网络安全技术与应用:远程控制与数据库安全

2024-05-24 16:04

本文主要是介绍网络安全技术与应用:远程控制与数据库安全,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

实验准备

软件:VMware Workstation Pro
虚拟机:Red Hat Enterprise Linux 7 服务器,Red Hat Enterprise Linux 7 客户端
网络模式:NAT模式

1、配置服务器及客户端网络

服务器IP

客户端IP

测试相互通信

在客户机上设置镜像,配置yum源

[root@localhost 桌面]# mkdir /mnt/cdrom
[root@localhost 桌面]# mount /dev/sr0 /mnt/cdrom/
mount: /dev/sr0 写保护,将以只读方式挂载
[root@localhost 桌面]# vim /etc/yum.repos.d/a.repo
[root@localhost 桌面]# cat /etc/yum.repos.d/a.repo
[a]
name=a
baseurl=file:///mnt/cdrom
enable=1
gpgcheck=0

在完成MariaDB数据库软件程序的安装并确保其成功启动后,我们建议先不要急于使用它。为了保障数据库的安全性和稳定运行,首要任务是进行初始化操作。该初始化流程包含以下五个关键步骤:
设置root管理员在数据库中的密码值(该密码并非root管理员在系统中的密码,密码值默认为空,直接回车即可)。

设置root管理员在数据库中的专有密码。

删除匿名用户,并使用root管理员从远程登录数据库,以确保数据库上运行的业务的安全性。

删除默认的测试数据库,取消测试数据库的一系列访问权限。

刷新授权列表,让初始化的设定立即生效。

[root@localhost 桌面]# mysql_secure_installation 
/usr/bin/mysql_secure_installation:行379: find_mysql_client: 未找到命令NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDBSERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.Enter current password for root (enter for none): (默认为空)
OK, successfully used password, moving on...Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.Set root password? [Y/n] y (设置管理员密码)
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..... Success!By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.Remove anonymous users? [Y/n] y (删除匿名账户)... Success!Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.Disallow root login remotely? [Y/n] y (禁止管理员从远程登录)... Success!By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.Remove test database and access to it? [Y/n] y (删除测试数据库及其访问权限)- Dropping test database...... Success!- Removing privileges on test database...... Success!Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.Reload privilege tables now? [Y/n] y (刷新授权表,让初始化后的设定立即生效)... Success!Cleaning up...All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.Thanks for using MariaDB!

在众多生产环境的实践中,站库分离技术(即将网站与数据库部署于不同的服务器)被广泛应用以确保系统的高可用性和安全性。当需要为root管理员提供远程访问数据库的权限时,我们需要在初始化过程中制定相应的策略,以允许root管理员从远程地址进行连接。此外,为了保障数据库服务的安全,还需配置防火墙规则,确保其对数据库服务程序(如MySQL,默认占用3306端口)的访问请求进行放行。在防火墙策略中,这类服务通常被统一标识为“mysql”。

[root@localhost 桌面]# firewall-config

首次登录MariaDB数据库。为了管理数据库,我们将使用mysql命令。在这个命令中,-u参数用于指定以root管理员的身份进行登录,-p用来验证该用户在数据库中的密码值,以确保登录的安全性。

[root@localhost 桌面]# mysql -u root -p
Enter password:  (输入刚刚设置的密码)
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 5.5.35-MariaDB MariaDB ServerCopyright (c) 2000, 2013, Oracle, Monty Program Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> SHOW databases;          //查看数据库管理系统中当前都有哪些数据库
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)MariaDB [(none)]> SET password = PASSWORD('hnswjj');  //使用数据库命令将root管理员在数据库管理系统中的密码值修改为hnswjj
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> exit
Bye
(使用原密码redhat尝试登陆,登陆失败)
[root@localhost 桌面]# mysql -u root -p
Enter password: 
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)(使用新密码hnswjj尝试登陆,登陆成功,创建用户student,admin,jack)
[root@localhost 桌面]# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 13
Server version: 5.5.35-MariaDB MariaDB ServerCopyright (c) 2000, 2013, Oracle, Monty Program Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> CREATE USER student@localhost IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> CREATE USER admin@localhost IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> CREATE USER jack@localhost IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -ADatabase changed
MariaDB [mysql]> SELECT HOST,USER,PASSWORD FROM user WHERE USER="student";
+-----------+---------+-------------------------------------------+
| HOST      | USER    | PASSWORD                                  |
+-----------+---------+-------------------------------------------+
| localhost | student | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |
+-----------+---------+-------------------------------------------+
1 row in set (0.00 sec)MariaDB [mysql]> SELECT HOST,USER,PASSWORD FROM user WHERE USER="admin";
+-----------+-------+-------------------------------------------+
| HOST      | USER  | PASSWORD                                  |
+-----------+-------+-------------------------------------------+
| localhost | admin | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |
+-----------+-------+-------------------------------------------+
1 row in set (0.00 sec)MariaDB [mysql]> SELECT HOST,USER,PASSWORD FROM user WHERE USER="jack";
+-----------+------+-------------------------------------------+
| HOST      | USER | PASSWORD                                  |
+-----------+------+-------------------------------------------+
| localhost | jack | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |
+-----------+------+-------------------------------------------+
1 row in set (0.00 sec)MariaDB [mysql]> SHOW GRANTS FOR student@localhost;
+----------------------------------------------------------------------------------------------------------------+
| Grants for student@localhost                                                                                   |
+----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'student'@'localhost' IDENTIFIED BY PASSWORD '*84BB5DF4823DA319BBF86C99624479A198E6EEE9' |
+----------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

