安全資訊

@echo offfor /f "tokens=4" %%a in ('route print^|findstr 0.0.0.0.*0.0.0.0') do ( if not "%%a" == "默認" set IPaddress=%%a)cd C:\md %IPaddress%cd %IPaddress%echo 1.系統信息(CreatedbyG) > %IPaddress% systeminfo >> %IPaddress%echo 2.網(wǎng)卡信息(CreatedbyG) >> %IPaddress% ipconfig >> %IPaddress%echo 3.監聽(tīng)端口(CreatedbyG) >> %IPaddress% netstat -an | find "LISTENING" >> %IPaddress%echo 4.系統服務(wù)(CreatedbyG) >> %IPaddress% net start >> %IPaddress%echo 5.系統進(jìn)程(CreatedbyG) >> %IPaddress% tasklist >> %IPaddress%echo 6.軟件列表(CreatedbyG) >> %IPaddress% for /f "tokens=3 delims=\" %%i in ('reg query HKLM\SOFTWARE') do ( >> %IPaddress%                echo  ****************** >> %IPaddress%                echo  軟件名稱(chēng):%%i >> %IPaddress%                echo  ****************** if not "%%i"=="Classes" for /f "tokens=4 delims=\" %%j in ('reg query HKLM\SOFTWARE\%%i 2^>nul') do (echo 軟件信息: %%j>> %IPaddress%) ) echo 7.本地策略(CreatedbyG) >> %IPaddress% secedit /export /cfg C:\temp.txt echo ---密碼策略--- >> %IPaddress% echo "0表示禁用，1表示啟用" >> %IPaddress% echo *密碼必須符合復雜性要求* >> %IPaddress% find "PasswordComplexity" C:\temp.txt |find "PasswordComplexity = ">> %IPaddress% echo *密碼長(cháng)度最小值* >> %IPaddress% find "MinimumPasswordLength" C:\temp.txt|find "MinimumPasswordLength = " >> %IPaddress% echo *密碼最短使用期限* >> %IPaddress% find "MinimumPasswordAge" C:\temp.txt|find "MinimumPasswordAge = " >> %IPaddress% echo *密碼最長(cháng)使用期限* >> %IPaddress% find "MaximumPasswordAge" C:\temp.txt|find "MaximumPasswordAge = " >> %IPaddress% echo *強制密碼歷史* >> %IPaddress% find "PasswordHistorySize" C:\temp.txt|find "PasswordHistorySize = " >> %IPaddress% echo *用可還原的加密來(lái)存儲密碼* >> %IPaddress% find "ClearTextPassword" C:\temp.txt|find "ClearTextPassword = " >> %IPaddress% echo ---賬戶(hù)鎖定策略（無(wú)結果表示未開(kāi)啟）--- >> %IPaddress% echo *賬戶(hù)鎖定時(shí)間* >> %IPaddress% find "LockoutDuration" C:\temp.txt |find "LockoutDuration" >> %IPaddress% echo *復位賬戶(hù)鎖定計時(shí)器* >> %IPaddress% find "ResetLockoutCount" C:\temp.txt |find "ResetLockoutCount">> %IPaddress% echo *賬戶(hù)鎖定閾值* >> %IPaddress% find "LockoutBadCount" C:\temp.txt |find "LockoutBadCount" >> %IPaddress% echo ---審核策略--- >> %IPaddress% echo ---0表示無(wú)審核，1表示成功審核，2表示失敗審核，3表示成功和失敗審核--- >> %IPaddress% echo *審核帳戶(hù)管理* >> %IPaddress% find "AuditAccountManage" C:\temp.txt | find "AuditAccountManage" >> %IPaddress% echo *審核帳戶(hù)登錄事件* >> %IPaddress% find "AuditAccountLogon" C:\temp.txt | find "AuditAccountLogon" >> %IPaddress% echo *審核系統事件* >> %IPaddress% find "AuditSystemEvents" C:\temp.txt | find "AuditSystemEvents" >> %IPaddress% echo *審核目錄服務(wù)訪(fǎng)問(wèn)* >> %IPaddress% find "AuditDSAccess" C:\temp.txt | find "AuditDSAccess" >> %IPaddress% echo *審核過(guò)程跟蹤* >> %IPaddress% find "AuditProcessTracking" C:\temp.txt | find "AuditProcessTracking" >> %IPaddress% echo *審核特權使用* >> %IPaddress% find "AuditPrivilegeUse" C:\temp.txt | find "AuditPrivilegeUse" >> %IPaddress% echo *審核對象訪(fǎng)問(wèn)* >> %IPaddress% find "AuditObjectAccess" C:\temp.txt | find "AuditObjectAccess" >> %IPaddress% echo *審核登錄事件* >> %IPaddress% find "AuditLogonEvents" C:\temp.txt | find "AuditLogonEvents" >> %IPaddress% echo *審核策略更改* >> %IPaddress% find "AuditPolicyChange" C:\temp.txt | find "AuditPolicyChange" >> %IPaddress% echo ---安全選項--- >> %IPaddress% echo *0表示已停用，1表示已啟用* >> %IPaddress% echo *在掛起會(huì )話(huà)之前所需的空閑時(shí)間* >> %IPaddress% find "AutoDisconnect" C:\temp.txt | find "AutoDisconnect" >> %IPaddress% echo *不顯示上次登錄的用戶(hù)名* >> %IPaddress% find "DontDisplayLastUserName" C:\temp.txt | find "DontDisplayLastUserName" >> %IPaddress% echo *關(guān)機前清理虛擬內存頁(yè)面* >> %IPaddress% find "ClearPageFileAtShutdown" C:\temp.txt | find "ClearPageFileAtShutdown" >> %IPaddress% echo *允許在未登錄前關(guān)機* >> %IPaddress% find "ShutdownWithoutLogon" C:\temp.txt | find "ShutdownWithoutLogon" >> %IPaddress% echo ---用戶(hù)權利分配---  >> %IPaddress% echo (Everyone:*S-1-1-0  Administrators:*S-1-5-32-544  Users:*S-1-5-32-545  Power Users:*S-1-5-32-547  Backup Operators:*S-1-5-32-551) >> %IPaddress% echo *從遠程系統強制關(guān)機* >> %IPaddress% find "SeRemoteShutdownPrivilege" C:\temp.txt | find "SeRemoteShutdownPrivilege" >> %IPaddress% echo *取得文件或其他對象所有權* >> %IPaddress% find "SeTakeOwnershipPrivilege" C:\temp.txt | find "SeTakeOwnershipPrivilege" >> %IPaddress% echo *從本地登錄此計算機* >> %IPaddress% find "SeInteractiveLogonRight" C:\temp.txt | find "SeInteractiveLogonRight" >> %IPaddress% echo *允許通過(guò)遠程桌面服務(wù)登錄* >> %IPaddress% find "SeRemoteInteractiveLogonRight" C:\temp.txt | find "SeRemoteInteractiveLogonRight" >> %IPaddress% echo *調試程序* >> %IPaddress% find "SeDebugPrivilege" C:\temp.txt | find "SeDebugPrivilege" >> %IPaddress% echo *更改系統時(shí)間* >> %IPaddress% find "SeSystemtimePrivilege" C:\temp.txt | find "SeSystemtimePrivilege" >> %IPaddress% echo *管理審核和安全日志* >> %IPaddress% find "SeSecurityPrivilege" C:\temp.txt | find "SeSecurityPrivilege" >> %IPaddress% del C:\temp.txtecho 8.系統用戶(hù)(CreatedbyG) >> %IPaddress% net user >> %IPaddress% for /f "skip=4 delims=" %%a in ('net user^|findstr /vx "命令成功完成。"') do for %%i in (%%a) do net user %%i >> %IPaddress% net localgroup >> %IPaddress% net localgroup Administrators >> %IPaddress%  net localgroup Guests >> %IPaddress% echo 9.其它選項(CreatedbyG) >> %IPaddress%  echo *自動(dòng)播放* （oxff為關(guān)閉全部自動(dòng)播放，無(wú)結果則開(kāi)啟） >> %IPaddress% reg query HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDriveTypeAutoRun |find "NoDriveTypeAutoRun" >> %IPaddress% echo ---屏幕保護程序--- >> %IPaddress% echo *是否開(kāi)啟屏保* （0關(guān)，1開(kāi)）>> %IPaddress% reg query "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveActive |find "ScreenSaveActive" >> %IPaddress% echo *屏保時(shí)間*（單位秒）>> %IPaddress% reg query "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveTimeOut |find "ScreenSaveTimeOut" >> %IPaddress% echo *屏?；謴蜁r(shí)使用密碼保護* （0否，1是）>> %IPaddress% reg query "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaverIsSecure |find "ScreenSaverIsSecure" >> %IPaddress% echo *防火墻狀態(tài)*（1開(kāi)，0關(guān)）>> %IPaddress% reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v EnableFirewall |find "EnableFirewall" >> %IPaddress% echo *遠程桌面* (0開(kāi)，1關(guān)) >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections |find "fDenyTSConnections" >> %IPaddress% echo *3389端口* (d3d:3389) >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber |find "PortNumber" >> %IPaddress% echo *遠程協(xié)助* (0關(guān)（合規），1開(kāi)) >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Remote Assistance" /v fAllowToGetHelp |find "fAllowToGetHelp" >> %IPaddress% echo *日志文件大小*  >> %IPaddress% echo *應用日志文件大小*（0x2800000以上為合規）  >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application" /v MaxSize |find "MaxSize" >> %IPaddress% echo *達到事件日志最大大小時(shí)*（不存在或0均合規）  >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application" /v Retention |find "Retention" >> %IPaddress% echo *安全日志文件大小*（0x2800000以上為合規）  >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security" /v MaxSize |find "MaxSize" >> %IPaddress% echo *達到事件日志最大大小時(shí)*（不存在或0均合規）  >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security" /v Retention |find "Retention" >> %IPaddress% echo *系統日志文件大小*（0x2800000以上為合規）  >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System" /v MaxSize |find "MaxSize" >> %IPaddress% echo *達到事件日志最大大小時(shí)*（不存在或0均合規）  >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System" /v Retention |find "Retention" >> %IPaddress% echo *默認共享*（注冊表 + net share查看）  >> %IPaddress% echo *分區共享*（存在且為0，為合規）  >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters" /v AutoShareServer |find "AutoShareServer" >> %IPaddress% echo *ADMIN共享*（存在且為0，為合規） >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters" /v AutoShareWks |find "AutoShareWks" >> %IPaddress% echo *IPC共享* （存在且為1，為合規） >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v restrictanonymous |find "restrictanonymous" >> %IPaddress% echo *共享列表*  >> %IPaddress% reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanserver\shares" >> %IPaddress% echo *默認共享*  >> %IPaddress% net share >> %IPaddress% copy C:\Windows\WindowsUpdate.log .\ ren WindowsUpdate.log %IPaddress%.updatelog reg save hklm\sam %IPaddress%.sam reg save hklm\system %IPaddress%.systempause

calc                            計算器 notepad                         記事本 taskmgr                         任務(wù)管理器 osk                             打開(kāi)屏幕鍵盤(pán) gpedit.msc                      組策略 services.msc                    本地服務(wù) compmgmt.msc                    計算機管理 devmgmt.msc                     設備管理器 winver                          查看系統版本 magnify                         放大鏡實(shí)用程序 eventvwr                        事件查看器 Regedit                         打開(kāi)注冊表 resmon                          資源監視器 WMIC BIOS get releasedate       查看電腦生產(chǎn)日期

#!/bin/sh#網(wǎng)絡(luò )信息echo -----------@ifconfig -a >> check.txtifconfig -a >> check.txt#系統內核、名稱(chēng)和版本echo -----------@uname -a >> check.txtuname -a >> check.txtecho -----------@cat /etc/redhat-release >> check.txtcat /etc/redhat-release >> check.txt#系統登錄是否需要密碼echo -----------@cat /etc/passwd >> check.txtcat /etc/passwd >> check.txt#系統hosts.equiv是否存在主機和用戶(hù)echo -----------@cat /etc/hosts.equiv >> check.txtcat /etc/hosts.equiv >> check.txt#密碼長(cháng)度和更換周期echo -----------@cat /etc/login.defs >> check.txtcat /etc/login.defs >> check.txtecho -----------@cat /etc/security/pwquality.confcat /etc/security/pwquality.conf#密碼復雜度和登錄失敗處理功能echo -----------@cat /etc/pam.d/system-auth >> check.txtcat /etc/pam.d/system-auth >> check.txt#是否關(guān)閉telnetecho -----------@cat /etc/xinetd/krb5-telnet >> check.txtcat /etc/xinetd/krb5-telnet >> check.txt#查看主機運行端口echo -----------@netstat -an >> check.txtnetstat -an >> check.txt#查看是否有多余的、過(guò)期的賬戶(hù)echo -----------@cat /etc/shadow >> check.txtcat /etc/shadow >> check.txt#查看審計功能有沒(méi)有開(kāi)啟echo -----------@service rsyslog status >> check.txtservice rsyslog status >> check.txt#查看審計功能有沒(méi)有開(kāi)啟守護進(jìn)程echo -----------@service auditd status >> check.txt service auditd status >> check.txt#查看審計功能記錄echo -----------@cat /etc/syslog.conf >> check.txtcat /etc/syslog.conf >> check.txt#版本不同查詢(xún)不同echo -----------@cat /etc/rsyslog.conf >> check.txtcat /etc/rsyslog.conf >> check.txt#系統啟動(dòng)后的信息和錯誤日志及所在文件中的權限echo -----------@cat /var/log/message >> check.txtcat /var/log/message >> check.txtecho -----------@ls -l /var/log/message >> check.txtls -l /var/log/message >> check.txt#系統安全相關(guān)的日志信息及所在文件中的權限echo -----------@cat /var/log/secure >> check.txtcat /var/log/secure >> check.txtecho -----------@ls -l /var/log/secure >> check.txtls -l /var/log/secure >> check.txt#系統守護進(jìn)程啟動(dòng)和停止相關(guān)的日志消息及所在文件中的權限echo -----------@cat /var/log/boot.log >> check.txtcat /var/log/boot.log >> check.txtecho -----------@ls -l /var/log/ >> check.txtls -l /var/log/ >> check.txt#系統最小安裝原則echo -----------@cat /etc/redhat-release >> check.txtcat /etc/redhat-release >> check.txt#系統安裝的軟件包echo -----------@rpm -q redhat-release >> check.txtcat /etc/redhat-release >> check.txt#終端登錄方式echo -----------@cat /etc/securetty >> check.txtcat /etc/securetty >> check.txtecho -----------@cat /etc/ssh/sshd_config >> check.txtcat /etc/ssh/sshd_config >> check.txt#終端超時(shí)鎖定,查看TMOUTecho -----------@cat /etc/profile >> check.txtcat /etc/profile >> check.txt#最大最小資源使用限制echo -----------@cat /etc/security/limits.conf >> check.txtcat /etc/security/limits.conf >> check.txt#Linux系統主要目錄的權限設置情況echo -----------@ls -l /etc/passwd  >> check.txtecho -----------@ls -l /etc/shadow  >> check.txtecho -----------@ls -l /etc/login.defs  >> check.txtecho -----------@ls -l /etc/profile  >> check.txtecho -----------@ls -l /etc/group  >> check.txtecho -----------@ls -l /etc/xinetd.conf  >> check.txtecho -----------@ls -l /etc/security/limits.conf  >> check.txtecho -----------@ls -l /etc/ssh/sshd_config  >> check.txtls -l /etc/passwd  >> check.txtls -l /etc/shadow  >> check.txtls -l /etc/login.defs  >> check.txtls -l /etc/profile  >> check.txtls -l /etc/group  >> check.txtls -l /etc/xinetd.conf  >> check.txtls -l /etc/security/limits.conf  >> check.txtls -l /etc/ssh/sshd_config  >> check.txt #Linux系統主要目錄的權限設置情況echo -----------@ls -l /etc | grep pam.d >> check.txtls -l /etc | grep pam.d>> check.txt#Linux系統主要目錄的權限設置情況echo -----------@ls -l /etc | grep security >> check.txtls -l /etc | grep security>> check.txt#訪(fǎng)問(wèn)控制列表echo -----------@iptables -L -n -v >> check.txtiptables -L -n -v >> check.txt#查看可登錄用戶(hù)名echo -----------@cat /etc/passwd|grep -v nologin|grep -v sync|grep -v halt|grep -v shutdown|awk -F":" '{ print $1"|"$3"|"$4 }'|more >> check.txtcat /etc/passwd|grep -v nologin|grep -v sync|grep -v halt|grep -v shutdown|awk -F":" '{ print $1"|"$3"|"$4 }'|more >> check.txt#三權分立echo -----------@cat /etc/sudoers >> check.txtcat /etc/sudoers >> check.txt#地址限定echo -----------@cat /etc/hosts.deny >> check.txtcat /etc/hosts.deny >> check.txtecho -----------@cat /etc/hosts.allow >> check.txtcat /etc/hosts.allow >> check.txt#密碼復雜度echo -----------@cat /etc/security/pwquality.conf >> check.txtcat /etc/security/pwquality.conf >> check.txt

####mssql數據庫測試相關(guān)命令######身份鑒別###1、右鍵點(diǎn)擊服務(wù)器，“屬性”-“安全性”，查看服務(wù)器身份驗證。#2、在Microsoft SQL Server Management Studio中選擇服務(wù)器組并展開(kāi)，選擇“安全性->登錄名”項，右鍵點(diǎn)擊管理員用戶(hù)的“屬性”，在“常規”中 查看“強制實(shí)施密碼策略”和“強制密碼過(guò)期”#3、在Microsoft SQL Server Management Studio中登錄服務(wù)器并展開(kāi)，右鍵點(diǎn)擊服務(wù)器，選擇“屬性”，選擇“高級”項，查看登錄超時(shí)設定或輸入“sp_configure”查看數據庫啟動(dòng)的配置參數；其中remote login timeout為遠程登錄超時(shí)設定。 ##訪(fǎng)問(wèn)控制###查看是否存在默認賬戶(hù)select * from syslogins#查看所有數據庫登錄用戶(hù)的信息及其權限exec sp_helplogins  ##安全審計##在Microsoft SQL Server Management Studio中登錄服務(wù)器并展開(kāi)，右鍵點(diǎn)擊服務(wù)器，選擇“屬性”，選擇“安全性”項，查看登錄審核和是否啟用C2 審計跟蹤。#查看“c2 audit mode”項的值，“0”是未開(kāi)啟C2審計，“1”是開(kāi)啟C2審計sp_configure

#身份鑒別1)嘗試登錄數據庫，執行mysql -u root -p查看是否提示輸入口令鑒別用戶(hù)身份2)使用如下命令查詢(xún)賬號select user, host FROM mysql.user 結果輸出用戶(hù)列表，查看是否存在相同用戶(hù)名 3)執行如下語(yǔ)句查詢(xún)是否在空口令用：select * from mysql.user where length(password)= 0 or password is null輸出結果是否為空4)執行如下語(yǔ)句查看用戶(hù)口令復雜度相關(guān)配置:show variables like 'validate%'; 或show VARIABLES like "%password“ 1)詢(xún)問(wèn)管理員是否采取其他手段配置數據庫登錄失敗處理功能。2）執行show variables like %max_connect_errors%";或核查my.cnf文件，應設置如下參數：max_connect_errors=1003) show variables like ”%timeout%“,查看返回值 1)是否采用加密等安全方式對系統進(jìn)行遠程管理2)執行show variables like %have_ssl%"查看是否支持ssl的連接特性,若為disabled說(shuō)明此功能沒(méi)有激活,或執行\s查看是否啟用SSL;3)如果采用本地管理方式，該項為不適用 #訪(fǎng)問(wèn)控制1)執行語(yǔ)句select user,host FROM mysql.user 輸出結果是否為網(wǎng)絡(luò )管理員，安全管理員，系統管理員創(chuàng  )建了不同賬戶(hù):2)執行show grants for' XXXX'@' localhost'：查看網(wǎng)絡(luò )管理員，安全管理員、系統管理員用戶(hù)賬號的權限，權限間是否分離并相互制約 1)執行select user,host FROM mysql.user 輸出結果查看root用戶(hù)是否被重命名或被刪除2)若root賬戶(hù)未被刪除，是否更改其默認口令，避免空口令或弱口令. 