:47"
} 
2021/09/07 11:20:30:447 [1104988480] INFO  root - AlarmInfo: {
    "Description": "[{\"time\":\"2021-09-07 11:19:48\",\"attackerIp\":\"192.168.198.137\",\"victimPort\":0,\"type\":2,\"ProtectMode\":1}]",
    "version": 2,
    "SafedogType": 2,
    "AlarmType": 2001,
    "AlarmTime": "2021-09-07 11:19:48"
}

重启主机192.168.198.144,可以继续通过3000端口登录,看来不是永久性黑名单。

3. 暴力破解测试

使用正确用户名密码admin/admin访问grafana,得到反馈。

# curl http://admin:admin@192.168.198.144:3000/api/search
[]

尝试两次使用错误密码访问API之后,使用正确密码也无法登录了。

在这里插入图片描述

总结

使用安全加固软件会占用一定的CPU和内存,需要自行权衡。

相关文章

热门文章

更多