Linux服务器安全加固(三)
<p>一、检查密码重复使用次数限制</p><div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 128, 1)"> 1</span> <span style="color: rgba(0, 0, 0, 1)">配置要求:
</span><span style="color: rgba(0, 128, 128, 1)"> 2</span> <span style="color: rgba(0, 0, 0, 1)"> 对于采用静态口令认证技术的设备,应配置设备,使用户不能重复使用最近5次(含5次)内已使用的口令。
</span><span style="color: rgba(0, 128, 128, 1)"> 3</span>
<span style="color: rgba(0, 128, 128, 1)"> 4</span> <span style="color: rgba(0, 0, 0, 1)">检查步骤
</span><span style="color: rgba(0, 128, 128, 1)"> 5</span> 查看文件/etc/pam.d/system-<span style="color: rgba(0, 0, 0, 1)">auth,是否有配置口令重复使用次数限
</span><span style="color: rgba(0, 128, 128, 1)"> 6</span>
<span style="color: rgba(0, 128, 128, 1)"> 7</span> <span style="color: rgba(0, 0, 0, 1)">合规标准
</span><span style="color: rgba(0, 128, 128, 1)"> 8</span> <span style="color: rgba(0, 0, 0, 1)"> 口令重复使用次数限制不小于5次则合规,否则不合规。
</span><span style="color: rgba(0, 128, 128, 1)"> 9</span>
<span style="color: rgba(0, 128, 128, 1)">10</span> <span style="color: rgba(0, 0, 0, 1)">加固方案
</span><span style="color: rgba(0, 128, 128, 1)">11</span> <span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">、配置文件备份
</span><span style="color: rgba(0, 128, 128, 1)">12</span> cp -p /etc/pam.d/system-auth /etc/pam.d/system-<span style="color: rgba(0, 0, 0, 1)">auth.bak
</span><span style="color: rgba(0, 128, 128, 1)">13</span> <span style="color: rgba(128, 0, 128, 1)">2</span>、创建文件/etc/security/<span style="color: rgba(0, 0, 0, 1)">opasswd用于存储旧密码,并设置权限。
</span><span style="color: rgba(0, 128, 128, 1)">14</span> touch /etc/security/<span style="color: rgba(0, 0, 0, 1)">opasswd
</span><span style="color: rgba(0, 128, 128, 1)">15</span> chown root:root /etc/security/<span style="color: rgba(0, 0, 0, 1)">opasswd
</span><span style="color: rgba(0, 128, 128, 1)">16</span> chmod <span style="color: rgba(128, 0, 128, 1)">600</span> /etc/security/<span style="color: rgba(0, 0, 0, 1)">opasswd
</span><span style="color: rgba(0, 128, 128, 1)">17</span> <span style="color: rgba(128, 0, 128, 1)">3</span>、编辑文件/etc/pam.d/system-auth,找到类似行passwordsufficient pam_unix.so,在行末尾增加remember=<span style="color: rgba(128, 0, 128, 1)">5</span><span style="color: rgba(0, 0, 0, 1)">,中间以空格隔开.如果没有则新增。
</span><span style="color: rgba(0, 128, 128, 1)">18</span> password sufficient pam_unix.so remember=<span style="color: rgba(128, 0, 128, 1)">5</span></pre>
</div>
<p><img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170220001-94686124.png"></p>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170223359-321990465.png"></p>
<p> 二、检查是否设置SSH登录前警告Banner</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 128, 1)"> 1</span> <span style="color: rgba(0, 0, 0, 1)">理论依据:
</span><span style="color: rgba(0, 128, 128, 1)"> 2</span> <span style="color: rgba(0, 0, 0, 1)">横幅被用来警告用户连接特定站点的策略。为你的网站提供适当的警告横幅。
