Encryption / decryption overview
information transmission Risk 
purpose of encryption and manner
- Ensure the confidentiality of data
- symmetric encryption: encryption / decryption using the same key
- asymmetrical encryption: encryption / decryption key with a different
integrity protection Information
- Information Abstract: based on the input information generating shorter length, the number of bits fixed hash value
common encryption algorithm - Symmetric encryption
--DES, the Data Encryption Standard
- AES, Advanced Encrypyion Standard - Asymmetric encryption
, RSA Data Security, a Rivest Shamirh Adleman
--DSA, the Signature Algorithm Digital
the Hash hashing technique for summary information
--md5, the Message Digest Algorithm. 5
--SHA, the Secure the Hash Algorithm
[root@room9pc01 ~]# mv /dev/random /dev/random1
[root@room9pc01 ~]# ln -s /dev/urandom /dev/random
userb
rm -rf ~/.gnupg
1 创建密钥对
[userb@room9pc01 ~]$ gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright © 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: we have created a directory '/home/userb/.gnupg'
gpg: new configuration file '/home/userb/.gnupg/gpg.conf' established
gpg: WARNING: '/home/userb/.gnupg/gpg .conf 'in the option is not used during this run
gpg: key ring' /home/userb/.gnupg/secring.gpg 'established
gpg: key ring' /home/userb/.gnupg/pubring.gpg ' has been established
Please select what kind of key you want to use:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (only for signing)
(4) RSA (used for signing only)
of your choice ?
RSA key length should be between 1024 and 4096.
You want how much the key dimensions? (2048)
you have requested key size is 2048
, please set this key expiration date.
Key 0 = never expire
= key expires n days
w = weeks key expires after n
m = n key may expire
y = n in key expires after
the expiration date is the key? (0)
Key does not expire
more correct? (y / n) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
“Heinrich Heine (Der Dichter) [email protected]”
Real Name: userb
e-mail address: [email protected]
Notes: userbkey
You selected this USER - ID:
"userb (userbkey) [email protected] "
Change the name (N), comments ©, e-mail address (E) or OK (O) / Quit (Q)? O
You need a password to protect your private key.
We need to generate a lot of random bytes. This time you can do more chores (such as the keyboard, move
the mouse, hard disk read and write), it makes the random number generator has a better chance of getting a sufficient number of entropy.
We need to generate a lot of random bytes. This time you can do more chores (such as the keyboard, move
the mouse, hard disk read and write), it makes the random number generator has a better chance of getting a sufficient number of entropy.
gpg: /home/userb/.gnupg/trustdb.gpg: the establishment of a trust database
gpg: key 30D97FCC is marked as absolute trust in
public and secret key created and signed.
gpg: Checking trust database
gpg: 3 parts needed barely trust and 1 full trust, PGP trust model
gpg: depth: 0 Effectiveness: Signed 1: 0 trust: 0-, 0q, 0n, 0m , 0f, 1U
Pub 2048R / 30D97FCC 2019-05-28
key fingerprint FCF6 CB16 D44A B929 8DAB = 452f ED44 43AB 30D9 7FCC
UID UserB (userbkey) [email protected]
Sub 2048R / 9A57C81B 2019-05-28
[room9pc01 UserB @ ~] ~ -a $ LS / .gnupg /
2 export the public
[room9pc01 UserB @ ~] $ GPG --export -a
[room9pc01 UserB @ ~] -a $ GPG --export> userb.pub
. 3 stop key file sharing (Music Videos / SCP)
[room9pc01 UserB @ ~] $ Music Videos userb.pub / tmp /
usera encrypted data sender
Import the public key
GPG --import
[room9pc01 UserA @ ~] $ GPG --import / tmp /
[room9pc01 UserA @ ~] ~ -a $ LS / .gnupg /
. 1 using public key cryptography
GPG -e
[room9pc01 UserA @ ~] -R & lt userb test.txt GPG -e $
2 transmits the encrypted file