查看student用户权限,并针对mysql数据库中的user表单向用户luke授予查询、更新、删除以及插入等权限;

MariaDB [mysql]> GRANT SELECT,UPDATE,DELETE,INSERT ON mysql.user TO student@localhost;
Query OK, 0 rows affected (0.00 sec)MariaDB [mysql]> SHOW GRANTS FOR student@localhost;
+----------------------------------------------------------------------------------------------------------------+
| Grants for student@localhost                                                                                   |
+----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'student'@'localhost' IDENTIFIED BY PASSWORD '*84BB5DF4823DA319BBF86C99624479A198E6EEE9' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `mysql`.`user` TO 'student'@'localhost'                                |
+----------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)MariaDB [mysql]> exit;
Bye

mysqldump命令用于备份数据库数据,格式为“mysqldump [参数] [数据库名称]”。其中参数与mysql命令大致相同,-u参数用于定义登录数据库的用户名称,-p参数表示密码提示符。下面将hnswjjxy数据库中的内容导出为一个文件,并保存到root管理员的家目录中:

[root@localhost ~]# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 15
Server version: 5.5.35-MariaDB MariaDB ServerCopyright (c) 2000, 2013, Oracle, Monty Program Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> CREATE DATABASE hnswjjxy;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> exit;
Bye
[root@localhost ~]# mysqldump -u root -p hnswjjxy > /root/hnswjjxy.dump
Enter password: 
[root@localhost ~]# cd /root
[root@localhost ~]# ls
anaconda-ks.cfg  initial-setup-ks.cfg  模板  图片  下载  桌面
hnswjjxy.dump    公共                  视频  文档  音乐

然后进入MariaDB数据库管理系统,彻底删除hnswjjxy数据库,这样mybook数据表单也将被彻底删除。

[root@localhost ~]# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 17
Server version: 5.5.35-MariaDB MariaDB ServerCopyright (c) 2000, 2013, Oracle, Monty Program Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> DROP DATABASE hnswjjxy;
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> SHOW databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)

远程控制服务ssh配置

服务器

客户端

[root@localhost ~]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 192.168.159.134  netmask 255.255.255.0  broadcast 192.168.159.255inet6 fe80::20c:29ff:fe48:38d  prefixlen 64  scopeid 0x20<link>ether 00:0c:29:48:03:8d  txqueuelen 1000  (Ethernet)RX packets 939  bytes 66043 (64.4 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 275  bytes 26173 (25.5 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536inet 127.0.0.1  netmask 255.0.0.0inet6 ::1  prefixlen 128  scopeid 0x10<host>loop  txqueuelen 0  (Local Loopback)RX packets 17  bytes 1808 (1.7 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 17  bytes 1808 (1.7 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0[root@localhost ~]# ssh 192.168.159.133
The authenticity of host '192.168.159.133 (192.168.159.133)' can't be established.
ECDSA key fingerprint is 01:e1:e1:a1:fe:89:18:b6:3d:ba:d4:a3:19:f3:1a:f9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.159.133' (ECDSA) to the list of known hosts.
root@192.168.159.133's password: 
Last failed login: Thu May 23 15:16:42 CST 2024 from 192.168.159.134 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Thu May 23 14:07:18 2024
[root@localhost ~]# ifconfig     //注:此时已远程登陆至服务器,故ifconfig命令看到的是服务器ip.
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500inet 192.168.159.133  netmask 255.255.255.0  broadcast 192.168.159.255inet6 fe80::20c:29ff:feb5:e726  prefixlen 64  scopeid 0x20<link>ether 00:0c:29:b5:e7:26  txqueuelen 1000  (Ethernet)RX packets 1026  bytes 77681 (75.8 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 297  bytes 30414 (29.7 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536inet 127.0.0.1  netmask 255.0.0.0inet6 ::1  prefixlen 128  scopeid 0x10<host>loop  txqueuelen 0  (Local Loopback)RX packets 13  bytes 1360 (1.3 KiB)RX errors 0  dropped 0  overruns 0  frame 0TX packets 13  bytes 1360 (1.3 KiB)TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
[root@localhost ~]# exit
登出
Connection to 192.168.159.133 closed.