</span><span style="color: rgba(0, 128, 128, 1)"> 3</span> <span style="color: rgba(0, 0, 0, 1)">配置要求:
</span><span style="color: rgba(0, 128, 128, 1)"> 4</span> <span style="color: rgba(0, 0, 0, 1)">SSH登录时显示警告信息,在登录成功前不泄漏服务器信息。
</span><span style="color: rgba(0, 128, 128, 1)"> 5</span> <span style="color: rgba(0, 0, 0, 1)">检查步骤
</span><span style="color: rgba(0, 128, 128, 1)"> 6</span> 查看文件/etc/ssh/sshd_config,检查是否存在如下配置:banner <file_path>,且<file_path><span style="color: rgba(0, 0, 0, 1)">内容不为空。
</span><span style="color: rgba(0, 128, 128, 1)"> 7</span>
<span style="color: rgba(0, 128, 128, 1)"> 8</span> <span style="color: rgba(0, 0, 0, 1)">合规标准
</span><span style="color: rgba(0, 128, 128, 1)"> 9</span> <span style="color: rgba(0, 0, 0, 1)">ssh服务器未启用或者服务启用但设置了ssh banner警示信息则合规,否则不合规。
</span><span style="color: rgba(0, 128, 128, 1)">10</span>
<span style="color: rgba(0, 128, 128, 1)">11</span> <span style="color: rgba(0, 0, 0, 1)">加固方案
</span><span style="color: rgba(0, 128, 128, 1)">12</span> <span style="color: rgba(128, 0, 128, 1)">1</span>、编辑文件/etc/ssh/<span style="color: rgba(0, 0, 0, 1)">sshd_config文件,修改Banner参数的值如下(如不存在则新增):
</span><span style="color: rgba(0, 128, 128, 1)">13</span> Banner /etc/<span style="color: rgba(0, 0, 0, 1)">ssh_banner
</span><span style="color: rgba(0, 128, 128, 1)">14</span> <span style="color: rgba(128, 0, 128, 1)">2</span><span style="color: rgba(0, 0, 0, 1)">、执行如下命令创建ssh banner警示信息文件:
</span><span style="color: rgba(0, 128, 128, 1)">15</span> touch /etc/<span style="color: rgba(0, 0, 0, 1)">ssh_banner
</span><span style="color: rgba(0, 128, 128, 1)">16</span> chmod <span style="color: rgba(128, 0, 128, 1)">644</span> /etc/<span style="color: rgba(0, 0, 0, 1)">ssh_banner
</span><span style="color: rgba(0, 128, 128, 1)">17</span> echo <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">Authorized only. All activity will be monitored and reported</span><span style="color: rgba(128, 0, 0, 1)">"</span> > /etc/<span style="color: rgba(0, 0, 0, 1)">ssh_banner
</span><span style="color: rgba(0, 128, 128, 1)">18</span> <span style="color: rgba(0, 0, 0, 1)">可根据实际需要修改该文件的内容。
</span><span style="color: rgba(0, 128, 128, 1)">19</span> <span style="color: rgba(128, 0, 128, 1)">3</span><span style="color: rgba(0, 0, 0, 1)">、重启sshd服务:
</span><span style="color: rgba(0, 128, 128, 1)">20</span> systemctl restart sshd</pre>
</div>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170226486-157026321.png"></p>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170228975-329128167.png"></p>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170231271-1641695112.png"></p>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170233583-444157977.png"></p>
<p>登录测试</p>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170235985-1091976771.png"></p>
