red hat enterprise linux 4 - mitweb.mit.edu/rhel-doc/4/rh-docs/pdf/rhel-sg-zh_tw.pdf · red hat...

Red Hat Enterprise Linux 4

� � � � � � � � � � � � � � � � � � � � �

Red Hat Enterprise Linux 4: � � �� 2005 � Red Hat, Inc.

Red Hat, Inc.

1801 Varsity Drive Raleigh NC 27606-2072USA �� +1 919 754 3700 �� 888 733 4281 �� +1 919 754 3701PO Box 13588 Research Triangle Park NC 27709 USA

rhel-sg(ZH-TW)-4-Print-RHI (2004-09-30T17:12)Red Hat, Inc. �� ! © 2005 "$#�%�&�'�(�)�* Open Publication License V1.0 +�,�-��#/. 0�1��#�23

http://www.opencontent.org/openpub/ 4�5�6� �7�8�9;:�<�=?>�@�A�8B"3�C !�D�E�� !�F�G;HJI;K�9;L�M�N�=OA�8QPSR�T�U�V�W�XJ9;Y�ZJ[;\�]�^�_�`�9B"a�b�c�d�e . f�g�V�6�9;h�#�i�j�A�8�EJkl+�m�nJ9;EJko=Op�q 3�r�s q�t�V�]�^�_�`�9o=$u;vQPSw�x�D�E�� !JF�9JIlKB"Red Hat y Red Hat z Shadow Man { d�| ] Red Hat, Inc.

3�}J~;��~�� 9�� r�d " �!��5�9 ��r�d�� !��JF�,��"[email protected] 9 GPG fingerprint ��CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E

� � ��

........................................................................................................................................................ i1. �� ¡ ........................................................................................................... ii2. ¢£��¤�¥�¦ ......................................................................................................................... ii3. §�¨©��ªo« ........................................................................................................................ iv

3.1. ¬� Red Hat .......................................................................................................... iv3.2. ®�©��¯�° ��± ................................................................................................... v3.3. ²³�´�µ´�¶ .......................................................................................................... v

4. ·�¸¹�º ................................................................................................................................ v4.1. »¼�½�¾�©��À¿�Á�Â�ÃÅÄ ......................................................................................... v

I. Æ Æ Æ�ÇÇÇ�ÈÈÈ�ÉÉÉ�ÊÊ ÊËËË�ÌÌÌ��ÍÍÍ�ÎÎ ÎÏÏÏ�ÐÐÐ ................................................................................................................ i1 Ñ . Æ�Ç�È�É��ÀÒ�¾ .................................................................................................................. 1

1.1. ÓÔ�Õ�Ö�×��È�É�ÊÙØ ..................................................................................... 11.2. ÈÉ�Ê�Ú�Û .............................................................................................................. 41.3. ÍÜ ........................................................................................................................ 5

2 Ñ . Ý�Þ�ß��àÀá ...................................................................................................................... 72.1. âã�ä�å ................................................................................................................. 72.2. ´¶�È�É�Ê��Àæ�ç ................................................................................................... 72.3. èé�ê�È�É�Ê��æ�ç ................................................................................................ 82.4. ëì�í��î¥ PC È�É�Ê��Àæ�ç ............................................................................... 9

II. Ë Ë Ë�ÌÌÌ Red Hat Enterprise Linux � � �ÀÈÈÈ�ÉÉÉ�ÊÊÊ .................................................................................... 113 Ñ . È�É�Ê�ï�ð ....................................................................................................................... 13

3.1. ïð�ñ�£ ............................................................................................................... 134 Ñ . ë�ì�í��òÉ .................................................................................................................... 19

4.1. óô�ë�ì�í��Àò�É ................................................................................................. 194.2. BIOS ��õ�ö÷�ø�ù�ú��Àò�É ................................................................................ 194.3. ûü�ò�É ............................................................................................................... 214.4. ÷ø�Ú�Û ............................................................................................................... 254.5. ýþ�¥��´�¶é�ÿ ................................................................................................. 304.6. �� ........................................................................................................ 334.7. ÈÉ�Ê��¡�ë�� .......................................................................................... 33

5 Ñ . è�é�ê�È�ÉÊ .................................................................................................................... 355.1. þ¥ TCP �� ù�ú�� xinetd ��ò�É�é�ÿ ............................................................. 355.2. òÉ portmap ......................................................................................................... 375.3. òÉ NIS ................................................................................................................ 385.4. òÉ NFS ............................................................................................................... 405.5. òÉ Apache HTTP è�éê .................................................................................... 415.6. òÉ FTP................................................................................................................ 425.7. òÉ Sendmail ....................................................................................................... 445.8. ��²�� .......................................................................................... 45

6 Ñ . ��´¶ (VPN) ......................................................................................................... 476.1. VPNs � Red Hat Enterprise Linux ...................................................................... 476.2. IPsec..................................................................................................................... 476.3. IPsec È�� ............................................................................................................. 486.4. IPsec ��ö��ö��Ë�Ì ........................................................................................ 486.5. IPsec ´�¶��´�¶��Ë�Ì ........................................................................................ 51

7 Ñ . �� .............................................................................................................................. 557.1. Netfilter � iptables .......................................................................................... 567.2. þ¥ iptables ..................................................................................................... 567.3. �!�� iptables "�# .......................................................................................... 577.4. FORWARD � NAT $�% .......................................................................................... 587.5. &�'��(*) IP +�, ................................................................................................ 597.6. iptables ��²�Ü�-�. .......................................................................................... 607.7. ip6tables .......................................................................................................... 60

7.8. /�0�1�2�3 ............................................................................................................ 61III. 4 4 4�555�66 6�111�777�888�999 ............................................................................................................................ 63

8 : . 7�8�;�<�=�> .................................................................................................................... 658.1. ?�@�A�B�1�C�D�E�F .............................................................................................. 658.2. G�H�I�J�K�>�L ..................................................................................................... 658.3. I�J�M�N�O�P ........................................................................................................ 66

IV. Q Q Q�RR R�KKK�SSS�TTT�UUU�VV V ............................................................................................................................ 719 : . =�>�W�X�1�Q�R ................................................................................................................ 73

9.1. G�H�W�X�Q�R�1�=�>�W�X ....................................................................................... 739.2. Y�Z�[ IDS ............................................................................................................ 739.3. \�]�^�_�`�1 IDS.................................................................................................. 75

10 : . S�T�UV ......................................................................................................................... 7910.1. G�H�S�T�U�V ...................................................................................................... 7910.2. a�b�c�d�S�T�U�V�e�f ........................................................................................ 7910.3. g�h�S�T�U�V�e�f ............................................................................................... 8010.4. i�5�S�T ............................................................................................................. 8010.5. jlk�K�m�n�2�3 ................................................................................................... 8210.6. jlo�S�T ............................................................................................................. 83

V. p p p�qqq ................................................................................................................................................ 85A. r�s�K�\�]�1t�u ............................................................................................................... 87

A.1. 7�8�1�\�]�v�w .................................................................................................... 87A.2. r�s�1�7�8�9 ....................................................................................................... 89

B. x�y�17�8�9�z�{�K�|�} ..................................................................................................... 91C. x�y�1~�� ....................................................................................................................... 93� � ��

................................................................................................................................................... 103� � �� q q q ............................................................................................................................................ 109

� � ��

��Red Hat Enterprise Linux ��

Red Hat Enterprise Linux �� Red Hat Enterprise Linux � �� ¡*¢£�¤¥�¦�§�¨�©�ª�«�¬� ��®�¯�°�±�²�³�´ ª�µ�¶ ��·�¸�¹�º�»¼��½�¾ ª�¿�À ��Á�ÂÄÃ Red HatEnterprise Linux ��*ÅlÆ�ÇÉÈËÊ�Ì�Í�Î�Ï*ÅlÐ�» §�¨�Ñ�Ò�ª�Ó�Ô ÅlÕ�Ö�×�Ø��Ù�Ú�Û¨�Ü�Ý�Þ�ß�à�á ��â�ã�ä�å ª�Þ�� §�æ ÃèçÉéëê�ì��í�îï»ñð�ò�Ð ª�§�æ�óõô Á Red Hat EnterpriseLinux �·�¸�ö�÷�°�ø�ù�ú�û�ü�Û ¨�óñý�þ ÷�ÿ��û��·�¸�¹º ª ��ÄÃ ³��Æ��ü�� Ë�� ó��

• ±�� • !�"�#�!• $��%�&�� ¬�'• (�)�*�+�,�-• ·�¸�¹º�.�/ ³��ã�0�Â°�1��2�3 �

• ��4 ��5�6• �� Red Hat Enterprise Linux ��• 7�8 � ��• ¹�º ª�9�: Î�Ï• ;�<Ê�= �� Thomas Rude > ³��?�@�A�B óDCFE�G ��IHKJ�L��M�N�O ª H 9�: ��PRQ�ORS�T Ã��ó

Thomas �£ &�U�V ³�� ó ��WFX�YZ > Red Hat Enterprise Linux

Z � ì � �\[ ó^]�£�� × Ø Red HatEnterprise Linux ��_��` Fa�Y�Z�b�c�á Å\d��í�î óDe�f &��Rg £�¤�� Ø�·�¸��hi�ËÌ�j óDklm 1�Ç �� ó Ên Å�oF� ��p Red Hat Enterprise Linux �� qh�� þ h�Æ��r��g RedHat Enterprise Linux s�Ø b�c�t�u ��Ì�j �

• Red Hat Enterprise Linux ��v��xw�y�\g�·�¸��v��Ì�j• Red Hat Enterprise Linux ·�¸�z�Ï�{��}| Z >�g�_�� Red Hat Enterprise Linux ·�¸�z�ÏF~�×��5 ��Ì�jÄÃ• Red Hat Enterprise Linux ·�¸�z�Ï��w�y��Rg�� Red Hat Enterprise Linux °�� Ò�� h�Æ��Ì�j óD ³��| Z Ê Red Hat Enterprise Linux ��ÄÅ\�� á ��×�� ¬�'� �\g�� u�� Ã• Red Hat Enterprise Linux

l�m ��w�y�ê Ò h Z��F�� Æ��Ì�j ó °�w�y C��l�m��óD ³�� ý�� w�y�×��×��ÄÃ

HTML, PDFª

RPM ��³��÷�°�Ê Red Hat Enterprise Linux ��R� :�� Å�� á�ó ` �� ³�Ê � http://www.redhat.com/docs/ Ã

� �� ¡�¢�£�¤�¥\¦¨§�©�ª�«�¬��®�¯�°²±´³µ�·¶²¸

Red Hat Enterprise Linux ¹�º�»�¼´½�¾·¿ÁÀ�Â�Ã�Ä�Å�Æ�Ç·¿È ¯²�®�°�±ÊÉÌË�Í ½·À Red Hat Enterprise Linux¯�Î�Ï·Ð²Ñ�Ò�Ó�Ô�Õ�Ö�×

http://www.redhat.com/docs/¾²Ø ¢²Ù ¹�º²»²¼ É

ii Ú Ú Ú�ÛÛÛ

1. Ü Ü ÜÞÝÝÝ�ßßßÞàà àÞáááÞâââäãããæåååÞçç ç´èèèé�ê�ëFì�í�îðïDñFò�ó�ô�õ�ö�÷�øFù�ö�úFû�ü�ý�þ�ÿ��x86 �� ú Intel® Extended Memory 64

Technology � Intel® EM64T � AMD64 �� ù �� ë��ù�û�ü ï�� !Red Hat Enterprise Linux "�# ô�õ%$\ù&�'�)(�*

2. + + +-,,,}ååå-...0///01112�3 !54�6 ó�ô�õ87 ï�3�9�:�;�<�=�>�?�@�A'B�ù�?&CEDF?�GEDIH&J�@ 'K5L'M5N� 6�O ù�P�Q�R�S�Tú�U�V�WFù%XFA�B�ù�?�@��B�ù�Y�Z M5N�[�\�]8^�_&` ��a�b�ë��ù�cFì @ 6�d�e Z [�] SFù�f&?�cC�ú%gcommand

Linuxù�h�i � @ �j�k�l�m U�VFù&h�i T�@ 6�d Y�Z ] S 6&d c�C ] S�3�n�@&o�p�i�q�r�st8?8u8v ïFwyx8z�{�r

[Enter] [8|8}8~ hyi úy7�� ï�h�i8:�÷�ø�@�A�B&Y�Z�R�SFù�? ��L�� o 6 >��r ï ^&_�� h�i�ù&a�� ï�ö&@��&��?&9&:�@�a�b�h�i [ R�S IL�� g��ÿcat testfile

h�i [&�� o�� l ��$�� testfile ù ��'�� file name

� �ED��EDF��@ RPM �� ¡�T�@ 6�d Y�Z ] S 6�d Y�Z�h M a�b�ë��Fù �� u-��@ ~ ��¡�¢&o�3�ù&U�V&£ ¤L�� go�3�¥¦��'$\ù.bashrc �� ø�ú bash shell

ù&��§�@ 3�¨�©)��ÿ�ù�ì&� /etc/fstab �� ø�úy��A'B�U&V #�ª��&� U�V�ù�û�ü ��« 3�¬�&��ÿ�a�b�®�¯&°�± ��² � � �&³�´�Z ïµ� "�# webalizerRPM

application6 b�Y�Z�¶�3 ] S 6 b&´�Z�T�a d ÿ�·&¸�ù5¹�ÿ�´&Z �º� U�V&»&G��¼5¹ � FL�� g��ÿMozilla [�½�¾ ®�¯

[key]¿�À £�ù&{ ¿ T�@ 6�d Y�Z ] S IL�� g��ÿ[Tab] Á�Â

¿ ïµs�t&a�b�?&Ã�x�z�{�r[Tab]

¿ 3�ù&Ä&¸�Å�:�R�S&o��$)@ ~ ?�Æ �&Ç ùö�ú ��

[key]-[combination]{ ¿ ù&È�É&:�@ 6�d Y&Z ] S ¤L&� g[Ctrl]-[Alt]-[Backspace]

ù&{ ¿ È�É�9�:&Ê'Ë�3�ù�Ì�Y�� l�Í � ïÏÎ�Ð�3'Ñ)<�Ì&Y�ù&Ò�t&Ó�Ô&u�ÕÖ�× o o o

GUI Ø Ø Ø Ô Ô Ô'$$$\ùùù�fff&?? ?oGUI Ø ÔFù�ÓyÔ�u �8Ù $�ù�ÚyÛEDI?�u�v89�:8@ 68d Y�Z ] S 2�38;�<8@ 68d Y�ZyR�Sù�f? ï ] S ^�� ÿ [�\�] a�b�ë��Fù GUI

Ó8Ô�u�a�bGUI

Ó8Ô�ù�Ã Ü��L��Ý�Þ�ß u�à�á8â�ù�f? ï L�� gã � 3�ä�å&3�ù&æ�ç�è&é�´�Z�Ä�ê��&ë��s&t&ì�í ïµ� Ý&Þïî ëë ë&�ììì�ííí'ðRù Ý&Þ�ß�

ñ ñ ñ�òòòiii

GUI ó ó ó�ôô ô�õõõ�ööö�÷÷÷�øøø�ùù ù�úúú&ûûû8üüüý�þ�ÿ�� ú�� ø�ù�� û8ü��)ú&û�� þ�� û GUI ó�ô��)ú�� !#" û8ü�ú�$�%�&�'(�)��*� GNOME +�ù�,8ú.-0// /�111325ûyü��4 þ � �ÿ�� -0555�66 6�+++�ùùù�,,,8777�99 9�2:�<;= > � û8��? þ�@�A��B � ö�÷�C#D3EGF�ú shell H�I�J�K4�� þ�L�M � GUI û8ü��GN�O ��P3Q ú�R�S� ��T�� A ��U�ú:)�V�W��:I�*� û.-0XXX�ûûû8üü üZYYY�[[[�2]\^��ô�_�`�a => -cb b b � � ��ddd�eee 2 => Emacs W�D�f Emacs g:�h�i�j4�

GUI ó ó ó�ôô ô�õõõ�ööö�÷÷÷3��úúú:YYY�[[[> �� R ! >�g� �!#" � GUI ó�ô�� @ Y�ú:Y�[4��)��(*� û�``` � � ��kkk Y�[�W�l ��þ ` ��m ö�ú�n�9��

computer output

> �� ú�g��o�I�� shell H�I�J�K�ú�g��)��R�S�ú�p�q�r�s�t�lvu�r�s(xw�)�W�y(*z�{ls R�S�W�o�I �� ;}|�ú8~#��)��(*

Desktop about.html logs paulwesterberg.pngMail backupfiles mail reports� u�> � R�S��ú:N ! \��> � )�V�x��;}|�ú8~#��a �A > ��:� ��I��

prompt�� H�I�J�K�\�� ú�J�K( { W��I3�G�� þ ú�N�O�a�� A > �� I��)��*$

#

[stephen@maturin stephen]$

leopard login:

user inputz�{�� N�O�ú�g��\��S�U�õ�� GUI ó�ô&ú�g��a:� �A > �� I4��U�ú�)V3�� text � A > �� o�I�*M D�f þ ú:�� g�� ú� �¡�b � þ�� boot: H�I�J�K��N�O text R�S��replaceable¢

)3� z3{ ú3g�£\¤� ¦¥:z3{�� 3N�O'ú�§�¨��3©��3a8� �A > ��ª!�" «� A ��ú�)�V��¬ version-number �®#� A > ��¯�" *°�±�²�³8´ úµ;¶|�� /usr/src/ · version-number ¸ / ¹>�º8ú�¬ version-number »�8 ¡��>�&��ú °�±�¼�½ �¾Z¿ À�T z�{�Á E � �3B�ú�Â�Ã�W8Ä�Å þ8Æ�Ç�È §:r8ú�É�Ê�� A > È §�r Æ&þ ��ú�F M�Ë W�Ì�7�> È ��;}� �Í�Î I��Ï-0Ð�É�Ê�2�Ñ<-cÒ�Ó�2�Ñ�-0F M 2�Ñ�-0Ô�I82#t.-ÕÔ�Ö�2×��)��(*

ØØØÚÙÙÙ¶ÛÛÛØÝÜÝÞ

Linux ßÝàÚá}â¶ã}äÝåÚæ»çéèÝêÝß¶ë<ì rose,ROSE í rOsE îÝßÝïñð}æ»ç

iv ò ò ò�óóó

ô ôô¶õõõ/usr/share/doc/ öø÷ÝùÝúÝûÝü¶ýÝþÝÿ��

�� þ�� DHCP �� ýÝþ �� DHCP �� !"�$#%��&�'�()�*�+��

, ,,---( ��. root /0�1�24365�7�8 — 9:�;�<�=�<>��:�;�?@�AB�DC�E¶þ�F � :�; root @�A�G%Ýÿ��H�I��7�8��

, ,,JJJK þ�L�L�M�C�N � � Red Hat Enterprise Linux O�PQR"�$9�S�T�U�VB�$M�C�W�X��O�P�QY�)Z[\�]�^�_�`ÿ��a�b�cd��

3. e e egfffihhhkjj jglllkmmmnpo4qprpsptvuxwpypzp{}|�~vu��p�p�4�p�}��p��}��}�4��Red Hat �p� �}�p��k� �p�p��òp��p�4�p�p�p��4 p¡£¢

• ¤}¥ Red Hat

• ¦}¥4�4��òp§• ¨p©pªp«4ªp¬}®}¯

Red Hat Enterprise Linux °p± �p²}³}´¶µ¸·¹��}º}»}¼p½½½}¾¾ ¾}¿¿¿}ÀÀÀ �� }ÁÁÁ �ÃÂ4º�Ä4Å}�}¯4Æ �}�p�ò �Ç�}È4ÉpÊpË4½½½p¾¾¾p¿¿¿pÀÀÀ � � �4ÁÁÁ ��Ì}Äv�xÍpÎ��p¯pÆ �p�p��ò �Ï�Ð ��ÑÓÒ��p½½½�¾¾ ¾�¿¿¿�ÀÀÀ � � �ÓÁÁÁ ¯�Æ �Ó�Ô�ªòÖÕD×ÙØÔÚ É ¨Ô©Óª�«ÔªÔ¬ÓÛ �Ü�ÔÎ��ÔÝ ±ÔÞ�©Ôª � ¨© http://www.redhat.com/register/

�x¯pÆ �p�4��ò �

3.1. ß ß ßáà àà Red HatÏpÐ �pâpãRed Hat

� ¤}¥4äp§ �x�pÎp�pn4½½½p¾¾¾p¿¿¿pÀÀÀ � � �4ÁÁÁpå4æ �}çv�éèpêpëp� äp§ �xì ©4ªp�p� ¢

https://www.redhat.com/apps/activate/newlogin.html

Red Hat� ¤p¥4äp§ opí4�£¢

• î Red Hat Network ïpð w4ypñpëvu�ò4óvu��p�pz4{ô�• Red Hat

�4õ4öp�p�vuÃ��vu��p�p÷4øpùÏpÐ �púpû�ü

Red Hat ¤}¥4äp§ �x�pÎp� î �p� ªpýpþ ¼£¢

ÿ ÿ ÿ��v

https://rhn.redhat.com/help/forgot_password.pxt

3.2. � � �� }ÿ�� !#"��%$�&��}ÿ��('*),+�-� ��!�"�.%/��01'2 3�4,5 0�6�7�8,9:� 3,4�;�<<<�== =,>>>�???�@@@�AAA�B�C �D'FE

http://www.redhat.com/register/ G�H,I 'KJ�L,��4ÿ��:�

3.3. M M M�N NN�OOO�PPP�OOO�QQ QRed Hat Network

�� @�ASRRegistration Client T�U�V�IWGWX�G�Y '[Z�\�]�^ @�A '2_W`� �a�b�c�d? �fefg,h�&�i,j��k A 'K� 4 Z�l,-1m

1. n�o << <�===�>>>�???�@@@�AA A — p�q�r�I�sut,vvv�www�xx x�yyy�zzz,{{{}|,vvv�www b b b�ccc�~~~��W��'K�� z,{�� &�D�2.< < <�===�>> >�???�@@@�AAA�� '��,�� RR R Main Menu T T T�� bb b�ccc�� R R R System Tools T T T '��

Red Hat G G G,YYY R R R Red Hat Network T T T �3.< < <�===�>>>�???�@@ @,AAA��,�� ' ;��,�� Z 4

root � L�'KJ�L 4 Z� � m• /usr/bin/up2date --register

4. ¡ ¡ ¡£¢¢¢}¤¤¤£¥¥ ¥Red Hat Enterprise Linux ¦�§�¨ <�=�© � � Red Hat ª�« ��¬��®�¯ ��7�°�±�' 4�²�³ & o�|#´ ��µ�¶ |�z�{�· Red Hat Enterprise Linux

� n�o�¸ �º¹¼»�^�� |�¦�§�¨�½�¾�U�¿�À�sut '2��Á © �Â�Ã,Ä�Å�Æ�Ç 4 Ã�È,É�Ê�Ë,��Ì��}�

4.1. Í Í Í�Î ÎÎ�ÏÏÏ�ÐÐÐ�� #ÑÑÑ�ÒÒÒ�ÓÓÓ�ÔÔÔÖÕÕÕ×Ø�Ù ;Red Hat Enterprise Linux ¦Ø§Ø¨ <Ø=Ø© �Ú��&ØÛØÜØÝÙÞ I �ÙßØ�à'áEÙ&ãâØäÙ ãåæ 3�4}ç}è �£é�kÚ'ëê�É}ì�í}î} ï�ñð}òôóf�:õÙö}7�÷DøØ�

rhel-sg�}ö}ù�Ü

Bugzilla(http://bugzilla.redhat.com/bugzilla/)

�p�ú,w 7�÷�ö�ù��'K��û�æ,ü��#ý%��Á © ��¼þ�ÿ��1mrhel-sg(ZH-TW)-4-Print-RHI (2004-09-30T17:12)�� l ²�³ � © ��þ�ÿ��1'Kê�É�Ã U�� é��, �l��,& ,© ��¼Á:�×�� &�øu� ç� �� ý��ð��('2��ý � � � ýu �� & v�t ß��('FÂ�� s�� | 7��1' 4 n æ�ê�É 3�4 ]�� ,Ü�È �

vi ! ! !�"""

I.# # #%$$ $'&&&%(((%)) )%***%++ +-,,,/...1000%22 2'333

4�5�6�7�8�9�:�;�<�=�>�?A@CB�D�E�F�G�HJILK�M�NPO�Q�R�S�<�T�UWVX4�5�6�7�Y�Z�[�\�]�^�_�`�a�bc�d�e�f�g�h�i�j�k�l�m�<�n�opV

qq qsrr rutttwvv v1 x x x .d d d�ee e�===�>>>�<<<�yyy�zz z

............................................................................................................................. 12 x x x . { { {�|| | b b b�}}}�~~~�� ................................................................................................................................. 7

�1 � .� � ��

��P��P��P��P�� ¡�¢��£P¤��¥�¦P§P¨��©�ªP«�¬��®��P�P��¯P°�±²´³Xµ�¶�·�¸��¹�¡�¢�º�»��¼�¦�½�¾�¿�À�ÁWÂXÃ�Ä�¦JÅp³ÇÆ��È�É�Ê�º�»�Ë��Ì�Í��Î�Ï�Ð�Ñ�Ò��Ó�Ô�Õ�Ö�×�Æ��Ø�Ù�Ú�Û�Ü�©�ª��Ý�Þ�§�ß´³àµ�á��â�ã�ä�å��æ�Ü�§�ç�è�é�ê�ë�ì�Ë�í��î³Çï�ð�¼�È��ñ�È�Ã�ò�ó�ô�õ�ö�ô�ó�®�÷�ä�å��±�ø�ù�ú�±�û´³üµ�¶�ý��º�»��¡�¢�æ�Ü�þ�ÿ��©�ª�� Â�� é´³C��â�ã�Ä�¦� «�¬�¯�°�� è��º�»�Ë��A³��Ã�Ð�Ñ��C«�¬� �!Ú��WÂ#"�$�Ö�%��º�»�Ë�&�')(+*�é,��-�Ú/.

— 0�1�2 Ú��3�Ô�4�Õ�� ÂXº�»�Ì�Í/576A³ÇÃ��8 �9��:�;��<�>=�?��@�� Ú�A ³�B�C�D�E�F� �GIH�JA³�KIL�«��I��ó�GIM��â�ã 1I2 Â1.1. N N NPOO OPQQQPRRRPSSS,TTTPUU UWVVVYXXXPZZZ,[[[]\\\¡�¢��º�»�Ë�é�"�¯�^�_��`�a´³cb�d�egf7h ��¡�¢�Ü�¦�«�¬�±�ø�i�j��"�¯�ê�ë�k�l��m/nW³Ç��¡¢�Ð�Ñ�¹��i�j�o�p��¥�¦�Û�Ü�¹�®�÷�� ±�ø��ä�åî³ÇÆ��è�q�±�²�r�á�Æ��ä�å�»�â�±��"¯�ê�ë�� â�$ Âtsu(7v�Ì��w`�a�¹�x�� ±�ø�¿�yJÕ�z�Ã��o/p��¥�¦��w{ ÅW³c=�?w|�}�~��Áò

(TCO)«�¬��u�I��

(QoS)Â � ��K��xw��±�ø´³C¦��q�È��!�=�?P±�²��|�Ë�¹��®�÷PË��¨��ë�Ü�Æ��¹��j�Á�ò��"�â�ã ÂàÃ��¼�¦´³�=�?�¡��¥��A³C±�²��L�®�÷�Ë�¹�L��x��

� L��Ó��Á��¹��h+� Â1.1.1. � � �)��u�� /��)��)��)��) ¢¡¡¡)£££)¤¤¤u¥¥¥u¦¦ ¦w§ §§)¨¨¨u��©©©s¢(«ª�¬�½�s��®��

Matthew Broderick ¯�° ��¡�± "Wargames"³ Ã�ï�ÅLÆ�² ° "�¯ 1�2�³�´�´ G�âµ�¶�¡�¢��JÅ+�´³ÇÒ�� · 6�ó�¸�¹�Ï��º�»��¼�½WÂXÃ�K�â�¡�±JÅ ³

Broderick ¾ �Æ��¿�À�ñ�ÁÂ�Ã 1�´ G�â��¡�¢�ÅÄ�áWOPR

A³�Æ��¹�Ç�Ô�È��Ï��É�ì�Ê��°�¼�Ë�Ì�Í�}�Î�Ï�ÐpÂ#K�â�¡�±�8Ñ��Ò�ñ�Ó�9�Ô�Õ

1983 Ö�³�´ ¹�×�Ø�Ù�§�� " Ú º "Ò�ÛA³�Æ��ë�Ò�Ã�Ü�Ý�Þ�Ü�8 0�ß Ó�á�é�"�â�ê�ë�Á��¡�±WÂ � ��K�â�¡�±��à�á�â��±�ã´³�ä�¸gfås/( ¯�°�¹�æ�}/ç7è�é�Ü�"�� Ö�ê � ¯�ë ��Ã 1 àì Ô�Ð�Ñ��§�í´³�î�_�È�ï��

war dialing —Ã�"�¯�Ó��F��ð�ñ�Â�ò�¹�¡�ó�A�ô�õ�Õ��ö�×�÷´³�ø�ù

ú/ûü¿�À�ñ�¡�ó�Â�ò��"�v�§�í Âýg( Ö Úw� ³àÃ¢Ø)þwÿ��

FBI ¹�» ´ ¡ ¢�ÌJÍ �� ¤ ³ ·�� Ö �g(�§Jå/í��/÷ ³ �`�� ¡J¢��

Kevin Mitnick � � 0�� ³ 0 Ç ( � 25 � h��J¡�¢J¹J¡)ó ��Jß Â K¢�Jß�� Á�� ³ Õ��ËwÌ��/�P¹� �è/ò�!/� ³ à�"w¬�#P¬�$�%�& �Nokia

³NEC

³('�)+* ¡P¢ �Sun

MicroSystems ´³C��¼ �

Novell ´³-,+.+/ �

Fujitsu �¹+0+1�243 �

Motorola �� Â ëwÒ�Ø/þ�ÿ+�+�

ß á ³#C ßJá ³)´ ��5 « �¢� ��¡�¢�6�7�ß��îÂ �w��Æ 0�8 ��7 ³üÒ¢�w��9 68¯�:îÂ � � Æ Ã/�

960¯�:�«�� ³üÃ

2000 Ö 1:

21 ;=<+> Õ@? Â í+A��Ó MitnickÃ

2003 Ö ÚwA´³ � � ¾ �¡�¢ ³Ç½ � LB4C�;4D�¡�¢�ê¢h��FEFG�¼�ÜWÂ ÿF��°�ð@H4Iî³Mitnick

é@J+K�¼��— L 4M4N4B�ï�Æ�°FO�8´³QP�÷FRò�¹�Ð�ÑFS ì

—��Ì�ÍpÂ� �4T Ö �´³C°��4U��ä�V��´³-KFW�¯�° �X�� «�¬�ï�Æ�ñ4R�±�²WÂ µ�¶�±�ø�º�»�¾�¿�à��°��rWÂ

Mitnick¹

Vladimir Levin��=��Õ �4Y �[Z4\4])(_^4`´³ÇÊ4a�bdc

1.1.2 e A³Xf4g4h4i4h�¦�4j4k��±�²4l4m�¹�i�j��§�ç�é4n4o�ëWÂX��@��à�á�â��xA³�Ó�éFp�°@q4r4s@t´³�¹��4fF'�º»�Ë�� µvu�Ú�" Â��)(�° ¾ �Æ��¯�°�¡�¢��®�÷��@��È4f@w��±�û´³�lFB�±�ø��ø�ù�¹�÷��´³��¡��4xF��¹¡��¥��i�jî³ ��@��y · 0�ß Ó�á@z�ý@{@|�" � �� ·~}�¸4�sÂ��Æ��@��«�¬�bF�4��F��Ó�é 0 ç�¸��ë�Ü�"�¯�� :��á@%4��Ð�Ñ´³ ½�B�é@��@��4/�ø4�ÓP��ò+OPÒ+��8�º�»�Ë4�w��A³Ç½4��;4D4/ � ß ��º�»�Ë4�4�4� 1 Ã TCP/IP�+l+m+�+� Å ³

