3-amaliy mashg’ulot Mavzu: Fayl tizimlarini tashkil etish. Ishdan maqsad
Yüklə 0,55 Mb.
|
|
Ishni bajarish tartibi
1. user hisob qaydnomasi foydalanuvchisi bilan OSSNga grafik rejimda kirish bilan ishlashni boshlang (kirish darajasi - 0, ierarxik bo'lmagan toifalar - yo'q, yaxlitlik darajasi - "Высокий") va sudo fly-term bilan "привилегированном" rejimda Fly terminalini ishga tushiring. 2. Uy katalogingizda checksum nazorat yig'indisi pastki katalogini yarating va unga /etc katalogidan barcha fayllarni (shu jumladan, pastki kataloglarni) nusxa ko'chiring. 3. MD5 algoritmidan foydalanib, /home/user/checksum katalogidagi barcha fayllarning nazorat summasini hisoblang va ularni hisoblash natijasini /home/user/md5check fayliga va xatolar ro'yxati bilan oqimni faylga yo'naltiring. /home/user/error.md5, md5sum /home/user/checksum/* > /home/user/md5check 2>/home/user/error.md5. buyrug'i yordamida. 4. cat /home/user/md5check; cat /home/user/error.md5 buyruqlar zanjiri /home/user/md5check va /home/user/error.md5 fayllarining mazmunini terminalga chiqaring; 5. SHA-512/256 algoritmidan foydalanib, /home/user/checksum katalogidagi barcha fayllarning nazorat summasini hisoblang va hisob natijasini shasum –a 512256 /home/user/checksum/* > /home/user/sha512256check.bilan /home/user/sha512256check faylga yo'naltiring. /home/user/sha512256check komandasi bilan less /home/user/sha512256check Fayl tarkibini ko'rsatin. 6. Vim muharriridan foydalanib, superuser hisobini olib tashlash uchun /home/user/checksum/passwd faylining tarkibini o'zgartiring (chiziq root:x:0:0:root:/root:/bin/bash). 7. MD5 algoritmidan foydalanib, /home/user/checksum katalogidagi barcha fayllarning nazorat summasini tekshiring va md5sum –c ./md5check > /home/user/fullcheck yordamida tekshirish natijasini /home/user/fullcheck fayliga yo'naltiring. 8. SHA-512/256 algoritmidan foydalanib, /home/user/checksum katalogidagi barcha fayllarning nazorat summasini tekshiring va tekshirish natijasini (qo'shimchalar bilan) shasum –a 512256 –c ./sha512256check >> /home/ user/fullcheck faylga yo'naltiring. 9. Fayldan /home/user/fullcheck satrlarni toping (ПОВРЕЖДЁН и FAILED so'zlarni o'z ichiga olgan), ularning mazmuni va sonini grep buyruqlar zanjiri bilan terminalga chop eting grep ‘ПОВРЕЖДЁН’ /home/user/fullcheck> /home/user/tmpcheck ; grep ‘FAILED’ /home/user/fullcheck >> /home/user/tmpcheck ; wc –l /home/user/tmpcheck ; less /home/user/tmpcheck 10. GOST R 34.11-2012 algoritmidan (256 bit) foydalanib, /home/user/checksum/shadow faylining yig'indisini hisoblang, tekshirish natijasini /home/user/gostcheck faylga yo'naltiring va fayl tarkibini aks ettiring. /home/user/gostcheck /home/user/ terminalga o'tishni tekshiring. buyruqlar zanjiri gostsum /home/user/checksum/shadow –o ./gostcheck ; less. /home/user/gostcheck 11. OSSN tarqatish to'plami bilan optik diskni o'rnating va GOST R 34.11-2012 algoritmidan (256 bit) foydalanib, uning nazorat summasini hisoblang (optik disk qurilmasi fayli /dev/sr0) va hisoblash natijasini qayta yo'naltiring. /home/user/isocheck buyrug’I bilan gostsum –d /dev/sr0 > /home/user/isocheck (buyruqlar bajarilishi uzoq davom etadi). 12. fly-admin-int-check grafik yordamchi dasturini ishga tushiring va " Параметры проверки целостности" yorlig'ida: • "Astra smolensk amd64" qurilmasining o'rnatish nuqtasini tanlang (ko'pincha kataloglar /media/cdrom yoki /media/cdrom0) va o'rnating; • katalogdagi barcha fayllarga mutlaq yo'lni o'z ichiga olgan oddiy iborani qo'shish orqali "Принудительно" bo'limida yaxlitlikni tekshirish filtrini sozlash. /usr/lib: /usr/lib/*; • " Игнорировать " bo'limida yaxlitlikni tekshirish filtrini /tmp katalogiga mutlaq yo'lni o'z ichiga olgan oddiy iborani olib tashlash orqali sozlang; • "Отчёты" bo'limida /home/user/report katalogidagi report.txt faylining yo'lini ko'rsatish orqali faqat hisobot faylining matn formatini o'rnating; • vim /usr/share/doc/libcap2/copyright buyrug'i bilan /usr/share/doc/libcap2/copyright mualliflik huquqi faylining mazmunini o'zgartirish, dastlabki ikki qatorni o'chirish; • tekshirishni boshlang va tekshirishning taxminiy vaqtini belgilang, "Состояние" yorlig'iga o'ting va tekshirish holatini nazorat qiling, tekshirish tugagandan so'ng grafik yordamchi dasturini yoping; • /home/user/report.txt faylidan "Butunligi buzilgan fayllar", "Boshqarish sum " va «/usr/share/doc/libcap2/copyright» va qidiruv natijalarini buyruqlar zanjiri bilan /home/user/report-2 fayliga saqlang: grep" Butunligi buzilgan fayllar " /home/user/report.txt -A 4 > /home/user/report-2; grep "Boshqarish sum" '/home/user/report.txt -A 4 >> / home / user / report -2; grep ' / usr / share / doc / libcap2 / copyright ' /home/user/report.txt >> / home / user / report-2. 1. AFICK konfiguratsiya faylining /etc/afick.conf ko'rsatmalari bo'limini tahrir qiling, ishlaydigan ilovalarni skanerlashni bekor qiling: direktivalar bo'limining asl versiyasi: directives: running_files := yes, direktivalar bo'limining tahrirlangan versiyasi: directives: running_files := 0. 2. AFICK tizimining /etc/afick.conf konfiguratsiya faylining alias bo'limini tahrir qiling: • fayl ob'ektlarining o'lchamini tekshirishni olib tashlash va ularni o'zgartirish vaqtini belgilash orqali ETC qoidasini o'zgartiring: asl qoida: ETC = p+d+i+u+g+s+md5, tahrirlangan qoida: ETC = p+d+i+u+g+m+md5; • MyRule qoidasini tahrir qiling, undan havola qilinadigan fayllar ob'ektlarini tekshirishni olib tashlang va mandatli xavfsizlik belgilarining yaxlitligini nazorat qilishni, xavfsizlik auditi tizimining ma'lumotlar yaxlitligini nazorat qilishni va GOST R 34.11 yordamida yaxlitlikni nazorat qilishni qo'shing. MD5 algoritmi o'rniga 2012 kriptografik algoritmi: qoidaning asl versiyasi: MyRule = p + d + i + n + u + g + s + b + md5 + m, qoidaning tahrirlangan versiyasi: MyRule = p + d + i + u + g + s + b + gost + m + e + t . Yüklə 0,55 Mb. Dostları ilə paylaş:
|