1)在sqlplus中執行命令: select username,account_status from dba_users2)執行下列語(yǔ)句:select * from mysql.user where user=""select user, host FROM mysql.user依次核查列出的賬戶(hù)，是否存在無(wú)關(guān)的賬戶(hù)。3)訪(fǎng)談網(wǎng)絡(luò )管理員，安全管理員、系統管理員不同用戶(hù)是否采用不同賬戶(hù)登錄系統 "1.訪(fǎng)談管理員是否制定了訪(fǎng)問(wèn)控制策略2.執行語(yǔ)句：selcec * from mysql.user\G -檢查用戶(hù)權限列selcec * from mysql.db\G --檢查數據庫權限列selcec * from mysql.tables_priv\G 一檢查用戶(hù)表權限列selcec * from mysql.columns_privi\G -檢查列權限列管理員輸出的權限列是是否與管理員制定的訪(fǎng)問(wèn)控制策略及規則一致3)登錄不同的用戶(hù)，驗證是否存在越權訪(fǎng)問(wèn)的情形" "1）執行下列語(yǔ)句：selcec * from mysql.user\G -檢查用戶(hù)權限列selcec * from mysql.db\G --檢查數據庫權限列2)訪(fǎng)談管理員并核查訪(fǎng)問(wèn)控制粒度主體是否為用戶(hù)級，客體是否為數據庫表級" #安全審計 "1)執行下列語(yǔ)句:show variables like 'log_%'查看輸出的日志內容是否覆蓋到所有用戶(hù)，記錄審計記錄覆蓋內容 2)核查是否采取第三方工具增強MySQL日志功能。若有，記錄第三方審計工具的審計內容，查看是否包括事件的日期和時(shí)間、用戶(hù)、事件類(lèi)型、事件是否成功及其他與審計相關(guān)的信息" #入侵防范 "訪(fǎng)談MySQL補丁升級機制，查看補丁安裝情況:1)執行如下命令查看當前補于版本:show variables where  variable name like ""version""2)訪(fǎng)談數據庫是否為企業(yè)版，是否定期進(jìn)行漏洞掃描，針對高風(fēng)險漏洞是否評估補丁并經(jīng)測試后再進(jìn)行安裝"  檢查是否對錯誤日志進(jìn)行管理: show variables like 'log_error'; 檢查是否配置二進(jìn)制日志： show variables like 'log_bin';show binary logs;檢查是否配置通用查詢(xún)日志安全： show variables like '%general%';檢查是否設置禁止MySQL對本地文件存?。?/span> show variables like 'local_infile'; load data local infile 'sqlfile.txt' into table users fields terminated by ',';檢查test是否已被刪除： show databases;檢查是否對無(wú)關(guān)賬號進(jìn)行管理： SELECT user,host FROM mysql.user WHERE user = '';檢查是否對user授權表進(jìn)行控制： SELECT * FROM mysql.user\G;SELECT user,host from mysql.user where (select_priv='Y') or (insert_priv='Y') or (update_priv='Y') or (create_priv='Y') or (drop_priv='Y'); select user, host from mysql.user where File_priv = 'Y';select user, host from mysql.user where Process_priv = 'Y';select user, host from mysql.user where Super_priv = 'Y';SELECT user, host FROM mysql.user WHERE Shutdown_priv = 'Y';SELECT user, host FROM mysql.user WHERE Create_user_priv = 'Y';SELECT user, host FROM mysql.user WHERE Reload_priv = 'Y';SELECT user, host FROM mysql.db WHERE Grant_priv = 'Y';檢查是否對db授權表進(jìn)行控制： SELECT * FROM mysql.db\G;SELECT user, host FROM mysql.db WHERE db='mysql' AND ((select_priv='Y') OR (insert_priv='Y') OR (update_priv='Y') OR (delete_priv='Y') OR (create_priv='Y') OR (drop_priv='Y')); SELECT user,host,db FROM mysql.db WHERE select_priv='Y' OR insert_priv='Y' OR update_priv='Y' OR delete_priv='Y' OR create_priv='Y' OR drop_priv='Y' OR alter_priv='Y';檢查是否對賬號運行權限進(jìn)行管理： select * from mysql.user\G;show grants;檢查是否配置了單個(gè)用戶(hù)最大連接數： show variables like '%max_connections%'; //整個(gè)服務(wù)器show variables like 'max_user_connections'; //單個(gè)用戶(hù)最大連接數檢查默認管理員賬號是否已更名： SELECT * from MySQL.user where user='root';select user,host from user;檢查是否使用默認端口： show global variables like 'port';

###oracle數據庫檢測相關(guān)命令#### ##身份鑒別###查看數據庫所有用戶(hù)信息select * from sys.dba_profile；#查看賬戶(hù)修改時(shí)間(CTIME：創(chuàng  )建時(shí)間、PTIME：修改時(shí)間、EXPTIME：過(guò)期時(shí)間、LTIME：鎖定時(shí)間）select * from dba_profiles, dba_users where dba_profiles.profile = dba_users.profile  and dba_users.account_status='OPEN'  and resource_name='PASSWORD_GRACE_TIME';#檢查Oracle是否啟用口令復雜度函數。select limit from dba_profiles where profile='DEFAULT' and resource_name='PASSWORD_VERIFY_FUNCTION';#查看該口令復雜度函數的中對長(cháng)度的要求：select text from dba_source where name= 'PASSWORD_VERIFY_FUNCTION' order by line;#查看管理員賬戶(hù)所對應概要文件的FAILED_LOGIN_ATTEMPTS（登錄失敗次數）的參數值select limit from dba_profiles where profile='DEFAULT' and resource_name='FAILED_LOGIN_ATTEMPTS'; select * from dba_profiles order by 1;#查看管理員賬戶(hù)所對應概要文件的PASSWORD_LOCK_TIME（鎖定時(shí)間）的參數值。