K�q�È�� JÅ_��Ã��F��6 ¾ �¬�¹��¢çv��"+��+�sÂXëF��/ç ¸�y · ¾ ��@��F/�ø4]+��ó�º»A³ �F�F� ��s¢(d��÷�» ´ ËF��6��~CF��¸��«F�@��@��;~DFCF`�éF��ý�º�»�� Â

2 � � � 1 � � � . � � �F F¡¡¡F¢¢¢4££ £~¤¤¤F¥¥¥

1.1.2. ¦ ¦ ¦�§§§�¨¨ ¨�©©©�ªªª¬«««�®® ®4¯ ¯¯°�±_²+³F´4µ4¶4·4¸ ¡4¢+£F¹4º4»4¼¾½-¿4ÀÂÁÄÃ4Å+£@Æ�ÇvÈFÉ�ÊvËFÌ�ÍvÎ@Ï4ÐFÑÓÒÕÔF£ ²+³@·4¸4Ö4×FØ¡F¢ ´Fµ¾Ù ÃFÚ@ËFÌ ´Fµ4Û~ÜÞÝ £@ßFàáÁ

1.1.2.1. 1930Ö Ö Ö

1940 â â â@ããã

• 1918 â ÙXä4å £Fæ4ç4è+éFê�ë�ì=íFî ·FïFðFñ@ò £FæFçFó Ùõô Ã4öFíF÷4ø~ù ð+úFû æ4ø~ù Ù ËFóFüFýúEnigma Á í�þvÿ Enigma � ú ì��Ç~£ ×�� Ù�� ê��4Ë4óFü+£�� Ù ö�� ³�� Á! ví�"�#�$�%�&+£�'4è+é Alan Turing (Fê��ì�)�* Enigma £ ��+ Ù�,�� Ã�-ê�.¬ì/ _í�0FóFü Colossus

Ù2143 � ¶4³4�45�6 íFâ�7484£49�: Á

1.1.2.2. 1960 â â âFãã ã

• ;�<�=4>Fè�? (MIT) £@è4@�AF¿ Tech Model Railroad Club (TMRC)ÙCB�D þ_ÿ�E�F Ö�G �Fè4H PDP-

1³4I�J óF�F 4£4K ò�L�M¾Ù Ë4N�O�A�P�Q¬ì Ü #4R4S�T � £VU�WYX[Z]\�^`_ Á

• a ��b�c�d�e Advanced Research Projects Agency Network (ARPANet), Ë4¿ ú í�N ��f�g�h Öè�i ��j � ×��4Ö+×FØ4·4ï4ò�k4l £4m�n Ùpo4q+ú@ÜÓÝ R�S�r�s+£ut�v4t�w�r�x��y ä t4w�þ{z�P d£4|�}áÁ

• Ken Thompson þ_ê ì UNIXf�~ �F Ù�� o@ô�� £+þ_ê�>�� Ö4L�� ü Ù Ã@Ú�� o £u� �� Ð� Ùpo�� ý ú " ��\�^�� " £ f�~ �4 Ù-³��V� £4Æ�Ç Ù Dennis Ritchie þvêì C K ò��¾Ùõô Ã�� ·@¸��4� �4��4£4\4^ �� Á

1.1.2.3. 1970 â â âFãã ã

• í �Þú��ÞÖ ~ ��> f £[ �¡ g ê�¢�£ - BoltÙ

BeranekÖ

Newman - ¤�¥ ì ARPANetÙ þ¬ê

Ê Telnet m Ø�¦�§ Á¨��©�t�w�ª�« � �� > f�� Ö è�i`¬4" Ù Ë�m Ø�¦�§ þVzì ×�� t�w ³�4® £�¯ó Á±°4²�³ 1F°�± t�w g�h�´ Ê Ù Telnet ��µ t4w�¶ Ù ��°@¡F¢4£4m Ø4¦�§ Á

• Steve JobsÖ

Steve Wozniak · e Z¹¸�º ·4¸ _ B�D þvÿ��»¼Z¹N�¢ ·4¸ _ (PC)Ù

PC � °�±{½�¾ ��¿ è�ÀVÁ�Â�)�Ã4�4 ��Ä�Å+£�Æ�Ç Ù�È S�� í4÷+£ PC m Ø�É�Ê Ù�Ë�Ì�Í�Îvò £�' 1 ó Ö��Ï�Ð�Ñ ó (War Dialers) Á• Jim Ellis

ÖTom Truscott

d�eUSENET X � ° � � �� Ç Ù�Ò � ·4ï m Ø ¿ k�l4Ø�Ó £Fí4î�Ô�ÕÖ �F áÁ USENET ×�ØF¿ ú ��4£uÙ�Ú��@í Ùõ¶ � �� kul@·F¸�Û f ½�tuw�Ü�Ý ½QÃFÚßÞ í § Ñ�à

£�á4)4*�â�Ä�i Á

1.1.2.4. 1980 â â âFãã ã

• IBM þ_ê B�D �4»�ã � Intel 8086 ä�å4=Fü4£uN�¢ ·F¸¾Ù ËFî�ä�å4=@ü��æ�ç��~Å�ç�è�é4£uê�ë Ù�oô ö�ì�µ�í+£ ·4¸�Û f�î�ï é�ðñ¶ Á Ë q ��ò PC ó�ô ® Ã4¿ ú 9�õ�ö ³�D�÷�ø�ù � £Fí4÷ ô�� £>�� ÙCú _í ��û Ë q�ü�ý�½4¾ � �� éþ¶/ÿ4ì4µ�íþ¶ Ì - É�Ê £�� Á

•�

Vint Cerf r�þ_êF£ �� m Ø�¦�§ (TCP) ��@¿ ú � N��þv£ c��¾Ù t�vut�w�m Ø�¦4§ � ¿� Ë��F£�� Ù2ú4D r�7��4£ TCP/IP m Ø4¦�§ ¿ ú ì ÜÞÝ r�à�t�v4t�w�m Ø £�� Á• ã � phreaking ��+£�þvê�ÿ � E�F Ö ï�� ·�� 4 Ù 2600: The Hacker Quarterly �� û � ú�D þÿ��/ç �� £@¹ �� Ù Ë�Ì )4* ·F¸FÖF·@¸ t�w4â J�� Á

•� Ü��! �# G �+�� ï�� Ö )`*�£�"�# $ Ù 414 %'& Þ �VÈ S`r�(�)+Ã+Ú'* ´ )�*�£�+�,�- Ñ r'.U�á � à�/4¬4"�0�1 Ù�È S ï�� ì324Ì��44ó4æ ��5 £F�4 Ù�Ì Los Alamos National Laboratory

ÙË��Fí4N�6 ï�7 üF£ g�h ¬u"áÁ

8 8 81 9 9 9 . : : :�;; ;�<<<�===�>>>�???�@@ @ 3

• The Legion of Doom A Chaos Computer Club B�C�D�E�F�>�G�H�IKJML�B�NPO�Q�R�S�T�U�V�W�A�VX�Y�Z�[�\ >�]�^`_• 1986 aKJcb�d�d�e�f�gih3V�W�j�k�l�m�n (The Computer Fraud and Abuse Act of 1986) _po�@�q�rs

Ian Murphy tvu�w�x�y Captain Zap z|{cO�T�Uih�}�m�>�V�W|~��m�� Y�Z�� >��Y�� JM��m��>��V��V��`_• ��V�W�j�k�l�m�nKJcn�� ¡ Robert Morris ¢�£¤_¦¥ y�O�§ [�¨�[�\�©�ª�« h Morris¬'!®'¯ J±°'²!³'g 6000 ´�V'W'µ!¶·_¹¸'º'»¼J±o!n'½'¾!¿'º�>ÁÀ�Â!D'Ã!Ä'Å'Æ¼J±Ç�B!ÈÊÉ�É�Ë¡ Herbert Zinn {MO�Ì�Í��l�mÊh AT&T A DoD >�:�;¤_

• N s Morris¬��®�¯ >�Î�Ï�Ð�Ñ�u�Ò�e�Ó�Ô�>�Õ�Ö|J s B�×�Øih Y�� <�=�Ù�Ú�Û�Ü�Ý�Þ (CERT) »�ßà V�W�>��m�á!â s [�\ <�=�ã�>�ä�å¤_

• Clifford Stoll æ�çèh The Cuckoo’s Egg Â�é·J Stoll Ã�Ó s�ê�ë T�U�O�:�;�>�G�H¤_

1.1.2.5. 1990 a a a�ìì ì

• ARPANet í�î|JMo�D [�\ >�ï�Ö��ð�ñ��ò [�¨�[�\ (Internet) _• Linus Torvalds ó ô'm s GNU õ�ö�:�;'> Linux ÷�øùJ Linux ú�û�ï'ü'>�ó ô�A'ý�m�þ�ÿ�BÁN s��g [�¨�[�\�� >��m�á�A��ó�ô�á�� >��õ _¦¥ y� �� UNIX J Linux B��H�A�:�;�� m�>|Jp¥ y��m� �»��Ø��§�� t��! #"�$�%�z�õ�ö�:�;�&'��()�*�>�<�=�ã+�ì!�B,-�.�m�>`_

• /�01�> [�2�3�4 *�5 Ð�6�7·JMo�u�°�²��8#1�> [�¨ [�\�9 ��m�>�:; u<=�>�?�S@`_• Vladimir Levin A�û��CB�D�n�E�Ì'Í'T�U Citibank >ÁÉ�F Y�Z'� ��G�ñ!H�Â�I�J�K�bCL�ò�Òèÿ >MN J Levin w Interpol �OP·JRQGST��¢�>�U�V#W�5YXCZ _• ��¢�G�H�É � y[#\�>�u�Ò�L�B Kevin Mitnick JMO�Ì�Í]�T Ò�ÿ ��> :�;|JMO��>�^_`��Ä�[>�D�[ Y�� ò�³�g�C�J�D�a�m�bc�%A�û��de�>"$�%¤_pOf!gPw�OP��G�w�� [�\ l�m�>£�Ä|JhQG�§ij!É wikÊhml�a¤_

• Kevin Poulsen A�Â�Ä�n�\�Ä�>!�o�p�q�r « VÁ´�>�V��:�;�»�s�t�u X A�û�v�L�>�þwKJcO�w��V�W�A [�\ l�m�£ Ä��G�wx�ikl�a¤_

• :�;�A�V��:�;�>�Ì�Íy5PÐ�z�y�Â�{�ü�|�ã�>}�~KJ�Q�G�ÒÁÿY��»�>�G�H�e�§��a�> DefCon þ�e�� JRA��Ì�Í�>#z�rA�û��ð!��`_• Â�D 19 �'>�Ay�� ¡�w�OCP�Q�G�w��ùJ N s O��°'§�� ÒÁÿ��b�d��'��:�;'>�TU|Jc}#��>[ �� o�B�b�d#�� © ��>�:�; "

�� Þ�G � ¢�:�;�ã�>#�� " _• b�d�>��n�� Janet Reno � ��:�;<�= �È�>�<�=�ã¡¢£C¤ZPÛ|JM��G¥�Ø�d¦#§¨�¥�<�=©�ª É�ø (National Infrastructure Protection Center -- NIPC) _• «�d�> f �¬ w�n\�Ä�[!®�¸��G¯�°#±L|J ��²³ ¬�´ B�q s «�d�� µ¶`_

1.1.3. · · ·¹¸¸¸»ºº º!¼ ¼¼y½½½y¾¾¾y¿¿¿yÀÀ À§��K�CI�aÁÂ·J [�¨�[�\�© Ò�ÿ [�\ ï�Ö,-�ÃÄ�>�Å�´ÇÆ�µ�ò�È ª ��É�Ê)Ë�>�� (DDoS) J oÌ >��'��t�Â�Í'>��m�á�Î�Ï�Ð�n 9 � yahoo.com, cnn.com, amazon.com, fbi.gov A�û�ÒÊÿ�Ñ�O'>Å�´ J ¥�y ��m�þ�ÒK�> ICMP �Ó�üÔ�»�É�Õ \ N»*Ö×�Ý�Ø&Ù t o�u�x�y ping flood z`_ o�D��BÁNYn�\�Ä�>��á��ô�RKJcO��m�Ú�Û��Ø�G�Ü�r�`��t�>��m�»Ý�Þ�¢�<�=�ã�]�^�> [�\ (�)*KJc��G�<�p�x�yàßâá�ã��ä >�m Nå Û�m��§�()�* © J�æ�ç�§��Â��Æ�T�U�>(�)* ©�èé ÂD��KJ�A�ê�ë�Ð�ì�>ÅÁ´P��G��t� �Q�Ð�n�w��m�á 9 �|J N s o Ì >��|JcÒÁÿ»[�� \ NY*�A��m�>�f ��í�é�î õ��>Î�Ï�¡�¢�ï�ð ® Jp¥�y� �Q�§�Ï © W�¸�µ��¢�ï�T�> Y�Z Jhn��Ó�B��ñ��ò á�BAñ{ôó >�»�üÔ�> _

4 õ õ õ 1 ö ö ö . ÷ ÷ ÷øøøùùùúúú�ûû û#üüüýýý

þ ÿ�� û�� ú�� 9.45 � û�� "!$#�%�&')(Computer Industry Almanac, 2004 *+ -,.� (

• /1032345�1�3� 225 6�û37ý�ùú58595:3;56) =<?>3@5A5B5CEDGF5H5I5�KJû CERT L5MENGOQP 1

• <?>5R CERT ûK;565S 2001 T�û 52,658 6+ U@ 2002 T�û 82,094 6) UV3W5@ 2003 T�û 137,529 6QP 2

• X3Y5TENZ \[GB5Y3]5^1_5`ûK�1�3�5 5a3b5c5d3eû�ú35f3g3h5i5jk Ul5:K2541m 132 �3n5oQP 3

p1q ù�úsr?g1etm IT u1vsNQ xwty5z121v5{1|�ý�û3}�~�P=��ý1#3%3�5�185�5�5�3�18�û3�5�) x�3�÷ø�1�t� x�1�1�141�1�1�1�t��û3�1�+ x&5�1�÷�ø+��1�5�t#K�1�5�1�5 24 ¡t��út0K¢1£¤P=¥1¦�û5�5��+�U�5§5�5�5�3�58�û3¨5j3©) Uª5«5¬3e5�ûK®3¯5°ZP±1²1³ û) �÷�ø1�1�1 �ûù�ú181z1ª1wty ±µ´?¶ û5·3¸¹ x�ý�º¼»5w1]1�5�1½5¾1¿1�k��1�+�-À � �1ÁÂ #5��û5Ã1Ä1Å1Æ¹ �º¼»1w1]1�1�Ç!È�1�1e þ ]1�1�û5]t�5*5c1¢5£1É1¦�û5Ê5�tË5Ì3£1w1]5Í1Î�û�ù�ú85Ï3Ð5ª ± 7ýûZP

1.1.4. Ñ Ñ ÑsÒÒÒsÓÓ ÓµÔÔÔsÕÕÕsÖÖÖ/twt×t��¬Cû1«t¬tØ�Ùt½tn�Ú1Û�JtJ1Ü (AMA) �tntÚ ptÝ1ptÞ �t�t�1J�Ü (IEEE) ©tßtà1át� Þtâ c1ã��û5ä1å1�1Ï�ö¹ �#5��ù�ú5æ1ª3½1�) xçµèYùú58�ûKéµê.�5�5ë1ì5íµ,?¦3î1ï5ðtm CIA(Confidentiality,Integrity � Availability) û3ß5àùú385Ï5ñ) þ ]5Y5ò�û3ó3ô5ª5�5&5õ3257ý1#3�û3ö1`3÷5ø3�5ùù�ú38ú5û û3w5ü5z5ý3þ�û�ý56QP-÷5ÿ ÿ ÷��ûKÊ3�� CIA ó5ô (

•Þ�� 8 — 7ý�û3#3��5�µ[ w5�5;�5��û3]1�Kc5�5�5�5�+ �5{ý��3á��5g��û5#3�5Á��5�5��¹ ��1å1&��¹ �#5��û Þ�� 81�5�1�5é��û5]1�5��1�1#5� ² Ü��1g��û5]1�5c��1��1��) å5½� �!�û"�5�5��#5�û�$5�QP

• �5�58 —²�%�& ÷ ² �5�5� ² �5��û5À � Ê5�5&��'1#3�) �3g��ûK�5�5�1|�(��3á�) ��* '5��+

l57ý5#3��û3��, P• z5�58 — �1|�ý5�+ Ug��û3�5�5� %�& ��-5¾1�/.105��25�3�1#3�) z5�58�35ª3w5×5��4) �5�5�L1��û�5�61��7t��û�8�91ÿ1z5÷1��:t#K�¤P þ�;�< ª5÷�=/>@?.&�A�B) ��5{1�5��û�,.¦E[?�5 1�5�C�D �3��) � û3«3¬��E3c5�3��û3�5�5ò�FE,?¦�G (SLAs) P

1.2. H H HJII IJKKKJLLLJMMMp5q û�ùú58 ;�< Ð�>5m3Y3]�N�O�û3·�P�Q+ ;�<�R m�S3á (

• Ì�T• �5�•�5�

þ Y1×�U�V�û�P/Q5��ºXW/Yù�ú181Ì1£�û5·ý[Zmûk x� þ�\ S1áµN?�1w \�] P/Q) _^sN1��`��ºXSá�ûtD1a5÷5ø5½3¾5Ì5£�b � P

1. cedgfih[j http://www.cert.org2. cedgfih[j http://www.cert.org/stats/3. cedgfih[j http://www.newsfactor.com/perl/story/16407.html

k k k1 l l l . m m m�nn n�ooo�ppp�qqq�rrr�ss s 5

1.2.1. t t tvuuuvww wyxxxz�{�|�}�~�� q��/��/�@��_��q��o�p�� ¢¡�£��¤�¥

• ¦1§�¨�©�ª�«��• ¬��®�¯�°�±�²�m�n• o�p�³�´�µ�¶�·• ¸�¹�º@»�q�¼�½�¾• ¿�À��À�Á�q�ÂÄÃ• Å�Æ�Ç�È�ÉËÊÍÌ�Î ~�Ï ��Ð Ï � Ñ�Ò�Ó�¼Ô�ÖÕ�×�Ó�¼�� Ø�Ù�Ó�¼��_Ú�Û�Ü��°/Ý�Ó�Þ�ß�à�qâáã¬�ä�åæ�ç

1.2.2. è è èvééévww wyxxxå æ�|�} Ú�ê�å/ë�ì�í��î�ß z�{ ��ï�§�� |�} ��/��/q�ð�ñ��Þ�ß �òå æ�|�} «�ó�ô�õ�� Ì�¸Ú�ö�å æ�¥

• ¿��• ÷�ø�ù• ï�§�ú�¾• ð�ñ |�}�û/ü (ACLs)

• ý�þ�ÿ��³�� {1.2.3. � � ��vwwwyxxx��|�} È�� Xo�p�³/q��ë�s��¹��/q��Ú�ö�� !�"�È�#��Þ�ß�à$ Ú�ð�ñ�%�&��('�� ¥• )�*��+�,• -�.�q(/�0� �þ��2143�5�6• ��7�8�ß��Ý��q(9�:• ��7�q(;�<��=�51.3. > > >@?? ?A�B�C�D�E GF�¹IH1o�p�³�qIJ �LK JMK��«�ó��NÔ� $ Ú@�4O�P�Q Red Hat Enterprise Linux �SR�ÈT�U q�o�p�V�9 �¢s�W�X�� }�Y ��Z/q�o�p�V�9��[�È ��\ ]F��^�o�pI_a`�q��¹ J1��b�c �ò¹��"��Ú�d��Se $ Ú � ��f�g�h�i�j�äÔ� B ô�k(l�m�q2n4o �S��f(p�q�r(=�s�t û�u �

6 v v v 1 w w w . x x x�yyy�zzz�{{{�|| |(}}}�~~~

�2 � .� � ��

��G�� ¡�¢¤£�¥§¦�¨��©�ª�«�¬��®�¯�°�±�²�³�´��µ�¶·�S¸�¹º�»�¼ µ�¶�½L�S¡�¢� �¨�¾�¿�À�Á�Â�«�¬��(Ã�Ä�Å�ÆÈÇ2.1. É É É@ÊÊ Ê@ËËËÍÌÌÌÎÐÏ�ÑIÒ4» ��Å�Æ��Ó�¾�ÔÖÕ

1960 ×�Ø ��Ù�Ú�Û�Ü�Ý�Þ (MIT) Tech Model Railroad ß�à�á �ãâ�ä�å��æ�ç�è ��é�ê�ë�ì�í�î��ï(ð�ñÈÇ Ï�Ñ�ò â�ä�¿�¸�ó�ô��õI£a�aö��÷Iø�¶��workaround

� ß�à�á�ùú�û�ü ��Å�ÆÈÇý�þ�ÿ�� Ï�Ñ�» ��Å�Æ��ª�¿�À�� º��ý�� å��ÈÇ æ á�� Ï�Ñ �� ò� ��¹�í�� ³�´�� !��"�#��·�%$�&�'�(��)�Ä�*�â��Ó�+ÈÇ ��,�-��. ��/�0 � ó��1�23 ¨�â�ä��â�ä��4�65�7 Ï�Ñ �S��ª�¿ » ��8�9��:�;��Å�ÆMÇ<�=�ü � Ï�Ñ�>�? ��@�A�7 ÎÐÏ�Ñ�B�C¤Ò ��D��L�E*GFIH�¨��J�K��Ã�L�M�Â ò ¡(��ON�� P »¼ M�Â�Q�R�S ò�Ï�Ñ ��T�U Ç ¸��M�Â�V�WÈ��Ä ¼�Ï�Ñ�X�Y�Z�[�� ³�´�\��]�^ ü ��Ý�_�`�aÈÇcb[�» ��dfe�� æ�g 1�2 X�Y ª�¿ Ï�Ñ�» ��Å�Æ�À�� º�h Ä�i�jlk%m�Ó�÷� ò�n�o ��Ó�+�À�p�q�r�s�³�´�� ! Çut [�» @ ��Ï�Ñ ��v�w�x�Å�Æ�7�y Ñ

(cracker) —¸

1980 ×�Ø F6V =b Ï�Ñ�z�{ ��Å�ÆL�O|�} � »�~ ��R�SÈÇ

2.1.1. � � ��4�� ¸�R�S�F �O��®�¯�³�´�� !�� [�� @I£6��fS�ñ��O1�2f|�â�ä��\�� ÿ�� " ��"��4�6��À�� º�»�¼ S�ñ��N » ��6�� Ø�� â�ä��aÓ�+ Ç

white hatÏ�Ñ2ò2þ�¼ t� 4!��³�´��4��2��4��ä2�� ô�|��¢¡(±�²��ä�'�£�¤�¥�� E12

white hatÏ�Ñ ®�¦�â�ä�Õ¨§§��³�´�÷ ò â�ä��©�ª��«�¬�' Ñ� ��³�´ÈÇ Ý�Þ��®�¯ ú ��Ã�L��°Iø ò�» @

white hatÏ�Ñ � ~ ��±�� Ç

black hatÏ�Ñ ��y Ñ�ò �§¾��L�S��²�À�³��Oy Ñ4´ v�p�Ã�µ [ ��å(��Ýf_�¶�·��a³�´�±(²L�Sâ�ä�1

2�¸�¹��ª�¿��®�¦��·�Eº�»�®�¯�³�´GF6M�Å��£f¤·�E|��¡�d4��¼�½ ��¾ ��¿��J�À��÷� ò tÁ �f��³�´�÷� �!��®�¯ ÇÂ ��¶�·L�S¸ æ á�� Ã�Ä�Å�� grey hat

Ï�Ñ�Æ Ä��white hat

Ï�Ñ�Ç �4��È�_��Ó�+L�Op�É�Ê�ª�¿�â�ä��M�Â�¸�v�p�Å�¾�� Á � ü ÇÌË�Í��|�³grey hat

Ï�Ñ�ò � � �� black hatÀ��Î�Ï�5�Ð��

whitehatÏ�Ñ Ç

<�=�ü �grey hat

Ï�Ñ�Ñ�>�ý�Â ��@�D�� Ï�Ñ�B�CÓÒ%Ô � Ï�Ñ p�Õ�Ö�÷�×�Ø�Ù�Ú�J�À�� þ�Û ±�²�³�´��Ü�Ý æ�Þ ÇÌß�Ä ¼ ��Ê ��à ��±�²�³�´ =�û�á�ò p B�C �f��7 Çp�â�±�²��Ó�+�7�"·�äãå¦�y Ñ v X�Y ��®�¯��£�¤ � ¸ ò�æ ¿��L� » ��ç�î��*�è á�é ��ê�ë»�¼ µ�¶ÈÇ

2.2. ì ì ìîíí íîïïïîðððîñññóòòòõôô ôîöööé�÷�å�¨�Å�ø�ù [ �!��ú��û�·�� Ñ�ü�ý�þ °�«�¬��ÿ��MÇ2.2.1. � � �� G�� å�¨�é�÷�� !·� Ñ 7�� ª�¿� �� ¶��'�� Ç ��| ��, ��7 <�� }�� !�� , Q�� !·� á�� ¸ n�o�� f}��EÊ�p�!��#" ü ��$

—� �� %�&�Ü�5·�Oß�'�¯ Ñ Ä��ó�ô »�(�) �O��®�¯ÈÇ

8 * * * 2 + + + . , , ,�---�...�// /�000�111

2.2.1.1. 2 2 2�333�44 4�5556�7�8�9 .;:�<�=�> 9�? 4�5�@BA�C�D�E�FBG;HJILK�MBNBO�P�Q�RTSVU�WBO�@BAXILY�Z�[B\�]�/�5;^]_IV:#`�2�3�a�b�c�d�e�f�g�U�hjiLk�l�m�n�o�p�q�1�r�s�t�u�vTI�[�\�]�a�5�^#]�w�x�k�t�u�2�3�sy I{z�|�}�~��}�~�� 9 t�u�g��S�Z��.�a��#��O��.jI�� arp �� ?�� a MAC � ��A�¡�¢�£�¤ � ��jI�¥�¦�k�§�¨�F�©�ª�«�¬��®�¯�>�°±S

2.2.1.2. H H H³²²²�OO O�´´´�µµµ�]]]¶ o�p�·�C�O�4�5�¸�¹jILf�º�[�H#»�O�¼�½�F�»JS¿¾�:#À�Á�gÃÂÄq�Å�Æ�ÇjI�w�x�K�È�O�µ�É�D�Ê�C�Ë�oÌ#Í�Î >�O�Ï�]�ÐJS¿Ñ�:#´�µ�]�Ò�Ó��_I�k�F�©�Ô�Õ 8�9 I�Ö�Å�×�WjiLØ�Ù�k�H#Ú�Û�Ù�×�g�4�5�ÐjI�ÜÝ O�0�1JS¿Z��k��Þ�Ï�ß�|��_IL¥�à�p�4�5�á�w�¸��â�ã��ä�å�æ�O�æ�ç_I�è�é�O�ºjILt�u�£�¤��ê�>�w�ë��ì�í�î�ï_I�ð�ñ�ß�|�ò�¢JS¿Z�ó�o��_I{k��H³²�Þ�Ï�Û�Ù�×�g�o�ô ��õ à�p�4�5�O�=�ö�÷ø#ù S

2.3. ú ú úüûû ûüýýýüþþþüÿÿÿ�� ´�µ�]�O�D�E�R�/�4�5�O�D�E�R�o��P�Q_I��g�´�µ�]�H �� ¡ ÃÂ��n�:��O�P�Q�t�ujI��Z�o��´�µ�]�ß��XI��BÔ�ê�`��ÚBK��æ�ò�¢BaB� 9�� H�K�ÈBO�� ! S#"�$BO��%�&�'�o�(�Þ�QBO)* S

2.3.1. + + +-,,,-.. .-///1000-222-333544 46 667///1888-999-:: :; à�D�Ê�O Red Hat Enterprise Linux <>=@?>A 1,000 B>C��>D�»�/�E�»>F�S�=>A Ý �G�O�´�µ�] 8�9H=��D�Ê�K�È>I@JTi�K>)�O L�©�º>M�D�Ê�U�W@N�>jIPOQ�� R�Q�O�´�µ�] C��>D�»�S#ê±S6�7�8�9�HUT Ü �>VW O>XY�º�n�ìZ�D�ÊL�Á 6�7 vjI��>[�È\>]�|^�D�ÊÃÂ ¥>(@D�»JS k�È�ê�>�w_` o(1a * VW I��g>b�¾�w�D�Ê ÂÄ=R�Q�O�µ�ÉdcL��`>e�ö�O�ö �f>g I�Ùh�ê�>-i�j>k�Æml�S¿kx�w _` Y�Z Telnet, DHCP a DNS n�=R�Q�O�µ�É�Õ 6�7�8�9�H =o>Y�O@Y@p"�C�´�µ�]�aq>Lr�Ðs�t ILZBó�x�w��uB=�R�QBO�4B5�v�w�xB��´�µ�]XILaB.�ð�ñBg��Æ l�xB� 6�7 O�·�CB5�y S#z�{| * 5 +±`�¢>u ø>}�~ }>��`>�>��å�µ�É�O�t � S

2.3.2. + + +-��-�� -///1000-222e�ö�D�Ê�H#K�~>��O Ý ��G�´�µ�]C��D�»�á�º�1��h�^�æjA>��O@��AjIV^#ÕU��j�C W��>�>� ¼L�:��jI��@Z�O D�»>��á1i�j>�>�>AjI{Ù>h�¾�:³O@D�»>�@��á1i�j k V>� �>h>�@�;Â SØ�Ù_I�k��Ð��[�È ;� O>��A_I�Ùh��º�È�ê�`@�x�o�ç��O> T I�O>¡_I�¢@£�O>��A �� [�È¤ Z�K¥¦-i�jjA§¨�æ��_I�k�º1�g�@©�ª>x�� W��@�� H±I�a�ºU�g>�>b�¾�=�Z � ì�´�µ�]�A>«@¬>�SD�» Æ V .�/ 6�7�8�9-H j ��V1� ´�µB]1C��D�»ÃH�O�D�»��1� I¿�Bx-��Z1��®�C�D�»��1��¯1°B`�BD�EBR�� ø OB4�rXILYBZ Bugtraq ±�²U³�´ (http://www.securityfocus.com) a�µU¶B4�5U·�Ï�� 9 HÚ (CERT) O�4r (http://www.cert.org) S�¸�Ø�k(�Ï�¤�¹�Õº�m»¼ ø Õ�D�E�R½¾�OUa * º¿�È��OF�©_I�=AÀ�ØuÁ 6�7�8�9�H ºÂ�Q1S�v�O@�Ã�ì@Z�O 6�7 S¿k�ºÄ�¹�O>X>Å_I�#g>��>Zb�ê�`�¡¢�k(��Ë�O>½¾¯°�µ�É_I��h�xÆ�v�O��k�p�t � �>� ? �>j�Ã�O 6�7 S�Ç�O 6�7�8�9 R�QºÈ Údc�j � R�O D�»>�>�>¯@°�`>�>Æ�n�O 6�7@É@Ê `@Ë>Ì�o�p�è�D�E�O@µ ¶�¼�½ �@� Sz>{ | * 3 + `�¢>u ø Õ@Ì>Í 6�7>Î@Ï è>£�O�è�:#t � S

