Otu esi edozi HTTPS (Sertificates SSL) iji chekwaa nbanye PhpMyAdmin
Iji webata n'ọnụ a, ka anyị sniff okporo ụzọ HTTP n'etiti igwe ahịa na ihe nkesa Debian 8 ebe anyị mehiere ihe na-emeghị ihe ọjọọ iji nbanye site na iji nzere onye ọrụ nchekwa data na isiokwu ikpeazụ anyị na: Gbanwee na Secure Default PhpMyAdmin Login URL
Dịka anyị kwuru n'ọnụ ụzọ gara aga, anwala ime nke a ma ọ bụrụ na ịchọghị ikpughe nzere gị. Iji malite imirikiti okporo ụzọ, anyị pịnyere iwu a wee pịa Tinye:
# tcpdump port http -l -A | egrep -i 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:|pass |user ' --line-buffered -B20
Ọ gaghị ewe anyị ogologo oge iji ghọta na ezipụla aha njirimara na paswọọdụ n'ofe waya n'ụdị ederede dị larịị, dịka ị na-ahụ na mpụta tcpdump ewepụghị na foto dị n'okpuru.
Biko mara na anyị ezobewo akụkụ nke paswọọdụ mgbọrọgwụ nwere akara na-acha anụnụ anụnụ n'elu ya:
Iji zere nke a, ka anyị jiri asambodo chekwaa ibe nbanye. Iji mee nke a, wụnye ngwugwu mod_ssl na nkesa dabere na CentOS.
# yum install mod_ssl
Ọ bụ ezie na anyị ga-eji ụzọ Debian/Ubuntu na aha, otu usoro ahụ dị irè maka CentOS na RHEL ma ọ bụrụ na ị jiri ihe CentOS dochie iwu na ụzọ dị n'okpuru.
Mepụta ndekọ iji chekwaa igodo na asambodo:
# mkdir /etc/apache2/ssl [On Debian/Ubuntu based systems] # mkdir /etc/httpd/ssl [On CentOS based systems]
Mepụta igodo na asambodo:
----------- On Debian/Ubuntu based systems ----------- # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt ----------- On CentOS based systems ----------- # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt
........................+++ .....................................................+++ writing new private key to '/etc/httpd/ssl/apache.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:IN State or Province Name (full name) []:Maharashtra Locality Name (eg, city) [Default City]:Mumbai Organization Name (eg, company) [Default Company Ltd]:TecMint Organizational Unit Name (eg, section) []:TecMint Common Name (eg, your name or your server's hostname) []:TecMint Email Address []:[email
Na-esote, nyochaa igodo na asambodo.
# cd /etc/apache2/ssl/ [On Debian/Ubuntu based systems] # cd /etc/httpd/ssl/ [On CentOS based systems] # ls -l total 8 -rw-r--r--. 1 root root 1424 Sep 7 15:19 apache.crt -rw-r--r--. 1 root root 1704 Sep 7 15:19 apache.key
Na Debian/Ubuntu, jide n'aka na Apache na-ege ntị na ọdụ ụgbọ mmiri 443 maka saịtị ndabara (/etc/apache2/sites-available/000-default.conf) wee gbakwunye ahịrị metụtara SSL 3 n'ime nkwupụta VirtualHost:
SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Na nkesa dabere na CentOS, gwa Apache ka ọ gee ntị na ọdụ ụgbọ mmiri 443 wee chọọ ntuziaka Ntị na /etc/httpd/conf/httpd.conf wee tinye ahịrị ndị dị n'okpuru ya.
SSLEngine on SSLCertificateFile /etc/httpd/ssl/apache.crt SSLCertificateKeyFile /etc/httpd/ssl/apache.key
Chekwaa mgbanwe, bunye modul SSL Apache na nkesa Debian/Ubuntu (na CentOS nke a na-ebunye ya ozugbo mgbe itinyere mod_ssl na mbụ):
# a2enmod ssl
Kwanye phpmyadmin iji SSL, hụ na ahịrị na-esote dị na /etc/phpmyadmin/config.inc.php ma ọ bụ /etc/phpMyAdmin/config.inc.php faịlụ:
$cfg['ForceSSL'] = true;
ma malitegharịa sava weebụ:
# systemctl restart apache2 [On Debian/Ubuntu based systems] # systemctl restart httpd [On Debian/Ubuntu based systems]
Ọzọ, malite ihe nchọgharị weebụ gị wee pịnye https://
(mụta ka esi agbanwe URL nbanye PhpMyAdmin) dị ka egosiri n'okpuru.
Ihe dị mkpa: Biko mara na ọ na-ekwu naanị na njikọ ahụ adịghị mma n'ihi na anyị na-eji asambodo ejiri aka ya bịa. Pịa na Advanced wee kwado ewepu nchekwa:
Ka emechara nkwenye nchekwa ahụ, yana tupu abanye, ka anyị bido sniffing HTTP na HTTPS okporo ụzọ:
# tcpdump port http or port https -l -A | egrep -i 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:|pass |user ' --line-buffered -B20
Wee banye na-eji otu nzere dị na mbụ. Onye na-agba okporo ụzọ ga-ejide gibberish naanị kacha mma:
Nke ahụ bụ ya ugbu a, n'isiokwu na-esote, anyị ga-ekekọrịta gị ka machibido PhpMyAdmin ohere na aha njirimara/paswọọdụ, ruo mgbe ahụ nọrọ na nche na Tecmint.