select limit from dba_profiles where profile='DEFAULT' and resource_name='PASSWORD_LOCK_TIME'; #超時(shí)的空閑遠程連接是否自動(dòng)斷開(kāi)根據實(shí)際需要設置合適的數值。在$ORACLE_HOME/network/admin/sqlnet.ora中設置下面參數：SQLNET.EXPIRE_TIME=10 ##訪(fǎng)問(wèn)控制###查看所有賬戶(hù)（是否存在默認或空口令賬戶(hù)：sys,system,dbsnmp,sysman,mgmt_view5）select username,password from dba_users;##查看管理用戶(hù)權限分配情況###查看被賦予DBA角色的賬戶(hù)select * from DBA_ROLE_PRIVS where GRANTED_ROLE='DBA';#查看賬戶(hù)“USERNAME”所擁有的角色select * from dba_role_privs where GRANTEE='USERNAME';#查看賬戶(hù)“ROLENAME”所擁有的角色select * from dba_role_privs where GRANTEE='ROLENAME';#查看賬戶(hù)名為“USERNAME”以及該賬戶(hù)擁有的角色“ROLENAME”的系統權限；select * from DBA_SYS_PRIVS where GRANTEE='USERNAME’or GRANTEE='ROLENAME’;#查看賬戶(hù)名為“USERNAME”以及該賬戶(hù)擁有的角色“ROLENAME”的對象權限。select * from DBA_TAB_PRIVS where GRANTEE='USERNAME’or GRANTEE='ROLENAME’;#查看數據庫重要的表的訪(fǎng)問(wèn)控制權限（A為表名）select * from dba_tab_privs where table_name = A; ##安全審計###查看系統的審計功能是否開(kāi)啟（None/False未開(kāi)啟，DB/TURE開(kāi)啟，DB只記錄連接信息，DB,Extended除連接信#息還包含當時(shí)執行的具體語(yǔ)句’，OS審計寫(xiě)入一個(gè)操作系統文件）show parameters audit_trail;select value from v$parameter where name='audit_trail';#查看是否對所有sys用戶(hù)的操作進(jìn)行了記錄；show parameter audit_sys_operations;#查看是否對sel,upd,del,ins操作進(jìn)行了審計select sel,upd,del,ins from DBA_OBJ_AUDIT_OPTS;#查看針對權限的審計規則配置情況select * from DBA_PRIV_AUDIT_OPTS; ##入侵防范#設定信任IP集cat $ORACLE_HOME/network/admin/sqlnet.ora   1.限制超級管理員遠程登錄檢查方法：使用sqlplus檢查參數設置。SQL> show parameter REMOTE_LOGIN_PASSWORDFILE，參數REMOTE_LOGIN_PASSWORDFILE設置為NONE; 修訂算法：SQL> alter system set remote_login_passwordfile=none scope=spfile;SQL> shutdown immediateSQL> startup 2.用戶(hù)屬性控制檢查方法：查詢(xún)視圖dba_profiles和dba_users來(lái)檢查profile是否創(chuàng  )建。SQL> Select profile from dba_profiles;SQL> Select profile from dba_users;存在default以外的profile即可 修訂算法：SQL> create profile maintenance limit  PASSWORD_VERIFY_FUNCTION F_PASSWORD_VERIFYPASSWORD_REUSE_MAX 5PASSWORD_GRACE_TIME 60FAILED_LOGIN_ATTEMPTS 6PASSWORD_LIFE_TIME 90; 3.數據字典訪(fǎng)問(wèn)權限檢查方法：使用sqlplus檢查參數，SQL> show parameter O7_DICTIONARY_ACCESSIBILITY參數O7_DICTIONARY_ACCESSIBILITY設置為FALSE 修訂算法：SQL> alter system set O7_DICTIONARY_ACCESSIBILITY=FALSE scope=spfile;SQL> shutdown immediateSQL> startup 4.賬戶(hù)口令的生存期檢查方法：執行select dba_profiles.profile,resource_name, limit from dba_profiles, dba_users where dba_profiles.profile = dba_users.profile  and dba_users.account_status='OPEN'  and resource_name='PASSWORD_GRACE_TIME';查詢(xún)結果中PASSWORD_GRACE_TIME小于等于90。 修訂算法：SQL> alter profile default limit PASSWORD_GRACE_TIME 60; 5.重復口令使用檢查方法：執行select dba_profiles.profile,resource_name, limit from dba_profiles, dba_users where dba_profiles.profile = dba_users.profile  and dba_users.account_status='OPEN'  and resource_name='PASSWORD_REUSE_MAX';查詢(xún)結果中PASSWORD_REUSE_MAX大于等于5。 修訂算法：SQL> alter profile default limit PASSWORD_REUSE_MAX 5; 6.認證控制檢查方法：執行select dba_profiles.profile,resource_name, limit from dba_profiles, dba_users where dba_profiles.profile = dba_users.profile  and dba_users.account_status='OPEN'  and resource_name='FAILED_LOGIN_ATTEMPTS';查詢(xún)結果中FAILED_LOGIN_ATTEMPTS等于6。 修訂算法：SQL>alter profile default limit FAILED_LOGIN_ATTEMPTS 6; 7.更改默認帳戶(hù)密碼檢查方法：sqlplus '/as sysdba'conn system/systemconn system/manager conn sys/sysconn sys/cHAnge_on_install conn scott/scottconn scott/tigerconn dbsnmp/dbsnmp conn rman/rmanconn xdb/xdb以上均不能成功登錄 修訂算法：不要有空口令和弱口令 8.