Music Videos / SCP
[room9pc01 UserA @ ~] $ Music Videos test.txt.gpg / tmp /
. 3 userb recipient private key to decrypt the user
GPG -d
[userb ~ @ room9pc01 ] -d $ GPG /tmp/test.txt.gpg
[room9pc01 UserB @ ~] -d $ GPG /tmp/test.txt.gpg> ~ / b.txt
[room9pc01 UserB @ ~] ~ $ CAT / b.txt
GPG signature verification software
1 using the private key signature
userb] # gpg -b a1.txt
userb] # LS a1.txt.sig
2 signature files shared public key file the original file
userb] a1.txt # cp / tmp /
userb] a1.txt.sig # cp / tmp /
public file sharing has been a
3 Import the public key
public key usera have imported a
4 using the public key to verify the signature file
usera] # gpg --verify /tmp/a1.txt.sig intact
[the PC 117 the root @ ~] -i # Sed '1aAAAAAA' /tmp/a1.txt
UserA] # GPG --verify / tmp / a1.txt.sig damage
[the PC 117 the root @ ~] -i # Sed '2D' /tmp/a1.txt
UserA] # --verify /tmp/a1.txt.sig intact GPG
AIDE Intrusion Detection System
[root @ 53 ~] # yum -y install aide
Modify Profile
[@ 53 is the root ~] # Vim /etc/aide.conf
@@ define DBDIR / var / lib / AIDE // database directory
@@ define LOGDIR / var / log / aide // log directory
database_out = file: @@ {DBDIR} /aide.db.new.gz // database filename
] # But i '99, $ s / ^ / # / '/etc/aide.conf
] # Vim /etc/aide.conf
/ the root / FIPSR
] # AIDE --init
] CP # /var/lib/aide/aide.db.new.gz / tmp /
] # CD / var / lib / AIDE /
] # mv aide.db.new.gz aide.db.gz
do monitor entry to the / root directory monitoring operation
RM -rf plj.000001
RM -rf plj.000002
vim redis.sh
vim 3c.txt
do "invasion" monitoring
] # aide --check
Scanning and capture
nmap scan
basic usage
] # nmap [Scan Type] [options] <scan target ...>
] # nmap man
Commonly used scanning type
-sS, TCP SYN scanning (semi-open)
-sT, TCP connect scan (full)
-sU, UDP scanning
-sP, ICMP scanning
-A, a comprehensive analysis of the target system
option -n -p
scan target: ip address
192.168.4.53
192.168.4.1-254
192.168.4.0/24
192.168.4.50-51
192.168.4.51,53,55
hostname www.taobao.com
] # nmap -sP -n 172.40.54.100-110
] # nmap -sS 172.40.54.102 -n
] nmap -A 172.40.54.102 #
] # 21-22 nmap -p 192.168.4.0/24
]# nmap -p 21-80 172.40.54.102
]# nmap -p 3306,27017 172.40.54.102
]# nmap -sS -n 192.168.4.53
]# nmap -sT -n 192.168.4.53
tcpdump packet capture (command line)
an extract of a TCP packet command-line tool
basic usage
--tcpdump [options] [filter] conditions
common monitoring options
- -i, specify the monitored network interfaces
- -A, converted to ACSII code for easy reading
- -w, save the packet information to the specified file
- -R & lt, packet information is read from the specified file
- -C, specify the number of capture
filter conditions
- type: host, net , Port, portrange
- direction: the SRC, DST
- protocol: TCP, UDP, IP, WLAN, ARP ...
... - a plurality of combinations of conditions: and, or, not
wireshark抓包 (图形抓包软件)]# tcpdump -i br1 -A icmp
]# tcpdump -i br1 -A -c 2 icmp and host 172.40.58.66
]# tcpdump -i br1 -A port 80
]# tcpdump -i br1 -A port 80 and host 172.40.58.66
]# tcpdump -i br1 -A port 22
[root@host53 ~]# setenforce 0
[root@host53 ~]# useradd student
[root@host53 ~]# echo abc123abc | passwd --stdin student
[root@host53 ~]# systemctl restart vsftpd
[root@host53 ~]# tcpdump -A -w ftp.cap port 21
[root@pc117 ~]# rpm -q ftp
[root@pc117 ~]# ftp 192.168.4.53
Name (192.168.4.53:root): student
Password:
ftp> bye
[Root @ host53 ~] # crtl + c (capture end)
[root@host53 ~]# tcpdump -A -r ftp.cap | grep -i user
[root@host53 ~]# tcpdump -A -r ftp.cap | grep -i pass
Tcpdump with a similar packet capture tool, you need a graphical environment
] # yum -y install wireshark wireshark- gnome
Open wireshark graphics capture tool:
Applications -> Internet -> Click Software name
[root@pc117 ~]# scp [email protected]:/root/ftp.cap /root/