抓包工具tcpdump
[[email protected] conf]# which tcpdump
/usr/sbin/tcpdump
[[email protected] conf]# rpm -qf /usr/sbin/tcpdump
tcpdump-4.0.0-5.20090921gitdf3cb4.2.el6.x86_64
[[email protected] conf]#
tcpdump [选项] [过滤条件]
常见监控选项
-i,指定监控的网络接口
-A,转换为 ACSII 码,以方便阅读
-w,将数据包信息保存到指定文件
-r,从指定文件读取数据包信息
tcpdump的过滤条件
类型:host、net、port、portrange
方向:src、dst
协议:tcp、udp、ip、wlan、arp、……
多个条件组合:and、or、not
tcpdump -A dst host 172.40.55.10 and tcp port 21
tcpdump -A dst host 172.40.55.10 and tcp port 110 -w /tmp/mail2.cap
tcpdump -A -r /tmp/mail.cap
tcpdump -A -r /tmp/ftp.cap
WireShark协议分析器
yum -y install wireshark wireshark-gnome
++++++++++++++++++++++++++++++++++++++
邮件加密(公钥密钥在CDA搭建中已生成,此处直接用生成的公钥密钥)
搭建邮件服务器(172.40.55.10) DNS
vim /etc/postfix/main.cf
smtpd_use_tls = yes
#smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/pki/tls/private/mailsvr.key
smtpd_tls_cert_file = /etc/pki/tls/certs/mailsvr.crt
:wq
[[email protected] ~]# vim /etc/dovecot/conf.d/10-ssl.conf
ssl = yes
ssl_cert = </etc/pki/tls/certs/www.crt
ssl_key = </etc/pki/tls/private/www.key
:wq
++++++++++++++++++++++++++++++++++
nmap 扫描工具
yum -y install nmap
man nmap
nmap [扫描类型] [选项] <扫描目标 ...>
nmap 172.40.55.190
常用的扫描类型
-sS,TCP SYN扫描(半开)
-sT,TCP 连接扫描(全开)
-sU,UDP扫描
-sP,ICMP扫描
-A,目标系统全面分析
~]# nmap -p 21-22 192.168.4.0/24
172.40.55.10
~]# nmap -sU svr5.tarena.com
nmap -n -sP 192.168.4.0/24
nmap -A 172.40.55.190
+++++++++++++++++++++++++++++
tcpwrap的使用
只能控制由xinetd服务管理进程 chkconfig --list
支持libwrap.so模块服务 ldd $(which httpd) | grep libwrap
/etc/hosts.allow
/etc/hosts.deny
服务名列表:客户端地址列表
vsftpd,sshd:172.40.55.120,172.40.55.129
vsftpd,sshd:172.40.55.1?,172.40.55.20
vsftpd:172.40.55.0/255.255.255.0
vsftpd:172.40.55.*