Ð Ð Ð2 Ñ Ñ Ñ . Ò Ò Ò>ÓÓ Ó@ÔÔÔ>ÕÕÕÖÖÖ@××× 9

2.3.3. Ø Ø Ø-ÙÙÙ7ÚÚ ÚUÛÛÛ-ÜÜÜ-ÝÝÝ-ÞÞÞß�à�á�â�ã�ä�å�æ�ç�ã�ä�è�é�ê�ë�ìí�î�ï�ð�ñ�ò�ó�ô�çõ�ö�÷øúù�û�üSystem Administration Net-

work and Security Institute (SANS)ù�ýþðñòÿ��ç>ó��

" �� ç��>ê��>ðñò��ßà��ç ��Õ�� !�"�#�$�%�& " ' 1 #�$�(�)�*�+�ÿ�, ��- ç>ãäèé�ê��.�0/21�3>ÿ�4�5�6ç@ã@ä>è>éê 'à�7èé Ô�8 �9�:íîï Õ %�&�; ù�à�7è>é Ô�<=8 ��>�?�@ ãä�A�B�3�C�D�E�F�ç�G�H�I 'KJ ø$�L�M�ç�N�O ù < ëßà�P�Qî�R�ç�S�T�U�V�3�W�X 'ZY�[ ��( ù ø�7�\�]�^�_à�S�T�ç>è>é Ô U�Va`b�T�c�\�]�^�d�e�ç�f�g�T�c�h�i�j�1 ù�èé Ô�k �@ð�l�mç>Ðø �� n P�Q�U�V 'po�q è>é Ô ß>à�PQ�#�U�V ùsr�tvuxwëóß ��- ç�y�z ù|{�}��+�#�~v� ç�S�T�U�V ù|��\�]�^�ç=!�� '�� #� ë�� Bç è>é Ô ù|L=M�N�Oç��ø�� '

2.3.4. � � ��7ÚÚÚ�� o ~��ç�C�Dî�R��ðñ ùZuxw>ó� �¡�¢�B�ç�~��{ k "�£@ðñ>ò�¤�¥>ç�¦�§ Ô ù [�o à¨�©ªî�Rë��T�«��¬��w�+��1�®�C�Dç�¯�°�±�²v�³�ç ùµ´ � ø�¶�·>î�R�}�� ¸ C�¹�C�D�º�� ùµ#�$��T�»��¼

—C�¹=C�D��>ë��½�1�®ç=C�D�¾�¿ '

Àðñ�C�Dî�R�ç>ø�$�Á�Â@ë�r�7�Ã�� Ä U�w�+ Ô�Å�ÆÕ U�V�ç�Ç�È�É�g ù [�o Telnet Õ FTPî�R '� o ��Ê�Ë�w�+ ÔÕ ·î�R�÷ à�Ì�Í�Î�Ï�d�e��Ð @ C�D�E�F ùµw�+ Ô�Å�Æ>Õ U�V�¬ k�Ñ�Ò�Ó�Ô �Õ� '

o�Ö çî�R�� Ñ�Ò�Ó�k "�£�×�ñ�%�Ø�² Æ ç man-in-the-middle Ò�Ó ç�¦�§ Ô ùp��#�ª�Á�Ù�ç ÒÓ¯�°�± ù|Ú�z�Û ¸Ü�Ý��Þ�ß ç�C�D�àm÷ Å�Æ íîï�� á ��ç�6>ï � �>ë�S > ç>í@îï��â�ã�C�D�EF ' ø�¶�ä�� á íîïv�xåø�$�Ê�Ë�&�Ø�æ�ç ù ÒÓ@Ô ç�6>ï�¬�è�éø�$�ê�ëç>è�ì ù�ð�í Ô�î �Ê�Ëî�R Õ�ï ��Õ��\�ðUç��ñ�¯�w�+ Ô� ò' � Ö ª�¯�°�±úùsÚ�z�¬�}��í�î�ï�3�w�+ Ô ��ñ�¯�ç�¯�°± ùó��>è>é��>ç�U�V��raw data '

J ø�ª�Àðñî�R�ç�Á�Â�Í�ôöõ÷C�D�I�øã>ä Õ \�ð>î�R ù o NFS3

NISùs«��ë�v�x³��w�+��ù�ú

C�D�ç ù|��. Ñ ��û�ç=ü�ý�þ�ÿ��ú�C�D�ç�� £öõ Ê�Ëç�w�+ Ô� ' S�T�¯�°�± ù NFS ßà�T �®��>ç�Ç�È�3�×@ñ�6�� Ú�z��NFS �� º��và ²��>ç�\�] ' NIS �� C�D�à�ç��>ø��ýþ�_ �� ñ�ì î ø�$��ç ACSII3

DBM (ASCII �� ç )\�]�^�à�ø�7�â��ç�\�ð ù [�o U�V

Õ I�ø�º�� ' ��#�$�\�]�^�º��ç�Ú�z�»�}��º��C�D�à!�ø�$�w�+ Ô"# ù|Í�ô>ãäè>é�êç "�# 'S�T�$ ù

Red Hat Enterprise Linux k�%�& #�Á>î�R `|´ � è>é Ô L k ³�' ùµ#�7>î�R�À�+��} ùp� Ö w+( ø � ��¢�B�T � ' � o ��>ð>ñç=É�g�T � #�7@î�R ù*)�+�,�Ð 5 Ñ '

2.4. - - -/.. ./000/11132225444 PC 6 6 6/77 7/8883999;:::=<<<%�&�; Õ> + PC

{�¨��?�C�D Õ í>î>ï�r�@ Ó ½�ÿ Ò>Ó ùµ��.��x£�«�� L�º�Aöõ â��@ç�\�] ù o 1�+B�ç�\�ð ùZ� Ö «��{�"�£>ãä�Ú�z�ç ÒÓ;CED ' %�&�;�{�}F��w�+ Ô ��ñ�¯�ç�¯�°�±��¤�¥ ù � ÒÓÔ w�+��G�& " HI "

ç�6ï��áâJK�g ÒÓ ' ¸ �#�7��L ùKõ ß ø��%�&�;ç>ÿ��}�� w�+ÔM �â�N>ð�l�&�Ø>ã>äç�O�P ùµ3 Ô ë�Q�Q>ç ��SRUT �V��ç=\�] '

2.4.1. � � �XWWW7ÚÚÚ�YYYXZZZ�G�ç�U�Vë ÒÓÔ ��ãä��ç>ó[S\=É�) ' � õ ß�o �] M �^�_�U�V � ùµL�`�ÿçab ùc)+�,�Ð

4.3 d '

1. egfihgj;k http://www.sans.org/newlook/resources/errors.html

10 l l l 2 m m m . n n n�ooo�ppp�qq q�rrr�sss

2.4.2. t t tvuuuXww w�xxxvyyy{zzzX|||Xxx x{}}}X~~~��X�U�� ¡�¢£��¤¥ p�¦§¨ ��©�ª��¬«®¯�°�±²�c³�´ ¨ ��µ¶��{·¹¸Sº�»�¼�� Telnet ½ FTP�¾�� nop¿ÀÁ�Â

§ »�¼{Ã!Ä�Å��ÆÇ�È�¤�¥ p�É�Ê�q�Ë�Ì ��Í�Î�¤�¥�Ï�Ð�Ñ�Ò�° ¦�§ ¢�£�¤�¥ p ��Ó�Ô�ÕÖ«× ¤�¤�¥S��S�Ø�ÒSÙ�ÚÛ�Ü´SSH

�Ý³�´�¢�£S��¤�¥ p�Þ ��ß�©à�á�âSãS�¥Sä£Så�¥�æ�çÛ�Ýâ�ã�èª�� À{é�ê{ë�ì{í{î æ{ï�� n�o «ðS¯{°S±ñ� v.1 SSH��¥{ä�£{ò�ó{ô ë{ì °3õiö�÷�� SSH

��{��

X-forwarding n�o «®��ø�ù�ú ì ��²� n�o�p�¿�À�Á�û ��»�¼ §�ü ¥ä�£�ý�þ�Ô��ÿ��þ�� q�� s « � î�� v.2 SSHÙÚXÃ�U��c��¤¥ p� ��ÿ�� î å¥æ�ç��´�� ©��ã�à�á¬«

l 4 m ��!�"�#�$&% �� q'�( ¤�¥ p å ¨��)�§ ��*�+ Á�,�-�.�/ Ó�Ô�Õ��¬«

II.0 0 0211 1

Red Hat Enterprise Linux 3 3 35444266 627778�9�:�;�<�=�>�?�@�A�B�C�D�EF�G�H�I�J�K�L

Red Hat Enterprise Linux M�N�OQP Red Hat EnterpriseLinux RSTUVWXZY�[Z\�]^_Z`�a Gbcd Megfih�jlkm�nporqs�tuv L `�wxQPzy{�w|}�d S�~�� >�?�� N��`��U��W�X��f�� &�� 3 � � � . v v v L L L�� ................................................................................................................................... 134 � � � . M M M�NN N�OOO``` K K K�LLL ............................................................................................................................... 195 � � � . R R R�SS S�TTT�vvv L L L�� ............................................................................................................................... 356 � � � . � � �� WWW�XXX (VPN) .................................................................................................................... 477 � � � . � � �� .......................................................................................................................................... 55

�3 � .� � � �� ¢¡¡¡ £££ ¤¤ ¤

¥¦§¨©ª«¬Z®�¯±°²³´µ¶¬·�¸¹Zº�»¼½¯¿¾ZÀ�Á�ÂÃÄ�ÅZº�ÆZÇ�ÈÊÉË¶�»¼Ì�ÍÎÏRed Hat Enterprise Linux ÐÒÑ ºÓZÔÒÕZ°Ö¯Ê×Ø Red Hat, Inc. ÙZÚZÛZÜZÝÒÞ�ß�àZá ÓÒÔÖ¯z¾ZâZãåäæ ÈiçZè�éê©ª«¬Z®�¯±ëìZí�îâãï�ðòñôó�Ìõ¾�âãï�ðZºö�÷øù�Èiú�ûüâ�ãïð�ìýþRed Hat Enterprise Linux

ÓÔ�ÿ�¯��Red Hat

º��½¯� �û��¾�â��ïð�´�µ�� ß È ú�� É�Ë�é��ÿ��â�ã�ï�ð®Q¯Red Hat

º�ï�ð��ì��¶�»�¼º�� !�°�"�#�$ ä æ È&%�³Òä æ °â�ãQ¯('�)�*�ì�+�,�Ó�Ô��¯¿ú�û ÞÒß â��ï�ð�ÈÉË�-�.�/�0¦�1�2Zº�ÂÃ»¼´µÓÔ Þ�ß ¯�'�)�3�4�5�6¦�7�8 àá ¶Ó�Ô½¯±¾�À�Á�1�2�9�:�0üÄ�Å�ÆÇ ÿlº�®<; È3.1. = = =?>> >?@@@?AAA¥¦´µ�1�2îZº�»¼Z®�¯� �B�Cõ�D�EZº�F�G�H�I�´µ½¯¿°�J�K�L�!õ�¾�M�N�O�P�Q�5°�J��-�RTSÐÑ�U øZº�ÓÔ½¯�F�V�W<X�/�Fâã�ä æ º�´�µÓÔQ¯��Y�Z�ÿ\[��-T]l°�J��TS�º�©ª« ä æ ¯(^ Û_�`�a�Å�b�c�b�d�î�È&e�É�§�f�É�g�h�iº�j�¯(k��ml�/�n�É�o�p�ö Ñ º RPM

F�q�r�s�tº�©�ª�«�u�ð^�v�w�x��y�ä æ º�zÅ½¯|{�g� �B<%�Cõ�D�EZº�F�G�H�I

RPMs¯�nÉ�C

Red Hat, Inc.¯�^�}³�q�~¶�Ó�Ôº��¾�q�r�_�º��«�È

Red Hat �� ¦��J��¯¿¾��-��lâ�ã�ï�ðº��È1. Red Hat Network

îT�m� ß ^�õ � H�I2. Red Hat Network Errata

b��î��m� ß\��

Red Hat Enterprise Linux �� m¡�¢¤£¦¥�§�¨�©�ª Red Hat Network «�¬��®�¯�°�±�²�³µ´(¶�· RedHat Errata ¸º¹º«º»�¼�½¾®º¯º¿�ÀÂÁÄÃº¸º¹�«�ÅºÆºÇ�Èº²º³�È�ÉÊ¬�Â´

3.1.1. Ë Ë ËÍÌÌÌ Red Hat NetworkRed Hat Network Î�Ï<Ð�Ñ<Ò º�´µ�Yïë�ÓµÔºÕ�Ö½¯×_�õ�Ø ß 1�2�Ù³Z×�Ú RPM

ÓÔ½¯±úû Û _�)C�©�ªº�s�t�Û�H�I�H�F�¯Ü^�}�q�rRPM

��¾�Ý�²�_�)�Þ�-�ß�à�á�Y�¯ ú�û��´�µ�_�)�È ¦�õ�¾�7�8+�,�Ó�Ô�©�â�¯ ó�!�Ì�ã�²�ä�°�J®å; Å�+�,�©�â�Èp�æ° Ñ ³�+�,´µZº�ç�è½¯ Red Hat Network

ë�Ù³°�J�1�2<é�ê�s½¯(1�2�é�ê�s�ÿ\��-T�\0�ü Ñ 12Zº�ë¼��»¼Zº�é��½¯±ü�Ú<é�� Û ì�ß�ç�ìº��zQ¯ � }��ì�í�î�ï<ð Èiü�J<é�ê�s<%�/�0�$²×�Úâ��ïð´µ�.�/�0�æ° Ñ 1�2�¯ ��ñ�ò _�º�jQ¯ Red Hat Network Û v�w�$²¶�1�2Ì�ó�Ù�³�´µ È¥°�J©ª«Zº�â��ïð2ñôó�!�ÌÂ�Ã�ô�õº�â��ïðù�� ß û½¯ Red Hat Networkì�ö�÷°�ø�ù�ú�ûÔ�¯ÜZ�ÿm��-�¶�â��ï�ðÕýü�þ�¾�ÿ�·�¸�¹Õý1�2º��g¯ É�³�Óý/�´�µ ¯��l�/

Red Hat´ ´ ´�µµµ��ïïïð ð ð ó�!�Ì��Y

http://rhn.redhat.comb��ã�²�³�´�µ�Ó�Ôº�®�ï È

� �� Red Hat Enterprise Linux ¼�� Red Hat Network ® ®®m¯¯¯mÇÇÇ��\±��! �� £#"m¥�$�%± Red Hat Enterprise Linux &(' �º®º¯()(*�¡,+�¢ £.-(/(0(�21,0�±43(� � ´ � 5 6 ¬ 7º¸ 8�©(9(:�;,<(=�(>()(*�±º®�?A@Ê¿B� http://rhn.redhat.com/help/basic/applet.html

14 C C C 3 D D D . E E E�FFF�GG GHHH�III

JLKNMPONQRed Hat Network RPSNTLULHWVXRZY\[ ]_^L`LaLbc

http://www.redhat.com/docs/manuals/RHNetwork/ R Red Hat Network `�aedgfh](iej�k�lmhttp://rhn.redhat.com n

o oo pppq2r�s2t�u�v r�w2x�y�z2{�|�}�~��2�!� ��q�y�z2{�|��2v2t�u��~��2��2��(�

3.1.5 ��(�(�2 ,¡ ¢(£�¤ y(z {(|(¥(¦(§ ¨(©(¥ v4ª2«(�(�B�

3.1.2. ¬ ¬ ¬® Red Hat ¯ ¯ ¯±° °°®²²²®³³³®´´´®µµ µ·¶¶¶¸ E¹F¹G»º¹¼¹½¹¾¹¿»À¹ÁÃÂÅÄÆ]�ÇÉÈ¹Ê¹Ë»Ì¹Í¹Î¹Ï Red Hat RÉº¹¼¹½¹¾»ÐÑ»Ò

http://www.redhat.com/security/ n4ÓÕÔBÐBÖÕ×»]Ø^BÙÕÚBÛÕÜÕÝBÞÕE�ßBRBà�á·âBãÕäå]ØæÕÙÚ security çèE�F±éê]ìë�í�îïÐïÖðËïñðÛïò�ó Red Hat Enterprise Linux Security Advisories çèE�Fïôõ éön Jð÷ ÛðÏðÜðÝð×ðEðß�R�øðùðúðûê]üòðó c EðFô õðý·þ ]ü^�ÿðí�� þ ø�ù�� ]��ðH�� nÏ��ðR��Ö��E�F�GðR��®Y2H�I��û�º�EF�G�� ]��Røù �!�"�óönK í�#ðHðI��ðûê]ü^ðÿðí�$�%��&�' Red Hat Network ]üæðÿðí��ðû�(�)ê]�*�+�,�-�.ð× n0/�1ðô õ Ûô2��3�IðR5476 ]98 J /tmp/updates ]9��*+Þ:í�#ðR��ûön

3.1.3. ; ; ;=<<<?>> >A@@@=BBB=CCC=DDD ¯ ¯ ¯AEEE=FFFÞ=:®R Red Hat Enterprise Linux �®û=G=H=I Red Hat, Inc. GPG JLK=M=N=I n GPG ñ GNU PrivacyGuard çèi GnuPG é�R�OQP ]ìkQR�S±R�T�U��û ] Q î�V�WQ��û þYX�Z R�[�\�G n^]�8�î�_ ]`��û�Ë� Red Hat R�abJ�K�c�bed�fQgh�i�j OQ j�k Q ÍQlhJK�[b�mnN��û�R�[\�Gön J�÷ Red Hat ÁÂ�R�ÍLlYJ�KðÏ�n�N�Ið½ þ ]�o�p Mq ,�r:ðRa�b�J�Kê]�� ý ós��ðût�u�Ì�v�w�Iê] O�Q j�xs�yø�Ô��ûðRE�FGönRed Hat Enterprise Linux zY{R RPM Í Q ½¾�Ë�Ï�E�ß��û�| ]~}7�nN RPM ��û�R GPG ��b�M�DönJ�÷ ÛL��E�ß Red Hat R GPG JK ]�^�Ó�3E�Fo�ðR��i ]98 J Red Hat Enterprise Linux E�ß�. þ E�ßön�� .��R��#��ðk /mnt/cdrom ]ü^ OðQ í��"�ðÊ�J�K��',�J�K�� ç ÜðÝ�×�*�+�tyðø�JK�R��ðé þ Ò

rpm --import /mnt/cdrom/RPM-GPG-KEY

J�K ò�ó Q c RPM n�N��Þ:�EßðR�JK�� ]�^��í�"�� Ò

rpm -qa gpg-pubkey*

� cRed Hat R�JK ]��±Â!Ê�:í�ðR� Ò

gpg-pubkey-db42a60e-37ea5438

J�K ò�óA� c ��3 �JK�R�R�� ] ^ O�Q rpm -qi "�Ä�jc×�×��3"�ðR��±Âö] J �í8��Þó Ò

rpm -qi gpg-pubkey-db42a60e-37ea5438

� � �3 � � � . � � �� ¡¡¡ 15

¢ ��£ RPM ¤¥�¦§e¨�©ª RPM «¬��®¯°±²�³´�e¨9µ�¶·¸¹º�»½¼ Red Hat, Inc. ¾¿QÀY¤¥�ÁÂÃÄÅ�ÆÇ¨9µ´È�É©Ê¾Â�ËÌ��¤�¥Ç¨�ÍÎ�Ï�ËÐ�YÑÒÇÓ

rpm -K /tmp/updates/*.rpm

Ô�Õ °�Ö×�¤�¥Ø¨�² GPG Ù�Ú�Ê�Û�Ü�Ý�ÞØ¨�ß�à�áLâYã gpg OK ä0µ�åLâYã�æ�ç�è�é�µ�¶Ø¨�Í�¹�ê�ë�ìí °�î�¹� Red Hat ïLðYÙ�ÚØ¨�è�¹�ê�ñ�Ù�Ú�»�ò�ó�ôõä0ë Ô ñ��£�ö�÷�ø�ù�Æ GPG Ê�Û�¤�¥Ø¨úYû øùÆÊÛ�¤¥ü¸�Ã �ýþ Ä�ÅÆÿä¢ Ê�Û�� GPG Ù�ÚØ¨��Ë�Ì��¾�Â��Ä��ß�à��±�¾�Â�¤�¥�ÞØ¨�Í ¢ shell �� Ë�� root�� £��¤�¥ÿä

3.1.4. � � �� ëü �ÎÏËÐ�ÑÒÇ¨"!�#��£�$ %�&��¤¥('*)�+-,�.�¤�¥�/�0õÓrpm -Uvh /tmp/updates/*.rpm

Íì í ËÐ��Ñ�Ò�£�,�.�¤¥ÇÓrpm -ivh /tmp/updates/ 1 kernel-package 2Í�� ,�. RPM �¯�3 4�5�§�È�6 78h:9 kernel-package ;½ä²ë <�=ì í ¡� ,�.³�¡Að><ÞÇ¨�ëü��ì í Ë�ÐÑ�Ò�»�?�)A@� ,B.ÇÓrpm -e 1 old-kernel-package 2Í�� @� ,�. RPM ¯ 3�4�5�§�È 6�78h:9 old-kernel-package ;½ä

C CCEDDD-FFFGIHIJIKIL-M-NPO-QPR-SUTWVIX-QEY[ZI\-]-Î_

GRUB Ìacbcdfe R-ShgjiIG-k-JEY[ZlT

mmm-LLLnEocpEqcrsQ-octEucvcwE^c_yxzgWCs{E|>}-~cncvswE^s_c�s�y�EQEqcrc�c�c�c��g��s�c�s�E�s�c�s�E�zT�Cc��I�

3.1.5 �h�I�I�E�[�-�I�c� vIw-Î_I�I�I -¡I¢I�-QPJE£I�I�lT

3.1.5. � � ��¤¤¤�¥¥ ¥¦¦¦¢�§

Red Hat Network ¨ Red Hat Ä��ß�à�©�ª�Ë�Ì�è��£��Ä��ßà�ÞØ¨9Í�«�¬ì í @ �®�¯�° ¨��LðA±�ì í ¡��®� ¯�° ä0ñ�µ�÷��Ü��×�Æ�ß�4�²�³�´� ¡� ¯�°�´�µ ¨��Ë��¶¸·�&�¹�ÐLÀ¯�° �È�º ´�» ¨"��¼ ¢ È×¤¥ ½�¾Þ�ì í �¡� ®�Ñ�� ä

16 ¿ ¿ ¿ 3 À À À . Á Á Á�ÂÂÂ�ÃÃ Ã ÄÄÄ�ÅÅÅ

Æ ÆÆEÇÇÇ-ÈÈÈÉ-Ê-ËEÌzÍ�Î-Ï-ÐEÑ-ÒEÓ-Ô-ÕEÖ-×EØ-Ù-ÏcÚ-ÛsÜIÝEÞEßEà-ÙcáEâ-ãEäåÍjæcçzÍéèIÒ-Ócê-ëcì-ËEÌzÍWí-îEïcð-ñ-òó ÔIôIõI×-ØUö

÷�ø ù�úUser-space

÷�ø�ù�ú�û�ü�ý�þ�ÿ��ø��ù�ú ��÷�ø ù�ú��ÿ��ø��ù�ú�� ý�� ! ù�#"�ø�ù ú��%$�&�'#(�)+*-,�.#��/#01�2�3 Ä�Å 2�4 user-space

�÷�ø�ù�ú�56��7�89��:�÷�ø�ù�ú�#��ø<;��=#>��?�5�@�A��ù�ú�B�� ø Ä�Å #C#�1�

D�ED�E�ý

Red Hat Enterprise Linux F�G ��H�I�JK�L�M�N�O6�QP�R�S�T�U�M��VKW#X�Y�Z#[�\�]^�#_�`��aB�b�!�ù�c#d�#��e F �ÿ�fKP�<;�EKgihj��k�l�d<7�89m�n��o�p�q�r�s�t Å ��D�E��u�v#k��t Å ��Kw#x��y�zr�s��ø Ä Å C��#D#E1�{�|�}Bú�~

{�|+} ú�~�ý�ù�ú��K��glibc � ý�ÿ-�<�>÷�ø ù�ú�Z��c��ø��d��ø�{�|�}Bú�~�÷�ø�ù�ú��,��k�÷�ø�ù�ú��)��#{�|�ù�ú��c�B��ø Ä�Å } ú�~��÷�ø ù�ú�,�� ki7�8�5#@�t Å ��

J��i��k#'�(<;�� 4 ÷�ø�ù�ú#��K}Aú#~��a�� ø lsof û��B�q�>#��c�� lsof /usr/lib/libwrap.so*� 4 û¡�¡¢¤£�� ø TCP ¥§¦ ù ú¡¨ F I¡©¡_¡`§ª¡«§¬c¡d§'§( ; ù�ú§¬®�¯�-u°v¨tcp_wrappers ± O Ä�Å 5��c#²i�9 ù�ú#,�� 7�8-5�@#t Å �#�1�

SysV�#�

SysV�°� ý³k¡´<©°µ ù¡;<�³��·¶³¸ Ã³¹ �³Y ùlúº� SysV

�³��·>°�³dsshd, vsftpdZ

xinetd�

u�»��¼�ù�ú�k�©�Y<´9©�5�½ 2�¾�¿<À k�T�U�MÁ;1��u9v�k ± O�Â�Ã�56��Ä 2�4 Ä�Å SysV��

,i� �KÅ 7K8#5K@Kt Å ��Æ�� 4 � F þ�B��¸ø#��K��+��+]]]K��eeeKÇÇÇÉÈKÊKËÌ�Í�¸ýKÎ+�� 2�4 rootshell Ï ��Ð�Ñ#?�5�'�( /sbin/service û#��È�Ê�Ë��a��q�c��

/sbin/service Ò service-name Ó restartk�B��#>#�<; ��B#��#Ô�ÕÖ��

sshd � `�×iØ service-name Ù ��Ú�Û

Red Hat Enterprise Linux�#��S�X�Ü�Ý 2�Þ ;àßáª�«��#��#_�`iâ� À�ã ��B#`�üi7�f�� ]]]�� #eee�ÇÇÇ¤ Ä ��ä#å1�

xinetd��

æ ¨ 2�4�ç (K��è�_�kK)��d xinetd é Ã��c�ª�«K��ê��'�(6� ÿ xinetd c�ª�«K��>�� ¥�ë Telnet, IMAPZ

POP3�

u�»�k�Ä�A�ìKí�� Å J�îK)��¼��K Å =#>�ýÿ xinetd c��6��k Ä�Å 5�cKï�ðK��è�ýÿÄ�Å �L�M�cKW�X6��?�$��ñ�k xinetd c�ª�«K��Â�ÃK)��ò�d ç (��è�_#k6��P�ó�ô�ýÿõ�C��#L#M�c ¹ �1�J�öK÷��K�� ÿ

xinetdc�ª�«K�õ��Kø�ù¡�� Å Â�Ã�:��K ± O6��?�5�ú�û�c�d�'�(Á;9üi7>ù�ý1�Í��ø

psû��+��þ�d��#¼�'�(<;- ù�ý��@ ø

kill�killall

û��#ú�û��¼��#�#'�(�¸1�

ÿ ÿ ÿ3 � � � . � � �� 17

�� imap �� !�" �� #�$�% root &�'�( shell )�*+�,�-�.�/�-�0�1�2 3

ps -aux | grep imap4�5�1�2�687:9�;�<�= � IMAP >�?�@�A ��B�%�C�=�-�0 � 1�2��D�E�5�F ��>�?�@�A 3kill -9 G PID H( %JI � JKMLN�O�JP IMAP >J?Q@�AR�J�J�RS F�,RTVUXW *J( ps 1J2YL � ÿJZR[J\]�O^_a`

PID bQc��d�e�f�9�;�<�= � IMAP >�?�@�A ��C�=�-�0�1�2 3killall imapd�ag8h

Red Hat Enterprise Linuxgah8iajlk8mJL � TCP Wrappers n xinetd �8o �p%a^8qsrt

xinetd � k�u�v�w c

18 x x x 3 y y y . z z z�{{{�|| |�}}}�~~~

�4 � .� � �� V��

��Linux ��:�� ¡�¢�£ ��¤�¥�¦�§�¨�© ¢ ��ª�«�¬� ��®�¯��±°³²��´�µ�¶��¤�¥�¦ �:�¸·p¹�º ��¥�¦�»�¼ ��½ ��¾�¿�À�Á ��Â�Ã�¢ ��Ä �Å·

4.1. Æ Æ ÆÈÇÇ ÇÈÉÉÉÈÊÊÊÈËËËÍÌÌÌÏÎÎ ÎÈÐÐÐÑ�Ò�Ó��ªRed Hat Enterprise Linux ��½ ��¾�Ô ��Õ�Ö�× ¶�Ø ��Ù�ÚÜÛ

• BIOS¿ ��Ý�¡�Þ8ß�à8� �� —

��á�â8ã�ä ��å 8æ�ç�¶�è�é�ê�ë Ý�ì�� í�î Ñ �8ï�ð�ñ8��ò�óØ �ô�õÝ�ö�÷�ø � å �æ�ù à ©�ú�û�ù à�üÍý• ð�ñ �� — Ý�ì�þÿå �æ ð�ñ��½ ��¾�� ý• ¡�Þ�� ä — ®�¯ §��¤�� ¶�� ¡�Þ�� ä ý•ç� � »�¼�� —

��Ñ�� »�¼ �� ¶�� !�"�# � üÍý•��¤�$�%�&

—��'�(�) � $�%�&+*,��-�� .�/ �10�¢��üÍý

• 2�3�½ ��¾ ��4�5��6 —�� å �� 6 Ñ ��87:ö�"�4�5 �:9 ��; Ù�Ú�¢��<�=�� ý

4.2. BIOS > > >@???�AAACBBBEDDDCFF FCGGG Ì Ì ÌÏÎÎÎMÐÐÐð�ñ ��H BIOS* ©

BIOS ��I8JLK�/ ¿ �:Ý�¡�Þ�ß�à ç�¶�$�M�ç�è�é�ê�ë ®�¯�� á�â�ã�ä å �æ å �NO à��P é ö�"��Ý ©�Q�R ø � å �æ�ù à ��S�ë rootäUT · � R�V�� W�ë��H =�X ��Y�Z�[ ��\�]�ë�^�_ ��þa` ê�b ��c��d�e � ¶�� Ý�ì��f�g¸·

h�i��j �lk ��m�n��po:¥�¦�q�ÑUr�sUt�u�v þ¸�lwaþLx ��y�z c��d�5��|{ $��Y � Z�[�} ��¢ �z ��l· í�~�k �� )�¥�¦ w�þa� ��_��»�¼U��á 2�ð�� SSH ��l�� q�ÑJ ��t þa� ¤�� ¡ �|0�£ u�� c��½ ��¾�� ·Ñ��\U� �lk � ��¢�f _U��â�ã�ä�� ¤�ç�¶�ê�ë �� \ �l��ï�� BIOS

¿�:Ý�¡�Þ�ß�à¸·4.2.1. BIOS � � �� p¡¡¡¶�Ø�¢ å ð�ñ ��H�¥�¦ þ BIOS ��£ ��¤ ��¥§¦ 1 Û

1.$�M�¨�©

BIOS ��ª�« — k �� ÷�¬ æ�ç�¶�ê�ë BIOS � ��ç�¶ ª�« ¥�¦��®�¯8°õ©�±�¯§° �Ýl·²0�£�å�³ ��ç�¶ ö�÷ ú�û�ù à © ø � å �æ�ù à�� ö�~�å�³ ��ç�¶U´ ®�¯�þLµ�¶�!�"�� ©�æ�·�¸ c��d�eÅ·2.$�M ®�¯��Ý —

��BIOS ¹;��Ý R ß��ð�ñ ��H � Ñ�º� 0 ��»�¼ î�� Ñ BIOS

º�½ ��Ý�¡Þ�ß�à�¾ � Z�[�æ ��3�¿�À�÷ �� ð�ñ¸·¦ ¢�Á��¥�¦�¸�Â�� ª�« �� BIOS ð�ñ�� \�]�Ã �8J¸��Õ�Ä�Å ¥�¦ ��Æ�Ç ¶�È8ÉËÊ «��;Ì�Í¸·k ��m�Î � BIOS ð�ñ�� m�ç�¶ c�ª ¤ Ý�Ï § � jumper

©�æ ¢ ë�É CMOS¥�Ð ·O� _ 0 � ¦�Ñ �lÒ ç¼ ��Õ�£ ¥�¦ Ý�Ó §�¨ ·ôí�~ Ñ�m�ë8É CMOS

¥�Ð ¾Ü��Õ�Ä ��¥�¦�©�¤ Ý�Ï��Æ�Ç¸·1. ÔÖÕ�×�ØÚÙ�ÛÚÜËÝaÞ�ßÚà BIOS áÚâaãåäçæ�èÚéËêËâËëËì�í�èËîËïËÞ�ðËñËòËóCäõôËöË÷aÞÚéËê�øËù�ëËìËØËúËîïåäçôûâûëÚì�üýØûú�îÚïåþ