<p> 三、检查系统是否禁用Ctrl+Alt+Delete组合键</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 128, 1)"> 1</span> <span style="color: rgba(0, 0, 0, 1)">介绍:
</span><span style="color: rgba(0, 128, 128, 1)"> 2</span> Linux默认允许任何人按下Ctrl+Alt+Del来重启系统。但是在生产环境中,应该停用按下Ctrl-Alt-<span style="color: rgba(0, 0, 0, 1)">Del 重启系统的功能。
</span><span style="color: rgba(0, 128, 128, 1)"> 3</span> <span style="color: rgba(0, 0, 0, 1)">检查步骤
</span><span style="color: rgba(0, 128, 128, 1)"> 4</span> 查看文件找Ctrl+Alt+<span style="color: rgba(0, 0, 0, 1)">Del组合键配置:
</span><span style="color: rgba(0, 128, 128, 1)"> 5</span> cat /etc/inittab <span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">提示在/usr/lib/systemd/system/ctrl-alt-del.target中配置</span>
<span style="color: rgba(0, 128, 128, 1)"> 6</span> 删除ctrl-alt-<span style="color: rgba(0, 0, 0, 1)">del.target文件
</span><span style="color: rgba(0, 128, 128, 1)"> 7</span> rm /usr/lib/systemd/system/ctrl-alt-<span style="color: rgba(0, 0, 0, 1)">del.target
</span><span style="color: rgba(0, 128, 128, 1)"> 8</span> <span style="color: rgba(0, 0, 0, 1)"> 执行init q
</span><span style="color: rgba(0, 128, 128, 1)"> 9</span> <span style="color: rgba(0, 0, 0, 1)">合规标准
</span><span style="color: rgba(0, 128, 128, 1)">10</span> 禁用了使用组合键Ctrl+Alt+<span style="color: rgba(0, 0, 0, 1)">Delete重启系统则合规,否则不合规。
</span><span style="color: rgba(0, 128, 128, 1)">11</span>
<span style="color: rgba(0, 128, 128, 1)">12</span> <span style="color: rgba(0, 0, 0, 1)">加固方案 <br> 1.备份文件:<br> cp /usr/lib/systemd/system/ctrl-alt-<span style="color: rgba(0, 0, 0, 1)">del.target</span> /usr/lib/systemd/system/ctrl-alt-<span style="color: rgba(0, 0, 0, 1)">del.target</span>.bat
</span><span style="color: rgba(0, 128, 128, 1)">13</span> 2.删除文件:<br> rm /usr/lib/systemd/system/ctrl-alt-<span style="color: rgba(0, 0, 0, 1)">del.target</span><br><span style="color: rgba(0, 0, 0, 1)"> 3.执行命令<br> init q
</span><span style="color: rgba(0, 128, 128, 1)">14</span> 注:如果要开启这个功能,方法就是<span style="margin: 0; padding: 0; color: rgba(255, 0, 0, 1)">ln -s把软链接创建回去(或将备份文件去掉.bat后缀),再init q 重新reload一下配置文件。<br></span></pre>
<pre> ln -s /usr/lib/systemd/system/reboot.target /usr/lib/systemd/system/ctrl-alt-del.target</pre>
</div>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170237633-62567690.png"></p>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170258369-337496520.png"></p>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170302763-709348157.png"></p>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170308729-1393568449.png"></p>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170325344-1257309865.png"></p>
<p> 四、检查是否按用户分配账号</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 128, 1)"> 1</span> <span style="color: rgba(0, 0, 0, 1)">配置要求:
</span><span style="color: rgba(0, 128, 128, 1)"> 2</span> <span style="color: rgba(0, 0, 0, 1)">应按照不同的用户分配不同的账号,避免不同用户间共享账号,避免用户账号和设备间通信使用的账号共享。
