每日记载内容总结46

nmap
Nmap 又叫做Network Mapper(网络映射器)是一个开源并且为了Linux系统管理员或者网络管理员的万能的工具。Nmap用于浏览网络，执行安全扫描，网络审计以及在远程机器找到开放端口。它可以扫描在线主机，操作系统，滤包器和远程主机打开的端口。（来源）

--

安装:

yum install nmap

1. 使用Hostname和IP地址来扫描系统，扫描出他的系统所有开放端口，服务和MAC地址。

    [root@ssqs-test1 ~]# nmap baidu.com
    
    Starting Nmap 5.51 ( http://nmap.org ) at 2018-06-12 17:34 CST
    Nmap scan report for baidu.com (123.125.115.110)
    Host is up (0.0026s latency).
    Other addresses for baidu.com (not scanned): 220.181.57.216
    Not shown: 998 filtered ports
    PORT    STATE SERVICE
    80/tcp  open  http
    443/tcp open  https
    
    Nmap done: 1 IP address (1 host up) scanned in 4.02 seconds
   
    [root@ssqs-test1 ~]# nmap 47.92.65.98
   
    Starting Nmap 5.51 ( http://nmap.org ) at 2018-06-12 17:34 CST
    Nmap scan report for 47.92.65.98
    Host is up (0.0070s latency).
    Not shown: 996 filtered ports
    PORT     STATE  SERVICE
    22/tcp   open   ssh
    80/tcp   closed http
    443/tcp  closed https
    3389/tcp closed ms-term-serv
    
    Nmap done: 1 IP address (1 host up) scanned in 4.54 seconds
   

2. 使用 “-v” 选项，此选项给了更多的远程设备的细节。

    [root@ssqs-test1 ~]# nmap -v 47.92.65.98
   
    Starting Nmap 5.51 ( http://nmap.org ) at 2018-06-12 17:36 CST
    Initiating Ping Scan at 17:36
    Scanning 47.92.65.98 [4 ports]
    Completed Ping Scan at 17:36, 0.01s elapsed (1 total hosts)
    Initiating Parallel DNS resolution of 1 host. at 17:36
    Completed Parallel DNS resolution of 1 host. at 17:36, 0.02s elapsed
    Initiating SYN Stealth Scan at 17:36
    Scanning 47.92.65.98 [1000 ports]
    Discovered open port 22/tcp on 47.92.65.98
    Completed SYN Stealth Scan at 17:36, 4.04s elapsed (1000 total ports)
    Nmap scan report for 47.92.65.98
    Host is up (0.0070s latency).
    Not shown: 996 filtered ports
    PORT     STATE  SERVICE
    22/tcp   open   ssh
    80/tcp   closed http
    443/tcp  closed https
    3389/tcp closed ms-term-serv
    
    Read data files from: /usr/share/nmap
    Nmap done: 1 IP address (1 host up) scanned in 4.13 seconds
    Raw packets sent: 1996 (87.800KB) | Rcvd: 9 (480B)
   

3. 扫描特定的端口，Nmap有多种多样的选项去发现远程机器的端口。通过“-p”选项，你可以指定你想要扫描的端口，默认情况下Nmap扫描只扫描TCP端口。可扫描单个或者多个，用逗号分隔。

    [root@ssqs-test1 ~]# nmap 47.92.65.98 -p 5672
   
    Starting Nmap 5.51 ( http://nmap.org ) at 2018-06-12 17:40 CST
    Nmap scan report for 47.92.65.98
    Host is up (0.0065s latency).
    PORT     STATE SERVICE
    5672/tcp open  amqp
    
    Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
   
    [root@ssqs-test1 ~]# nmap 47.92.65.98 -p 5672,15672
   
    Starting Nmap 5.51 ( http://nmap.org ) at 2018-06-12 17:40 CST
    Nmap scan report for 47.92.65.98
    Host is up (0.0064s latency).
    PORT      STATE SERVICE
    5672/tcp  open  amqp
    15672/tcp open  unknown
    
    Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
   

Linux基本命令不能用解决方法

--

先执行如下命令：

export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin  

然后在当前命令界面，基本命令都已经可用，继续如下操作

vim /etc/profile
source /etc/profile

/etc/sysconfig/iptables文件不存在

--

在虚拟机上装的centos7是最小安装方式，所以许多东西都没装，需要自己手动安装。
因此/etc/sysconfig/iptables不存在，没有安装iptables防火墙
可以通过以下命令安装iptables防火墙

systemctl stop firewalld

systemctl mask firewalld

// 安装
yum install iptables-services

// 查看状态
service iptables status

//设置开机启动
systemctl enable iptables

//管理
systemctl stop iptables  

systemctl start iptables  

systemctl restart iptables  

service iptables save