20 ÿ ÿ ÿ 4 � � � . � � ��

4.2.1.1. � � �� x86 � � �� ! ��#"%$�&�'�( x86 )�*�'!+ BIOS ,�-�.��0/21�3��4 " Intel® Itanium™ ��5�6�� Extensible Firmware Interface (EFI) shell /7�8�9�: ��;�< ��=�>�?�@ ' BIOS +�A��B�CD"FE�G�H�I�J�K��B�CL/

4.2.2. M M M�NNN�OO OQPPP�RRR�SSS�TTT�UU UV�W�X �� 9�: ��; Linux Y >�Z�[ �� =�\�]_^L`

1. a�b�c�d�egf��h�i�� — j 7�k�l h�m V Y > c�d�e�f��h�i��D" � � 8 \�n d root9�: "o m V�p�q root ��hL/

2. a�b�c�d GRUB=�r — j 7 >�s �� GRUB t��u��Y >�Z�[ ��v" k�l h�m V �� GRUBw�x�s�y�z ��{�|�u��,�-D"F}�h X �� cat B�~��L/

3. a�b�c�d��)�* — j 7 u X f��Y > ��)�*D" k�l h�m V <�Y >�� f��)�*D"F3 7 DOS "F��)�*�� r�� (��,�-L/

� �� x86 �� g� Red Hat Enterprise Linux ��QY >�Z�[ �� GRUB / 7�8Q� ��QY >�Z�[ �� ¡ ��D"FE�G�H Red Hat Enterprise Linux G�H�¢�£¤f�¥Q��§¦ The GRUB Boot Loader ¨��©L/

4.2.2.1.9 9 9�::: � � ��;;;�� GRUB

m V ,�- GRUBV�ª�« ÿ 4.2.2 ©D�¬�®�¯g��°�±�²�³�´D"Fµ \�¶�· f�² password ��B�~�¸�u��,�-��

�Q�¹" 7 \ 7 ��º�E�» « -�¼�f�² 9�: "F½�¾_Y�¿�f�² shell À�C�Á�ÂD"FÃ V root Ä�Å�Æ�dÇ"F½�¾ n d `

/sbin/grub-md5-crypt

<�À�C � " n d GRUB � 9�: Ã�È W [Enter] "F��É_Ê�Ë 9�: ��f�² MD5 Ì�ÍL/W f�ÎD"FE w�x GRUB ��,�-�� /boot/grub/grub.conf "ÏY�¿��²��¾D"FE�<�Ð�ÑQ� =�\ ��Å� timeout Ò�f�� · d W ®�� `

password --md5 Ó password-hash ÔE V /sbin/grub-md5-crypt É_Êg��Õ�Ö ��×�Ø password-hash Ù 2 /W�Ú )�*QY >�� " 7�Û�Ü ��È W [p] Ý�Ã · ' GRUB

9�: " GRUB� e��QÞgß�à�c�d w�x�s }�B�~ yz /

á ��â��D"ã��² ª�«�ä ��å�æ�ç�è k�l hQY > c�dQ��QY >�é�ê ��)�*¤/ q!ëì\ a�b��²í�î�ï�ð "ãñ�ò \�w�x /boot/grub/grub.conf ��_ó�f�²��ÅL/E�ô_¯��)�*�� title Ò�f��0"FE�< W f�� ¶�· �� lock ��f��L/õ ��f�� DOS )�*D"F��²��Å�ö�Ë 7 W ¬�C `

title DOSlock

2. GRUB ÷ùøùúìûìüùýìþÿý�� md5 �� ü��

� � �4 � � � . � � �� "!!! ###�$$$ 21

% %%&&&/boot/grub/grub.conf '�(�)+*�,�-�.�/0�1�23 password *54�6�78�9�:�;�<=>�?�@ACBED�F5G�H�IJ�K�LM

GRUB N�O�P�QR�ST lock U�4�6WV

X"Y[Z�\"]"^"_"`"a"b �"c"d"e"f"g \"]"hji !�k"lnmpo"q[r lock \"s"t"u"_"v"w !�x"ynmpz[r�{"|}password ! \�s~ \ ]��^ k�l #��"! � \ y��x X �� ! � � s��

title DOSlockpassword --md5 � password-hash �

4.3. � � �� k"l"� Red Hat Enterprise Linux �"�"�"�"�"�"�"�" "¡[!�¢ Y"£"¤ mp�"¥"� Z�¦ k"l[!�§"$"¨[©�#"�� «ªp�� ¬��®"¯ °�! ± Y³²Zµ´ §�$�{"! ¶ ·¸m¹§�º�» ¼�½ u�_ d e�� Message-Digest Algorithm (MD5)

~�¾shadow k�l ²À¿Á f Â�Ã h�Y�Ä Å ��Æ u�_Ç²È X

MD5 k"l"É"§"ºËÊ�Ì"Í"Î"Ï"Ínmp½"Ð"�"�"Ñ"¼[! Data Encryption Standard (DES) Ò"¼ ² �"Ó"Ò¼"½[Ô�Õ"k"l[!�Ö"× Z 8

]"Ø"Ù ¬"Ú Ø"Û"Ü !�k"lÞÝ hjßáà"â"ã"ä"å ¬"æ"ç[! ^"è"Ø"é[ê mpë"ì"í"î \] Êðï 56 ñ é !�r k £ ¼ ²È X É�§�º�ò�»�ÊóÍ�Î�Ï�Í ´ shadow k l¸m � } !ôk�l�� ~[õ[öó÷�ø (one-way hash) ù�ú�É � }�û ��üý Í[! /etc/passwd v"w mp�"�"þ"d"e"ÿ��[!�k"l�� ² È X"\"]� � � ~ \"]"\�� "�"Í"þ��[!�ú"Ínmpç"ü ~�� /etc/passwd v"w"t ç��á! ��nm��"É"æ"{�� s�� Ó"k"l��»�¼ ² È X�v�w Êó| } \�]�� §�$"! k l¸m Y�� x k�l�!á��"$#ð{"!$%�&�')( ²Z ´+*$, �[Ó !�� m shadow k[l[½[k l ÷[ø ù[ú É /etc/shadow v[w Ê m.- v[w ! } root �[�[�/ ü ~�ý Í ²�"½"Ð�0"� \"]�1 É[!��"� 2)354 6 7�8 ��jÊ�! "®�9 :ÞÝ X SSH

bFTP

ê ��;�< ��"k"l ² �Ó�=�>�¼[! ��)?A@�B�Cnm�'"ì"½"Ð�D)E ��FHGAI !KJ�LnmNM Z � O ]�P�Q !�R�;�8 ½"Ì S �t d"ev"w Ê ²UT �nm È X"\"]�� É�V�W �AX �� \�Y | } h�Z�â�[�\ k"l[! d"e¸m �� ]"à Ð�É�^ _�` aþ�ú Í¸mb� � c�d e f v�w ~ g h ç"!Ke f ²É"Ò"¼"¬"ù"ú \ {[!H%A&�i"�)jáÿ[!�Â�&nm ©�k"#"�l��á!�m å ~ , ��k"l �� \ ��nm¹�"�"� ��no p t q ± Y !Kr s i��f g \�]�¿Ht ! k�l ²

4.3.1. u u uwvvvwxx x)yyywzzzw{{{}|||)~~ ~)��É�f g \�] #�$�! k�l�"«m q � � � ~ � !�� «�

o * , �� !�s � �

• o �� Ø�b Ú Ø — � � É�k�ljÊ�! ��Ú Ø b � Ø³²\ Æ h §�$"! �� X �¸�• 8675309

• juan

• hackme

22 � � � 4 � � � . � � � �� K��

• �� — �� ¡£¢.��¤w¥A� �£¢.¦�§ ¨�©�ª «�¬®�¯�°)¥A�� ±�² ³´�µ�¶¸·N¹ ��º » ¼ ½�¾K¿ À �ÂÁ��Ã Ä Å ��K� Æ Ç È ��É£Ê• john1

• DS-9

• mentat123

• �� Ë�Ì Í�Î�� — Ï�Ð�Ñ�Ò�Ó�Ô�Õ�Ö ²�×�Ø�Ç�Ù�ÚwÛ5Í Î��¤)¥A�K��Ü�Ý Þ�ß ·UàAá âã Ë�Ì�Í Î Ü�ä å Å ��KÏ Ð æ ¨ ç�è)Û5é��ê �ëÁ��Ã Ä Å ��K� Æ Ç È ��É£Ê• cheguevara

• bienvenido1

• 1dumbKopf

• �w�)�w�wìwíw�)îwèw w± — ï)�wºwðwñ)»wº}�)ÏwÐl¥��w�wìwíw�)îwèw w± — æw¡}ò l337(LEET) speak — ¨ ó ô$õA� · � ö�÷ ø ù ·Nà ò�Ú)Û�� ²�Ù è LEET speak Á��Ã Ä Å ��K� Æ Ç È ��É£Ê• H4X0R

• 1337

• �� ú�û��ü ý — þ�Ä��)ÿ��A��ü ý��Ï�ÐÂÁUï�� ì�í�� º�� ·�� º Ï Ð�� ñ��)Û��ÁNÉ��ò� ºKä å Ï�Ð��º�� µ ¶ � üAý�� Ê��Ã Ä Å ��K� Æ Ç È ��É£Ê• º�� • �!��K �• "�#�$�% �� • ��û��&('• º��©�)�* Ð �+�,�* Ð

• �� -.�� —´ � Ï�Ð�Þ�ß�Ó�Ô/�¨�×01�� ·32 Ø�-.�� ú�Ä ´ � Ï Ð

æ�Ä × �4��ñ Å �ÂÁ��Ã Ä Å ��K� Æ Ç È ��É£Ê• R0X4H

• nauj

• 9-DS

• � ��5 É º��KÏ Ð — � þ Ä�� Ï Ð�5 »�6 ¿ · ³ ´�7�8�9�: 4 Á• �� ;=<K� Ï�Ð�» 2 è��>?�¿ — ò�@��A>?�ä å�Ä=<K� Ï�Ð�¨�óB�� · � á ��) ·��A�C�D�E�Ñ Ò� ·32 è��¼�F�>�?�G Ä ×Kè å ¹ ��H�I Á

J J J4 K K K . L L L�MM M�NNNOOO�PPP�QQQ 23

R�S�T�U�V�WXZY

•R�[�\�]�^�_�`�a�b�c�d O�e�f — e�fO c�d�g�cih3j�k�l�m�n�o�p�qsrut�v�w�x MD5 e�f hy{z�|

15`�a�b�}�U�~ O c�d�h3[�� DES e�f h3R�w�x��c O c�d��_�`�a�b��r

• �� wx��a� — Red Hat Enterprise Linux|�� a� O h��UR�� U�� e�fO ��r

• �� wxa��a —R��a� ef � h�¡�¢ |£ �� ¤{¥ �¦l�§ |¨�©�ª }«¬ O�®��h3¯�U�� e�fO ��sr

• °�±�² a��a O a�b — ³ v &, $��´¶µ�¡�·�a�b�¯�U=��¸ e�f=O �¹��º�¼»�½

¨DES e�f ~�w�x�¾�¿�¡�·�a�b�Àr

•RÁÂÃ¯UÄÅÆ O�ef —

tvÃ»½ÄÆÃ O�ef h QÇÈ �É O�e�fÊË lÍÌÏÎÐh�R�wx�Ñ��a�}�Ò�Ó Ë�Ô Ä�Õ O�Ö�×�Ø�Ë Ã�Ä�Æ e{f r

Ù Ú�U~ O ¾¿�ÛXih�Ü]^Ý`Þ �(ß É e�f�à�á X�âã�Wäl ßåefà ¡�� O�e�fæØ |çè�£=éê O{ë ruì�í�î�ih3Ã�¯�U�ï�ð�Ý�¿�ñ�ò Ø ]�^�Ý�`�m�n�Ä�Æ�ã�ó QO�e{f r

4.3.1.1.ó ó ó Q Q Q�ee e�fff ] ] ]�^^^ O O O ® ® ®�½½½�ôôô

õ�ö�w�x�÷=ø�ù�®�½ Ø ]�^�ó QO�e�f h3��ú�û�ü O Ò � Ý�ù�®�½ | w�x{Ñ��a�h ³ v�Y

•Ý�`�Ä�Å�Æ O�ý�þ h ³ viY"over the river and through the woods, to grandmother’s house we go."

• ÿ�Ø j��{Ñ��a�� °�±�� Þ��r

otrattw,tghwg.•��Ñ��a � U�a��ð��a��Þ� Ø �� h ³ v�U t ð�� 7 h3U�Þ� @ ð�� a Yo7r@77w,7ghwg.

•j�[�\�Ý�`�a�� Ø ¸�Ý�ñ��ih ³ v H r

o7r@77w,7gHwg.•��ih R��l�Ü ¨�� O�� ~�w�x�~�� ³ � ��O�e�f r

��]^ó Q�O�ef |��y Ü O h�� £ �� !�ö�¯ è£ O�" Üih�¡�¢ |�� #�$�% ��O�� &�'�(sruV�) O{K�*�+ � Ìå��Ý ¤ $�% � ]�^�U�,�� w�x�- e�f�O�. É / M ®�0�r

4.3.2. 1 1 13222544 45666�777388839993:: :<;;;3===3>>>tv�$�% ��O wx�-�� è£ �ih �� & ��? `�@�A O ÁÂU��Bw�xÉ O�ef h�Óö�¯U��wx-�]�^ e�f h3}�- |�C w�x�-EDGF�]�^�Ó�ö O{e�f hIH y{z�J�K Ó{ö��]{^ O�e�f | ��L��á�O r��wx�-]^ ef j¯�M Pef | ß É O h�l�N¾` LM j�O�P�Q�$�% O�R�S '�TÅ�êU�U� Ðh�'�ã ÊO��w�x�-�j�Ó�ö O�e�f ��V ØO�V�W rÚ��¾¿<X Yih �� &�k�Zû C wx�-]�^Óö[D\F O�ef h3l�N�]�^�_� J�K ef | ß É O h�'ã ¨�` ¿�a�b�V�hcH�O�d�x e�fO ��e�f�g Ø ��B�w�x�-�h f �T i�Ó�ö O�e�f r

24 j j j 4 k k k . l l l�mmm�nnn�oo o ppp�qqq

4.3.2.1. r r r�sss�tt t�uuu�rrrwvvvxooo�yy y�zzz{�| p�}�~��x��t�u�o�y�z��r<v o��t�u�� |�� ¡�¢ y�z�£��¥¤�¦�§�¨�t�u passwd ©�ª�«�¬��®�u�¯�°±�¥²�³��µ´ Pluggable AuthenticationManager (PAM) ¶w�<�3o·�¹¸�º<»<§w¨<¼w½ pam_cracklib.so PAM ¾<¿<Àw�<Áwy<z<�wÂ<ÃwÄ<ÅÆ� ��ywz�ÇwÈ��Âw��ÇÊÉË¸�Ì PAM �w§�¨ÎÍÐÏwo·�¥»�§w¨�Ñ<Ò ¡5Ó o�ywz�Ô�ÕwÖ��Áw¯�°±�Ø×{pam_passwdqc ( ÀÙÍ http://www.openwall.com/passwdqc/) � ��Ú�Û�Ü�Ý�Þ�ª�ß�o�¾�¿�É {�|à�á §�¨�twuwo PAM ¾w¿�â<ã±�¥äwå�æ http://www.kernel.org/pub/linux/libs/pam/modules.html É {ç�¡3Ó�è � PAM o�é�ê��ä�å�æ Red Hat Enterprise Linux å�æ�Ú�ëìÞ�í3îxo Pluggable Authentica-

tion Modules (PAM) k�ïðÉñ�ò ��»�ó�ô�õ�ö�÷�o��ø �� £�¶�ù�ú�o�y�z��Á�û�ü {�ý�þ ��<îxo�y�z�ù�ú�Þ�ª�y�z�Å Æ ¯�°�Àÿ�� ü��o�y�z�À á�� É�� Ó�� y�z�Å Æ ¯�°�§�¨�ø Red Hat Enterprise Linux ��ù�ú�� ñ m��3î û�ü ��²�¦ É ¨��Ì�©��y�z�Å Æ ¯�°�o�Þ�ª�� | â�ã��

��Red Hat Enterprise Linux �� !�"�#%$'&)( Red Hat, Inc. *��+�,�-�.�/�0�1� �!�"�#32

• John The Ripper — Þ�ª�4�5�6�7�8�o y�z�Å Æ ¯�°Ê��²:9 � t�u Ó<;�=�> â�ãð� ò 6�² ³�§�¨�?�ú@�A °�o�y�z�Å Æ ÉØ»�§�¨�B http://www.openwall.com/john/à�á ² É

• Crack — ² � �<�DCFE<owy<zwÅ ÆDGDH � Crack ³w�FI<�D4F5<ow¯<° � üw½DJwüDK John TheRipper L�M�Ã�Ä�t�uðÉØ»�§�¨�� http://www.crypticide.com/users/alecm/

à�á ² É• Slurpie — Slurpie N�O John The Ripper P Crack �Iü�½�²��Q�R�ÀDSx£ � Ó ��T�U�V�ù�ú�oì�¨ �� Þ�ª:W�X�°wo�y�z�Å Æ:Y Z É »�§�¨�ø � Ó\[ ¤:W�X Y Z o�]�q�Ö ^:_�l `�¶:a�o�¯�°µî\b÷ http://www.ussrback.com/distributed.htm É

c cc�ddde�f�gih�j�k�lnm�o�p�q�r�s�t $vu�w�x�y�z�x�{�|�}�~ � {32

4.3.2.2. y y y�zzz � � ��

y�z �� t�u�oD�xÞ �� À ��x��t�u�ü%� o�y�zÊ��y�z�o �� ø�Þ��o �� ½��Ì 90 ��ì�It�u�� ¨ �� Þ�ª�ß�o y�zðÉØø��o��Ì�� { t�u��r�� ¡ ¤�o�y�z�� ¶�Å Æ o�y�z�� t�u�Þ�� o�£ � É ñ�ò �cy�z �� o�� t�u��§��y�z�Ý��ÀðÉø Red Hat Enterprise Linux î ��¡ ª�¢ | o�¯�°�§�¨�t�u�À�£��y�z �� chage £�¬ �� ¤�¥�¦o�ttt�uuu�� (system-config-users) ®�u�¯�°ðÉchage £�¬�o -M § ¨�£��y�z �� o�� Ó ��©Ê��¶�¨ {�| Q��Þ�ª�t�u��o�y�z�� 90 ��ª � �ä�«��£�¬¬�

chage -M 90 username ®

ø�¨ V�o £�¬µî � ä�¨�t�u��o�E ¯ à�°D± username ²Î� {�|�³ u�y�z�o�t�u � � � ä�ø -M §:¨��t�u 99999 ©�´�� ©�µ�� 273 ¶�� É

· · ·4 ¸ ¸ ¸ . ¹ ¹ ¹�ºº º�»»»�¼¼¼�½½½�¾¾¾ 25

¿ ÀDÁ ¼�ÂÂÂDÃÃÃ:ÄÄÄ:ÅÅ Å:ÆÆÆFÇÇÇ¬È:ÃDÉ:ÊDË:Ì:ÍDÂ:ÃDÎ:Ï:ÐDÑ:ÒDÂ:Ã:ÓFÔ:¼:ÕDÖØ×ÚÙ:ÛDÂ:Ã:ÜDÝ:ÈDÃ:É:ÊÞ×ß:àDáDâ ãDä ¼æåèççç à à àFéééëê�ìDí => åïîî î:ðððDñññDòòò ê => åïÂÂ ÂDÃÃÃ:ÄÄÄ:óó ó:ôôôDõõõ ê ×÷öDÄ:øDù shell úDû:üDý:þÿ Ù XTerm ö GNOME �� redhat-config-users � �� à åïÂÂ Â ÃÃÃ ÄÄÄ ê ¼�� ×�� Â Ã:Ä�� é��à�� Ý�Â�Ã�Ä ×�� É�Ê àDé � à�� ÿ ö � þ!�Ê à:é��à�� å#"""�$$$ ê => å � � �� Dê �%�� à åïÑÑ Ñ�ÒÒÒ�&&&(''' ê �)��¬×*�+��Ñ�Ò),(-�.�¼(/+0 × Ù ¿�À 4-1 1�û2�

¿ ¿ ¿�ÀÀÀ4-1. å å åèÑ Ñ Ñ�ÒÒÒ�&&&+''' ê ê ê4333)555

Ù�6�7 8�Â�Ã�Ä�ó�ô�õ�ñ�ò ¼)9;: &)' ÿ=<�> 8 ·��?�@ ��A)B�C�D�9�Ñ�Ò ¼)�û�� × ß�E�F Red HatEnterprise Linux î�ð�Å�Æ�G�H ��I;� ¼ åèÂ�Ã�Ä�ó�ô�õ�ñ�ò ê ¸�J2� Ù)6�748�Â�Ã�Ä�ó�&+K�Å�Æ ¼(LÛ × ß)E)F Red Hat Enterprise Linux î�ð�Å�Æ)M)N �+I�� ¼ åïÅ�Æ�Â�Ã�Ä)O�ý�ó�&+K)P �Dê ¼�¸(J2�

4.4. Q Q QSRR RSTTTSUUUVW Å:Æ ��X�Y ÃZ[�AØ× ÂDÃ Ä�\�]:Í root Â:ÃDÄ:öDÄ:ø^�_ ��` setuid ÉDÊ ÿ Ù sudo ö su � Îa��b -D¼ root c:Ô�d�e�fg ��h î ðD¼�Å Æ ¹ ºi� setuid É Ê Ì Í Â W Í�j É Êk b Ä:¼�Â:Ã Ä ID(UID) Î)f)g+j�É�Ê ×*l+m�ø�Í)f)g+n�É�Ê�¼�Â�Ã�Ä2�ÚÙ)n�¼�É�Ê�Í � Ý)o)p�¼ s ��û�ù)q)r�Ê)s+t � ¼k b Ä X)u × Ù�Í�þ�¼+v)w+1�ûyx-rwsr-xr-x 1 root root 47324 May 1 08:09 /bin/su

��l�z)8 ��{ |�} ¼�î�ð�Å�Æ Ç ×�~�\)]��ò |�}��4X ¼�Â�Ã�Ä�z+~�� ¼+��)e�� b :�� ¼�Å�Æ�P � cÔ��(�� pam_console.so ¼ � Ý PAM � õØ×�� h g��½;�(� root Â Ã Ä ×�v Ù��Í��Ê ¼)��¹�º�� ù�¡��ç�¢;£ ·�� Ý @ ��¼�Â�Ã�Ä ÿ ß�E�F

Red Hat EnterpriseLinux

E+F G)H �)I�� ¼ Pluggable Authentication Modules (PAM) ¸)J�Í �)¤ 7�8 pam_console.so��õ ¼)9;: &)'��2�¥��l ×�v�Ù�¦�§�¨�©�ñ�òiª�«�¬ � Ý��¼+®;¯�ö)��)¨�©�°+¬�� ¼+±�~��Û�îð�Å�Æ�¹�º ×ù�²��Å�Æ�c Ô�¼)³�´�þ ×�µ�¶)·�P �+¸ º��º¹�� × î�ð�Å�Æ Ç+»�ø ¤ ��ò�¨)© � X ¼�ÂÃ�Ä�Ì�Í)k b :¼��Å�Æ)½�¼(P � �

4.4.1. ¾ ¾ ¾�¿¿¿ root À À À;Á ÁÁÂ Ù |�}�� X ¼)� h Â�Ã�Ä�ø�Ì�Ã)Ä ¼ ×�Å)Æ�8)Z�[�Æ�Ç�e�È)É+Ê ¼ � ô ×¥� )~��)k b root ¼)P � cÔ�È�j�m�Ë�Ì Í ×¥� �Â�Ã�Ä ¼ root P � t�û�v�Ù��Î�°�¬�ö�ñ�ò�¨)©�Ï â ��o)Ð�³�Ì�Í��Ý�Ñ�Â�Ã�Ä

26 Ò Ò Ò 4 Ó Ó Ó . Ô Ô Ô)ÕÕÕ)ÖÖÖ�×× ×(ØØØ)ÙÙÙ

Ú�Û(ÜyÝ*Þ)ß)à+á)â)Ü�ã+Ú)Û+Ü)ä)å)æ Ù)ç Þ+è+é)ê+ë)ì ×�í�î2ïð�ñ4ò)ó�ôiÝ*õ+ö)÷�ø+ù)ú+ûroot ü)ý+þ)ÿ��×í4î��

• �� — �� root ü�ý��× ù�ú�û ÿ�� ê�� ×�� Ý��û�� ×!�"yÝ$#&%('&)+* æ Ù)ç�×�,�-�.�/�0 ! ï• 132(4 æ Ù�×65(7 — �3� root ü�ý3��× ùú�û þ38(� ð�ê6� ×��(�69313234 æ Ù�×�537 Ý$: FTP�

TelnetÝ<;)ù)ú+û�=�>�?�@�A)ð)ä)åCB¼Þ(DFE�G�H�IiÝ<J��K�L ×�M�N ï

•Þ

root 1�2�O�P�Q�R6S�R — T�U�V�W !�"�X�Y �� Ý ÿ ��Z�� [�\ Linux ×�O�P�Q�R�]�^�ï_U�.`)ð�ab��Ccroot

ù)ú)û 1�2 I�d � ��e�f ï

4.4.2. g g gihhh6jj j root k k kmllln�:�à�á�â�Ü�ãCc&o V�p ��é�ê6q(#�Ý /�rCsF8 ù�ú�û�t6u�v root

Ýroot

@�A6w�x Ø�y�� @ Ý .�z w�x{�|C' � â�Ü�}�~ × @�A Ø�� Ú��6u 1�2�� ò��û��3�+ò�ù�ú�û��~�� Ò 4.2.2 � Þ ý�� o V ÷�� î�× �C�&�� ï��4-1 ��(� ò)÷)à)á)â+Ü�ã ÿ Þ��+ò�� root

t�u(��)ú × ó��

ó ó ó�� 3DDD ¡ ¡ ¡�¢¢¢ £ £ £ � � ��[[[�\\\��¤

rootshell ï

¥�¦/etc/passwd §�¨ Ý© z ��¤ shellª

/bin/bashv/sbin/nologin ï

«��root shell ×+ü)ý Ý¬©

z��®�¯)Õ�×�°)Õ%ïÞ ��× }�~�±�� ü)ý root²�³ ´ login´ gdm´ kdm´ xdm´ su´ ssh´ scp´ sftp

/�µ ì shell × }�~iÝ<¶:FTP

ú�·�¸º¹ Q�R ú�·¸+Þ)è 8 � setuid}�~ ï

��× }�~�J�»��¼�½ üý root

²�³ ´ sudo´ FTPú�·�¸

´ O�P�Q�R ú�·b¸

{�|�¾�¿��ÀCÁÃÂ� (tty)

�ú

root üý2ï

ò)÷�ÄmÅ× /etc/securetty §�¨J ÿ «�� root

t�u�Æ�¾�¿�ÇÈ�Æ O�É)× Â �2ï

«��{�|��ÀCÁÃ�+ä)å üý root

²�³yÝ ��)× }�~J�»�� ü)ý root²�³ ´ login´ gdm´ kdm´ xdm´ é)ê × ä)å 5�7 J3'&))ò÷

tty

/ t�u�v root × }�~iÝ /|�Ê�{�|setuid

�)é)ê ��ËÚ 1�2 â)Ü Ô+Õ2ï��× }�~�J�»��¼�½ üý root

²�³ ´ su´ sudo´ ssh´ scp´ sftp�)ú

rootSSH

tu ï

¥¦/etc/ssh/sshd_config§�¨ Ý<© z�� PermitRootLogin ��Ìvno ï

«��{�|OpenSSH Í Â ÔÎ�� 2 root ü)ý Ý ��×}�~�±�¼�½ ü)ý root

²³ ´ ssh´ scp´ sftp

V�Ï�� ¼�½ root ü+ýÆOpenSSH ×�Í Â Ô Î ï

Ð Ð Ð4 Ñ Ñ Ñ . Ò Ò Ò�ÓÓ Ó�ÔÔÔ�ÕÕÕ�ÖÖÖ�××× 27

Ø Ø Ø�ÙÙÙ Ú Ú Ú3ÛÛÛ Ü Ü Ü�ÝÝÝ Þ Þ Þ�ßßß�ààà�áááâ�ã

PAMä�åæ

root çè�é�êìë

í�î�ï/etc/pam.d/ ðòñó ðòô é�ê Õ�õ�ö�÷ í�øù

pam_listfile.so ú�ûü ã�ý�þ�ÿ Õ ë a

��root ç è PAM ��Õ��é�êìë

�� Õ é�ê� �� ç è root�� FTP

ã�� ã�� login� gdm� kdm� xdm� ssh� scp� sftp�� PAM ��Õ é�ê

� � PAM ��Õ�� éêìë

�!:

a.í�"�#�Ð

4.4.2.4 $&% è�'�(�)+*�,ìë- - -�...