</span><span style="color: rgba(0, 128, 128, 1)"> 3</span> <span style="color: rgba(0, 0, 0, 1)">检查步骤
</span><span style="color: rgba(0, 128, 128, 1)"> 4</span> <span style="color: rgba(128, 0, 128, 1)">1</span>、使用如下命令查看文件/etc/<span style="color: rgba(0, 0, 0, 1)">login.defs,确认文件中变量UID_MIN和UID_MAX的值:
</span><span style="color: rgba(0, 128, 128, 1)"> 5</span> #grep -v ^# /etc/login.defs |grep <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">^UID_MIN</span><span style="color: rgba(128, 0, 0, 1)">"</span>|awk <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">($1="UID_MIN"){print $2}</span><span style="color: rgba(128, 0, 0, 1)">'</span>
<span style="color: rgba(0, 128, 128, 1)"> 6</span> #grep -v ^# /etc/login.defs |grep <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">^UID_MAX</span><span style="color: rgba(128, 0, 0, 1)">"</span>|awk <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">($1="UID_MAX"){print $2}</span><span style="color: rgba(128, 0, 0, 1)">'</span>
<span style="color: rgba(0, 128, 128, 1)"> 7</span> <span style="color: rgba(128, 0, 128, 1)">2</span>、使用以下命令查看系统中是否存在用户id>=UID_MIN且<=<span style="color: rgba(0, 0, 0, 1)">UID_MAX的用户:
</span><span style="color: rgba(0, 128, 128, 1)"> 8</span> #up_uidmin=`(grep -v ^# /etc/login.defs |grep <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">^UID_MIN</span><span style="color: rgba(128, 0, 0, 1)">"</span>|awk <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">($1="UID_MIN"){print $2}</span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(0, 0, 0, 1)">)`
</span><span style="color: rgba(0, 128, 128, 1)"> 9</span> #up_uidmax=`(grep -v ^# /etc/login.defs |grep <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">^UID_MAX</span><span style="color: rgba(128, 0, 0, 1)">"</span>|awk <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">($1="UID_MAX"){print $2}</span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(0, 0, 0, 1)">)`
</span><span style="color: rgba(0, 128, 128, 1)">10</span> #echo <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">users=</span><span style="color: rgba(128, 0, 0, 1)">"</span>`cat /etc/passwd|awk -F: <span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)">{if( $3>=</span><span style="color: rgba(128, 0, 0, 1)">'</span>$up_uidmin<span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)"> && $3<=</span><span style="color: rgba(128, 0, 0, 1)">'</span>$up_uidmax<span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(128, 0, 0, 1)"> ) {print $1":"$3}}</span><span style="color: rgba(128, 0, 0, 1)">'</span><span style="color: rgba(0, 0, 0, 1)">`
</span><span style="color: rgba(0, 128, 128, 1)">11</span>
<span style="color: rgba(0, 128, 128, 1)">12</span> <span style="color: rgba(0, 0, 0, 1)">合规标准