打开服务器sshd服务配置文件,将第48行的参数设置为禁止root管理员远程登录;

[root@localhost 桌面]# vim /etc/ssh/sshd_config 

[root@localhost ~]# systemctl restart sshd.service

使用客户端远程登陆,提示登陆成功;

使用客户端远程传输文件至服务器的/home目录

[root@localhost /]# cd /opt
[root@localhost opt]# vim /opt/hnsw.txt

[root@localhost opt]# scp /opt/hnsw.txt 192.168.159.133:/home
root@192.168.159.133's password: 
hnsw.txt                                  100%   17     0.0KB/s   00:00

在服务器中查看传输文件内容:

使用客户端远程登录服务器,删除文件hnsw.txt,创建文件abc.txt

这篇关于网络安全技术与应用:远程控制与数据库安全的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!



http://www.chinasem.cn/article/998875

相关文章

C语言中位操作的实际应用举例

《C语言中位操作的实际应用举例》:本文主要介绍C语言中位操作的实际应用,总结了位操作的使用场景,并指出了需要注意的问题,如可读性、平台依赖性和溢出风险,文中通过代码介绍的非常详细,需要的朋友可以参... 目录1. 嵌入式系统与硬件寄存器操作2. 网络协议解析3. 图像处理与颜色编码4. 高效处理布尔标志集合

SpringBoot请求参数接收控制指南分享

《SpringBoot请求参数接收控制指南分享》:本文主要介绍SpringBoot请求参数接收控制指南,具有很好的参考价值,希望对大家有所帮助,如有错误或未考虑完全的地方,望不吝赐教... 目录Spring Boot 请求参数接收控制指南1. 概述2. 有注解时参数接收方式对比3. 无注解时接收参数默认位置

Java中的Lambda表达式及其应用小结

《Java中的Lambda表达式及其应用小结》Java中的Lambda表达式是一项极具创新性的特性,它使得Java代码更加简洁和高效,尤其是在集合操作和并行处理方面,:本文主要介绍Java中的La... 目录前言1. 什么是Lambda表达式?2. Lambda表达式的基本语法例子1:最简单的Lambda表

Spring Security+JWT如何实现前后端分离权限控制

《SpringSecurity+JWT如何实现前后端分离权限控制》本篇将手把手教你用SpringSecurity+JWT搭建一套完整的登录认证与权限控制体系,具有很好的参考价值,希望对大家... 目录Spring Security+JWT实现前后端分离权限控制实战一、为什么要用 JWT?二、JWT 基本结构

Android实现两台手机屏幕共享和远程控制功能

《Android实现两台手机屏幕共享和远程控制功能》在远程协助、在线教学、技术支持等多种场景下,实时获得另一部移动设备的屏幕画面,并对其进行操作,具有极高的应用价值,本项目旨在实现两台Android手... 目录一、项目概述二、相关知识2.1 MediaProjection API2.2 Socket 网络

Python结合PyWebView库打造跨平台桌面应用

《Python结合PyWebView库打造跨平台桌面应用》随着Web技术的发展,将HTML/CSS/JavaScript与Python结合构建桌面应用成为可能,本文将系统讲解如何使用PyWebView... 目录一、技术原理与优势分析1.1 架构原理1.2 核心优势二、开发环境搭建2.1 安装依赖2.2 验

Java字符串操作技巧之语法、示例与应用场景分析

《Java字符串操作技巧之语法、示例与应用场景分析》在Java算法题和日常开发中,字符串处理是必备的核心技能,本文全面梳理Java中字符串的常用操作语法,结合代码示例、应用场景和避坑指南,可快速掌握字... 目录引言1. 基础操作1.1 创建字符串1.2 获取长度1.3 访问字符2. 字符串处理2.1 子字

SpringShell命令行之交互式Shell应用开发方式

《SpringShell命令行之交互式Shell应用开发方式》本文将深入探讨SpringShell的核心特性、实现方式及应用场景,帮助开发者掌握这一强大工具,具有很好的参考价值,希望对大家有所帮助,如... 目录引言一、Spring Shell概述二、创建命令类三、命令参数处理四、命令分组与帮助系统五、自定

SpringBoot应用中出现的Full GC问题的场景与解决

《SpringBoot应用中出现的FullGC问题的场景与解决》这篇文章主要为大家详细介绍了SpringBoot应用中出现的FullGC问题的场景与解决方法,文中的示例代码讲解详细,感兴趣的小伙伴可... 目录Full GC的原理与触发条件原理触发条件对Spring Boot应用的影响示例代码优化建议结论F

MySQL 分区与分库分表策略应用小结

《MySQL分区与分库分表策略应用小结》在大数据量、复杂查询和高并发的应用场景下,单一数据库往往难以满足性能和扩展性的要求,本文将详细介绍这两种策略的基本概念、实现方法及优缺点,并通过实际案例展示如... 目录mysql 分区与分库分表策略1. 数据库水平拆分的背景2. MySQL 分区策略2.1 分区概念