4-1. / / / ã ã ã root� � �� Õ Õ Õ Ø Ø Ø�ÙÙÙ

4.4.2.1. / / / ã ã ã Root Shell0 ü �1� â ã321435368739

root ÷;:3<3�3�3=1>3%3? /etc/passwd õ ö1@ ù root�1� Õ shell9

/sbin/nologin ÷BA�C�>�D+E�F�G�û ü shell H�I�J ä ç è root�� ÷LK 0 su � ssh I�J ë

M MMONNNPRQRSRT

shell UWVRXZY\[O]R^R_R` TbaWcRd sudo eRfbgih�jRkRlOmRnRo root pRqsr

4.4.2.2. / / / ã ã ã root6 6 6+77 7

06üutuvxwuy å�æ ç è root�x� ÷z:u<u�x�x=+>u% î3ï /etc/securetty õ6ö ä / ã ?u{x|~}bÕ root6u7 ë A+��õ�ö �� root

â�ã+2��+6u7 Õ�� ß+�+� ÷B� 0�� õ�ö��+� � ç�?6Õ��÷ rootâ�ã+2 >+%+F

G �+� :+<+�6Õ�� , �+� t+� 6u7 ÷ � ��ú+F�G+{+|�}��ú v �u��6Õ ��+�+�ìë A��+��ú��u�+��Õ�÷��9�â�ã+2 >+%+% root �+� Telnet �+ 6Õ�¡+¢ ÷¤£+C+ 6Õ�¥+¦+% Û�§�¨ � �+�+©+ª ë¬« @++® � ÷ RedHat Enterprise Linux /etc/securetty õ�ö+¯ �� root

â�ã�2 ?�°�±�² 5 ��¡�¢�Õ�{�|�} 6+7 ÷ 0�ü��root

6+7 ÷ í�³+7 �� I�J ä�´�µ � õ�ö�Õu¶�·

echo > /etc/securetty

¸ ¸¸O¹¹¹ºb»½¼�¾ U /etc/securetty ¿½ÀRÁ½ÂbÃÅÄ root

S½T½ÆbS½TOpenSSH ÇbÈ½ÉbÊ½Ë cbÌÅÍ hÏÎbÐOÑÅÒ½Ó½Ô½ÕÖ h�×RØ½Ù;ÚRÛbÜ;Ýsr

28 Þ Þ Þ 4 ß ß ß . à à à�ááá�âââ+ãã ã�äää�ååå

4.4.2.3. æ æ æ�ççç root ã ã ã SSH è è è�éééêìëîíìïñðóò

SSH ôóõñã root èñé÷öùøñúóû SSH üìýñþóÿîã��óõ��/etc/ssh/sshd_config � ö�� ê ã��

# PermitRootLogin yes

� ê� ��

PermitRootLogin no

4.4.2.4. � � ��ççç PAM æ æ æ�ççç rootð�ò

/lib/security/pam_listfile.so ��ö PAM ��ã� !�ç"�#$%�õ+ã'&(*)+��, ü+ý�-�.0/1�2�3+õ��4��567��+è+é+ã��+ç�89;:<)=2 ��> /etc/pam.d/vsftpdPAM �õ��@? ê�A �+ç��4�� > vsftpd FTP B�C�DuãE�F �HG ê ��4�3�I�JK��+ãL ö M EF+Þ��N�O+ã \ P(Q6SR ë ã��auth required /lib/security/pam_listfile.so item=user \sense=deny file=/etc/vsftpd.ftpusers onerr=succeed

�;TVU;W PAM �;�;"VX;Y /etc/vsftpd.ftpusers �V� ö+Z;[;#V$;\ A;M^] ã0��ç;8;_V`;�V4;Ca ö¤ü+ý�-�.0/1�2 ; b��4��uã�cd�öfe[�g1�2 ��h ��4�C a ä_�4�6;i�ã�9;: ö�j�8�Q��ç�4V?lk+ã�90:m"#$_`Vnl4C a )G ê ü�ý-.�/'o ë #$�p;nl4C a ã'_`�ö�12�q�r�st+ã'��u PAM ��õC a ? ö ê çvwF�xyç0z{uã /etc/pam.d/pop | /etc/pam.d/imap �� öfj+ç�v SSH ç0z{uã /etc/pam.d/ssh ��*)ê R@}'v PAM ã��^n�~��Zözø0�;� Red Hat Enterprise Linux �;�0�0�*�0��?�ã Pluggable Authenti-cation Modules (PAM) ß�*)

4.4.3. � � �7�� root � � �@� �� å��^� root �sç�8 ã�_�`�� ö ü ý�-�.�/^g�1�2�J��V� ðsò setuid þsÿ ã^_�` ö ê suj sudo )

4.4.3.1. su 3 3 3III>� é su 3IO�ö��ç8T�� é root ã'��ö��O >�� O�ö�T12�` , �4 root ã shell� � P(*)�� ð+ò su 3�I+èuéO öf�+ç�8¡�� root �+ç�8 öfZ�[�¢�K � åuã�ü+ý�-�.�_�`�£0�*) �¤0¥ � ö� ��ç8` , root è+é'O�ö�¦§¨�12��ç su 3I�©ª��ü�ý�«\ A ã��ç8�ö�e[�6R ë � é'\ Aã��*)¬m� �4�þ�ÿ+ã'� ê ¤® � ö�¯�°V? ã�ü�ý�-�.�/'g��o ë ��'±12'_`��ç��4�3I²)N�³;:�ã´�µ�¡�Q�T��+ç�80r+éu�d � wheel ã%�¶�-�.�8�·�� ö ê+ë+ê ¤�¸ ö¤ø�2 root ¹�º � é �M3I��usermod -G wheel » username ¼> «��43I7? öBø2½o ë q�r�u wheel ·��+ã��ç8�cd�ö�`¾;¿ username À�)

Á Á Á4 Â Â Â . Ã Ã ÃÄÄ Ä�ÅÅÅ�ÆÆÆ�ÇÇÇÈÈÈ 29

É�Ê�Ë�ÌËËË�ÌÌÌ�ÍÍÍ�ÎÎÎ�ÏÏ Ï0ÐÐÐÒÑfÓ�Ô�Õ0Ö×�Ø ÆÚÙÜÛÛÛ Ô Ô Ô;ÝÝÝ�ÞÞÞ�ßßß7à => Ùâá á á�ããã�ää ä�ååå à => Ù Ë Ë Ë�ÌÌÌ�ÍÍ Í�æææ�ççç�èèè7àéÑfêÍ�ë�ìshell í�î�ï�ð�ñ�ò0ó system-config-users ô�õéö Ô�÷ Ù Ë Ë Ë�ÌÌ Ì�ÍÍÍ7à�øù0úûÑ�ü�ýËÌ�Íþ�Ýÿ Ô�÷ËÌÍÒÑ��ýÞß�Ô0Ý ÿ�� Ô�� êÍë�ý ñ�� Ô�Ý ÿ ÔÕ Ù�� à => Ù � � ��Và�� ö

��ÔÕ Ù ç ç çèèèVà�øù�úûÑ�ü � Ô whellçèÒÑ�É��

4-2. �î²ö

� � ��4-2. Ù Ù Ù ç ç çèèèVààà��

ü�� ÑfÓ�ì�� ÿ�!"su Æ PAM ä�å�� (/etc/pam.d/su)

Ñ#��ý ñ�$�%�&�' ÿ�(�) [#] *+ ï�ð-,auth required /lib/security/$ISA/pam_wheel.so use_uid

É�.�/ Æ�0 Ñ21�3�4657Î�ÏÍçè wheel Æ98 Ð�ËÌ %�:�;� *ö

< <<>===?A@ABACADFE

root GIHAJ�KMLAN wheel OIPIQSRITAUAVXW

4.4.3.2. sudo ô ô ôõõ õsudo ôõí�Y�Z�[ ËÌ�ÍÎÏ�\�]�÷ Æ�^&�_ ��`ÒÑ2a &�:�b�c�d�Æ ËÌÍì sudo ôõ�e ��f�Ø &�:Î�Ï Æô�õ Ñ#g�Ë�Ì�Í�1�4�h í�î�ò0ó�iFj�k�Æ�l�m Ñ#n�o 8�p �ÒÑ#q�r�st57�Ë�Ì�g ô�õ Ñ %�: Î�ÏÆ�ô�õ 1�4�h�u ' Ñ�É6v�ë6w root

ËÌ�Í � u '�Æ9&�x*ösudo ôõÆ�y�z�{� É ñ-,sudo | command }ì�~�Ø Æ�� ÿ Ñ�� command ��b ~tw��3 Ç6�Z root

Ë�ÌÍ Æ�&�:�ôõ ÷��ÒÑ�É mount ö

30 � � � 4 � � � . � � �� 9��

� ��I��sudo �A�I�A�A�A�A�A��I� �A¡>¢I£¥¤§¦I¨ �I©IªI«>¬ ¤¯®A°I�I� sudo �A�A�A�I±I²S³>´AµA¶I·>¸I�I�I¹�A�¥¤»ºA¼I½ �A¾I¿SÀIÁ �SÂAÃXÄ¯ÅAµA¶AÆ>Ç /etc/sudoers ÈA¨AÉIÊAËAÌAÍAÎIÏAÈA¨XÄ

sudo ÐtÑXÒ�ÓtÔ6ÕtÖt�6×tØ6ÙÛÚ�ÜtÝÛÚßÞ6à6á /etc/sudoers â6ãtätåçæ�èXé��6ê6ëtì6ítîtï6êë sudo Ð�Ñ-Ú2ð�ñ�Ð�Ñ�ò�ó�ô�ê�ë�ì�� shell õ�ö�÷-Ú2ð�ø�ò root � shell ù�ú�û�ü�î�ï�ý��þ�ÿ�ë rootshell Ú2Ý�� 4.4.2.1 ��ü ùsudo Ð�Ñ�� -Ú�� /var/log/messages ä�å Ú#ðñ��ö�÷��ä�å��ô�ê�ë�ì�� /var/log/secure ä�å6æ ùsudo Ð�Ñ��"!#��$�%�ò�&�'�(�)�*�î�ï�+�,�-�.��0/�1�26Ò�Ó�ø43��ê�ë�ì9ê�ë�5�ã��Ð�Ñ ù6�7�8�9

sudo â�ã�ä�å /etc/sudoers ��&�'�(�)�*�:�ô 7 ê�ë visudo Ð�Ñ ùÝ 7�;�<�=�> ý�?��(�)�ì�@�A Ú�B�C�� visudo Ú�D�E�F0G�H�ï�õ��9ú��÷�ó # User privilege specifi-cation I�JLKjuan ALL=(ALL) ALL

ú��M�Ü�û�ü�ê�ë�ì juan î�ï�N�O�P��Q�R�ê�ë sudo 2�ö�÷�O�P��9Ð�Ñ ùõ�è��M�Ü�S�ü�éâ�ã sudo T��U�V�W��â�ãLK%users localhost=/sbin/shutdown -h now

ú��M�Ü�û�ü�O�P�ê�ë�ì�î�ï�ö�÷ /sbin/shutdown -h now Ð�Ñ Ú Þ 7 ô�Ð�Ñ�ò�N�Q�XZY�æö�÷��[ ùsudoers � man page \�à�ú��ä�å�î�ï�ê�ë��]�^�_�`�a�b ù

4.5. c c cedd defffhgggjiiilkkkemm mennno á�p�q6ær&�'�(�)�*�2�s Ú�t�u�ê�ë�ì��v�(�)�ì��0X�w�ò��x�y 7 ��z�{ Ú o á�(�)�|�}9� Linux&�'��O�P > 2�s-Ú�~�T��ò��y 7 ��0� ùRed Hat Enterprise Linux æ��ÓZ�#��î�Õ�� Ú��Ý��ó�R��ö�÷ Ú�u��&�'�� (daemon) �9��:�ë��ó�� ï��0��¡�¢�£��¤�¥�¡�¦ 7 1 ù�ú��:�ô� �§��¨�÷�©�ª��«�ó�¬� ù

4.5.1. ® ® ®Z¯¯¯±°° °4²²²±³³³��î�ï�� Linux &�'�´�2�Ó��0µ�¶ Ú2ï�õ��Q 7"· {��a�b¸K

• ¹�º��©�ª (DoS) — ú�ò�»�¼�½6é¿¾�À��0¡�¦ 7 1�2�Á�Â��-Ú��¹0º��©�ª�î�ï�ó�&'�Ã�Ä 7 ��ï�Å"Æ#Ç�� 7 1�T�ê�&�'�Õ�R ù

• ��È�É�%��©�ª — ��Ý��ê�ë��È�2�ö�÷��Ê�� Ú#Ý��Ë�� Ú�Ì�Í�î�ï o�Î àÏ�Ð�Ñ�Ò ��È�¨�÷�©�ª ùßú��È�É�%��©�ª�î�ï�Ó�Ô��Õ�Ö�×�Ø�Ù��Ú�Û� �ì�òtÒÓ�©�ªì�Ü�Ý�&�'��ä�å ù

• Õ�Ö�×�Ø�Ù��©�ª — ¡�¦��¡�¢�£�Þ 0-1023 ��ß�à�òZ¼#��á�à�(�)�@�A��ê�ë�ì�2�ö�÷-Ú��Ý�ô�:�ë��\�à��î� �â�ã��Õ�Ö�×�Ø�Ù-Ú�©�ª�ì�ä�î�ï�ö�÷�ô�&�'��ê�ë�ì�v�å�&�'��v Úæ¼á�î� �â�ã��Õ�Ö�×�Ø�Ù��ó-Ú�Ì�Í�ê�ëjçè��é��ê�2�ë�ì�\�à�í�î��&�'-Ú�u��ï�-�.v�å��v��-Ú�-�.�ä�ê�ëðçè��é�� rootkits 2�ñ�ò�-�. o &�'��v ù

ó ó ó4 ô ô ô . õ õ õ�öö ö�÷÷÷�øøø�ùùù�úúú 31

û ûûýüüüExecShield þ ÿ �� x86 �� !#"�$�%��&�'�( Red HatEnterprise Linux ) *�+, �-�.0/�/ ExecShield 1 2�3 �� + �� 4 �� 5 6 ��78�9!�",$ %��&�'� �:�;</9=�>�?�@�A��7�B�� C�DFEHG�I�J�KL$�%��&�',M#N O�P� �Q ü C�D�R�S�T�U�V ��WX �ZY#[]\^V#_#`a/Execshield b ÿ � AMD64 c dL e4#��#�fE NX � No eXecute S#�#�0�Zg#h Itanium � Intel® EM64T i�j ek�l��mE XD � eXecute Disable S#��n/9o�p��_�q]r ExecShield �sg�t�u�Q ü C�D�R�g 4kb ��v� #��#�#R0�ZA�2e3#�#�#�� e�#�#�#��7 wx�#�y��!e"�z�A#$�%#��&�'#{#|�)#�#� }e~� #:�;�/�� #��

ExecShield � NX�

XD ��, ��s� �� New Security Enhancements in Red Hat En-terprise Linux v.3, Update 3 ��#�0�Z�#��I#�n�http://www.redhat.com/solutions/info/whitepapers/

��]��]�� ø] ]¡£¢¥¤�¦�§]¨�©�ø«ª]¬�]®�¯ �±°�²´³

4.5.2. µ µ µ·¶¶¶·¸¸ ¸º¹¹¹·»»»·¼¼¼·½½½�¾�À¿�Á¾Â ú¾ÃÄ¢ÆÅ�ÇÀÈ Â¾É¾Ê Red Hat Enterprise Linux ø �¾� ª¾¬¾¾Ë¾ÌÀÍ °¾² ¢ÏÎ¾Ð¾Ñ¾Ò¾Ó¾Ô¾ÕÖ�×ÙØ

• cupsd — Red Hat Enterprise Linux ø]Ë�Ì]Ú�Û�Ü�ª�Ý ³• lpd — Þ�Ô�ß�Ú�Û]Ü�ª�Ý ³• xinetd — Ô�ß]à�á�Ü�ª�ÝÙ¢¥©�â�ã �]ä�å�æ¾ç]è Ü�ª�Ý�ø«Ô�ß]é�êÙ¢ � vsftpd ë telnet ³• sendmail — Sendmail ì�í�î�ï]ð�ñ�Ò�Ë�Ì]ò�ó�øÙ¢¥ô]õ¾ö]÷�ø�ânù localhost ø ä]åú³• sshd — OpenSSH Ü�ª]Ý£¢Ïû]Ò Telnet ø]Ô�ß Â ú�ü�ðþý ³ÿ�� Ò�� ¨��¾Õ¾ª¾¬�ù��ø�� Ù¢��]Ò¾¨¾© � ø��ø��¾â�� ³! Ö â�"£¢$# � ��% Ó�¤�¦�]¨�©�ø]Û&]ê£¢$'�(�)�� cupsd ¢$�*�]®�© Ê portmap � ¢$# � �+ ô,-

NFSv3 ./0�¨]© NIS 1 ypbind ª�¬�2Ù¢ � ®�¯ �3 © portmap ª�¬ ³Red Hat Enterprise Linux 4 5�Ó76�ß�Ì78�â:9±ò70 °�² ª�¬ ø<;7= ¢ û<>�Í�???7@@@�ªªª�¬¬¬�ÌÌÌ � � � õõ õ7AAA(system-config-services) B ntsysv ë chkconfig ³ �DC�°]� ¨±©D�±Õ"õDA4øDE Fm¢G'IHD� RedHat Enterprise Linux ?@J�ñK�L ÔMN4#ø«ã � ª�¬�ø�OP´Ô�ô ³

32 Q Q Q 4 R R R . S S STTTUUU�VV V�WWWXXX

Y Y Y�ZZZ4-3. [ [ [�\\\]]]^^^___`` `�SSSaaa

bc�def `g�hi`]^VkjlVnm$[[[\\\]]]^^^__ _�```�SSSaaaporq�sghtDurvwyx c�Y�Z 4-3 z{�|~}�� ]�^��N�� e�� V�m$� V[�\�� <�� ¡ ��¢ m$£¤¥�Q 5.8 ¦~§¨©Dª��«h¬�V�®�¯°}

4.5.3. ± ± ±<²²²<³³ ³<´´´Nµµµ<¶¶¶·¸�¹�º t»m�¼�½ V �� ]�^�¾�� e�¿ X V�m$«��À�� Á½Â�Ã�ÄÅ V]^NªÆ�� c�Ç VÈ�É}ËÊ�Ì��`Í�ÎÏÐ]^V�ÑÒ�m$��ÓÔÕÖnm$�À��I×��V�ØÙ�¼½Ú �� ]^Dª�Û�V�ÜÝ°}G£¤�¥Q 3 R§¨�©Dª��«h�Þ�V�ØNßr®�¯°}à ��á `�â�ãÀ�Dä�å�æ�V á ` e�¿ X�mç«�èé7êìë�Ô�íîï�ð�V�¼�½]^nñ

• §�Ã òó Vô�õ�ö�÷ ��ø�ù Ä�Å�ú�û�ü�Ú�ó�ý — þ<ß�ÿ�õ V á ` x c Telnet Ú FTP |� e òó �� V�T��m$z�§£�ð��ÄÅ� ��°}• §�Ã òó Vô�õ�ö�÷ ��ø�ù È�� ®� — þ<ß á `�§�Ã òó Vô�õ�ö�÷ ��ø�ù ®�»m�« ��á `�èé ê Telnet, FTP, HTTP Ú SMTP }GþDß �� [\�m c NFS Ú SMB m$�¾§�Ã�ò�ó�V�ô�õö÷ ��øù ®�¯°}��Ä�ÅúÄÅ« �á `��nmçÄÅú�s��¼��½��®��§ö�÷«��ô�õ ø�� }� s»m�� V�� ¸ ! ]�^yx c netdump |��§Ã ò�ó�V�ôõ�ö÷ ��øù �� ¸ V#"%$�m&��¸ V �! �þqs�óýyx(')�Ø*�|�+«��®��,�-./nmç§�0åæ�È��V�®�¯°}åæ�V�]^1� finger Ú rwhod �¾23�4[\ ¹ Ä�Åú�V®�¯~}

5 s e¿ X�V�]�^67èé7ê ñ

• rlogin

• rsh

• telnet

• vsftpd

zsV��8�9�Ú shell :õ x rlogin, rsh Ú telnet |�¾��<; SSHº ¨= x £¤¥Q 4.7 ¦~§�¨©

ª�� sshd V�ØNß�®�¯�|~}FTP � e 1�� V shell

�> Î#?[�\ V ¿ X�@�A�s 5 s V�B�C�m e ÷ FTP D�]�E ÊÌ��F�G�Î�_�`�H��IóÎJK�§��ML�V�ÏN°}G£�¤¥Q 5.6 ¦~§¨©W�X FTP D]EV�ØNß�®�¯~}

O O O4 P P P . Q Q QRR R�SSS�TTT�UUUVVV 33

W�X�YZ[\] R^_àbc�degfhT�ij�k�lnmpo

• finger

• identd

• netdump

• netdump-server

• nfs

• rwhod

• sendmail

• smb (Samba)

• yppasswdd

• ypserv

• ypxfrdqr UVsti�j�T�u<vhw�xzy&{|} O 5 P�~e�T��bc�d��T�Q��~

4.6. � � �� W�Y T�stij��zy ] R��bc�d�� Y T�~b�cd��e#b �s�t#T¡�k�¢�£�¤�¥#Ts�t�¦�§zy�¨ q�©#ª ��«¬�#T��#® Y�¯�° b�cd�±²#T�³ýµ Y#¯#¶M·#°#¸#¹ ~º¨ q �#�#iMj#»#¼#½#¾M¿#À ° ±�²M«#¬#MÁ��gT�«#¬#Ây�Ã�Ä#Å · ¬gÆ�Ç#¿#�#¡ký�È�^ °�É�Ê�\�Ë �Ì~ÎÍ%Ïý�Ð��#bcd��±²�¢£�Ç�Ñ��#T�«�¬#Ò Y�Ó#ÔZ[ y�{�Õ�±²¢�£Ç<Ö×��ijØ��T�«¬�~ª�Ù �#Ú�T��Û��Üý��#b�cd�Ý��#TQ�� ¶ ��Þ�l�¼ Red Hat Enterprise Linux ßà Ð#á#¬M^Mâ�ã#ä#�M�#Q#�ååå#VVV#æææMççç#�� #��#QQQ#�� (system-config-securitylevel) yè¿#�MQ#�#�#��éê�§�ë�T�¦�§��ì��íïîðT�Ábc�d�ñò�óôT iptables õ�ö÷~q�r<ø a��¿��ù��ú�û#Tuüv%wx�e�ý#ÃØ�þ�ÿ#T��#®zy�{�|�} Red Hat Enterprise Linux ¤�¥�� <ßhT��Tbc�d��pP��~ª a� ��MT��#�#Û��#i�� yè�#� iptables � �� #�#�M�Mb#c�d��#�#Ý#�MT�� ~ {#|} O 7 P÷e£��u<vhw�x�~ qrgø a iptables ��T�uóôT��zy&{�|�� Red Hat Enterprise Linux|} �� <ß×T iptables P��~

4.7. � � �! !"""!###!$$$ � � �&%%%!'''!(((!)))Ð�s�*s�t#T ÙZ�+�,�-#Ù y�È�^ ,�,�. Ç Ù�/ T�0�1#Òzy32�x °�4 £#T�5�6�� +�,�7�Ù ~�¿�8�9�ýÖ;:�<>=nm?�<vA@Q�� 7B�C�D st�E�F�T2�x�~Red Hat Enterprise Linux Þ É�G ��#TQ��ýèÃ�H�I��^�e�J�K 7�B ì��L#T B�M�N�O�P ��U�Q CD s�t�E�F�Tw�x�~

• OpenSSH — �� 7�B st�2x�Á SSH 2x�R��T��@�ST�T ] R�~• Gnu Privacy Guard (GPG) — �� 7�B w�UÁ PGP (Pretty Good Privacy)

7B ù�úûT��S�TT ] R÷~

OpenSSH ��¢�£!VXWXY!��T �X@!Z�å�V�T![ P yðÃ�£X\Ìm^]�û�T Ñ 7&B i�j y q telnet� rsh ~ OpenSSH kl��_�ì sshd T�sti�jzy&eý�`��a��b�T��c�Wù��ú�ûzo

34 d d d 4 e e e . f f f�ggg�hhh�ii ijjj�kkk

• ssh — l�m�n�k�io�p�q�rtsAu�v�w�x�pzy• scp — l�m�n�k�io�p�{�|�}�~�y• sftp — l�m�n�k�i pseudo-ftp w�xp��3��>��i��zy�� w SSH �� Linux ��i��o�p�� ¢¡�£t¤¦¥ OpenSSh i�§^¨¦©�� ª�«�¬

Red Hat Enterprise Linux ��®�¯�°±l�²^³¦i OpenSSH e�´µy¶¡�£t¤¦¥ SSH ��i�§¨>©�� ª�«�¬ Red Hat Enterprise Linux

«�¬ ¯�°·l�²t³>i SSH Protocol l�e�y

¸¸¸º¹¹¹»½¼

sshd ¾º¿ÁÀ½Â½Ã?ÄÆÅÈÇ½É½ÊºËºÌ½ÍÏÎ½Ð½Ñ½Ò?ÓºÔºÄºÕºÖ×ÅÙØºÚ½Û?Â½ÃºÀÏÄÁÜºÝßÞáàºâºãºä 3 åæØºç½è?éëê½ÇÉ?ìëíºÄÁÓ>îðïÁñòÞ

GPG ó�w��j�u�ô�õ�©�ö�i�l�m�÷�ø�w�if�ù��3��ú � w�û��ú�ü�ý�þ�ÿ��þ��©ö��ú� �j��i��©�özy¤>¥ � w GPG i�§t¨>©�� ª�«�¬ Red Hat Enterprise Linux ��i � w�¯�°æl�²�³>i�� w GnuPrivacy Guard ��y

�5 � .� � �� !! !�"""

#%$%&%'%(%)%*%+%,%#%-%.�/�0%13254�$%6%7�8%9�:<;>=�?�@%A�B�C%D�4FEHGJILK5MN;PO%Q�'%(�4�R%ST�U�V�W�X�8�Y�Z�A%B�'�(�[�\%]�^�#�_�`%4�a�bJIc�d�e�f�g�h�X�4�i�j%kN;ml�n�o�p�q�4�$�r�s�i�,�t�O�'�(%4�R�S�Tvu•?�w�x�4�8�Y�y�z�{�|%4�}�~N;�U%��{�|%4��I

• �� *�+�R�S%4��XJI• �� c�$�6��9��7�8�$��%4�0�1�8�Y�I• �� w�x�7�8�9�� 4��~JI5.1. � � �� TCP � � �� xinetd �¡¡¡�¢¢¢�£££�¤¤¤TCP ¥�¦�§�¨ª© TCP wrappers «�¬��®°¯ ��8�Y%4�±�² ��³ Iµ´�6%¶FEHk�4�0�1�8�Y ©¸· SSH, Telnet¹

FTP «�º *�+ TCP ¥�¦�§�¨ ;�M §�¨�� U�c�»�,�`�¼�¹�w�`�¼%½�8�Y¿¾�;�À�Á�y�Â%45Ã�-JI#�¹xinetd ©Ä¬¿�Å »°4�±¿²ÇÆÉÈ�ÊÇÆÌË�ÍÎÆÌ_�Ï¿¹�Ð%Ñ�Ò�+ ��³ 4�$�Ó�Ô�Õ¿8�Y « $�Ö�*�+¿:×;Ø

TCP ¥�¦�§�¨ w ¬� 4�Ù�Ú�? � t�Û�IÜÜÜÞÝÝÝßáàãâáäãåãæ

IPTables çáèãéáêáëíìÞî TCP ïáðãñáò äãó xinetd ôãõáöí÷áøáùãúáûãüãýãþíçãÿ��7 � ä ü� �� åHæ IPTables ��Hö��ÞèÞé êÞç��

� �"! XTCP ¥�¦�§�¨ ¹ xinetd 4"# ¯ Ð�� U�c Red Hat Enterprise Linux $"%'&'( $')°2�4 TCP

Wrappers and xinetd *"+','- Ip�q�4 *'+'. !"/10"2 $�Ó"3�j54�6�x"7'8%4:9";v;=<'>�?"?A@�f�g�h�X�4�R�S�T"B1C I5.1.1. D D DFEEE TCP G G G5H HHFIIIFJJJLKKK5MM M5NNNFOOOFPPPTCP ¥%¦%§%¨ w �1Q1- 4:R1S"T'U1V�8�Y%4�±%²v;�W"X�?1Y'Z ·'[ *�+�=�,'\']"^1_�G�jNÆP,�` h�X'3��4�C%D1a1b%U%V�O%Q�È�Ê%4'c � T�I ·1d � � TCP ¥%¦%§%¨ c � T%¹ ��³'e'f 4�$�Ó'g'h'ikj ;�l $% hosts_options 4 man page

I5.1.1.1. TCP ¥ ¥ ¥�¦¦¦�§§ §�¨¨¨ ¹ ¹ ¹'^^^'___�GGG�jjj\l]�$�Ókalb�4%G�jkml^l_ - $�Ó�8�Y�4%+An1olT�+�,kplq�7�8�9�ckr%$�6�'�(��ls�Á�$�Ólt�Ù�41uv×;xw�:'y1z%$%Ó'{%c�4�C�D1|�}�Y�'�(%[�\%]"T�^%#'a'~%4�I · `%B�$1C�8�Y"��-�$%Ó TCP ¥%¦%§%¨4�G�jv;�l�*�+

bannerB1C�I

W%Ó1�1�1�%-�}ã$%Óvsftpd

4�G%j Iµl1�%s1�%$%Ó%G%j1�1�×; � 4�?�=�±%c%'%(%��4'� [1� u×;�R1��'�"�'�1�"��¹"��'�( §�¨ �'��^Aw IÌc�M'�¿2 ;��"��?�)"�%B /etc/banners/vsftpd IW�Ó"�'�%4k� � · pvu220-Hello, %c220-All activity on ftp.example.com is logged.220-Act up and you will be banned.

36 � � � 5 � � � . � � �'��'��'�� "��'��

%c �1�1�1�� F¡£¢'¤l¥'¦l§'¨ª©�«1¬11¤1®1¯1°1±1²1³1¯1°ª©�´1®1µ11¤1®1¯1°1± IP ¶1·1¸11¹1º»'¼"½1¾"¿'À'Á"Â'Ã �ÅÄ Red Hat Enterprise Linux Æ'Ç'È"ÉËÊ�Ì Á TCP Í'Î'Ï'Ð5Ê�Ñ'¤1¢"Ò'Ó"�'�'ÔÕ Ä¬'Ö"'×'¸1¢ »"¼'Ø'Ù ¹'º"Ú'ÛÜ©�Ý'Þ ¾"ß'à ¹"á'â"ã /etc/hosts.allow ä'å5Êçæ

vsftpd : ALL : banners /etc/banners/

5.1.1.2. TCP Í Í Í'ÎÎÎ'ÏÏ Ï"ÐÐÐ'±±±'èèè'ééé Â Â Â"êêêë ¬"á'º'ì'í1¢:²'³'´'î'ï"ð'ñ'ã'ò'ó"è'é'�'�'�ô©�Ñ'õ""¤ TCP Í"Î'Ï'Ð'ö'÷"ø spawn ù'ú"¸ Â'ê'ûü'ý"þ1ÿ�� ¸��'²'³'´"î'ï1¢��"è'é'â�çÄó'¹"º'«� 5Êç© ë�� ¸�� 206.182.68.0/24 î'ï1¢"á"º��'ð'ñ"ã��'Ö'è"é'�'�'�Ü©��'Ñ'õ�� ß"à ¹'áâ��"ã /etc/hosts.deny ä"å5Êç©�� »"¼ ��'ð��Ü©��'ð�� 'ã:á'º'ì"!1¢"ä"åAÊ ÄALL : 206.182.68.0 : spawn /bin/ ’date’ %c %d >> /var/log/intruder_alert

%d �'��'�'�"è'é'®��$#:Ö�%�&1¢"�''¯'°ÅÄ¬'Ö�( � »'¼ ö�� »'¼)�* ©�Ý��+ spawn ¢"ù'ú'ã /etc/hosts.allow ä'åAÊ Ä

, ,,.---0///132

spawn 4.50607.809.:0;.< shell 405>= ,[email protected] <3E.F0GH=JI A.B.C.K <0LNM0O0PNQ0RNS0TNU0V.WX0Y =[Z3\0]3^3_3`3a.b�c3839 A SNde<�4.5gf

5.1.1.3. TCP Í Í Í'ÎÎÎ'ÏÏ Ï"ÐÐÐ'±±±�hhh�iii1¢¢¢"�� ë ¬��j'Ö'ì$k ¿ml�n�o�pq�r ¢ »'¼ ©�Ñ'õ"÷"ø severity s$t"¸'��u�'��'1¢� �v�wÅÄó'¹"º'«� 5Êç© ë�� Ö�� »'¼ ã'á�x FTP �'�'� »�yz � 23 { Telnet ¢ »y�z$| ¢}~$��'µ��Ü©Ý��+ emerg �'�'ã�� 'ä'å5Êç©��'µ''¤� � ¢�'� info ©�ö"��"� »'¼ Ä¬'Ö�� »'¼ ©=Ý��+ ß'à ¹'á'â'ã /etc/hosts.deny ä'å5Êçæin.telnetd : ALL : severity emerg

¹$�$�11¤$� � ¢ authpriv �$ $� À Ï1Ðª©��1ø$�$�$� � ¢ info �� emerg õ1�$u$�$�$�$�ª©�¹$�� y�� "ä1¢"¨��'ã"²��ÅÄ

5.1.2. � � �� xinetd � � �� xinetd ¡�w5�A�5�Aµ£¢1áAº Á ¤F¢m� À © Ñ5¤5¸m��¤m%�&�¥m¦m§A��'ªÄ ¹5º ¿m¨m©£ª$«m¬ ¬m~5¤ xinetd ¸ � í1á1º�$®'�$'ª©�ö$�$�$¤$}$~$¯$°l¢ xinetd �$'$±$²11¤1¸�³�´�³��1�$'1è1él¢1§µ�¶ Ä ¬�j'Ñ'õ"'¤1¢·�¸"Ô Õ ©�Ý'Æ"Ç xinetd ± xinetd.conf ¢ man page Ä

¹ ¹ ¹5 º º º . » » »�¼¼ ¼½½½�¾¾¾�¿¿¿�ÀÀÀ 37

5.1.2.1. Á Á Á�ÂÂÂ�ÃÃ ÃÄÄÄ$ÅÅÅ�ÆÆÆxinetd Ã�Ä�Ç�È�É$ÊÌË"Í�Î$Ï$Ð�Ñ�Ò�Ó�Ô$Õ$Ã�Ä$¿$Ö$À�É no_access ×mØÚÙÜÛ�×mØ�Ý"É�Ó$Ô�Þ$ß$àágâ

xinetd ã�ämåmæ�¼�çmÉ�è�éëêìÃ�ímÕ�Ãmî�ã�ïmÂmÉ�ðÌñò�ímÕ xinetd Ç�ó�ômõmðöÙÜ÷�Í£ø"ùúSENSOR û�À�ümý�þ�ÉÿÙÜ÷��Í ú ü��È�$»�¼�½��è� ��æ$Ó�Ô�É$Ã��Ø�� ÙÁ�ÂÃ�Ä SENSOR É ¹ Ã��Í��Ã�Ä��ù ú É"¼�ç ê �"Û�!�Ý ê#"�$�� Telnet Ù%�&�'

