1. Introduction to Fortress Machine, Set up Simple Fortress Machine, Install jailkit to Realize Chrooot and Log Audit

1. Introduction to Fortress Machine

In a specific network environment, in order to protect the network and data from external damage, various technical means are used to collect and monitor the system status, security events, network activities of each component in the network environment in real time, so as to centralize alarm, timely processing and audit designation.

We also call the fortress a springboard. The simple function of the springboard is simple. The main core functions are remote login server and log audit.

The better open source software jumpserver, its main functions are certification, authorization, auditing, automation, asset management.

Business Fortress Machine: Qizhi, Citrix XenApp.


2. Building Simple Fortress Machine

For small businesses, companies don't have many machines, but for login and security, you can build a simple fortress (springboard).

Functions: Log on to the corporate intranet server, find out, and audit what you do when you log on to the machine.

The condition for a fortress machine is that it has a company and a private network where the private network and other machines in the room communicate (a local area network).

Design ideas for fortress machine:

Springboard security settings (iptables port restriction, login restriction sshd_config)

User, command permission restriction (jailkit) http://blog.chinaunix.net/uid-28310119-id-3503318.html

The only disadvantage of client machine log audit is that it can not be done on the springboard but only on the client.

http://www.68idc.cn/help/server/linux/2014042190951.html


3. Install jailkit to implement chroot

# cd /usr/local/src
# wget https://olivier.sessink.nl/jailkit/jailkit-2.19.tar.bz2
# tar jxvf jailkit-2.19.tar.bz2
# cd jailkit-2.19
# ./configure && make && make install
#mkdir/home/jail//Create a directory as the root directory of the virtual system

The following four commands are to get some commonly used commands and files into the directory of the virtual system.

#jk_init-v-j/home/jail/basicshell //This command is to get the shell-related commands, library files to the root directory of the virtual system.
#jk_init-v-j/home/jail/ editors //editor vi, vim goes through.
#jk_init-v-j/home/jail/netutils //network related.
#jk_init-v-j/home/jail/ ssh //used for remote login.
# mkdir /home/jail/usr/sbin
#cp/usr/sbin/jk_lsh/home/jail/usr/sbin/jk_lsh//corresponds to a shell of a virtual system and copies it to it.
1,#useradd zhangsan //The original system creates one user. If you need to create more than one user, start with this step and perform the four steps: 1-4.
2,# passwd zhangsan
3,#jk_jailuser-m-j/home/jail zhangsan //Create a user in a virtual system
# cd /home/jail/
[root@wbs jail]#cat etc/passwd //virtual user zhangsan
root:x:0:0:root:/root:/bin/bash
zhangsan:x:1122:1122::/home/zhangsan:/usr/sbin/jk_lsh
//usr/sbin/jk_lsh This shell is the shell of the virtual system. This shell cannot log on, so it needs to be changed to / bin/bash in order to log on to virtual user zhangsan
4,#vim/home/jail/etc/passwd //Change/usr/sbin/jk_lsh to/bin/bash on the line of zhangsan
#ls/home/jail/ // You can see the common commands, and the library files are at the root of the virtual system.
bin  dev  etc  home  lib64  usr



Create a new session window, IP is the local IP, user name zhangsan, password zhangsan, login, you will see two lines "bash: /usr/bin/id: No such file or directory" because to execute / etc/profile, there is no such command in it, don't care.

$ls-l / // You can see only those six directories

Press the Tab key twice to see that only 117 commands are available, which are all commands under bin.

Create key logins, add keys to the.Ssh directory, and change PasswordAuthentication yes to no by setting # vi/etc/ssh/sshd_config on the original system to allow only key logins.

Also restrict iptables rules, restrict all unneeded ports, and turn off unused services.

Also restrict the source IP of the login:
# vi /etc/hosts.allow
 Newly added:
sshd: 192.168.149.0/24 1.1.1.1 2.2.2.2
 # vi/etc/hosts.deny //All rejections except allowed segments and IP, which increases the machine's security factor.
sshd: ALL


IV. Log Audit

The following are some restrictions on the client to limit the source IP.

To another machine, limit/etc/hosts.allow and deny first

Add sshd in hosts.allow: 192.168.149.133 (Springboard IP)

Add sshd: ALL to hosts.deny

You will not be able to log on to this machine again at this time.

To the one in zhangsan, you can sign in:

# ssh root@192.168.149.129

This makes a springboard.

Use Zhangsan when you log in to the other party's user, because this machine is now zhangsan, so the other party's machine also needs to create a user of zhangsan.


The following actions are required on all logged-in machines

# mkdir /usr/local/records
# chmod 777 !$
# chmod +t !$
#vi/etc/profile//Add
 if [ ! -d  /usr/local/records/${LOGNAME} ]     //logname, which identifies the logged-in user name.
then
mkdir -p /usr/local/records/${LOGNAME}
chmod 300 /usr/local/records/${LOGNAME}     //Specifies that this user can only write and execute.
fi
export HISTORY_FILE="/usr/local/records/${LOGNAME}/bash_history"   //Specify a file to record the history command. The following command means to record the last command executed in this file.
export PROMPT_COMMAND='{ date "+%Y-%m-%d %T ##### $(who am i |awk "{print \$1\" \"\$2\" \"\$5}") #### $(history 1 | { read x cmd; echo "$cmd"; })"; } >>$HISTORY_FILE'

//Re-log on to this machine
# cd /usr/local/records/
[root@MRX records]# ls
root
[root@MRX records]# cd root/
[root@MRX root]# ls
bash_history
[root@MRX root]# tail bash_history 
2019-10-01 19:32:06 ##### root pts/0 (192.168.149.1) #### 2019/10/01 19:19:58 vim /etc/profile
2019-10-01 19:32:17 ##### root pts/0 (192.168.149.1) #### 2019/10/01 19:32:17 ls
2019-10-01 19:32:34 ##### root pts/0 (192.168.149.1) #### 2019/10/01 19:32:34 cd /usr/local/records/
2019-10-01 19:32:35 ##### root pts/0 (192.168.149.1) #### 2019/10/01 19:32:35 ls
2019-10-01 19:32:37 ##### root pts/0 (192.168.149.1) #### 2019/10/01 19:32:37 cd root/
2019-10-01 19:32:38 ##### root pts/0 (192.168.149.1) #### 2019/10/01 19:32:38 ls

Unlike history in the system, it only records these commands after you exit this terminal normally. The commands you typed are only stored in memory, not in a file. To record in a file, you must exit normally. If you shut down the power or exit for other reasons, these commands will not be remembered.But this log audit is OK.

[root@MRX root]#useradd zhangsan //Create a zhangsan user
[root@MRX root]# passwd zhangsan

Then log in to the springboard:

[zhangsan@wbs ~]$ ssh zhangsan@192.168.149.129

//Then execute some commands at will, and then look at the client, you can see the commands that the zhangsan user has typed.

[root@MRX records]# ls
root  zhangsan

This method is not perfect and can be cracked. It is just a simple fortress machine. To make a perfect fortress machine, you need to use some professional tools and software.

Tags: Linux network shell ssh vim

Posted on Sat, 09 Nov 2019 14:01:13 -0500 by hughesa