diff --git a/README.md b/README.md index cef0f32..c6d2e48 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,3 @@ -# linux -学习Linux +# 2015-linux-public-canyousee +2015-linux-public-canyousee created by GitHub Classroom +linux 作业 diff --git a/ex3.md b/ex3.md deleted file mode 100644 index 44d622b..0000000 --- a/ex3.md +++ /dev/null @@ -1,106 +0,0 @@ -# 实验三:开机自启动项管理之systemd # - ---- - -## 系统管理 ## - - -[https://asciinema.org/a/84ZojFqhoQ8b7VfX3OtGVt7lB](https://asciinema.org/a/84ZojFqhoQ8b7VfX3OtGVt7lB) - -## Unit ## - -[https://asciinema.org/a/7EvboJHxlIALgCTR727FOpwVe -](https://asciinema.org/a/7EvboJHxlIALgCTR727FOpwVe) - -## Unit的配置 ## - -[https://asciinema.org/a/W05VCEs6yRX4bs9WlSDAdDT3m](https://asciinema.org/a/W05VCEs6yRX4bs9WlSDAdDT3m) - - -## Target和日志管理 ## - -[https://asciinema.org/a/MydeDHq0eKJ6c5tC01VDMgfFS](https://asciinema.org/a/MydeDHq0eKJ6c5tC01VDMgfFS) - -## 实战 ## - -[https://asciinema.org/a/E9tZMFBGfnJKD637LKDvB112r](https://asciinema.org/a/E9tZMFBGfnJKD637LKDvB112r) - -## 自查清单 ## - -- 如何添加一个用户并使其具备sudo执行程序的权限? - -![](ima/2.PNG) - - adduser username - -修改/etc/sudoers,在里面添加username ALL=(ALL:ALL)ALL - -- 如何将一个用户添加到一个用户组? - -adduser username usergroup - -- 如何查看当前系统的分区表和文件系统详细信息? - -sudo fdisk -l - - -- 如何实现开机自动挂载Virtualbox的共享目录分区? - -先建立了分区 - -![](ima/3.PNG) - -但是没查到共享分区应该是什么类型 - -![](ima/5.PNG) - -建了新目录 /home/newshare 然后在/etc/fstab里面做了修改,把分区uuid和挂载点等写进去保存. - -共享这块感觉做的有问题,因为主机没设共享分区,在网上查的看的我也没什么思路 - - -![](ima/4.PNG) - -`UUID= /home/newshare ext4 auto 0 0` - - -- 基于LVM(逻辑分卷管理)的分区如何实现动态扩容和缩减容量? - -我试着按这个步骤实验,把磁盘分成两个区之后创建物理卷失败,报错没发现或被过滤,在网上搜解决办法还是不行,耗费了好久,最后发现我好傻,动态扩容和缩减容量只要两条命令 - -![](ima/6.PNG) - - `sudo lvextend -l +xxxx lvpath` - -`sudo lvreduce -l -xxxx lvpath` - - -[https://blog.csdn.net/seteor/article/details/6708025](https://blog.csdn.net/seteor/article/details/6708025) - - -- 如何通过systemd设置实现在网络连通时运行一个指定脚本,在网络断开时运行另一个脚本? - -![](ima/8.PNG) - -![](ima/7.PNG) - -修改配置文件 ‘ExecStart ExecStop’ - - - -- 如何通过systemd设置实现一个脚本在任何情况下被杀死之后会立即重新启动?实现杀不死? - -修改配置文件,设置重启“alwalys” - -## 参考文献 ## - -[http://www.ruanyifeng.com/blog/2016/03/systemd-tutorial-commands.html](http://www.ruanyifeng.com/blog/2016/03/systemd-tutorial-commands.html) - -[http://www.ruanyifeng.com/blog/2016/03/systemd-tutorial-part-two.html](http://www.ruanyifeng.com/blog/2016/03/systemd-tutorial-part-two.html) - -## 备注 ## -上一次录频时没加载出来就按CTRL c 导致没生成链接,在这次录频时发现自动保存到本地tmp路径下,使用命令可重新加载生成链接 - -![](ima/1.PNG) - - diff --git a/ex5.md b/ex5.md new file mode 100644 index 0000000..4434c08 --- /dev/null +++ b/ex5.md @@ -0,0 +1,115 @@ +# web服务器实验报告 # +--- +## 实验环境 ## +**一**、 + +ubuntu-server-16.04 + +搭建verynginx + +host-only网卡 192.168.56.104 + +**二、** + +ubuntu-server-16.04 + +搭建wordpress,nginx,dvwa + +host-only网卡 192.168.56.107 + +## 实验过程 ## +**1.搭建实验环境** + +verynginx搭建在一台虚拟机中 + +![](image/2.PNG) +![](image/1.PNG) + +wordpress和dvwa搭建在另一台虚拟机中,wordpress占用80端口,dvwa占用8080端口 + +![](image/3.PNG) +![](image/4.PNG) + + +参考: + +[https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lemp-on-ubuntu-16-04](https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lemp-on-ubuntu-16-04) + +[https://blogs.technet.microsoft.com/positivesecurity/2017/06/01/setting-up-damn-vulnerable-web-app-dvwa-on-ubuntu-in-azure/](https://blogs.technet.microsoft.com/positivesecurity/2017/06/01/setting-up-damn-vulnerable-web-app-dvwa-on-ubuntu-in-azure/) + + +**2.