Vim es un potente editor de texto de línea de comandos de código abierto. El archivo de configuración de Vim está en /etc/vimrc. Primero, debemos instalar el editor de prueba VIM, luego abrir el archivo de configuración para aplicar la configuración que desee (para aplicar la configuración a todo el sistema, debe hacer lo mismo en /etc/vim/vimrc):
root@thehackertips:~# apt install vim
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
vim-common vim-runtime vim-tiny
Suggested packages:
ctags vim-doc vim-scripts indent
The following packages will be upgraded:
vim vim-common vim-runtime vim-tiny
4 upgraded, 0 newly installed, 0 to remove and 122 not upgraded.
Need to get 7,378 kB of archives.
After this operation, 4,096 B disk space will be freed.
Do you want to continue? [Y/n]
Get:1 http://us.archive.ubuntu.com/ubuntu disco-updates/main amd64 vim amd64 2:8.1.0320-1ubuntu3.1 [1,180 kB]
Get:2 http://us.archive.ubuntu.com/ubuntu disco-updates/main amd64 vim-tiny amd64 2:8.1.0320-1ubuntu3.1 [505 kB]
Get:3 http://us.archive.ubuntu.com/ubuntu disco-updates/main amd64 vim-runtime all 2:8.1.0320-1ubuntu3.1 [5,609 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu disco-updates/main amd64 vim-common all 2:8.1.0320-1ubuntu3.1 [84.4 kB]
Fetched 7,378 kB in 13s (559 kB/s)
(Reading database … 66699 files and directories currently installed.)