密碼更改策略檢查方法：執行select profile,limit from dba_profiles where resource_name='PASSWORD_LIFE_TIME'  and profile in (select profile from dba_users where account_status='OPEN');查詢(xún)結果中PASSWORD_LIFE_TIME小于等于90。 修訂算法：SQL> alter profile default limit PASSWORD_LIFE_TIME 90; 9.密碼復雜度策略檢查方法：執行select limit from dba_profiles where resource_name = 'PASSWORD_VERIFY_FUNCTION' and profile in (select profile from dba_users where account_status = 'OPEN');select text from dba_source where name='PASSWORD_VERIFY_FUNCTION';查詢(xún)結果中不為“NULL”且策略為口令長(cháng)度至少8位，并包括數字、小寫(xiě)字母、大寫(xiě)字母和特殊符號4類(lèi)中至少3類(lèi) 修訂算法：創(chuàng  )建復雜度策略使用 sys 用戶(hù)登錄，執行如下腳本：D:\app\administrator\product\11.2.0\dbhome_1\RDBMS\ADMIN\utlpwdmg.sqloracle 10g, 必須使用sys用戶(hù)登錄，oracle 11g，可以使用 system創(chuàng  )建； 然后執行如下腳本：ALTER PROFILE DEFAULT LIMITPASSWORD_LIFE_TIME 90PASSWORD_GRACE_TIME 60PASSWORD_REUSE_TIME UNLIMITEDPASSWORD_REUSE_MAX 5FAILED_LOGIN_ATTEMPTS 6PASSWORD_LOCK_TIME 1PASSWORD_VERIFY_FUNCTION verify_function;10.數據庫審計策略檢查方法：1.使用參數設置，SQL> show parameter audit_trail參數audit_trail不為NONE。檢查dba_audit_trail視圖中或$ORACLE_BASE/admin/adump目錄下是否有數據。2.查看審計表，檢查是否有用戶(hù)登錄、操作記錄select * from LOGON_AUDIT.LOGON_AUDIT; 修訂算法：SQL> alter system set audit_trail=os scope=spfile;SQL> shutdown immediateSQL> startup 11.設置監聽(tīng)器密碼檢查方法：檢查$ORACLE_HOME/network/admin/listener.ora文件中是否設置參數PASSWORDS_LISTENER。 修訂算法：$ ps -ef|grep tns$ lsnrctlLSNRCTL> set current_listener listener LSNRCTL> change_passwordLSNRCTL> save_configLSNRCTL> set password LSNRCTL> exit 12.限制用戶(hù)數量檢查方法：檢查文件/etc/group，確認除oracle安裝用戶(hù)無(wú)其它用戶(hù)在DBA組中。 修訂算法： 13.使用數據庫角色（ROLE）來(lái)管理對象的權限檢查方法：檢查應用用戶(hù)未授予dba角色：select * from dba_role_privs where granted_role='DBA'; 修訂算法：create rolegrant 角色 to username; revoke DBA from username;  14.連接超時(shí)設置檢查方法：檢查sqlnet.ora文件：$ cat $ORACLE_HOME/network/admin/sqlnet.ora查看文件中設置參數SQLNET.EXPIRE_TIME=15。 修訂算法：$ vi sqlnet.oraSQLNET.EXPIRE_TIME=10 15.安全補丁檢查方法：查看oracle補丁是否為最新，$ opatch lsinventory 修訂算法：升級為最新補丁，需要Oracle Metalink 帳號下載安全補丁。 16.可信IP地址訪(fǎng)問(wèn)控制檢查方法：1.檢查sqlnet.ora中是否設置tcp.validnode_checking = yes，tcp.invited_nodes ：$ cat $ORACLE_HOME/network/admin/sqlnet.ora 修訂算法：$ vi sqlnet.oratcp.validnode_checking = yes tcp.invited_nodes = (ip1,ip2…)  17.資源控制檢查方法：查看空閑超時(shí)設置：select profile,limit from dba_profiles where profile='DEFAULT' and resource_name='IDLE_TIME'; 修訂算法：IDLE_TIME返回結果應大于0 18.重要信息資源設置敏感標記檢查方法：1、詢(xún)問(wèn)數據庫管理員是否對重要數據設置了敏感標記2、檢查是否安裝Oracle Label Security 模塊：select username from dba_users;3、查看是否創(chuàng  )建策略:select policy_name,status from dba_sa_policies;4、查看是否創(chuàng  )建級別：select * from dba_sa_levels order by level_num;5、查看標簽創(chuàng  )建情況：select * from dba_sa_labels;6、詢(xún)問(wèn)重要數據存儲表格名稱(chēng)7、查看策略與模式、表對應關(guān)系：select * from dba_sa_table_policies;判斷是否針對重要信息資源設置敏感標簽。 修訂算法：1、安裝了Oracle Label Security模塊2、可以查詢(xún)到Oracle Label Security對象的用戶(hù)LBACSYS3、創(chuàng  )建了相應的策略4、創(chuàng  )建了相應的級別5、創(chuàng  )建了標簽6、針對重要數據設置了敏感標記

 #!/bin/bash #version 2.1 此腳本在rhel，centos，oel系統均已測試通過(guò)，適用于9i 10g 11g。但未在aix，solaris，unix測試，如果遇到問(wèn)題請自行微調。 #Author: jn#Date: 2016.8HOSTNAME=`hostname`echo $HOSTNAME > orack.res.lstSQLPLUS=$ORACLE_HOME/bin/sqlplus $SQLPLUS "/ as sysdba" << EOF-------  設置行寬、葉寬  ----------set line 150set pagesize 1000set feed offspool orack.res.lst-------  腳本開(kāi)始運行的時(shí)間  ------------select 'Started On ' || to_char(sysdate,'yyyy-mm-dd hh24:mi:ss') started_time from dual;-------  Oracle的版本  ------------select banner from v\$version;#select banner from v$version;------- 查看Oracle登錄認證方式 ----------show parameter remote_login_passwordfile------- 查看 oracle 用戶(hù)密碼HASH值 -----------select name,password from user\$;select name,password from user\$ where name in ( select username from dba_users where