实验检查点** + +- VeryNginx作为本次实验的Web App的反向代理服务器和WAF + +- PHP-FPM进程的反向代理配置在nginx服务器上,VeryNginx服务器不直接配置Web站点服务 +![](image/11.PNG) + + + +- 使用Wordpress搭建的站点对外提供访问的地址为: https://wp.sec.cuc.edu.cn 和 http://wp.sec.cuc.edu.cn + +- 使用Damn Vulnerable Web Application (DVWA)搭建的站点对外提供访问的地址为: http://dvwa.sec.cuc.edu.cn + +![](image/host.PNG) + +![](image/y1.PNG) + +- 使用IP地址方式均无法访问上述任意站点,并向访客展示自定义的友好错误提示信息页面-1 + +![](image/12.PNG) +![](image/14.PNG) +![](image/13.PNG) + +- Damn Vulnerable Web Application (DVWA)只允许白名单上的访客来源IP,其他来源的IP访问均向访客展示自定义的友好错误提示信息页面-2 + +![](image/15.PNG) +![](image/16.PNG) +![](image/17.PNG) + +- 在不升级Wordpress版本的情况下,通过定制VeryNginx的访问控制策略规则,热修复WordPress < 4.7.1 - Username Enumeration +![](image/dvwa_2.PNG) +![](image/22.PNG) +![](image/23.PNG) +![](image/21.PNG) + +- 通过配置VeryNginx的Filter规则实现对Damn Vulnerable Web Application (DVWA)的SQL注入实验在低安全等级条件下进行防护 +![](image/dvwa_1.PNG) +![](image/18.PNG) +![](image/24.PNG) + +- VeryNginx的Web管理页面仅允许白名单上的访客来源IP,其他来源的IP访问均向访客展示自定义的友好错误提示信息页面-3 + +![](image/19.PNG) +![](image/20.PNG) +![](image/21.PNG) + + +- 通过定制VeryNginx的访问控制策略规则实现: + + 限制DVWA站点的单IP访问速率为每秒请求数 < 50 + + 限制Wordpress站点的单IP访问速率为每秒请求数 < 20 +![](image/26.PNG) + 超过访问频率限制的请求直接返回自定义错误提示信息页面-4 + + 禁止curl访问 + +![](image/27.PNG) +![](image/28.PNG) +![](image/29.PNG) + +--- +# **三、实验问题** # + +做完以上步骤,重新启动两台虚拟机,却再也打不开wordpress和verynginx网页 + +报错拒绝连接请求 + + + + + + + + diff --git a/ima/1.PNG b/ima/1.PNG deleted file mode 100644 index 0f9203f..0000000 Binary files a/ima/1.PNG and /dev/null differ diff --git a/ima/2.PNG b/ima/2.PNG deleted file mode 100644 index 7f042db..0000000 Binary files a/ima/2.PNG and /dev/null differ diff --git a/ima/3.PNG b/ima/3.PNG deleted file mode 100644 index 6eaf008..0000000 Binary files a/ima/3.PNG and /dev/null differ diff --git a/ima/4.PNG b/ima/4.PNG deleted file mode 100644 index 65c806b..0000000 Binary files a/ima/4.PNG and /dev/null differ diff --git a/ima/5.PNG b/ima/5.PNG deleted file mode 100644 index 87020f0..0000000 Binary files a/ima/5.PNG and /dev/null differ diff --git a/ima/6.PNG b/ima/6.PNG deleted file mode 100644 index a3626d1..0000000 Binary files a/ima/6.PNG and /dev/null differ diff --git a/ima/7.PNG b/ima/7.PNG deleted file mode 100644 index c28cb57..0000000 Binary files a/ima/7.PNG and /dev/null differ diff --git a/ima/8.PNG b/ima/8.PNG deleted file mode 100644 index 0b27a6a..0000000 Binary files a/ima/8.PNG and /dev/null differ diff --git a/image/1.PNG b/image/1.PNG new file mode 100644 index 0000000..d4ae3bd Binary files /dev/null and b/image/1.PNG differ diff --git a/image/11.PNG b/image/11.PNG new file mode 100644 index 0000000..fa24984 Binary files /dev/null and b/image/11.PNG differ diff --git a/image/12.PNG b/image/12.PNG new file mode 100644 index 0000000..5b699d8 Binary files /dev/null and b/image/12.PNG differ diff --git a/image/13.PNG b/image/13.PNG new file mode 100644 index 0000000..7912562 Binary files /dev/null and b/image/13.PNG differ diff --git a/image/14.PNG b/image/14.PNG new file mode 100644 index 0000000..f37c56c Binary files /dev/null and b/image/14.PNG differ diff --git a/image/15.PNG b/image/15.PNG new file mode 100644 index 0000000..d7d565e Binary files /dev/null and