</span><span style="color: rgba(0, 128, 128, 1)">13</span> 存在用户id>=UID_MIN且<=<span style="color: rgba(0, 0, 0, 1)">UID_MAX的用户则合规,否则不合规。
</span><span style="color: rgba(0, 128, 128, 1)">14</span>
<span style="color: rgba(0, 128, 128, 1)">15</span> <span style="color: rgba(0, 0, 0, 1)">加固方案
</span><span style="color: rgba(0, 128, 128, 1)">16</span> <span style="color: rgba(0, 0, 0, 1)"> 创建用户
</span><span style="color: rgba(0, 128, 128, 1)">17</span> <span style="color: rgba(0, 0, 0, 1)"> #useradd username #创建账号
</span><span style="color: rgba(0, 128, 128, 1)">18</span> #passwdusername #设置密码修改权限</pre>
</div>
<p><img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200908084601018-768236797.png"></p>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170328695-1188353364.png"></p>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170331940-698003714.png"></p>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170334554-1806422648.png"></p>
<p> 五、检查重要目录或文件权限设置</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 128, 1)"> 1</span> <span style="color: rgba(0, 0, 0, 1)">配置要求:
</span><span style="color: rgba(0, 128, 128, 1)"> 2</span> <span style="color: rgba(0, 0, 0, 1)"> 在设备权限配置能力内,根据用户的业务需要,配置其所需的最小权限。
</span><span style="color: rgba(0, 128, 128, 1)"> 3</span>
<span style="color: rgba(0, 128, 128, 1)"> 4</span> <span style="color: rgba(0, 0, 0, 1)">检查步骤
</span><span style="color: rgba(0, 128, 128, 1)"> 5</span> <span style="color: rgba(0, 0, 0, 1)"> 使用以下命令查看如下文件的权限设置:
</span><span style="color: rgba(0, 128, 128, 1)"> 6</span> #ls -lL /etc/passwd <span style="color: rgba(128, 0, 128, 1)">2</span>>/dev/<span style="color: rgba(0, 0, 255, 1)">null</span>
<span style="color: rgba(0, 128, 128, 1)"> 7</span> #ls -lL /etc/shadow <span style="color: rgba(128, 0, 128, 1)">2</span>>/dev/<span style="color: rgba(0, 0, 255, 1)">null</span>
<span style="color: rgba(0, 128, 128, 1)"> 8</span> #ls -lL /etc/group <span style="color: rgba(128, 0, 128, 1)">2</span>>/dev/<span style="color: rgba(0, 0, 255, 1)">null</span>
<span style="color: rgba(0, 128, 128, 1)"> 9</span>
<span style="color: rgba(0, 128, 128, 1)">10</span> <span style="color: rgba(0, 0, 0, 1)">合规标准
</span><span style="color: rgba(0, 128, 128, 1)">11</span> <span style="color: rgba(128, 0, 128, 1)">1</span>、/etc/<span style="color: rgba(0, 0, 0, 1)">passwd文件的权限小于等于644
</span><span style="color: rgba(0, 128, 128, 1)">12</span> <span style="color: rgba(128, 0, 128, 1)">2</span>、/etc/<span style="color: rgba(0, 0, 0, 1)">shadow文件的权限小于等于400
</span><span style="color: rgba(0, 128, 128, 1)">13</span> <span style="color: rgba(128, 0, 128, 1)">3</span>、/etc/<span style="color: rgba(0, 0, 0, 1)">group文件的权限小于等于644
</span><span style="color: rgba(0, 128, 128, 1)">14</span> <span style="color: rgba(0, 0, 0, 1)"> 以上条件同时满足则合规,否则不合规。
</span><span style="color: rgba(0, 128, 128, 1)">15</span>