/etc/xinetd.d/telnet (�) ê *�+�,�- flags ."Ã��0/21flags = SENSOR

% ��3�4�576�Ñ�Ò�8�9�÷�:��;1deny_time = 30

÷$Þ0<$à á0= �$È$è$é$Õ$÷$Ä�è0 ��Éè$é ê>-�?�ð�ñ@/ 30 A�B Ù deny_time û$À�É�C0D$Ï0 0E�É�FG / FOREVER HI�$Ç$ó$ô$õ xinetd æ0J ê>K0L0M0N0O$è$é�P�Q NEVER HSRUT$è$é0V0W0X0Y$è$é0Z[ P Ù\�] ê \�] Ã��^�_0/21disable = no

`�a ù ú SENSOR Í�ÃÄ�b�c$É�� ü�d�e�Q�f�O�ühgi� � Ó�Ô$É è�é ê�Î�jk-�l�Ä�m�n�o��p1• Î�q � d�e�Õ�r�s�É��ÚÙ• t0u$Ã$Ä SENSOR v0�0w0��Ý É�x0y0zÏ$Ð0Ê�Â�ÉÓÔ�{�|�Î�$$É IP }0~ ê a0] è$é$Õ0N�O$è�é$Éè� ��ü��0� á ¼�ç�x�yÚÙ

5.1.2.2. � � ��»»»¼¼¼�½½½$ÉÉÉ�� ÃÄ xinetd ÉÇ�È�Ê�ËÚê�Í$ÎÏÐ��ù ú æ��¼�ç@�$É�� ÙÎÍ��øk8�9$É"ï��ü��Õ�É21

• cps = � number_of_connections �� wait_period � — ï�Â�¼�ç��ã�R@T�É�è�é ê ÷$Äï��0�@ �E��F�F G Ù

• instances = � number_of_connections � — ïÂ�Ã0�¼�çã7R�T$É \ 3è�é�Fh�Hê�÷�Äï�� E�ÃÄ��F�F G ò UNLIMITED Ù

• per_source = � number_of_connections � — ï$Â0�$Ã0�$Ó$Ô�É�¼$ç$ã�RUT�É�è$é ê�÷$Äï�� EÃ�Ä��F�F G ò UNLIMITED Ù

• rlimit_as = � number[K|M] � — Ð KB ò MB ï�Â�¼ç�ã��ù ú É��}�~��mñ��öê�÷�Äï�� E�Ã�Ä��F�F G ò UNLIMITED Ù

• rlimit_cpu = � number_of_seconds � — Ð0�0F$ï$Â$Ã��¼$ç$ã0�0� ú CPU ��É$ðmñ ê�÷Ä�ï�� E�Ã�Ä��F�F G ò UNLIMITED Ù

ù ú ÷�:�ï��ÏÐ0��O��ÉÃ�Ä xinetd ¼�ç�� ¡ ê ¢�£�¤0� á ¼ç$É�Z [�¥�¦ Ù

38 § § § 5 ¨ ¨ ¨ . © © ©�ªªª�«««�¬¬ ¬��®®®

5.2. ¯ ¯ ¯±°° ° portmapportmap ª�²7³�´7µ�¶�· RPC ª�²¹¸»º NIS ¼ NFS ½�¾7¿7À�Á�Â�Ã7Ä�Å7Æ�Ç�È�É2ÊÌË�À�Í�Î�Ï�Ð�ÑÒ2Ó#Ô�Õ Ë�Ö�×�Ä�Å�´�µ�Ø�Ù�Ú7ÛUÀ�Á�Â�Ã�Ü�Ë@Ý�Þ�Ð0À@ª�²ßÊáàâ·�ã�ä�åUæ Ó#ç�è �Ë�³�Ñ�é�ê0ÀëÊ

ìììîíííðïïïñðò

portmap óîôîõâö NFSv2 ÷ NFSv3 øúùîû NFSv4 üîýâþâÿ�� NFSv2 � NFSv3�� ø�� portmap �� ÿ��hø ì�� !�"�#�$ ��%�&'�

(*),+*-RPC ª�²/. Ó�0*1*2 ã�ä,3*40À,5/6 Ê

5.2.1. 7 7 79888 TCP : : :<; ;;9===9>>>9???9@@ @ portmapA ¶ TCP B/C0È0É/DFE�ÐFG�ä/H/I/J/K0Ï0Ö0×/L/M portmap ª0²0³0Ñ/N ç À Ó åPO0Ë*Q/R/S/T/U/VFWÀ�Í�Î*X�ÉßÊY S Ó (/) E�Ð0ª0²�À*L/MF. ÓZ0/[ A ¶ IP \/] ÓZ^F_ A ¶/K0Ï/`/a Ó åPO0Ë*b0Ö/c/d A ¶ DNS e/Mf*g ¼*h*i*j*k,D*l*mßÊ

5.2.2. 7 7 79888 IPTables ? ? ?9@@@ portmapº ç,n ´*o*p/E@Ð/q portmap ª�²0À,L*M Ó ) Ö�×*r/s IPTables ÀP5/6,t�©�ª�«<u Ó Q/E@Ð/q,v*w*H,IÀ,L,MßÊ×/xFO*y0µ IPTables Ä/z�À�Ú/{ Ó Ë*b<|~}/D�� 192.168.0/24 H/I0¼ localhost À TCP Á/�/t portmapª�² ¸��*M�Á�Â�Ã*� 111 ½ ¸ ã/q�·�à Nautilus Ý A ¶0À sgi_fam ª�²�³/� ç À�½ Ó Ý*S*h,i0À,�*B*�� d,�*�ßÊiptables -A INPUT -p tcp -s! 192.168.0.0/24 --dport 111 -j DROPiptables -A INPUT -p tcp -s 127.0.0.1 --dport 111 -j ACCEPT

�~� p Ó º ç E@Ð UDP À,H*I*�*� Ó�0 A ¶*x,��Ä*ziptables -A INPUT -p udp -s! 192.168.0.0/24 --dport 111 -j DROP

� ��ì�!��

7 %�� IPTables �� ñ�� ~¡£¢�¤¥�

5.3. ¯ ¯ ¯±°° ° NISNIS ¦'§*H'I�¨¥© ª ² ¸ Network Information Service ½ Ó ³ ´ µ'aªO ypserv À RPC ª ² Ó Ë¼ portmap ×*«*h,i*¬®UÀ�ª�²�´*¯ A ¶�×*°*± A ¶,²*`*a´³Zµ,¶�¼*h*i*N ç ¨,©0À*qP·*§*t � ´,H*¸u�ÀPT*U*¹*ºßÊ´*» NIS ©�ª�«�³�à¼}<½¼¾,·�¶�È�É�Ý,¿*À0À Ó ËPb,B*Á�ºPxÃÂ

Ä Ä Ä5 Å Å Å . Æ Æ Æ*ÇÇ Ç,ÈÈÈ*ÉÉÉ*ÊÊÊ*ËËË 39

• /usr/sbin/rpc.yppasswdd — Ì9Í9Î yppasswdd Ç<ÏÑÐÓÒ9Ô9Õ<Ö9×9ØªÙFÚ<Û9Ü9Ý9Þ9ß<à9áâNIS ã,äæå

• /usr/sbin/rpc.ypxfrd — Ì*Í/Î ypxfrd Ç*ÏÃÐ�Ò*Ô,Õ*Ö*×*Ø/çPè*é*ê*ë*ì,í*î NIS ïPð*ñæå• /usr/sbin/yppush — Ò*Ô*ð*Ü*×,Ø*í*ò NIS ó,ô*õ â Þ*ß*ö*Ú®÷¼ø NIS Æ*Ç,Èæå• /usr/sbin/ypserv — Ò*ù NIS Æ,Ç*È*Õ*Ö*×,Øæåï*úüû â*ý/þ/ÿ�� Ð NIS ù��/É/Ê â Ð�� â�� Ð��,ã â�� Ø*é/ê/ë*ìí/î�� â ó�� Ð��/ã/ä�� å"!$#´Ð�%�&�'*Ô/Û*Ü NIS

â ë/ì�(�)�*�+�,�-�.�/ Ð10$'/Ô*Û/Ò�2�34 ß�5�� â ùÃÐ76�% â NIS %�&�8�9�:*ù��,É*Ê â å;�< ��=�>�?�@�'*ø NIS Æ*Ç*È â�A ÐCB�D�>�E*Ê portmap Ç*ÏGFIH Ä 5.2 JK��L â�M ÐCN�O�P�Q�RS�T,ÿ/âVUXW Ð7Y�H*ë*ì�Z�[æå

5.3.1. \ \ \^]]]^__ _a```^bbb^ccc!PÎ NIS ��*ã â�� Ø/é/ê/ë/ì/í�d�e�>/ó�� Ðf!$#�g�h�i�jVk ø��l�g�'/Ô�m�n��/É,Ê â ë/ì^oqpr Ò/Ô/Ç/Ï/ù�s�e�> â å1t�� NIS

â ó��/í/î�u/ê�'/Ô�v/É/Ê â ë/ì�(ÃÐ�:�w�x�y�z�{�| â�}�~ Ð1!X#.�/ â Z�[*ë*ì�:��h��e â É*Ê,Ë�� å

5.3.2. � � �^��^�� a��^��^��^��^�� ^�� NIS b b b^�� a��^��^��^��^�� a��^��'/Ô NIS ë/ì^o â � � È��/Û/Ü�� ÿ |�� ÿ�� Æ*Ç/È â ó�� ÐC��/ê�� â� �� Ð��>/Û*ÜÝ�� NIS Æ,Ç*È â DNS

�� Í�� NIS ë�� Íæå Y ÿ�� Ð�¡�H�¢ A�£�S '*ø�¤�¥�¦�§�¨,ö*ë/ìaoq©�ª�«,ø�¬�*ë*ìGF®��¯�°�'*Ô±k ø â IP ²�³ M ÐT�´*â ��µ��¶�·±¸ /etc/passwd â ï,ð*ñº¹

ypcat -d » NIS_domain ¼ -h » DNS_hostname ¼ passwd

¡�H,Ò*Ô�½�¾*Ý,ù root Û*Ü*ÝÃÐ�à*á��¿±À¼î�¬ T�´ ��|�� /etc/shadow Á�ÂÃ¹

ypcat -d » NIS_domain ¼ -h » DNS_hostname ¼ shadow

Ä ÄÄÆÅÅÅÈÇÇÇÉËÊËÌËÍËÎ

Kerberos Ï /etc/shadow ÐÈÑËÒËÓËÔËÕÈÖË×ËØËÙ NIS ÚÜÛËÝßÞ^à

Há> Ûá½á¾æÝ ßáâáãá| ö NISâ ï ð ñ ÐqäæÎ DNS

�å�á� Í ;áæ ' Ôåç �æâéèÃê ÐH o7hfawtgmhwg.domain.com åìë$í�- ÐZÌ ;�æ '/Ô��aë â ç � NIS ë�� Í ÐZÒ�µ�w/Û��½�¾/Ýß�â�ã�| NIS Æ*Ç*Èæå

5.3.3. î î î^ïïï /var/yp/securenets ð ð ð^ñ ññ¡�H /var/yp/securenets Á�Â/ù�òôó â ©�õ�9��ã�g â�ö F®H±ëq6�%*É�°�÷�O M Ð NIS µ�w�ø�|�� â ë/ì å1ù�)�*�ú â*Ä '�û�ü�:/ù�ý�¬ÿþ ë,ì�� / ë/ì�� â�� ö/Ò*Ô�Á�Â±oæÐC�*Û�� ypserv �� ðÿ�� *ë*ì â >��æå� T Î ÿ�� /var/yp/securenets Á�Â â '*Ô� �Y�� ¹255.255.255.0 192.168.0.0

40 � � � 5 � � � . � � ��

� ��

/var/yp/securenets !�"$#�%'&)(�*�+�,�-�. NIS /�0�132

4�5�6�7�8�9�:�;�<>=@?�5�A�BIP C�D�E�F�GIH 9�J�KML�N�O�P NIS ��Q��E�R�SUT

5.3.4. V V VXWWWXYY Y[ZZZ]\\\[^^^X___X`` `[aaaXbbbXcccXddd IPTables e e e]f ffQg NIS h3ijE�k[lm[n[o�p ?[5�q pE�rstuHwv>x rpc.yppasswdd y�z —

45[{[|}[~3��X�[�X�X�X�X�[� E[�]��X��H��o[prXs[t[�[� � E� 5 NIS �[�X� {X|X}[~ - rpc.ypxfrd�ypserv H��m �� ?�¡ F�G NIS �� {�|�}�~�¢�£ ��¤¥T¦�§�¦�¨�© H«ª�¬��®�¯ 4�°�±�² /etc/sysconfig/network ³�´[µU¶

YPSERV_ARGS="-p 834"YPXFRD_ARGS="-p 835"

m �� ®�¯�E IPTables��·�P ��¸ 4�° r�s�t�¹�º�» ?�5 R�SI¶

iptables -A INPUT -p ALL -s! 192.168.0.0/24 --dport 834 -j DROPiptables -A INPUT -p ALL -s! 192.168.0.0/24 --dport 835 -j DROP

� ��¼¼¼(�½�¾�¿ 7 ÀÂÁ�Ã�Ä$Å@Æ�Ç�È IPTables É�Ê�Ë�Ì$Í�Î@Ï�Ð@Ñ�ÒÔÓ@Õ32

5.3.5. c c cXddd Kerberos Ö Ö ÖX×××Øj�j�NIS

ØjÙjÚjÛÜ H ?j5[Ý g�Þ[ßáàjE�â�ã�ä�å Ø��j�� j� ²�?jæ�ç � Ü H <Â= /etc/shadowè�é�ê E ?�5 ��ë�ì�í�î�ï J R�S�ð�ñòTwó ¦ ?�5 ��¤ � º�ô NIS R�õjE�ö�º÷Hùø�ú�û�ü�ý�¹�R�SjEþ�ÿ H �� ë�ì�í�î�n�ý�ºòT�� § ��jE Ü H ?�5 �� }�~ í�m �� ²�9�� E�� H��C�D � í�m � º�ô�R�S[µ ?�5 g��EMö�ºUT� ¸ Kerberos

�� E�� ~ H«� 9 î�g��EM��ë�ì�ï J R�S�ð�� H«��m ��{�|�� UT ¦� i � Kerberos E �"!$#&% H«ª�'�( Red Hat Enterprise Linux '�(�)�* ?�+ µ�E Kerberos ��,UT

5.4. - - -/.. . NFSRjSj³j´ {j|10

Network File System 2�3 NFS ä ?j554j�6�75859 ï J RjS Hùöjº�� ³j´ {�| E��k¥T ¦ � i$� NFS

¦ ��: Ù E #�% H«ª�'�( Red Hat Enterprise Linux '�(�)�* ?�+ µ�E�R�S�³�´ {�|0NFS H Network File System 2 ��,¥T i$��;�p NFS E �"!$#&% H«ª�'�( Red Hat Enterprise Linux

{|�<�= )�*¥Tw®�¯�E��,�ó�;�> è NFS g�?�@�E]xA�¥T

B B B5 C C C . D D D�EE E�FFF�GGG�HHH�III 41

J JJAKKKLNM

5.2 OAPRQTS Red Hat Enterprise Linux PVUVW X NFS YVZ\[ NFSv4 ]R^V_V` K portmap aVbdc�eVfPhgRYhZVX NFS ihjVkhlhmRnho TCP SqpRr UDP s NFSv4 tRuh` K TCP c NFSv4 vVwhx�y Kerberos XAnoRzV{V|V}V~R�V�V��S�UV� f RPCSEC_GSS �V�V�V}$��c��A� Red Hat Enterprise Linux �V�R�V� NFSv2{ NFSv3 S�PA� portmap ��N�A�NUN�NfA�h�A�"c

5.4.1. � � �� "�� ¡5¢NFSv4 £5¤5¥ Kerberos ¦ ¢5§5¨ª©5«5¬ª�®ª¯ª°�±5²´³¶µ5·�¸ E�¹5º�»ª¼�½5¾5¿�ÀÁ¦ÃÂ5º�»5Ä�Å°�§�¨�Æ�Ç�È ¦ÊÉ5Ë�Ì�Í�Î�Ï�Ð ³ NFSv2 Ñ NFSv3 Ò�Ó�Ô�Õ�G�H °�Ö�×�«�Ø�±�² ¦ ¸�Ù É�Ú�Û�Ü5Ý�Þß ³�à�á�â�ã É °�§�¨ ¦�ä�å�Þ ß�æ�ç�è�é ¦ëê�Ô�ì�í�î&ï�G�H�ð&ñ�ò�ó ³

5.4.2. � � ��ôô ô"õõõ�ööö�÷÷÷NFS D�E�F�ø ¯ /etc/exports ù�ú�û�Î�Ûªüªý&þ�ÿ�ù�ú��Á¦ÊÔ��Ûªüªý ¸ ÿ��5þ�ÿ��Á¦��É� �� ¸�� ù�ú�� ¦��Õ�Û�� Û ° �"! ³#�$�%�& ¦ /etc/exports ù�ú È$° '�(�¸�)�*�+�,�- /tmp/nfs/ �.�� bob.example.com � ¦/�0�1�2�3�4 ° 5�6 ³

/tmp/nfs/ bob.example.com(rw)

7 )�Ö98 ¦ /etc/exports ù�ú È °�¸�)�*�+9,�-�:<;&° ��ñ bob.example.com �>= 1�2�? £3�@ °�5�6 Í�Î�A ¦�B 0<C » ¢ ��À 8�°�)��"!ED�F ¦ +�G Ô 3�4 °H5�6�, -�¸�� .��H�I�J ³

/tmp/nfs/ bob.example.com (rw)

¢ Í�Î�K�À�L�K�¤�¥ showmount M�N %�O�P �� Í�Î�K ° NFS,�- î�QÁ¦ÊÔ O�R þ�ÿ5î�Q"S�T ,�- ýUWVYX

showmount -e Z hostname [

5.4.3. \ \ \W]]]�^^ ^<___ no_root_squash ` ` `�a aacbbbd Í è�e ' ¦ NFS,�-�+�G�f�g

root ¤�¥�h9i )��j�k�55° ¤�¥�h�l�m nfsnobody ¦�n C ¸��Ö�o ¦pq2root

pqr Å ° ùúqs + C nfsnobody ¤ª¥�h p�tq2 ¦ + êìí 1�2 setuid º F ÍªÎ °9u× T ©v ³w µ ¤�¥ V no_root_squash ¦�x�y ° root ¤�¥�h + ê�Ô f�g�z�- ù�ú�� ©�°�� ù�ú ¦ /�0�{�| '1�2�}�~ u�×�° � ¥ u�× ¦ëÔ�¤��¤�¥�h ¢ Õ��q�� * ñ ¸ ÿ&ù�ú ³

5.5. � � �� Apache HTTP � � �Y�� Apache HTTP D�E�F�� Red Hat Enterprise Linux

È L��Î 0 L�G�H ° E�¹�¿ ) ¦ 2 : �<� °�� Ñ�� ê�Ô�¥ %�� H Apache HTTP D�E�F — �� Ô��» ��o�¢�� ³��É�Í�Î Apache HTTP D�E�F�� ¦ à�áq� 3 � ¥ u�×�° &��H� � �� ¡�Û ° ¦ ¸ ¢�£ V Red Hat Enter-prise Linux ¤5Þq¥9¦ )q§ È&° Apache HTTP DªE5F´Cq¨5Ñ Red Hat Enterprise Linux �9�9©9ª9¥q¦)�§�È °

Apache HTTP D�E�F�Í�Î C�¨Á¦ÊÔ��º�» http://www.redhat.com/docs/manuals/stronghold/°Stronghold ¥�¦ ³

Ô ' i��©�ª�« ��¬ Û��¤�¥ ° Í�Î �� ® ³

42 ¯ ¯ ¯ 5 ° ° ° . ± ± ±�²²²�³³³�´´ ´�µµµ�¶¶¶

5.5.1. FollowSymLinks·�¸�¹�º�»�¼�½�¾�¿9ÀÂÁ�Ã�Ä�Å�Æ�Ç�È�É�Ê�Ë�Ì�Í�Î9Ï ±�²�³ À document root Ð�Ñ�Ò�ÓÕÔ×Ö�Ø Á Ñ9ÙÚ�É�Ê�Ë�Ì�Ë�Í/ ÛÜÔ

5.5.2. Indexes Ý Ý Ý"ÞÞÞ·�¸�¹�º�»�¼�½�¾�¿9ÀÂÁ�ß�à�á�â�ã�ß�Ç�ä�¾�¿9å ÔæØ�ç9è�é�ê�ë�ì9í�±�²�³�î À�ï�ðñÁ Ñ�ò9ó ·�¸�¹º Ô

5.5.3. UserDir Ý Ý Ý"ÞÞÞUserDir

¹�º�»�¼�½�ô�¿�ÀõÁæöH÷�å�ø�Ä�ù�ú�û�ü î�ý ¸�þ�¿�ÿ��Ê�À��õÁ Ø�ç ¾�¿ ±�²�³�î þ�¿�ÿ��À ì�í Á Ñ þ�¿��À ¹�º�

UserDir enabledUserDir disabled root

· ��¹�º�¾�¿ ó�� /root/ �� À�Ã ��þ�¿�ÿ��9À ì9í�� Á Ø�ç �� þ�¿�ÿ�Í�ô�¿ ��Ê9À��õÁ Ñ�UserDir disabled

À�� ý��ý ¸��! EÄ "�#�þ�¿�ÿ�À�� Ô

5.5.4. $ $ $�%%%'&& &!((( IncludesNoExec Ý Ý Ý<Þ ÞÞ¼�½ ) * �ñÁ ±�² + , - À�. / 0 1 2 � ¹�ºÂÁ�ß�Ç�ä�Æ 3�4�·�¸�½ 5ñÁ ó�6 Æ � 7�8�À 9 ç Á×öH÷�åø � þ�: ý ¸�;�<�ÿ�2 � û�ü î À�¹�º Ô

5.5.5. = = =?>>>!@@ @?AAA!BBBDCCCFEEEHGG G'IIIH===?JJJ!KKKÑ ù 5 � L M - � N�O�P Q CGI

ÀR��ñÁTS�¹ 5 U�V�À�W XZYroot

þ�¿�ÿñÁ�ø�Ä�þ�¿ � �¹�º�[ \�]�·^�_�`�

chown root a directory_name bchmod 755 a directory_name bá Ñ Æ�ù�5��c�L�M�N�O�P�d V�e f�g�h iõÁkj�l�m�å�n��û�ü î À�o�` »�Æ�p ç À Ô

5.6. q q qsrr r FTPï�ð t u v w x 5zyFTP

ÁFile Transport Protocol { »�½ | [ }�à�Î ~ t u�ï�ð9À ý � ã �9À TCP

vw x 5ñÁ×ö ÷�Ã � � ±�²�³ À�v wzy , � þ�¿�ÿ�ú � {�� »�� ÀÂÁ×ö��9å��ú 5�÷ ý ¸ 6�´�µ À�vw�x�5ÂÁ�� ç�Ò�Ó�� ½�5 ÔRed Hat Enterprise Linux �� FTP ±�²�³ÜÔ• gssftpd — ý ¸�þ�¿ Kerberos

Àxinetd FTP

û�ü�N�OÂÁ�å��ß�}�à�Î�~�t��ú�� w Ô• Red Hat Content Accelerator (tux) — ý ¸ - � FTP �� ÀZ� Ó �'��Î�Ï ±�²�³ÜÔ• vsftpd — ý ¸ �Z��À��Ä ´�µ ÷��?� À FTP ²�� ` Ô��À ´�µ ¹ � ø�¿�[�½�5 vsftpd À FTP ²��ÜÔ

� � �5 � � � . � � �� ¡¡¡�¢¢¢�£££�¤¤¤ 43

5.6.1. FTP ¥ ¥ ¥?¦¦ ¦?§§§!¨¨¨!©©©ª «?¬® ¯ ° ± ² ³ ´ µ�¶�·¹¸ º�»� ¯ ° ¼�½ ¾ ¿�À Á Â�Ã Ä�»�Å ÆÇ·�È É�Ê Ë ÌÍ·¹Î Â�Å Æ Ï�º ÐÑ »�Ò�Ó�·�Ô�Õ�Ö��¯ ×�Ø�Ù'¬�Ú�Û?ÜÞÝ�ß »Z¸�ª àDáâ�ã�ä�å

vsftpd»�Ã�Ä�Å�Æ�·�æ�ç è�Ì�é »Zê�ë�À

/etc/vsftpd/vsftpd.conf ìftpd_banner= í insert_greeting_here îï�ð�ñ ã �¯ òZÃ�Ä�Å�Æ »�ó�ô�õ�ö�ï�÷�ê�ë'ÜÞ»�ø

insert_greeting_here ù áúsûýüÿþ » ÅsÆ ·�� s¯sÁsÂsÅ Æ�� á�� ü Â ÅsÆ »�� · æ��s¸sº » ÅÆDª ÁDÂD²��/etc/banners/

»�� Ü áZªDÎ Â�� Ü · ¯ ûFTP �� » ÅDÆ��

/etc/banners/ftp.msgá ï�Ì � â"! �"��Á�Â"#$� ì

##################################################### Hello, all activity on ftp.example.com is logged.#####################################################

% %%'&&&)(((*�+),.-�/)0

5.1.1.1 1�243�5�6)7.8)9 220 :�;�<)=�>)7)?4@BA

â�ã vsftpd C"D Î�Â�Å�Æ"�"��·kæ�ç è�Ì�é�»�ê�ë�À /etc/vsftpd/vsftpd.conf ì

banner_file=/etc/banners/ftp.msg

ð"E�Ö�ï��¯ â �5.1.1.1 F ¸"G »Z�¯ TCP H"I"J"K Ø"L�«"M"N�»�Å�Æ"O"N�Ø » �"� á

5.6.2. P P P QQQ RR RTSSS/var/ftp/

�.� â"U"V ª »$W�·YX�½"Z�¯"[�±�»$\"] á^ _ Î Â`�� ba�»"c d e � ¢ f vsftpd g h ·¹Î Â g h �"[ ± ¯ ° É i Á Â`�� jÇ·lk mn�"[±��¯�°�É"io�4� »$p q�É$i �$r"s"t�õ áÈ�É�Ê�Ë�Ì�·Y[�±��¯�°"u$d"v w$x"y�»z�.�ýá

{ {{)|||}�/�~ 9��)�)7.��=)� FTP ��o� %�� )�� - 7��A

5.6.2.1.[ [ [�±±±�÷÷ ÷$��

â�ãb�� [�±��¯�°�÷"� Ò��·Y^"��ð�ª/var/ftp/pub/

�.�?Ü^"_�Á�Â"r"s"v"w�»z�.� áæ"�"w ìmkdir /var/ftp/pub/upload

� Ø�æ"� w�ï�Ì�ê�ë�Ø ä�å p q�É"i�·kï�"�$[�±��¯�°$u$d�¿�ÀB�.� » �� ìchmod 730 /var/ftp/pub/upload

44 � � � 5 � � � . � � �"��" "¡¡ ¡$¢¢¢"£££

¤"¥$¦"§"¨ ©zª4«"¬""®"¯$°"±"²"³µ´

drwx-wx--- 2 root ftp 4096 Feb 13 20:05 upload

¶ ¶¶)···¸4¹�º�»�¼)½�¾�¿$ÀÂÁ)Ã�Ä�Å�Æ�Ç'È�É.Ê�Ë'Ì�Í)Î�Ï'Ð.Ñ)Ò�Ó)Ô'É.Õ�Ö'×�Ø)Ù)Ú�Û�Ü)Ý)Þ�ß'É.à)á)â�ã

ä$å"æ$çµèYévsftpd ê èYë"ì"í$î ï ±"¬ ©�ð"ñ /etc/vsftpd/vsftpd.conf ò"óTê ´

anon_upload_enable=YES

5.6.3. ô ô ô õõõ öö öT÷÷÷ øøøù�ú

FTP û ü ý ¡ ¢ ©"þ ÿ�� ï�� ©�� "í �� èÂùå��"ì í�� ©�� $�" ��°� �!�� vsftpd ê ©#"�$�� µè&%"î"ï ±"¬ ©�'�("ñ /etc/vsftpd/vsftpd.conf ò"ó ê)�local_enable=NO

5.6.3.1. * * *�+++ � � �� ,!-�`¤`¥,",$ �,� ©-.,/10 ° root �,�,,�,2-3,4,5 sudo ",6�©,7-8-�,�`¤,9 FTP �`� �-:<; ©-=`¨->,�,�o¤z¥ PAM ¬@? òoó è ° � 4.4.2.4 A ²-B � vsftpd © PAM C $ òoó> /etc/pam.d/vsftpd �D�E$ì"í�F�G"é�H ¤"¥ ��I ê !�� °� �!�� vsftpd ê ©#"�$�� µè&%"î"ï ��"ñ /etc/vsftpd.ftpusers ò"óTê)�

5.6.4. ô ô ô õõõ TCP J J JLK KKNMMMNOOONPPPNQQ QLRRRNSSSNTTT%�U�V � 5.1.1 A ²�B ©�'$³�� TCP W�X�Y ¨�Z�[ + �� FTP © �� Y ¨ �

5.7. \ \ \<]] ] SendmailSendmail >"¤$¥�^�_��`�a (MTA)

ècb �� Simple Mail Transport Protocol (SMTP)é�d�� © MTA��e�f�^�_��g#h�i��j�`�alkm��j�e�f�n�o �qp�r�sLt MTA

ì"í"é�u"å k ï�� þ"ÿ�v�w èyx ü�z 9�{© MTA |�} 5 è ² í û"ü�~�� ©�þ"ÿ��j�e�f�^�_��#� ú >�¤��l��5 x ¡$¢ ©#��n��"¨ �°��elf�^l_b° �l� �T©�� t�� n è í��l�� /�� C $b©n¤ ¥�� è�%��l� Red Hat EnterpriseLinux

�� ¤�� ê © Email ¤ �� ¥ ��A� �C D�¡ Red Hat Enterprise Linux�� ²�¢�£�¤¥m¦�§

/etc/mail/sendmail.mc ò ó ��¨ ð m4 '�(�Z�©�ª ¤ ¥�5�«n© /etc/mail/sendmail.cfò"ól¬� 5�®°¯�± ©��² �³�´�µ �¶��"¤�9 Sendmail �"�$ ©��·�¸ í ± © ´�¹ �

º º º5 » » » . ¼ ¼ ¼�½½ ½�¾¾¾�¿¿¿�ÀÀÀ�ÁÁÁ 45

5.7.1. Â Â ÂLÃÃÃ�ÄÄ ÄlÅÅÅNÆÆÆNÇÇÇNÈÈÈNÉÉ ÉÊmË�Ì�Í�Î�Ï�Ð�Ñ ÁÓÒcÔ�Õ�Ö�× Ð�Ø�Ù�Ú�Û�Ü�Ý�Þ�ß�à�á�â�Ì�Í�Î�Ï�ã�ä ¼�½�¾ÓÒ Ü�å�æ�ç�è ½�é Ð�ØÙ�ê�ëLÊ�ì�í�î�ï�ð�ñ�Ð�ò#ó�ô�õ/etc/mail/sendmail.mc ö÷Ò&ø Û�Ü�ò�ó�ù�ú�Ø�Ù�Ð�û�ü�ý÷ê

• confCONNECTION_RATE_THROTTLE — þÿÔ��ÿ¼ ½ÿ¾ Û Ü��)õ÷Ð�� Ò ì��î Ò sendmail �� ò�ó�� Ò�� ò�ý��ì�í Ò�� õ�� Ò�� !�Ð��÷ê• confMAX_DAEMON_CHILDREN — ¼�½�¾ Û�Ü�"�#%$�Í�&�'�Ð�(%)��* Ò+ ì��î Ò sendmail � ò�í�Í�&�'�Ð��* Ò��Ô�Õ ò�ý��-,�ì�í �� õ.� Ò/�� !�Ð0��ê