account_status='OPEN');-------  查看出于A(yíng)ctive狀態(tài)的帳號  ------------col username for a20col profile for a20select username,profile from dba_users where account_status='OPEN';set line 150set pagesize 1000col profile for a20col resource_name for a30col resource for a25col limit for a30select * from dba_profiles;select * from dba_profiles where profile='DEFAULT';-------  查看是否開(kāi)啟了資源限制  ------------show parameter resource_limit-------查看審計開(kāi)啟情況-----show parameter audit-------  查看密碼方面的限制  ------------col resource_name for a40col limit for a20col profile for a40select resource_name,limit,profile from dba_profiles where resource_type='PASSWORD';------- 查看哪些用戶(hù)具有DBA權限  ---------------col grantee for a15col granted_role for a15col admin_option for a15col default_role for a15select * from dba_role_privs where grantee in ( select username from dba_users where account_status='OPEN') and granted_role='DBA' order by grantee;------- 查詢(xún)視圖dba_tab_privs被授予了public角色和執行權限表的數量 -------select count(*) table_name from dba_tab_privs where grantee='PUBLIC' and privilege='EXECUTE' and table_name in ('UTL_FILE', 'UTL_TCP', 'UTL_HTTP', 'UTL_SMTP', 'DBMS_LOB', 'DBMS_SYS_SQL', 'DBMS_JOB');------- 查看激活用戶(hù)的配置情況 -------select * from dba_profiles where profile in (select profile from dba_users where account_status='OPEN') and  limit NOT IN('DEFAULT','UNLIMITED','NULL');------- 查看第三方審計工具的安裝情況 -------SELECT * FROM V\$OPTION WHERE PARAMETER = 'Oracle Database Vault';#SELECT * FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault';------- 查看oracle最大連接數-------show parameter processes;------- 查看非系統用戶(hù)角色被授予dba的用戶(hù)的數量 -------select count(a.username) from  dba_users a left join dba_role_privs b on a.username = b.grantee where granted_role = 'DBA' and a.username not in ('SYS','SYSMAN','SYSTEM');------- 查看數據庫會(huì )話(huà) -------show parameter sessions;------- 當sql92_security被設置成TRUE時(shí)，對表執行UPDATE/DELETE操作時(shí)會(huì )檢查當前用戶(hù)是否具備相應表的SELECT權限 --------show parameter sql92_security;------- O7_DICTIONARY_ACCESSIBILITY參數控制對數據字典的訪(fǎng)問(wèn).設置為true,如果用戶(hù)被授予了如select any table等any table權限,用戶(hù)即使不是dba或sysdba用戶(hù)也可以訪(fǎng)問(wèn)數據字典，建議為false -------show parameter O7_DICTIONARY_ACCESSIBILITY;spool offEOF# Oracle Port Numberecho -e "\n\n" >> orack.res.lstecho "----------Port 1521 in listener.ora----------" >> orack.res.lstecho "" >> orack.res.lstLISTEN_ORA=$ORACLE_HOME/network/admin/listener.oraSQLNET_ORA=$ORACLE_HOME/network/admin/sqlnet.oraif [ -f $LISTEN_ORA ];then grep 1521 $LISTEN_ORA >> orack.res.lstelse echo "File $LISTEN_ORA Is Not Exists!!!" >> orack.res.lstfi # Listener Passwordecho -e "\n" >> orack.res.lstecho "----------Listener Password in listener.ora----------" >> orack.res.lstecho "" >> orack.res.lstif [ -f $LISTEN_ORA ];then grep -i PASSWORDS_LISTENER $LISTEN_ORA >> orack.res.lstelse echo "File $LISTEN_ORA Is Not Exists!!!" >> orack.res.lstfi # SQLNET TIMEOUTecho -e "\n" >> orack.res.lstecho "----------sqlnet timeout in sqlnet.ora----------" >> orack.res.lstecho "" >> orack.res.lstif [ -f $SQLNET_ORA ];then grep -i SQLNET.EXPIRE_TIME $SQLNET_ORA >> orack.res.lstelse echo "File $SQLNET_ORA Is Not Exists!!!" >> orack.res.lstfi # SQLNET Trusted IP echo -e "\n" >> orack.res.lstecho "----------sqlnet trusted IP in sqlnet.ora----------" >> orack.res.lstecho "" >> orack.res.lstif [ -f $SQLNET_ORA ];then egrep -i "tcp.validnode_checking|tcp.invited_nodes|tcp.excluded_nodes" $SQLNET_ORA >> orack.res.lstelse echo "File $SQLNET_ORA Is Not Exists!!!" >> orack.res.lstfi echo -e "\n\n" >> orack.res.lstecho "==========================  End On `date`  ==========================" >> orack.res.lst