<span style="color: rgba(0, 128, 128, 1)">16</span> <span style="color: rgba(0, 0, 0, 1)">加固方案
</span><span style="color: rgba(0, 128, 128, 1)">17</span> <span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">、赋予用户相关账号文件最小权限
</span><span style="color: rgba(0, 128, 128, 1)">18</span> #chmod <span style="color: rgba(128, 0, 128, 1)">644</span> /etc/<span style="color: rgba(0, 0, 0, 1)">passwd
</span><span style="color: rgba(0, 128, 128, 1)">19</span> #chmod <span style="color: rgba(128, 0, 128, 1)">400</span> /etc/<span style="color: rgba(0, 0, 0, 1)">shadow
</span><span style="color: rgba(0, 128, 128, 1)">20</span> #chmod <span style="color: rgba(128, 0, 128, 1)">644</span> /etc/group</pre>
</div>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170336961-183653029.png"></p>
<p> 六、检查是否修改SNMP默认团体字</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 128, 1)"> 1</span> 配置要求:
如果该服务没有必要,需要停止SNMP服务,如果确实需要使用SNMP服务,需要修改SNMP Community。。<br><span style="color: rgba(0, 0, 0, 1)">检查步骤
</span><span style="color: rgba(0, 128, 128, 1)"> 2</span> <span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">、查看snmpd进程是否存在。
</span><span style="color: rgba(0, 128, 128, 1)"> 3</span> #ps -ef|grep <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">snmpd</span><span style="color: rgba(128, 0, 0, 1)">"</span>|grep -v <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">grep</span><span style="color: rgba(128, 0, 0, 1)">"</span>
<span style="color: rgba(0, 128, 128, 1)"> 4</span> <span style="color: rgba(128, 0, 128, 1)">2</span>、查看文件/etc/snmp/<span style="color: rgba(0, 0, 0, 1)">snmpd.conf,检查SNMP团体名配置。
</span><span style="color: rgba(0, 128, 128, 1)"> 5</span>
<span style="color: rgba(0, 128, 128, 1)"> 6</span> <span style="color: rgba(0, 0, 0, 1)"> 合规标准
</span><span style="color: rgba(0, 128, 128, 1)"> 7</span> <span style="color: rgba(0, 0, 0, 1)"> SNMP服务未开启或者修改了默认的团体名则合规,否则不合规。
</span><span style="color: rgba(0, 128, 128, 1)"> 8</span>
<span style="color: rgba(0, 128, 128, 1)"> 9</span> <span style="color: rgba(0, 0, 0, 1)">参考配置操作
</span><span style="color: rgba(0, 128, 128, 1)">10</span> <span style="color: rgba(128, 0, 128, 1)">1</span>、修改snmp配置文件/etc/snmp/<span style="color: rgba(0, 0, 0, 1)">snmpd.conf找到类似如下配置,修改默认团体名public为其他用户自己可识别的字符串。
</span><span style="color: rgba(0, 128, 128, 1)">11</span> com2sec notConfigUser<span style="color: rgba(0, 0, 255, 1)">default</span><span style="color: rgba(0, 0, 255, 1)">public</span> //<notConfigUser>为连接snmp的用户名 <<span style="color: rgba(0, 0, 255, 1)">default</span>>为可以连接snmp的地址范围 <<span style="color: rgba(0, 0, 255, 1)">public</span>><span style="color: rgba(0, 0, 0, 1)">为团体名
</span><span style="color: rgba(0, 128, 128, 1)">12</span> <span style="color: rgba(128, 0, 128, 1)">2</span><span style="color: rgba(0, 0, 0, 1)">、重启snmp服务