• confMIN_FREE_BLOCKS — ¼�½�¾�1%2 �3�%��Î�Ï�4�5�6�7�$�(�8�Û�â�Ð�9�:��* Ò+ ì�; 100 Õ9�:�ê• confMAX_HEADERS_LENGTH — <�=�>�? (�)�Û��@�Ð�)�ACB Ü�D�E�F >�G�H ê• confMAX_MESSAGE_SIZE — I�J Î�Ï <�= (�)#Û��@�Ð�)�ACB Ü�D�E�F >�G�H ê

5.7.2. NFS K K K SendmailL�M�N�O�Ì�Í�Î�Ï�Ð�P�Q ¾SRUT /var/spool/mail/ V�Ô�Õ NFS W�X�Y 9�êZ 2 NFSv2 [ NFSv3 ��]\�^ áLâLÚ [�_ F IDÐ]`Ló Òa�]b�cLÕ Ü 1 ÐláLâlÚ�6]7�dfe�Ð UID Ògih�j�k 7LÛ]l��lõnmpoiqir h]s Ð�ÎLÏ ê ë�Ê�á�â

KerberosÐ

NFSv4 Òat ú��u k �]��v # Ò Z2 SECRPC_GSS w�x�y F �� á�â UID z�{�|�}�~�� ê

5.7.3. Mail-only � � �� 2 ��%�lÐ�á�â�Ú%�i� sendmail ¼�½�¾ Ò Î�Ï�á�â�Ú%(i�i��á�â Ô�Õ Ì�Í�Î�Ïi&%� z%� q sendmail

ê�i� ù.��lÎ�Ï ¼�½�¾]1 Ð shell �]� Ò��i� /etc/passwd �i� ö Ð%�]7�álâ�ÚlÐ shell �i� ùlì�í2 /sbin/nologin B root

á�â�Ú�Û�Ü�� H ê

5.8. � � �� ¡ �¢¢ ¢�£££�¤¤¤�¥¥¥V ì�í��¦�§ ½�é�¨ÓÒ+© 4�5�ª�« × 7 g�¬ ��® V�¯ q�°�±�Ð�¦�§�²�³ Ò�I�J�´-µ Ð�� Û�l;�¶�·�Ð �]¸ ê7 c úNÛNâ z ïf¹ ¯ q�¦�§�$��Ð]º��»�¼ Ò�ÔNÕ�½�� Û.¾LÐ�»�¼�;Lë-Ê�¿.¶ netstat -anÀlsof -i

ð�ñ z�Á�Â ¦�§�Ð�Ã�Ä�ê t ú�»�¼ ½�� Û�¾ Ò Z 2�t ¬ &�� Å ¦�§��õ�� ¾ Ò�� ;�âÜ Á�Æ °�± 1 � Ö�Ç Ð ½�é êÈZ0É Ò+t ¬ � â�&�� ø�Ê%2 Ê�Ø�Ù�Ú��q�Ë�Ð�,�Ì RÎÍ Ò ëNÊ t ú�»�� Ò��Ï�Ð]´Ñµ �ÓÒ�,�Ô�Õ�Ð�¦�§�� Ò h�j ��Ö�×�Ø�Ù h�j Ð0Ú�Û�êâ z�Ü�Á g�¬ �® V�¯ q�¦�§�Ð Ô�Õ�½ Û�¾�Ð�»�¼�;�á�â��Ý�Þ�&�� Ò�� nmap êî�ï Å�ß `�à Ö�Ç Ð�ð�ñ � Û�Ü�á�í g�¬ ��® V�¯ q�¦�§ ö Ð TCP

��ãâ

nmap -sT -O localhost

t�Õ ð�ñ�Ð�¿]¹ �� î�� G â

Starting nmap 3.55 ( http://www.insecure.org/nmap/ ) at 2004-09-24 13:49 EDTInteresting ports on localhost.localdomain (127.0.0.1):(The 1653 ports scanned but not shown below are in state: closed)PORT STATE SERVICE22/tcp open ssh25/tcp open smtp111/tcp open rpcbind113/tcp open auth

46 ä ä ä 5 å å å . æ æ æ�ççç�èèè�éé é�êêê�ëëë

631/tcp open ipp834/tcp open unknown2601/tcp open zebra32774/tcp open sometimes-rpc11Device type: general purposeRunning: Linux 2.4.X|2.5.X|2.6.XOS details: Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7)Uptime 12.857 days (since Sat Sep 11 17:16:20 2004)

Nmap run completed -- 1 IP address (1 host up) scanned in 5.190 seconds

ì�í�î�ï0ð�ñ�ï0ò�ó�ô�õportmap öø÷Ñù sunrpc ç�ú%û�ü ó%ýÿþ�� þ+ó�� 834 �� í��

û�ç�ú� �� ç�ú�û ò�� "!$#ÿþ&%�î�')(cat /etc/services | grep 834

ì�í�*�+�,�-/.10�2 û îiï þ�ì�3�ñ�4��5��6 ù�7"8�û�9;: ö 0-1023ýÿþ��<�= � root û�>@?A�B"CEDÿþ�F�G�,��0�2 û �� ç�ú �"!E# H�I þ&J�K

netstat L lsof I �� ! ù ì�í�� û�M�NO �� J�K netstat �� 834þP%�JK�Q�R�*�+S(

netstat -anp | grep 834*�+�T�U�-;.EQ�R û î]ï�(tcp 0 0 0.0.0.0:834 0.0.0.0:* LISTEN 653/ypbind

netstat V CED�� û�ü ó H�W�X;YEZ�[ ó �\�] '�^ û�_�`��a;V CED í��ãþ&T�b�c�,�U�d÷ ì�í�*�+��ð�ñ�ï I [p] e@f T�U�ð�ñ�ï�C1D�ì�í��@g ç�ú�û�h�i ID (PID) ó�ì�í�j�k V þCED û ��6 ù ypbind (NIS)

þ�F��portmap ç�ú�l�m�n�o�p�û� í RPC ç�ú�

lsof*�+ � U�ð�ñ]ï$q�r û�M�N þ�s1t�F � b�c�� m CEu��v ç�ú (

lsof -i | grep 834c�Q�t�ì�í�*�+�î]ï û �;! \�w (ypbind 653 0 7u IPv4 1319 TCP *:834 (LISTEN)ypbind 655 0 7u IPv4 1319 TCP *:834 (LISTEN)ypbind 656 0 7u IPv4 1319 TCP *:834 (LISTEN)ypbind 657 0 7u IPv4 1319 TCP *:834 (LISTEN)

ì�x�y�z�ð�ñ|{}��~��! ù��è�� ô�õ û�ç�ú�� þ/ì�x�y�z�� ë�û þ&��<�b�c��;! ù��çú �� û �/� M�N� sE5��"�E� lsof,netstat, nmap

�services û man page

�6 � .� � ��

(VPN)�� ¡�¢E£�¤�¥�¦�§@¨�¦@©�ª@«�¬/1®@¨�¯�°�±�²�³�´�µ�¬�¶�·�¸�¹�º�»�¬�¼�½�¾�¸�¹�¿1¨�À�Á@Â�ÃÅÄÆ�Ç�±�ÈÅÄ�¡�¢E¦@©�É�ÊÌËÎÍ�Ï�¸�Ð/Ñ

(Frame Relay) Ò ËÔÓ/Õ1Ö�¸�¹�×�Ø/Ñ(ATM)

¯�°�Ù�Ú�Û�Ü�Ý�Þß ¨�à�°�´�¯�á�â�ã�äÅÄ�å�Û ß ¥�¦�§�æ�ç�è�¥�¦�§�´�¯êé�ë�å�ì�í�Û�î/ïEð�¨�á�â�ã�äÅÄ&ñ@ò�í�ó�ôõ�ö�÷;ø æ�ù�ú�û�üþýÿE®�¨��°��E¨"ï$ð� ø Ä�� ö Á� �� ¨;¿��¦�©(SMBs)

é�� ó;ë�Ü�� !#" Û/Ü �%$ ¨"á/â/ã/ä Ä'&�( Ë*)�+%,/ /à/° ý

Virtual Private Net-works

�"Ñ(VPNs)

é.-�/�æ"E®�¯�°��"Õ1¨�0�1�2�3�4)ÄVPN 5 ¡�6�7�ãþý Ò à�°�� ß�8�9�:�; ¨<��ª�ÍÅÄ>=/1 @¨�?�@�à�°þý

LAN��A�B�Û�Ü�C�@�à�°

(WAN)é'D�æ�Í�Ï�¸�Ð Ò ATM

õ Õ ¨�E�ã�6�ô�D¨�¸�¹�F�GÅÄVPNs

É�Êdatagrams

Ù�Ú�¸�¹�H�I�J�KIP8�9 ¸�¹ÅÄ�¬�A�B�Û�Ü :�; ¨�L�¯�M�J�K�à�Nà�°�¸�Ð�O�P�®�¨�Q ¨�E�é.R�S�T�U�V�¨�W�G

VPN X Ú�Y�Z$��\[�]�^`_'�\[�3�a�b�¨�c�d�ã�Ø�¬ 8 ÛÖ�e�f�¸�¹/¿E¨�Â�Ã�é �g/¦ ©%h�Ê�i%G ¨VPN

á�â�ã�ä/±jc%k :�; 2 Äml%�n� /ç/è�o;É/Ê%W�G/¨ Ò�p ®j(�q�r ¨ XÚ�ã/Ø é �¡ ¢�É�Ê�i�GVPN

á/â�ã�ä ¨%s%t Ämu�v�w ýCisco

�x_zy/ã�à�{ ýNortel

�x_IBM

_æCheckpoint

é �Û�î�Ê�ôLinux

U�V@¨�W�G�(�|@¨VPN

á�â�ã�äÅÄ>&�(FreeS/Wan

ý}h�Ê�Û�î�]�^~@¨

IPSec Ò Internet Protocol Security¨ X Ú��é ë�g VPN

á�â�ã�äÅÄ õ M�í�i�G Ò W�G)Ä>Y��Ûî�ñ��¨�°%��)Ä�[��ô�Û ß ¥�¦�§�æ��EÛ ß ¥�¦�§�ÏP´�¯�� ß éÙ;Ê��;Ý;¸/Ð;Û/Ü%�� Ä ¸/Ð/¨�K � å;ì;ª�K;°�� Ò�� Ä.D��"å/ì��%c"°��%�"æ%&�(��%� ý

AHÄ

Authentication Header�/¨��%�/Â;Í%O��%�|¿Oé Â"Ã"å;ì � K�c�d Ä��%��c�"�&(

Encapsulating Security Payload (ESP)¨@á�d"æ��)é µ%�@Ý"¨

VPN° ��"å"ì� �T��;ÂÍÅÄ>¡��å�D�¸�Ð�O�P�®@¨�Q ¨�E ý}��¡�í�Û�Ü � Ú�¢ Ò à�°�¿1¨�Û�Ü�£�Þ��Oé'¤�� É�Ê�à�°�æ�à�°@¨´�¯ÅÄ>¥�E�Ý�à�°@¨�µ��£�Þ�å�ì�µ��O �\� K�á�d�¨��SÄ>��¦�¬�§�¨ 8�9 ��Oé ó�¥�E�Ý�£�Þ�±ÈSÄPà�°�æ�à�°�¨

VPN´�¯/¿E¨�c<d�æ�á�d�K � í�J�ª�¨ é

¤��\u�³�·@¨ :�; 2�û�üÅÄ>©�ª�� õ�«�¬��® ��ÅÄ�¯ ¬ å��á�dêé'°�ô�6�±�²��æ�Ê��Ý ß É�Ê�¿ß o(man-in-the-middle) ³�´ ¨�µ�¶�·��¡�¦�¬�¸ ® ��¹�º�»�¼�½@¨�,�d�¾�¿êéÁÀ<( VPN Â Ê�" ¢À@¨��æ�c�d�ã�ÃÅÄ>»�¬�í�Û�î :�; �� º�»@¨�ã�ØÅÄ�Ê�±�´�¯/¢\S�Ä�Ý@¨�£�Þ�¬�Å�(�Û�Ü�Æ�Û�¨�ùú�à�°�é

6.1. VPNs Ç Ç Ç Red Hat Enterprise LinuxÉ�Ê�·�u�È�Á :�; E�´�µ�O�?�@�à�°�¨)ÄRed Hat Enterprise Linux

¶�É "1¢$î��éInternet Protocol

Security Ò IPsecí

Red Hat Enterprise Linux»��Ê@¨

VPNã�ØÅÄ>1� �º�E�á�â�¦@©�æ�T�¦@©þý Ò ÄÝ�É�Ê�·�� ß ¨ :�; ´�¯�Ë�Ì�é

6.2. IPsecRed Hat Enterprise Linux

�Ê�6�Û�Ü�Í;Õ�Î�Ï�à�°þýÐu�à�N�à�°��¨�É�Ê�Û�Ü :�; ¨<Ñ�Ò�± ´�¯�Ä Ý�|Ó�æ�à�°�¨ p ®Oé�ë�Ü�ª�Í p ®þýÔ&�(

IPsec��¦�¬�É�Ê�|�Ó�ó�|�ÓþýÔ��Õ � Ú�¢ ß � Ò à�°�æ�à�°þýÔ?

@"à;°/C�@;à"° ß �@± X ÚSé Red Hat Enterprise Linux

¿�ÏPsec X Ú;É"Ê Internet Key Exchange

(IKE)Ä&ë�í%� à�N�à�° �� Ú��Ö ý

IETFÄ

Internet Engineering Task Force��» X Ú�¨�Û�Ü�ª�Í p®SÄ�D�¦�×�Ê�6 8�9 ´�¯�Ø�Æ ß ¨�¼�Ù��æ�½ ;�Ú Ø�é

IPSec´�¯�T�Å�7�Ü�Û�Ü�¹�ºêé'6�Ý�Û�¹�ºÅÄ�Û�Ü

IPSec£�Þ�ì�Þ�ß�æ�Ä�Ý�£�Þ Ò à�°@¨�´�¯êé'Ä�Ý�£Þ

/à�°�ì�à�á�â�£�Þ@¨�¦�ã�äSÄ�l�å�æ�ã�ì�(�¥�ç�´�¯�â�®��¨�ã�Øêé�6

Red Hat Enterprise LinuxØ�Æ�¨ÅÄIPSec

´�¯�É�Ê@ÏPSec

£�Þ��ã�Ø�ípre-shared key

é'6�ë�îIPSec

´�¯�¿�Ä>æ�ã�|�Ó�Á�èÉ�Ê"Õ\é�¨�¾�¿)Ä�ê�1 8 µIPSec

¨<Ý�ë�¹�º�é

48 ì ì ì 6 í í í . î î î�ïïï�ððð�ñññ�òò ò�óóó (VPN)

IPSec ô�õ�ö�ì�÷�ø�ù�ú�û�ü%ýÿþ�� SA � security association �ö��ø�ù�� !�"�#%$'&�!�(�)�*�+�ö�,�-/.�.� 0��þ�� SA��1�2 �43�ø�ù�5/6�7�8�9�:�;�û�ü�9

ò�ó�ö�<�= IPSec ô�>?�Red Hat Enterprise Linux ö IPsec <�@�A�B IKE ��C�D�ò�=�ò�ó�E�F�G�ýIH�J�*�+?� racoon *�+�7�8K�L�M�N�O�P 8 IKE *�+�Q�R�9�(�)?�

6.3. IPsec S S SUTTT<�@ IPsec V�W ipsec-tools RPM X�Y��Z�E�[�ñ�ö IPsec F�G�\�^]��A�B�F�G`_�F�G �� ö�a` b ódcIe�\f�]��A�B�ò�ó�_�ò�ó �� ö�a� g�4��h RPM X�Y�i�ñ �� IPsec ô�õ�[�V�ö�j N�2 $ K�LM�N 9 ��k�l �'��m�n �� IPSec �'odpIq�rts

• /lib/libipsec.so — ijñuE Linux vuwu9 Red Hat Enterprise Linux p`AuByx IPsec <u@�ýö PF_KEY z�{�*�+�7�8�| � ;�}�~�ö�j N�2 �

• /sbin/setkey —P 8`v`wyp IPsec ö`*`+`7`8`9��`�`�`��h�� k úuc racoon *`+`7�8 KL�M�N [��ög��V��I� setkey ö �� '��,�� setkey(8) man page �

• /sbin/racoon — IKE *�+�7�8 K�L�M�N ��A�B��7�8�9�� IPsec [�ô�õ`x K�L ý<ö�� K 9�*d+�H�Jt��d�`�uc/�� /etc/racoon/racoon.conf k�l � �� h K�L�M�N ��`Vu�� racoon ö�� '��,�� racoon(8) man page �

• /etc/racoon/racoon.conf — B�� IPsec ô�õ�ö racoon K�L�M�N��k�l �'q�ru� ô�õ�pA�B�ö/��" N 9� �!�G��?��V�� k�l pIA�B��ö��'��,/� racoon.conf(5) man page �

�y�yCyD�òòò óóóy777y888��y�� by y¡ �� ò ó ô õ�9 IPsec��ykyl � �� Red Hat Enterprise Linux

ö IPsec �¢�£V��`�£A£B�òòò�óóó£777£88 8��£�� ö��¤� �� ,£� Red Hat Enterprise LinuxK�L 7£8 ¥ �

��W�C�D IPsec ��ô�õ�¦�§�ò�ó�ô�>�ö�F�Gt�¨��,��ì 6.4 ûg�4��W�C�D IPsec ��ô�õ�¦�h�©�ª�ò�ó / «�ªò�ó%�'��,��ì 6.5 ûg�

6.4. IPsec ¬ ¬ ¬U¯®®®°¬¬¬U ¯±±±³²²²U´´´��A�B��µ�F�G`_�F�G�ö�ô�õ�� IPsec ��ô�õ��§�¶�\�· K�L�b ��@�¸��¹��§��µ�º�·�ö�ôõ�A�B�F�G�[�ô�>�ö�ò�ó��þ��»��%ý<ö��¼`½?��_�¾��§�F�G�\�ö IPsec

�� ¿À��F�G`_�F�G�ôõ�ö �� VdÁ�údÂ�Ã�öÄ��FdGdÅ`V�W��`h�ô�õ`�dÆ`Ç�ò�óÈÉ��ò�=�ò�ód �ö�Ê�ñ�ô�õË�Ì��Í Red HatEnterprise Linux ��þ�� IPsec ô�õ?�þ��ô�õ�ö�ì��Î�Ï�ú�Ð�¾��§��@�¸`Ñ�Ò K�L 9�ò�ó �� Ì_��F�G�9�F�G�ö�ô�õ%��Ó�V�W�Ô�Õ�ö �� s

• ¾��§�F�G�ö IP Ö�×• B��Ø�Ù IPsec ô�õ��Í�9�o�Ú�Z�Û b ô�õ�Ü�Ý�ö��h�Þ�ß�ö�à/áf�� ipsec0 • ��hdâ � ö� �!�*�+ b A�B racoon ã ¡�ä/å ��h• A�B��æ�ç�ô�õ�9�E�ô�õ�ø�ùdpè(�)� �!�*�+�ö/��h�é�ê�H�J�ö��/*�+ë ��¿À��] � ��@�¸ A 9��@�¸ B ì�W�C�D IPsec ¼`½�í��»��ô�õÀ�'Ú�î�ì�W�A�B�i�ñ foobarbaz-�ï�ö�ð�ê�H�J�*�+��í��ô�õÀ��ñ�ò�A�B�ó�ôõ�ö racoon ã ¡`ä�å�÷ ò�E�¾��§�F�G%ý/Ü�J��h��*�+?�4¦�ø�F�G�ö�A�B�ó�ù�ú ��û à�Ú�î�ö<ô�õ�ü ipsec0 ��ýÔþüÿ�ÿ@ÿ¸ A ô �ÿ�ÿ@ ¸ B F G _ÿFÿG IPsec ô õ ö ifcfg k l E� hþ� � p Bþ�þØ Ùþ� ô õ ö Þÿßþà á ü ipsec0 �¤[þ� [ äÿå ö kþl áü /etc/sysconfig/network-scripts/ifcfg-ipsec0 0sDST=X.X.X.X

� � �6 � � � . � � �� (VPN) 49

TYPE=IPSECONBOOT=yesIKE_METHOD=PSK

�� A �� B � IP �� X.X.X.X �� B �� A � IP �� X.X.X.X ��! !"!#!$&%!�!'!(!)+*-,/.&021&3 (ONBOOT=yes) �54! 26!7!829&:!;!<2=&�2>2?&@A

(IKE_METHOD=PSK) ��CBD*FECG �C C� 6C7CHCICJC>C?D�F8C9C:C;C<C=CKCL M�N* /etc/sysconfig/network-scripts/keys-ipsec0 OP�RQ�"EG � �� "#/KL+SUT2�/�VW+X �P�Y� 2Z/� root 67[\�]^�_`a�"#KLb�IKE_PSK=foobarbaz

c ccedddf degih

keys-ipsec0 jikileminpoiqerisitpu root rivewixeyezi{e|i}e~e�i�ejik��i�e�i�e�ejike�i�e��p�p�p��

chmod 600 /etc/sysconfig/network-scripts/keys-ipsec0

�2� Q2�2�!0�2�2�2>2?2<2=��2�2�2�2�2E2G �2 2�2� � keys-ipsec0 K2L��YE2#2<2=!��2V W-X��\�]6$%�� ¡�¢ B-�!£&¤+¥§¦©¨ª$&«!¬&!®!¯&.+� �!°&±&² �³"!K!L+N&* X.X.X.X.conf M´�!�!!® IPSec �©µ�¶� IP �2�2�2� X.X.X.X O¡�·�2¸2¹��º IPSec »!¼123!0½��¾�¿p3!ÀÁ2"2K2L��2Â �2Ã «2�2�2"2KL¡�;remote X.X.X.X{

exchange_mode aggressive, main;my_identifier address;proposal {

encryption_algorithm 3des;hash_algorithm sha1;authentication_method pre_shared_key;dh_group 2 ;

}}

ÄÅRed Hat Enterprise Linux Æ IPSec ��@Ç½�Yº IPSec $%È�ÉÊ20P�Y¾À�Á8(2� �°2±�² (�)

K½�RË-ÌÎÍÏ��BÐÑ½Ò

remote X.X.X.XÓ )()K�«BH2��G�Ô½��Z�]7�� X.X.X.X IP ��Õ Ó ¦Ö��®×�Ø¡�

exchange_mode aggressive

Red Hat Enterprise Linux � IPSec Õ2627!�82(2(2)��Ù27Ú¨ÜÛ2Ý2¯23!�>2?2Þ2Ç��Yß2�!à�á X0�â-ãäÎ¯�.+å IPSec $�%()20��æ�ç¡�

my_identifier address

)èâ×Ø�éê>?20ë�YÕÙ72�/ìí@ A � Red Hat Enterprise Linux ¾� IP ��H�ìí×Ø¡�

50 î î î 6 ï ï ï . ð ð ð�ñññòòòóóóôô ô�õõõ (VPN)

encryption_algorithm 3desö÷øùú�û-üÎýþ2ÿ��/ýþ

Triple Data Encryption Standard 3DES � �

hash_algorithm sha1;�ö�� î�� ýþ2ÿ�� !��ý�þ Secure Hash Algorithm î��" �

authentication_method pre_shared_keyö2÷��#� ��$�% ÿø2ù��&� Red Hat Enterprise Linux

��2ý2þ�'�(�)�*!ÿ�+�,.-0/�1øù��

dh_group 2�ö�2�3�4�5�6�72ÿ �8� +�,�9:- � þ2ÿ Diffie-Hellman

+�,�;�<=�!��>�?1024 @�A �

BDCinclude "/etc/racoon/X.X.X.X.conf" E�F�G - /etc/racoon/racoon.conf H�I�J�KL�M�N#OP�RQ�S�T#U WV�XZY��[�\ ÿ H�I��] IPsec ^Z_�` 4Z9 � 6�7!ÿ��R��a�1�b A

�.-include

E�F ÿ X.X.X.X J�K�] a�1�b B-dc�e�f�g��h�i�j�k�l�/ ` 4 IPsec m�n 9ÿ�o�p racoon.conf H

I �

# Racoon IKE daemon configuration file.# See ’man racoon.conf’ for a description of the format and entries.

path include "/etc/racoon";path pre_shared_key "/etc/racoon/psk.txt";path certificate "/etc/racoon/certs";

sainfo anonymous{pfs_group 2;lifetime time 1 hour ;encryption_algorithm 3des, blowfish 448, rijndael ;authentication_algorithm hmac_sha1, hmac_md5 ;compression_algorithm deflate ;}include "/etc/racoon/X.X.X.X.conf"

�D©ÿracoon.conf qDr IPSec

§ö©ÿts!ö§÷ õDuwv �D(yxz*©ÿz+D, HDIwv{VDX ø§ù|� sainfoanonymous

ü�ÿZ} @�~�F C IPSec��D�:- î��#�Z� ÿ SA — IPSec m�n ÿ�� q�r��v�ý�þ2ÿ�� +�,2ÿ��=� î��8� ÿ8} @ ö�÷��h��

sainfo anonymous��k

SA ��V þ��-�� IPSecøù��N��2ÿ��:-�� ¡�4�1��

pfs_group 2ö2÷

Diffie-Hellman+�, �� ÿ�¢��£2ö.- V�¤ ö IPSec

��#�&-¥?IPSec î��Z��¦2õ ÿ�§Z9�+,�?��!��-

Red Hat Enterprise Linuxÿ

IPSecýþyC

Diffie-Hellman�� 2ÿ group 2

©¨ modp1024 � � Group 2ý&þ&ÿ ] 1,024 @ZA ÿ modular exponentiation ª �Z��-¬«/ý ò �Z+,��®�¯�-d° ��V�±�²�³�´�µ�¶ (�·ÿ IPSec

¢��

lifetime time 1 hourQ [�¸ �öDC SA

ÿ�7�¹�º�»:-�¼ ��V þ�9�� ¨ ��;�<�½ ¤ ö=� Red Hat Enterprise Linux IPSec� ýþ2ÿ�7�¹�º�»�? � S�¾�9=�

encryption_algorithm 3des, blowfish 448, rijndaelö&÷ îZ��Z�Z� ÿZ�Z��Z�&� Red Hat Enterprise Linux �Z� 3DES v 448 @ZA Blowfish vVX Rijndael (�¿��À�Á AES

-Advanced Encryption Standard �� ý�þ2ÿ��

Â Â Â6 Ã Ã Ã . Ä Ä Ä�ÅÅ Å�ÆÆÆ�ÇÇÇ�ÈÈÈ�ÉÉÉ (VPN) 51

authentication_algorithm hmac_sha1, hmac_md5ÊÌËyÍÏÎÏÐtÑÏÒÏÓÏÔÖÕØ×ÏÙÏÚÏÛÏÜÞÝßÓÏÔÖÕtàtáÏâÏã

sha1 ä md5 åÏæ ×ÏÙtçÏèÏÍÏÎÏéêHMAC ë hashed message authentication codes ì Ý

compression_algorithm deflateí�î

IP Payload CompressionêIPCOMP ì Õ Deflate ï�ð Ú�Û�ÜZñ�ÝRò�ÜZñ�ó�ô�õ�ö�÷�ø�ù È�Éú ë0û�ü IP ý â�Õ�þ�ÿ�ù��Ý�� ò�� ë� ô root �� õ�� Ê��!

/sbin/ifup ipsec0

�"�"#"$IPsec

�" ë% �"� tcpdump �"& Ñ�á�ô"'"(�õ"�"� ê � È�ÉZì*) þ"+�Õ È�É�ý â ë�,�- '�./�02143"5�ÐIPsec

Ò û�687 ÝRò"9 ý â":";"< Ç �"� AH =">.ë%,"- :";"?"@*A ESP ý â&Ý:ê ESP =@�; ý âB1C3�3�Ð û�6 Ý ì�D �

17:13:20.617872 pinky.example.com > ijin.example.com: \AH(spi=0x0aaa749f,seq=0x335): ESP(spi=0x0ec0441e,seq=0x335) (DF)

6.5. IPsec E E EGFFFGHHHIEEEGFF FKJJJMLLLGNNNO�ó�ô�P�íIPsec

ö�÷�� æ�È�É�ä�È�É Õ��Q�á�R��S�� È�É ê D � ��T�U È�É ��V U È�É�ì�W�"�"X"YZÕ È�É ÝZ�"� È�É�ä�È�É Õ��""[ � õ"\ � �"ZÕ È�É�å Y"P�í IPsec É2]4^.ë ô*_�` ä�É2]Rba È�ÉBc ��d�e�Õ�f�ç W X�Y È�Égc Õih4��d�e�ÝZj�k 6-1?�@�Ë4�� È�É�ä�È�É IPsec l"m Õ��Ý

j j j�kkk6-1.

