awk Kernel Management and Encryption Security for Text Processing

1. Solve DOS attack production cases: Monitor the number of concurrent connections of an IP or PV reaches 100 in a short time according to the number of web logs or network connections, that is, call the firewall command to block the corresponding IP, and monitor the frequency every 5 minutes.

1. Scripting

[root@Centos8 ~]# cat deny.dos.sh 
#!/bin/bash
LINK=100
while true;do
ss -nt | awk -F"[[:space:]]+|:" '/^ESTAB/{print $(NF-2)}' | sort | tr "]" " "  | uniq -c | while read count ip;do 
# Use read to assign values of standard output to count and ip variables.
    if [ $count -gt $LINK ];then 
    iptables -A INPUT -s $ip -j REJECT
    echo "$ip Access denied\ " >> /root/test.txt
        fi
    done 
done
[root@Centos8 ~]# crontab -l 
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
*/5 * * * * /root/deny.dos.sh #Define a 5-minute step to execute the script every five minutes

2. Exercise Attack

[root@localhost ~]# ls
anaconda-ks.cfg  a.out  flood  flood_connect.c  original-ks.cfg
[root@localhost ~]# ./flood 10.0.0.8 
Starting flood connect attack on 10.0.0.8 port 80
^CAborted (made 0 successful connects)

3. View the firewall

[root@Centos8 ~]# iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 2583  143K REJECT     all  --  *      *       10.0.0.27            0.0.0.0/0            reject-with icmp-port-unreachable

2. Process of key exchange

2.1 Symmetric Encryption Algorithm


Symmetric encryption: Encryption and decryption use the same key. The encrypted ciphertext is used in the transmission process. During the data exchange process, the user will get the ciphertext decoded by the same key.
Characteristic:
Encryption and decryption use the same key with high efficiency
Divide the original data into fixed-size blocks and encrypt them one by one
Defects:
Too many keys
Key Distribution
Data source cannot be confirmed

2.2 Asymmetric Encryption Algorithms


Receiver generates public key/key pair: P and S, public key P, and secret key S. The sender encrypts the message M using the receiver's public key to send P(M) to the receiver receiver and decrypts it using the key S: M=S(P(M)).

2.3 Integrated Encryption

Method 1:Pb{Sa[hash(data)]+data} process


The sender ensures the integrity of the data by hashing the original text, generates a digital signature by encrypting the 128-byte digest of the original text with its own private key, packages the original text and the digital signature, and sends them to the recipient by tcp protocol with the recipient's public key encryption. The recipient decrypts the received cryptographic text with its own private key to get the digital signature and the text. By comparing the hash algorithm of the original text with a 128-byte digest obtained by decrypting the digital signature from the sender's public key, the data is guaranteed to be tampered with during transmission.

Method 2: Symmetric key {Sa[hash(data)]+data}+Pb(symmetric key)

3. Communication process of https

HTTPS protocol: is the combination of "http protocol" and "SSL/TLS protocol". HTTP over SSL or HTTP over TLS, which encrypts the text data of the http protocol and transmits it as binary

3.1 Structure

3.2 HTTPS working process

  1. Client Initiates HTTPS Request
    The user enters an https web address in the browser and connects to port 443 of the server.
  2. Server-side configuration
    Servers that use the HTTPS protocol must have a set of digital certificates, either made by themselves or applied to the organization. The difference is that self-issued certificates require client verification to pass before they can continue to be accessed, whereas certificates applied for by trusted companies do not pop up a prompt page. This set of certificates is actually a public key and a private key.
  3. Transfer the server's certificate to the client.
    Certificates are actually public keys and contain a lot of information, such as the certificate issuing authority, expiration time, and so on.
  4. Client Resolution Validation Server Certificate
    This part of the work is done by the client's TLS, which first verifies whether the public key is valid, such as the issuing authority, expiration time, etc. If an exception is found, a warning box will pop up indicating that there is a problem with the certificate. If the certificate is OK, a random value is generated. The random value is then asymmetrically encrypted with the public key in the certificate.
  5. Client will transfer encrypted information to server
    This part transmits the random value encrypted by the certificate, so that the server can get this random value, and then the communication between client and server can be encrypted and decrypted by this random value.
  6. Service-side decryption
    After the server decrypts the encrypted information sent by the client with the server private key, it gets the random value from the client.
  7. Server encrypts information and sends it
    The server symmetrically encrypts the data using random values and sends it to the client.
  8. Client receives and decrypts information
    Clients use previously generated random values to decrypt the data coming from the service segment and obtain the decrypted content.

4. Use awk to get the first column of / ettc/passwd file separated by colons

[root@Centos8 ~]# awk -F: '{print $1}' /etc/passwd
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
operator
games
ftp
nobody
dbus
systemd-coredump
systemd-resolve
tss
polkitd
unbound
sssd
chrony
sshd
rngd
lw
rtkit
pipewire
postfix

Tags: Linux Operation & Maintenance security

Posted on Thu, 21 Oct 2021 09:52:38 -0400 by sonnieboy