</span><span style="color: rgba(0, 128, 128, 1)">13</span> service snmpd restart</pre>
</div>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170340256-1124834972.png"></p>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170342951-1789397980.png"></p>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170346171-550445133.png"></p>
<p> <img src="https://img2020.cnblogs.com/blog/2023719/202009/2023719-20200906170348631-1206877776.png"></p>
<p> <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAbMAAAAyCAYAAADWdjVOAAAGg0lEQVR4nO2dCW7sKBBAJ6N/thwhJ8ixcoJcckaJ5C+HUBuLKez3pEjdMVQVFDuYfnl/f//v4+PjHwAAgF35d7UBAAAAvdCZAQDA9vw5f/n8/Pzx8O3t7VJjDhtqekvbvijDncNIth9hVqRNw5O+c7gZ9mfw/2yy+v8qPHVkJVL930U+rKM6M/ty9qqOTPv/Yddh210aX2/6pPwZheb3L92H/vNn2IvMdWR2maLM3ps/dpB7kbkya8yoiE8cpT4tvQBPwdWZnWcO0jKFtUymPZdmIKMbHst2KX2lPdb3mtxWOyVbeonIOYctP3vTNqJ8eP1TyqzlnbZEHbXPw4j0WXG0+inZELF9Zf3XVmEi+SfJh/1xHQCxGnFrmcx6Xi5veZe7okgyz/Zoy3yW3FqjP6IjG03UttI3tc9efa3lQ/vuxbOP2mKfRSR9lvyy/J8HFFr8ngY8Q/3X8t5TXrztC+xLeJmRQlDnGBVGRq5SmHKEOZIVo9Jz3hx6a/o9ab7K7lb7JFme9HvllJ8tRvpck6GV8d70RweW8Dya98woNL8pG5vymVfGLFYur5Sdfc2GiF2r0tAT10r/TkT915P+lhn57vkLcbZ+zyxbgZX2lrxk7ci0PbMILUt0XrmSbZnKyKz078LT0w9zSduZSXtj5dp5Fmrr81kqbG/DPmLPzLMxr8Xx2jhq9mPpj9jXkv7dOaf5Cv/32Af34OV8N6N0Ykg7SXTQc5pJkhONb9npPRGlfT/+V9u7kPR5GtWW/IvIbrHB2s9rWSqy5Neee8pfzU7Lhkj58pZfyy5Lfq38RT577I/6MFv9t9Lu3dfLNiCGPl64aBhgfzIuqwJcSdplRgAAAC90ZgCb03vwCOAOPO46K4C7wdIiADMzAAC4AXRmAACwPd/LjD3Hvkuso6+rT11Zx9Sz2zdL54Gle3X+9LIif736dzg2Pjv/Vvunlx18qLFz/f6emZUvwva81Jk5E7Jvjq+yL7PPRrLa/5b+7H6YnX+r/TOC7D68M5cfAMnu7Oz2jaRlFDwyf3YfhQPcjZ3ro7sza7mBQ5Nh3S4hhZH0R26QsG7s6LWv94aFWtzeGygsnZruWpxo/lj6Pf7z3JihxZfiRuJ7bohp0d9DhvoTvT0mKt/CW34s/d4bWGr29cwsR/jHSp91Q1E0bTPbpxb+3gAyqjGxGnJvR2LJizy3dEfs86S3tbHy6u7R4ZHX4z9PHnjCXul/r3yLmeXPIkv9seJGdXqItk/ld8/yb4s8bzpG+Cfqf4/ekfZdwa+ZmebcltF8lMhovlXOk/H46igDX3+j87Gmv6Yvorc3fmmbpaf8LIVdQUv9GZF/LR3+KEb5P+LfM73tn9d+jz1XlbtW+2ZSXWaUGrMrK2hNFx1UHytGS1795zInhdHojd8aJyvR+tOTf9osIWJfDyP8vxKP/dEB3tWsznPeM3sIqyu5d0YYaRBHx386u+cf9styS5mr24MZNHdm51HECiz9vc9XM9K+1QXX0l+mNVqhW+LPLh/Zy99Z/4z8G2lfNGzmDq2Wrivy/yxzRHuQsXx/HwB5fX39+w9rg/NM6wavpKsmV4pryfbIkTZENfmt+eNFsq9HvmfvyyO/NX9G6Nf2e7z2l+G8+VvbR/Hsr4wsfxoZ6o9W/yPp0vJHw5u+Fp96/Otp/2p2RO2vPW/JX08ZiZSPUe1fD/ye2QRWz4SeAHkMV0J5yw97ZgNYvWT0NGhYAKCEmdkgWpeIwCbDEgY8F+r2HtCZAQDA9rDMCAAA20NnBgAA2/PjBpAMa8PSMe7o0XHtnSbt+SqiR6Nn2J/B/wAALVRnZuc30a9EOhF4bsC1t+R3bXy96Zt9YlLzu/aSLQDAah63zLiqo+5lRudBhwQAd8H1e2bSm/Cj3hCXZiCjOx3Ldil93ts/vG/7R+yUbOklIucctvy848AAAO6Ha2ZmNeLWMpn1vJwteZe7okgyz/a0XPY58iLPK2ZLUdtK39Q+AwCsxP1L0wc0YHWOWV1k5iqFke6CG0HWAzAAAD2EO7MDGsPfaBeMtsyCRkNHBgB3ZesDINkaZWlvyUvWjkzbMwMAyEDazkzaGyv33bJQ2//L0tj3zsjYMwOA7Py4m1F6byvb7yVJ8S07W3+Pq2aX9LtHNX2eRr8l/yKyW2yw9vPozAAgC1w0DAAA25N2mREAAMBL82lGAC/W3iHLlQDQCzMzAADYHmZmMB1mXgAwm/8BC8rP0IeNohoAAAAASUVORK5CYII="></p><br><br>
来源:https://www.cnblogs.com/AdairHpn/p/13622196.html
頁:
[1]