数据库测评
Oracle安全测评
登陆方法
终端输入:sqlplus
输入账号密码
口令复杂度
select limit from dba_profiles where profile='DEFAULT' and resource_name='PASSWORD_VERIFY_FUNCTION';
口令长度
utlpwdmg.sql存放位置$ORACLE_HOME/rdbms/admin
cat utlpwdmg.sql | grep length
口令定期周期
select limit from dba_profiles where profile='DEFAULT' and resource_name='PASSWORD_LIFE_TIME';
登陆失败限制策略
select limit from dba_profiles where profile='DEFAULT' and resource_name='FAILED_LOGIN_ATTEMPTS';
登陆失败锁定策略
select limit from dba_profiles where profile='DEFAULT' and resource_name='PASSWORD_LOCK_TIME';
登陆超时退出策略
select limit from dba_profiles where profile='DEFAULT' and resource_name='IDLE_TIME';
是否启用加密协议
cat $ORACLE_HOME/netwotk/admin/listener.ora
TCPS
cat $ORACLE_HOME/network/admin/tnsnames.ora
cat $ORACLE_HOME/network/admin/sqlnet.ora
示例文件路径:
$ORACLE_HOME/network/admin/samples/
弱口令
system:manager
sys:CHANGE_ON_INSTALL
oracle:oracle/admin/ora+版本号
system:oracle/admin
查看范例数据库账号
select username, account_status from dba_users;
是否创建了策略
select policy_name, status from DBA_SA_POLICIES;
是否创建了级别
select * from dba_sa_level order by level_num;
查看标签创建情况
select * from dba_sa_labels;
查看策略与模式、表的对应关系
select * from dba_sa_tables_policies;
是否开启审计功能
select value from v$parameter where name='audit_trail';
查询日志文件的位置
show parameter dump_dest;
查看数据库、表空间、对象的日志记录模式
select log_mode,force_logging from v$database;
select tablespace_name, logging,force_logging from dba_tablespaces;
select table_name,logging from user_tables;
检查审计权限是否被严格限制
alter system set audit_trail=none
限制远程链接IP地址
查看sqlnet.ora文件中的 tcp.validnode_checking、tcp、invited_nodes的配置参数
cat sqlnet.ora | grep tcp.avalidnode
查看oracle补丁安装情况
opatch lspatches
MySQL安全测评
查询账号
select user,host from mysql.user;
查询是否存在空口令用户
MySQL5.7之前:
select * from mysql.user where length(password) = 0 or password is null;
MySQL5.7之后:
select * from mysql.user where length(authentication_string)= 0 or authentication_string is null;
查看用户口令复杂度配置
show variables like 'validate%';
SHOW VARIABLES LIKE '%password%';
查看登陆失败处理功能
show variables like '%max_connect_errors%';
show variables like '%timeout%';
查看远程管理是否启用加密
show variables like '%have_ssl%';
查看账户分配和权限
select user,host from mysql.user;
show grants for 'xxxx'@'localhost';
查看root账户是否被重命名或删除
select user,host from mysql.user;
查看无关账户
select * from mysql.user where user=' ';
select user,host from mysql.user;
查看访问控制权限
select * from mysql.user\G;
select * from mysql.db\G;
select * from mysql.tables_priv\G;
select * from mysql.columns_priv\G;
查看日志内容
show variables like 'log_%';
查看用户登陆IP
show grants for root@localhost;
查看补丁安装情况
show variables where variable_name like "version";
操作系统测评
Linux测评
查看登录密码设置规则
cat /etc/login.defs
cat /etc/pam.d/login
查看是否配置登陆失败处理功能
cat /etc/pam.d/login 或 cat /etc/pam.d/system-auth
cat /etc/pam.d/sshd
查看远程登录
service --status-all | grep sshd
netstat -ant | grep 22
service --status-all | grep running
查看是否存在默认账户
cat /etc/shadow
查看root用户是否能远程登录
cat /etc/ssh/sshd_config
查看安全审计的守护进程
service auditd status
service rsyslog status
ps -ef |grep auditd
查看安全事件的配置
grep "@priv-ops" /etc/audit/filter.conf
more /etc/audit/audit.rules
cat /etc/hosts.allow
cat /etc/hosts.deny