b/image/15.PNG differ diff --git a/image/16.PNG b/image/16.PNG new file mode 100644 index 0000000..eb1575c Binary files /dev/null and b/image/16.PNG differ diff --git a/image/17.PNG b/image/17.PNG new file mode 100644 index 0000000..b2daebb Binary files /dev/null and b/image/17.PNG differ diff --git a/image/18.PNG b/image/18.PNG new file mode 100644 index 0000000..bbe2d8c Binary files /dev/null and b/image/18.PNG differ diff --git a/image/19.PNG b/image/19.PNG new file mode 100644 index 0000000..a499a12 Binary files /dev/null and b/image/19.PNG differ diff --git a/image/2.PNG b/image/2.PNG new file mode 100644 index 0000000..2854165 Binary files /dev/null and b/image/2.PNG differ diff --git a/image/20.PNG b/image/20.PNG new file mode 100644 index 0000000..09bcbb3 Binary files /dev/null and b/image/20.PNG differ diff --git a/image/21.PNG b/image/21.PNG new file mode 100644 index 0000000..5040905 Binary files /dev/null and b/image/21.PNG differ diff --git a/image/22.PNG b/image/22.PNG new file mode 100644 index 0000000..7865046 Binary files /dev/null and b/image/22.PNG differ diff --git a/image/23.PNG b/image/23.PNG new file mode 100644 index 0000000..4d6cacf Binary files /dev/null and b/image/23.PNG differ diff --git a/image/24.PNG b/image/24.PNG new file mode 100644 index 0000000..9e1d62f Binary files /dev/null and b/image/24.PNG differ diff --git a/image/25.PNG b/image/25.PNG new file mode 100644 index 0000000..dfc7a9a Binary files /dev/null and b/image/25.PNG differ diff --git a/image/26.PNG b/image/26.PNG new file mode 100644 index 0000000..680477c Binary files /dev/null and b/image/26.PNG differ diff --git a/image/27.PNG b/image/27.PNG new file mode 100644 index 0000000..6543f60 Binary files /dev/null and b/image/27.PNG differ diff --git a/image/28.PNG b/image/28.PNG new file mode 100644 index 0000000..3655e68 Binary files /dev/null and b/image/28.PNG differ diff --git a/image/29.PNG b/image/29.PNG new file mode 100644 index 0000000..0905f2a Binary files /dev/null and b/image/29.PNG differ diff --git a/image/3.PNG b/image/3.PNG new file mode 100644 index 0000000..938703f Binary files /dev/null and b/image/3.PNG differ diff --git a/image/30.PNG b/image/30.PNG new file mode 100644 index 0000000..8ec927b Binary files /dev/null and b/image/30.PNG differ diff --git a/image/4.PNG b/image/4.PNG new file mode 100644 index 0000000..a3ccd7b Binary files /dev/null and b/image/4.PNG differ diff --git a/image/dvwa_1.PNG b/image/dvwa_1.PNG new file mode 100644 index 0000000..4100e5c Binary files /dev/null and b/image/dvwa_1.PNG differ diff --git a/image/dvwa_2.PNG b/image/dvwa_2.PNG new file mode 100644 index 0000000..c777c57 Binary files /dev/null and b/image/dvwa_2.PNG differ diff --git a/image/host.PNG b/image/host.PNG new file mode 100644 index 0000000..b53d2da Binary files /dev/null and b/image/host.PNG differ diff --git a/image/secret.PNG b/image/secret.PNG new file mode 100644 index 0000000..f94a369 Binary files /dev/null and b/image/secret.PNG differ diff --git a/image/wrong3.PNG b/image/wrong3.PNG new file mode 100644 index 0000000..b38ab1c Binary files /dev/null and b/image/wrong3.PNG differ diff --git a/image/y1.PNG b/image/y1.PNG new file mode 100644 index 0000000..a7578e3 Binary files /dev/null and b/image/y1.PNG differ