Preparing to unpack …/vim_2%3a8.1.0320-1ubuntu3.1_amd64.deb …
Unpacking vim (2:8.1.0320-1ubuntu3.1) over (2:8.1.0320-1ubuntu3) …
Preparing to unpack …/vim-tiny_2%3a8.1.0320-1ubuntu3.1_amd64.deb …
Unpacking vim-tiny (2:8.1.0320-1ubuntu3.1) over (2:8.1.0320-1ubuntu3) …
Preparing to unpack …/vim-runtime_2%3a8.1.0320-1ubuntu3.1_all.deb …
Unpacking vim-runtime (2:8.1.0320-1ubuntu3.1) over (2:8.1.0320-1ubuntu3) …
Preparing to unpack …/vim-common_2%3a8.1.0320-1ubuntu3.1_all.deb …
Unpacking vim-common (2:8.1.0320-1ubuntu3.1) over (2:8.1.0320-1ubuntu3) …
Setting up vim-common (2:8.1.0320-1ubuntu3.1) …
Setting up vim-runtime (2:8.1.0320-1ubuntu3.1) …
Setting up vim (2:8.1.0320-1ubuntu3.1) …
Setting up vim-tiny (2:8.1.0320-1ubuntu3.1) …
Processing triggers for mime-support (3.60ubuntu1) …
Processing triggers for man-db (2.8.5-2) …
root@thehackertips:~# vi /etc/vimrc
# You can applly vim configuration which you want, Some of them applied by default.
set number # Show line numbers
set linebreak # Break lines at word (requires Wrap lines)
set showbreak=+++ # Wrap-broken line prefix
set textwidth=100 # Line wrap (number of cols)
set showmatch # Highlight matching brace
set spell # Enable spell-checking
set errorbells # Beep or flash screen on errors
set visualbell # Use visual bell (no beeping)
set hlsearch # Highlight all search results
set smartcase # Enable smart-case search
set gdefault # Always substitute all matches in a line
set ignorecase # Always case-insensitive
set incsearch # Searches for strings incrementally
set autoindent # Auto-indent new lines
set cindent # Use 'C' style program indenting
set expandtab # Use spaces instead of tabs
set shiftwidth=4 # Number of auto-indent spaces
set smartindent # Enable smart-indent
set smarttab # Enable smart-tabs
set softtabstop=4 # Number of spaces per Tab
set confirm # Prompt confirmation dialogs
set ruler # Show row and column ruler information
set showtabline=2 # Show tab bar
set autochdir # Change working directory to open buffer
set autowriteall # Auto-write all file changes
set undolevels=1000 # Number of undo levels
set backspace=indent,eol,start # Backspace behaviour
Configurar cortafuegos y SELinux
Firewalld está instalado de forma predeterminada en Ubuntu 19.04, pero si no está instalado en su sistema, puede instalar el paquete escribiendo:
root@thehackertips:~# apt install firewalld
Para iniciar el servicio Firewalld y habilitarlo:
root@thehackertips:~# systemctl start firewalld
root@thehackertips:~# systemctl enable firewalld
Synchronizing state of firewalld.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable firewalld
root@thehackertips:~#
Para verificar el estado de Firewall en Ubuntu 19.04:
root@thehackertips:~# systemctl status firewalld
â firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2019-11-04 06:32:50 EST; 2min 47s ago
Docs: man:firewalld(1)
Main PID: 5034 (firewalld)
Tasks: 2 (limit: 1096)
Memory: 20.6M
CGroup: /system.slice/firewalld.service
ââ5034 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid
Nov 04 06:32:50 thehackertips.com systemd[1]: Starting firewalld - dynamic firewall daemon...
Nov 04 06:32:50 thehackertips.com systemd[1]: Started firewalld - dynamic firewall daemon.
root@thehackertips:~#
es posible detenerlo y deshabilitarlo como se muestra a continuación.
root@thehackertips:~# systemctl stop firewalld
root@thehackertips:~# systemctl disable firewalld
Synchronizing state of firewalld.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
root@thehackertips:~#
Los comandos de firewall más utilizados son los siguientes:
root@thehackertips:~# firewall-cmd --get-default-zone # display default zone
root@thehackertips:~# firewall-cmd --list-all # display current setting of default zone
root@thehackertips:~# firewall-cmd --set-default-zone=external # change default zone
root@thehackertips:~# firewall-cmd --get-services # get a list of the available services
# show allowed services on a specific zone
root@thehackertips:~# firewall-cmd --list-service --zone=internal
dhcpv6-client ipp-client mdns samba-client ssh
root@thehackertips:~# firewall-cmd --list-service --zone=external
ssh
root@thehackertips:~# firewall-cmd --list-service --zone=public
dhcpv6-client ntp ssh
root@thehackertips:~# firewall-cmd --add-service=https #Adding a Service to your Zones
root@thehackertips:~# firewall-cmd --remove-service=https #Remove a Service to your Zones
#For adding service permanently use command like below and reload the firewall
root@thehackertips:~# firewall-cmd --add-service=http --permanent
root@thehackertips:~# firewall-cmd --reload
# Opening ro removing a Port for your Zones
root@thehackertips:~# firewall-cmd --add-port=25/tcp
root@thehackertips:~# firewall-cmd --remove-port=25/tcp
root@thehackertips:~# firewall-cmd --add-port=25/tcp --permanent
root@thehackertips:~# firewall-cmd --reload
SELinux – Security-Enhanced Linux es un mecanismo de seguridad de control de acceso obligatorio (MAC) implementado en el kernel. Hay tres modos básicos de operación, de los cuales Enforcing se establece como el modo predeterminado de instalación.
- Cumplimiento:el modo predeterminado que habilitará y aplicará la política de seguridad de SELinux en el sistema, negando el acceso y registrando acciones
- Permisivo:en el modo Permisivo, SELinux está habilitado pero no aplicará la política de seguridad, solo advertirá y registrará acciones. El modo permisivo es útil para solucionar problemas de SELinux
- Desactivado:SELinux está desactivado
Para instalar SELinux:
root@thehackertips:~# apt install selinux-utils policycoreutils
Puede usar el comando sestatus o getenforce para ver el estado actual de SELinux:
root@thehackertips:~# sestatus
SELinux status: disabled
root@thehackertips:~# getenforce
Disabled
root@thehackertips:~#
Si desea deshabilitar SELinux, abra el archivo de configuración y cambie la aplicación a deshabilitado y luego reinicie el servidor.
root@thehackertips:~# vi /etc/selinux/config