� � �� È È È�ÉÉÉ�äää�ÈÈ È�ÉÉÉ IPsec l l l"mmm Õ Õ Õ�� ò��j = ?�@�Ë ]�È"n�È�É�o�p Õ å ��T�U È�É�ë ò�9 È�É ö�÷ IPsec ÉB]C^ R�5�Ð È"n�È�É ö�÷��qrZÕ l*m \ � Í�Î ä�s�t ��Ý!þ"+�Ð�Ñ cCu"v�w Õ ý â�x�[ � ö�÷�y"z�Ü ê Brute Force ì�{"|"}"~"��ò"9"T ÈB) þ"+ ý âZÕ 6*� (cipher)

Ý��"\ � �"ZÕ�d"e"R"� ë ò"�"�"� 192.168.1.0/24 IP �B��d"e ä 192.168.2.0/24 c h��"d"eZÕ��ç�Ð�Ñ"�"�"r"�"�"�ZÕ ëZ� A IPsec ý âZÕ"_�`�� û�6 / ~"6 ô"�É�� r ] IPsec Ég]C^ Ò"_�`=Ý�� È�É�ä�È�É ��Ò�[�Õ�f�ç�â�ã 7

• � í IPsec ÉB]C^ ó ]��w Õ IP��

• ] IPsec Ég]C^ Ò�� LAN/WANÕ È�É �� g� ê D � 192.168.0.0/24

�10.0.1.0/24 ì

• ¡�È�É d�e ÉB] f�¢ W�È"n�È�É"�i£4¤�^ Õ IP��

•÷�R�¥�¦

IPsec��ô�� ä�§�¨�©�ª � �� o�« Õ��¬��Õ�®�¯ ê D � ipsec0 ì

•��g°�í�Õ û�6�±�² � ö�÷ racoon a �"³�´ ��

52 µ µ µ 6 ¶ ¶ ¶ . · · ·�¸¸¸�¹¹¹�ººº�»» »�¼¼¼ (VPN)

• ½�¾�¿�À�Á�Â�Ã�Ä�Å�Â�Ã"Æ�ÇgÈ4É�Ê"Ë�Ì�Í�Î"Ï�Ð�Ñ�Ò�Ó�Ô�Õ�Ï�Ö�×�Í�ÎØ*Ù ¿*ÚÜÛÞÝ*ß*à*ái»*¼ A (lana.example.com) Ä*à*á*»*¼ B (lanb.example.com) â*ãiä*å*Ð*Ñ IPsecæ*ç�è"é Â"ÃêÛ%à"á"»"¼ A Ï�»"¼"ë"ì"í"Å 192.168.1.0/24 îBï"ðñÛ%ò"à"á"»"¼ B ½"¾ 192.168.2.0/24îgïIóôà�á�»�¼ A Ï*õ4ö�÷ IP ë�ì�í 192.168.1.254 Û�ò�à�á�»�¼ B ø 192.168.2.254 ó IPSEC ¼gùC÷�íÄ*ú*Ð*Ñià*á*»*¼2õ�ö*÷*û*ü"ÏêÛÞý�½*¾"þiÑ"»"¼*ÿ�� eth0 ��iÐ*Ñ�� ù�� iÏ�� IP ë*ì� �"¾"¿� ��"»��»"¼��!Û ò eth1 ��"Ð"Ñ"¼2ù��Ä��"¿ � Ð"Ñ�»�¼�!��*Ï�à�á"»�¼�"�#�$%�& »�¼"Ï'!�� óÅ"ú"Ð"Ñ"»"¼)(�Ï IPsec Â"Ã"½"¾"Ð"Ñ�*"Ó"Ô"Õ*Ï�Í"ÎêÛ,+"º r3dh4tl1nux -�.êÛ%ò�/"à"» A Ä B Ï0�1'2 ��3�4�5'6 racoon �87�9':�ú�Ð'; IPsec ¼Bù�÷<(�û�Õ"Ï�Ö�×�Í�Î ó à�» A Ï 0�1�2 ��3>=�?�@A

IPSec Â�Ã"ø ipsec0 Û�ò�à�» B Ï 0�1'2 ��3'=�?'@ A IPSec Â�Ã"ø ipsec1 ó�CBbø Ð8Ñ »8¼ Ä8»8¼ IPsec Â ÃCD à8» A Ï ifcfg ECF Û é Ù Èg¾ ¿CGIH é Â8Ã ÏKJCL ACMí ipsec1 ÛON��N�9>:"Ï'E�F�P'@ A ø /etc/sysconfig/network-scripts/ifcfg-ipsec1 óTYPE=IPSECONBOOT=yesIKE_METHOD=PSKSRCGW=192.168.1.254DSTGW=192.168.2.254SRCNET=192.168.1.0/24DSTNET=192.168.2.0/24DST=X.X.X.X

Q ÑêÂêÃR� ßR? øSDUTWV�XRYR7 (ONBOOT=yes) Û>ZR/ ½ê¾R*êÓêÔêÕêÍÜÎ ÏêË�ÌR[\(IKE_METHOD=PSK) ó�à!» A Ï 0]1^2 �S3_�S`ba ÏWc�Ï�õ ö!÷ Û'dWe!í à!» B Ïõ�ö ÷ (DSTGW=192.168.2.254) Û��Uf ¿hg õ ö ÷ Ûidhe í à » A Ï õ ö ÷ IP ëì (SRCGW=192.168.1.254) ókjb¿ Û 0 1I2 �l3Cm � `^a"ÏCcb»b¼ Ûnd e íMàb» B Ï »M¼Mîï (DSTNET=192.168.2.0/24) Ûo��f*¿�g*»*¼ (SRCNET=192.168.1.0/24) óqp�r Û 0�1�2 ��3�j��`Ca Ï'c IP ë�ì�ÛOd�e�í�à�» B �'�� Ï IP ë�ì (X.X.X.X) ó�sB ø þ Ñ » ¼ ½ ¾ ¿ è é Ö × Ïs* Ó Ô Õ Í ÎsEsF Û Mø /etc/sysconfig/network-scripts/keys-ipsecX � àg» A Ï X ø 0 Ûôòiàg» B ø 1 � Ût6iþÑ"»"¼)(u�v"Ö"×ñówD"þ"Ñ"»"¼2È Û Q Ñ�E�F�x'y"í�z)4�Ï!Û%ò'/�{�º root ½"¾�|�}�~��` Q ÑE�F óIKE_PSK=r3dh4tl1nux

� �� k�

keys-ipsecX �k�k��k�� root ��k��k��k��k��k��l ¢¡�£k¤�¥�¦k��k§�¨�©ª�«�¬�I®

chmod 600 /etc/sysconfig/network-scripts/keys-ipsec1

¯ ã*Å�°�±�X�²�³�´"Ö"×iÍ"ÎêÛ,µ�¶�·"ë�D*þ�; IPsec ¼ ù�÷�¸iÏ keys-ipsecX E�F Û�þ*Ñ*Í*Î�x�yí�z�4�Ï'}�~�½�Â�Ã�¹�º ó��B�ø�¾�D IPsec Â�Ã"Ï /etc/racoon/racoon.conf ß�?�E'F�ÛOµ�»�5�Å�E�F�¼�;�Ï include ½�Ð¾ {�Ä IPsec

æ"ç Â�Ã�X'}�m�¿�À�ÛtÁ�ø�ý�í�Å IPsec Â�Ã�ú�Â�Y�7�XC�Ã7�9':"Ï ó# Racoon IKE daemon configuration file.# See ’man racoon.conf’ for a description of the format and entries.

path include "/etc/racoon";path pre_shared_key "/etc/racoon/psk.txt";

Ä Ä Ä6 Å Å Å . Æ Æ Æ'ÇÇ Ç'ÈÈÈ�ÉÉÉ�ÊÊÊ�ËËË (VPN) 53

path certificate "/etc/racoon/certs";

sainfo anonymous{pfs_group 2;lifetime time 1 hour ;encryption_algorithm 3des, blowfish 448, rijndael ;authentication_algorithm hmac_sha1, hmac_md5 ;compression_algorithm deflate ;}include "/etc/racoon/X.X.X.X.conf"

Ì�Í�Î�Ï�Ð�Ñ�Ò�Ó Ê�Ë�Ô�Õ�Ö�×�ÖRØ,Ù�Ú�Û�Ü�Ý�Þ Î X.X.X.X.conf ( ß Ì�Ò�Ó IPsec Ëià�á�Ô IP â�ãä�åX.X.X.X æèçtß�é'êSØOë�ì�Ú'Û�í�î IPsec ï�ð'ñ�ò�óIô8ò�õ'ö�Ô]Øø÷�ù Ì�ú�û'ü�ý�þ ç

;remote X.X.X.X{

exchange_mode aggressive, main;my_identifier address;proposal {

encryption_algorithm 3des;hash_algorithm sha1;authentication_method pre_shared_key;dh_group 2 ;

}}

ÿ ñ�ò IPsecÏ�Ð�� Ø��ñ�� IP forwarding çqß Ì root �� ÿ shell �� Í Øoñ�� IP for-

warding �1. ß ü�ý /etc/sysctl.conf Ú'ÛSØ��×'Ö net.ipv4.ip_forward Î 1 ç2. �� Í��Ì�� ! ö�"#�

sysctl -p /etc/sysctl.conf$�% ñ�ò IPsecÏ'Ð Ø�&�ù Ì�'�( ñ�ò IPsec Ë)à á�) ÿ�*�+�, Ë)à á�- Ì root �� Í��

/sbin/ifup ipsec0

Ï�Ð�.�/ Ü�ñ��]Ø�0��1�Ê A 2 B 3�4�ù Ì�5�6�Ï�Ð ØOË�7�3�8<à9�� ifup IPsecÏ�Ð�:;�< Ô�=�>�?@�A�: ôÃò�B�C]Ø $�%�D �'Ê�Ë�Ô'Ë�7]ØOß�� Í��

/sbin/ip route list$�%FE�GIPsec

Ï�Ð Ø ß ÿ�H�, ù�I ä Ô�J�K�-ML Ù�N Î eth0 æ�� tcpdump OFP�? @ ØRQFS�T ÿ�UV LW)�Ê�ËYX'æZ�[<Ô�Ê�Ë�\]RØ��S^ þ�_`a�b 8�8ià IPsec c��d�e^çfN $ Ø $�% Sg�1�Ê AÔ IPsec

Ï�Ð�h�i Øøß�[j Í�� tcpdump -n -i eth0 host lana.example.com

\]Y�lkmn�É + ì AH opRØq0�� `�+ ì ESP \]Wç ESP o�m\] b 8�d�e�rtslçRN $ Lvu�wÐ å o �� Ô�x�y�æz�12:24:26.155529 lanb.example.com > lana.example.com: AH(spi=0x021c9834,seq=0x358): \lanb.example.com > lana.example.com: ESP(spi=0x00c887ad,seq=0x358) (DF) \(ipip-proto-4)

54 { { { 6 | | | . } } }�~~~�� (VPN)

�7 � .� � ��

��R ��¡��¢�£F¤��¥�¦�§�¨�©ª�«�¬��®�¤¯ �°±²³±´µ�¤�¶�·�¸¹�·�±º»��¼½¾¿À¶#Á�Â�ÃÄÅÂÆÇÈÉ�¤�Ê«ËÍÌRed Hat

Enterprise Linux ÎlÏÐÑYÒ �ÓÔÕ��¤�Ö×Ø�qÂ«²ÙÚÛÜÝÞ�ß�à��¥Ö��á�âãº»äå¤�´�µ�³�±FælçèÌétêìëíIPsec îðï�ñ 6 ò¡ólôõ�ö�÷ VPN

âãøùúØ��ûü�ý�º»��¦§�¤�þÿ��ÍÌ Ñ�Ò¤�� Ð� « ï��Ð�� ä�å¤�û�ü�ý�â�ã�ø�ùz�� PC¤��«�Ê�«�Ë#��¤�� Î ÿâãøùÍÌfûü�ýÂ¸��°�¤�� âãøùØ�qëí"! Cisco, Nokia

àSonicwall #�$ ¤û�ü�ý�%�& Ì ��ë�í

Checkpoint, McAfeeà

Symantec ÷ ��#��' Ð�( ��)�à��« �� +*-, ¤�.�ª�¶�/ û�ü�ý�â�ã�ø�ù Ìé ê0�� à�/� �û�ü�ý�¤�21�3��ú¡��û�ü�ý�§«�¤�ø®�' Ð �21z�q¸�4�5��"1�¤âã�øùzÌ76� 7-18�9�:+;=<��1=>�?¤�û�ü�ý�¸�¹�@BA¤�§�«�ø�®DCø ø ø�EEE F F F+GGG H H H�III J J J�IIINAT

º�»�K�L�M�N(NAT) O+P �º�»�¤

IP Q º�»�R�&�S��TU��V�ú��IPK�L�¸ P ��W% ��Ð ¤��X�Y�²[Z\��²¼#� ��]�²[Z ÑFÒ ²�¼ Ì

^`_ 4�º Î ¤�°�a�²�F#��Â¸�S�@�A��b�c�¤�c�d�e�fg�h��^ ��T�U Ñ�Ò ú�� IP

KL�¸ P ¤ Ñ�Ò °�a�à�i�j#�Â�¸�k�l�Û�Ü�Ý�Þ¤�Ö�§^ Â�¸�¾2! *=m U�n�o NATû�ü�ý

/ p=q a¤�r�s�t#��¸·�±�f+;=4�u�º�»¤�Ê�«�Ë´�µ

^ ��v�Ê�«�Ë�r�w��û�ü�ý��ú¤��xBi�j�yz� O�z Eû{�|�}¤Bg (�,�~

��¿��a

��¿��¤�û�ü�ý��µ��T�S�4�º P ú��¤��z��@�Â�¸��6��²��µ�à�3�Þ��#��Å��û�ü�ý�Ý�Þß � ¦�§�Â�h�¤B��²�¿�� Ì

Linuxþ�ÿ� Ð�� ®¤��¿��Ó�Ô�¥ î��¿

netfilterþ�ÿ Q Û�Ü ö Ì

^ � ¿ iptables �� Ö�×��®�²[Z��^ «�� ¤�Z��h��z�� (��Ð ¤�º�»�g (Y ï »2!-a�ä�å�¿��tê ��S��«��®�ä�å^ � ( �� ¿�¡�Þ�¢�ia�f�g��z��£�s��«� � ��¤��¥ ��¦ °#�§�=¨º�»¤��©�Ô O ��ª�«

^ z E�¿��ë�í�¡�Þû�ü�ý¤�� P=¬^ S�¨��®�ä�3�Þ��#��¿ z E�S��«��®�®ä�¿��^°¯�± ¤�º�»�²�³ O ��Ê�´�µ¶ ��¿��ª�·�¸=¹#�º�»�� Ï�Ð½¼ IP W�%+¾=U�¿À ��Q º�»�¸�¹ DMZ

º�»�y¡�Þ�¢i�a

¡�Þ�û�ü�ý��¿��4�º�«� � ��¤��¡�Þ�°�a�¬��¨��U�>�?¤ ��Ð ��#��@ O ��¡�Þ�¿�À�«�� Á9º�Â�º�» , ;-��X Ì ��¡�Þ�°�a O�Ã�Ä |�}¤�¥ �Ê�«�Ë�à P ��º�»�«�� °a+Ål¤��T�Æ�Ç�4 Ì

^ ½�È�Û�Ü�Ý�Þß�³�±�4�º��ú�¤��«��®�à�¨��¤�Ó�Ô^ Ð�É ¡�Þ�¢�i�a�Â�¸�«�µ©�«�¤��Ê#��Ë�´ ï ¿�À� �ÍÌ�Î�Ê�«�Ë�Â�¸��¿�À� ¤B«�µ�´�µ©�«¤��X�Ê#� ��Ï�r�Ð�º�Â�º�»#�Ñ O Â��À�Ò�Ó�]�Ï��¤Ô�Õ�«�Ö^ Â�¸�×�Ø�À�È�É�à�Ù�³�¡�Þ¢�i�a�i�jz��Ê�´�Â�¸�ª�Ú×�À�³�±�º�» Î ��¼¤�Ê�«

^ ¡�Þ�¢�i�a�¨©�à��«��® Ð n î ë�í HTTPàtelnet ÷�÷�ö ��U�Û· ï¨�� î ��5�¤�¡�Þ�¢i�a�Ü�Ý�Þ

TCPr�w ö^ ��«��®�i�j z E�S�¡�Þ¢�i�a¤�ß ��à g#� � ¸�á¤��«��®�¢�i�a�Ï�â�Ê�«

ãl��ä�®�¤�º�»��ø�®¡�Þ�¢�i�a�Â�Ô��å ( º�»æ�çz�� (��Ð ¤��X�à��Y�¾�¿��Ý q � ��«�� £�s�r��¥ � i�j

56 è è è 7 é é é . ê ê ê�ëë ëBììì

í í í�îîî7-1. ê ê ê�ëëë�ììì�ïïï�ððð

7.1. Netfilter ñ ñ ñ iptablesLinux òôóöõô÷ôøöù netfilter úüûôýôþöÿ��ôú�� netfilter ��

stateful �� stateless �2ú�� ! NAT " IP #�$�%�&(' Netfilter )�*+÷"ù,+.-��/10�2 ".�.�.��.3.465.7 �

mangle � IPí.8.9�: ú2ÿ�;<�>=.?.�.@�� iptables A.B.C�D.E.FG

Netfilter '

7.1.1. iptables H H H.IIInetfilter ú6�J��þ�ÿ1"1K1L1M1N1@1� iptables OJP6Q1R�úS�UT�ý1V1W1X1A1B1"JY�ú1Z6[ ipchains ú\1] ï1^(�U_1` iptables a1b netfilter 11�1E1�1c1�1��ú6�1�Sdfe1g1"Jh64(�U` ipchains a1b1ij ú6kJl6m1E1�1�1E1n1"po\ú6q�ú6�sr(�t�1!6u1v�ú6�6w1xy' iptables *�÷1+J-6z1{Sdf|1}1"1|1~1�r 012 ú6�1RSdf�1�1�1�1�1�1�1!1�1w1x1�1w (port forwarding) �1��U�1?1��û�ý1V1W1X�ú6OJP6E1�� 'T"ý��.�.�.��1� iptables ú2û2ý.�.��>��J� iptables ú��1�.� 9�: �>�.�.� Red HatEnterprise Linux �6�6�6�y'

7.2. � � �¡ iptablesa6b iptables ú�è�û6¢6£6¤6Ns¥6� iptables %6&S�¦?6� /¨§ Xs©6W6E6� �«ª

service iptables start

¬ ¬¬®¯±°³²³´³µ®¶³·³¸³¹³º¼»³½

ip6tables ¾³¿®À³Á³Â³Ã³Ä ´³µ iptables ¾³¿�Åservice ip6tables stopchkconfig ip6tables off

�6�s�66��ÆÈÇ6ÉsÊ6Ë6¥6� iptables �t=6ÌsÍsa6b chkconfig E6�sÎ6%6&�úsÏsÐ6�6Ñ6�6�y'chkconfig --level 345 iptables on

iptables ú \J],ÒJÓ,Ô ù1Õ��×ÖJÑØ�fÙ,��ú1ÖJÑJN chain �7û�ý chain ?J©JÚ�û�ýJ�J�JÛ Ò h14�ú1��S�¦b ] � §Sª

iptables -A chain -j target

-A Û1Ü1ÝJÞ�û�ý1kJl6ß�o³Z,à ÷1ásk6lsm�úsâ6~S� chain ¤1N�û�ý1kJl�ú6ã6ä6å�øæ' IPTables ç�ý1èé ú6ã1ä � )1ê1N1ë1ì1í1î1�1�Já6ï�û�ý1�1��ú6ã1äJ��ù INPUT, OUTPUT " FORWARD �UT1ð1ã1äN1ñJò6ó�úS�U=1ô�ÿ1õJö1Y6÷�' -j øúù 0Jû ©�ü�ý iptables kJl�þæ�U�6ÿ1ß �

jump ��ú6�1Ú1kJlæ'� Ú�ú�o��6��ý ACCEPT d DROP dU�s! REJECT '=J?J�Ja,b -N

0,û ��JãJä � )�ø�ù6a1b1vJÚ��ú1ã1äJ�æ'>� ��ú �granulate �1��J�+ú�

elaborate �sk1l6É ��6ã6ä6��÷6bæ'

� � �7 � � � . � � �� 57

7.2.1. � � � ��"!! !$### %%%$&&& ''' (( ()$*,+�-�.�/�0�)�1�2�3�0�4�5�6�7�8�9�:�;�)�<�.�/�=�>�?�@�A�8�B�C�D�E�F�G�0�2�HJI iptablesA�8�4�5LK -P M 9�.�/�N�O�0�F�GQPSR�T�U�V�W�X�Y�0�Z�[�\�]�^�_�`�a�b�c�d�e (DROP) -�T�0�f�g9�:�;�)�<�4�5JIih�@�j�k,l�<�m�n�o�0�p�C�f�gqP�r�s�0�F�G�t�a�u�v�w�)�<�x�y{z,|�}�~�-�T�� {�,0�f�gQP

iptables -P INPUT DROPiptables -P OUTPUT DROP

�� E��JIi��.��0��f�g — �� 0��0�x�y�f�g — Ii7��$�,��08�� w�x�¡�x�y$¢£P¥¤�¦�¤ ��§ I�¨�A�8�r�s�0�F�Gª©

iptables -P FORWARD DROP

w�O�C�«{4�5�¬��®¯I°¨{±��p{C{0�x�y � U�V�W�²�³{.�/�´{0�F�GJI°r�s{0��µ�s ��:{��¦�.�/��0 iptables ��¶ I��l�a�·�;�0�)�1�F�G¸P

7.2.2. ¹ ¹ ¹ ººº »» »½¼¼¼�¾¾¾ iptables ¿ ¿ ¿ À ÀÀ�� F�G�j�w�Á�Â$*,Ã ¶�Ä T�ÅJIiÆ�¤�Z�[�Ç�´$*ÈÃJIiF�G�t�aÊÉ�Ë�Ì ��Í @�Ç�OªIi¤�¦�Î�Ï�F�GÐI7�Ñ��t�9�A�8ªI�¨�A�8�r�s�0�Ò�ÓÐ©

/sbin/service iptables save

Ô 1�F�G�t�a�Î�Ï�w /etc/sysconfig/iptables Õ�Ö ¢QIi×�®�w�Ø�Ù�Ú�Ë�Û�Ç�´�Ú�Ë�®�Ü�8ÐIi��gÝ Ã�}�Ç�´�*ÞÃ�®QP

7.3. ß ß ßáàà àãâââ iptables ä ä äáåååt�æ��0�ç�è�B�é � w�ê�ë�x�y�E��ì�x�y�U�V�W�0�)�<�í�:�Ç�¦�0�¦�îÐIi¦�ï�ð�ñ�ò�0 �� F�G�9ó�ô ê�ë�x�y�0�õ�ö�W�÷�ø�ù��æ��A�8�B�0�ç�èqP�×�h�¤�ú�A�8�N�O�0�4�5�9�u�é�-�T�0��ªûi�$�7�ü��0�f�gJIit�A�ý �� z,|�} � �,��0�ê�x�A�8�B�þ�ÿ�� Û � ��_��qP�¤�¦$kÞl�A�8�B�� x�y�í��,0��ÐI Í @�A�8�x�y��0� �8��ÐI Z�[�\�]�^��*ÞÚ��1��7��_��A�8QPn�¤ªI�¦�kÞl �� ~�0�� 80 I�¨��r�s�0,F�Gª©

iptables -A INPUT -p tcp -m tcp --sport 80 -j ACCEPTiptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT

Ô <"F G t"aÊk{l"9 ÉÞï"ð�� 80 0 x�� )�� 0 x �"! # I ¤"¦Êk{l"Ï�$"U"V 0 x��K ¤ https://www.example.com/ M I��*ÞÚ�� 443 P

iptables -A INPUT -p tcp -m tcp --sport 443 -j ACCEPTiptables -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT

% %%'&&&(*)+&*,+-+.*/

iptables 0+1*2436587*94:*;*<+=*>+?+@ %4&4ACBED4F*G+H 5JI4K .4/*L+M4N*O4P+Q+GSRUTV'W192.168.100.0/24 X'Y*Z A\[*]'^*_'` (DROP) 5ba*c'd L'M'e+f\g (-A) h\i G�R 192.168.100.13

A'[]kj d*Y+Z+?*l+m [+]+n*o+_4`+A+p+q X4Y+Zsr'tu58v+w+x f'gyA 041 n+z+o+{4|CB})4~+�*�4O+.+/ 0y1'�yhi 192.168.100.13 5�a'c e m\�*X\Y\Z �'O\.'/\_'` (DROP)

A 0*1 BK &\�\.\/+��'A\L'M 0*14r�� q*�*� 0'1�5J7'�'� -I �'�C5�c*� e'f�g\)*�'&\�+�'� 0'1 A'L'M 5b�'� )*�\&d\0'1��\�'l\� A 0'1\�\� (1,2,3,...,n) 5 F KC�

58 � � � 7 � � � . � � ��

iptables -I INPUT 1 -i lo -p all -j ACCEPT

\¡'¢�£\¤'¥'¦INPUT §'¨'©�ª\«\¬ ¡'¢C�®*¯�°\±\² © loopback ³\´\µ\¶¸·

¹Sº�»�¼�½�¾�¿�À�Á�Â�Ã�Ä�Å�Æ�Ç�È�À�ÂÊÉË¼�Ì�Í�Î�Ï�Ð�ÑSSH Ò CIPE Ó�Ô�ÕSÖ�×�Ø�Ù�Ú�ÛSÜ�ÝSÖ ÅÆ�Þ�ß�à�À�Â Ö�×�Øâáäã�å Î�Ï PPP æ�çSè�éëê Ð�Ñ�ì�í�î�ï�ðSñ�ò Ö ISP ó�ôSõ�Ö�ö�÷�ø�ùSú ÉËÌ�ÍÎSÏSûSüýÇSÈ ÙSÔSÕýþSÿSÛý�S�S�� É�� æ ìSíSî�ÞSß Ö�� üSÞ�ß�� S�� / �� Í��

Ö á�� É ã�å�� ¹��Þ�ß Ö Å�Æ�Î�Ï�� ÉË¼�Ì�Í�� iptables ü�� Ù � Å�Æ SSH Ò CIPEÏ!�Æ

Ö Þ�ß á#" Ð Ù�$ É}Ñ�¾&%('�Å�Æ Ö SSHÇ�È É}Ì�Í�Î�Ï�)�* Ö�+�,.-

iptables -A INPUT -p tcp --dport 22 -j ACCEPTiptables -A OUTPUT -p udp --sport 22 -j ACCEPT

/�¹01ý¼Sð'S½S¾ýÏ Ù �2 +&,SÖ�×SØ É4356 Red Hat Enterprise Linux5678:9;SÍýÈ<�=

å iptables >�?�@�Ö�è�A Í�B�C Ö 'ED(F�G�H áI�J +, %K' Ù�L�å�M�N î �SÖ�O�P Ç�ÈÊÉËÐ�Ñ�Þ�à�ÂQ�Â�Ã�ð �� / �K��SÖ 9 NSR�T PC á�� ÉI�J +�,�U�V %(' �� / �S��W�X�Ö�Y�Z Ç�È�I�J ×�Ø á ¾�[�À�Á�Â�Ã�Ç�È�I�J ×�Ø É}¼�Ì�Í�Î�Ï�\¹iptables ]�^�+�,�Ö NAT á

7.4. FORWARD _ _ _ NAT ` ` `baaañ�cd�e�f��g�h�¿

ISP i�j d�à�ì�ò�¹k Ö IP l�mâáonså I�pk�qÊÉ ø�ù ��r�s�t�u�0�1�v�w É V ½x�¹�k Ö IP l�m dzy�{�|�¹�} É�~�h�[�À�Á�Â�Ã�� Öz� p Y�Z Þ��Â�Q�Â�Ã á Î�Ï��¹ IP l�m ��Ö v�wÊÉ�[�À�Â�� Ö�Y�Z Þ�üE�Kc Ò Ä�c�Â�Ã á�l�å��*Ö Ã nS� ê Ð�Ñ ��Sõ�� ü��Â�Q�Â�Ã Ö |¹��ÊÉ��à�À�Â��S�� Ö��âá ¹Sº�»�I�F�� ×�Ø�� É}Ð�Ñ�¹�J��h�� æ �KcIP l�m É�[�Å�Æ�� Ö�� ¡�Ù�¢�£ À�Â�� Ö�� 9�¤ á ¾ �z¥ I�F�� É iptables ¦�§©¨ Ã nÒ ��ª�« É}Í ��¥ Â�Ã è�é�Ö��¬ ��Î�Ï áFORWARD

ª�«&%S' ö�÷�ø�ù�úz q�®�¯��À�Â&�Sc Ö �� É}Ð�Ñ�¾&%S'�°�p�À�Â Ö ®�¯�� ê �� / �S�� eht1

� � ¹�9�p&�Sc Ö IP l�m�õ ÉEÌ�Í��)�* Ö�+�,.-iptables -A FORWARD -i eth1 -j ACCEPTiptables -A FORWARD -o eth1 -j ACCEPT

I +E, ÌýÍ&[ ��S� / ��&W�X�Öýöý÷ Ç�È��cýÂýÃ á±�� x M pSÀ�ÁýÂSÃ YZ � Ö ®�¯kÉ³²] eth1 ´�µ É¶��à¸· Ö�þ�Y�Z�� á

¹ ¹¹»ººº½¼¼¼¾(¿(À(Á(Â

Red Hat Enterprise Linux Ã(Äs© IPv4 Å(Æ(Ç(È IP É(Ês©ÌË(Í ÏÎy£(Ð(ÑSÒÌÓ(Ô Red HatEnterprise Linux © ²ÖÕ ÈÖ×½ØÖÙ»ÚÜÛ'©ÖÝÖÞÖßáà Õ ·ãâÖäÖå»È IP ÉÖÊ æ¹ÖÓÖÔ Â½çÖèÖéëêsysctl -w net.ipv4.ip_forward=1

ì â Î ¬ è©éîí�ï shell ð©ñîò�ó Â Ó�Ô Üô�õ ï©ö©÷îø ²©ù ¿ Û £�ú©û©ük±ýîÐ�®©þ à&ÿ�/etc/sysctl.conf ��Ö×�� ¿ ÛÖÉÖÊ · ¹�� ÿ � Â½ç Î « Ô�æ¹*® 1 �� 0 ê

net.ipv4.ip_forward = 0

ÓÖÔ ÂÖç © èÖé ×�� sysctl.conf ��'©�� ü êsysctl -p /etc/sysctl.conf

� � �7 � � � . � � �� 59

� �� "!$# IP %'&�( )�*'+ �-,'.0/21'3�4'5'67!8�-9�:';'<-='>@?BA'C'D�E�F'G�6 H86'IJ �-K'L'M'N'#�=�>PORQ�4�S-T'U�V IP ��K�L'G'N'#'W X86�I�Y�Z@/\[�]'^��8�'_ IP `'acb IPmasquerading de/gf�hji�5k6-!l#nmk=��k%�&o/gpkqn��k�n��N�# IP %�&rbts�un_ eth0 dwviptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

x y{z S T NAT , .{|'} ~�b -t nat d0/��-�'� ^{� �'� N # 6 I a ��b -o eth0 d � NAT !�POSTROUTING �-��b -A POSTROUTING deO POSTROUTING �8�8,-.8�{�kN8#-a8��P/��-�,�.8!l��O -j MASQUERADE �n��1�3��U�V�� IP %�&w/g3n��k� / �l��kN�#�%�&k`�a��h�O�n�n�n� QnW��n!�#�6nI-�l�k�' ¢¡�£n�w/ � 1n3�S�T -j DNAT �$�o/¤]n^ NAT � PREROUTING ��¥/¤�n^n¡n£n�$��%n&nGnYn(n¦n§¥/¤4nNnhn,�.n1n3k*n+n¨�©nª$�k%n�n«�OB¬�unhnw/ �n��n� Q�fnNhn��®�V HTTP ,�.o/g*k+�¨�%�&n_ 172.31.0.23 �k¯�° Apache HTTP ¡�£��¡�£k�o/¤±k²�[k³�´�3�µ��¶wviptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT \

--to 172.31.0.23:80

x�y�z 1�3�4 NAT ~kS�T-! � � PREROUTING �k�o/g��N�h�� HTTP ,�.n·k*k+�¨ 172.31.0.23 «�O

¸¸¸�¹¹¹�ººº»�¼�½�¾

FORWARD ¿�À�Á�Â7ÃÅÄ�Æ�Ç ¾ DROP È�ÉjÃËÊ ½�Ì�Í¢ÎÐÏ�Ñ�Ò�Ó�Ô ÃËÕ�Ö�×�Ø ¾ HTTP¸�Ù ÃÅÚ�ÛÜ�Ý�Þ�ß

NAT à�á�â�Ö�ãkä ¾�å�æ"çéè�ê�ë Ú�ì Ý Ã ¸ ê�ë�í�î�ï�ð7ñ

iptables -A FORWARD -i eth0 -p tcp --dport 80 -d 172.31.0.23 -j ACCEPT

Ú Ó�Ô�ò�í�ó ×�Ø ¾ HTTP¸�Ù�ô�õ�ö�÷�ø ÃÅù�ú�ã ö�÷�ø�û�ü ¾ Apache HTTP ý�þ�ÿ�ý�þ�ÿ æ{ç

7.4.1. DMZs � � � iptables� 1k3�]�^ iptables ynz h��+��¨��o/gu �� #�l^n� HTTP � FTP ¡�£��o/� ��D #%��8!l#�6�I��Nn��k5��rb DMZ / demilitarized zone d —

�� ¯n_kW$X�6�Irb u � 6nHk6�Ind�� £��n��6�I�O\¬ku�h�o/ � Q�]�^ �� y�z h��k+�®�V�N�hn� HTTP Q��¨ #� �V 10.0.4.2IP %8&$G$Y$($¦8§ 80 � HTTP ¡$£$� b 586 192.168.1.0/24 !#"��nN8dP/ 6$I$%$&8*%$ (NAT) �8�%&' ��

PREROUTING ~�(kh�*�+�,�.k¨�)�*n�,+��-oviptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT \

--to-destination 10.0.4.2:80

.0/ x � ��¶o/ ®�V�hji�5k6�N�¨�Y�(k¦�§ 80 � HTTP Y�Z�1��*�+k¨�G�2��-!¢#�6�I�5�3��k6�I�� HTTP ¡n£n� O x � 6nIn5%3n��4�5�1n3�6�798�:<; HTTP YnZn¨n6nI'� #��n�nCkQ�=�> O@? � ]^ HTTP ¡�£k��(�A�=�>��kY�Zo/¤±�² ��B�C *k+�Y�(�¦�§ 443 O

7.5. D D DFEE EFGGGFHHHJIII IP K K KFLLL1n3 ��M�N�O�P � y$z h�Q�R$|�5n6'�<�n^��6nI��S�T��^n9n:n��U�Vo/ � � 1n3�W�Rn��n1�Xn��£� b ��Y%Z�[ 5]\_^�`kG�2�a�T%b�c / ¡n£�c$��d�end�G�a�fn��¡k£��n=�>�O\u � /gV�;#gih Y�Z�[ 5��j�k 6�I��l�kYk(�¦�§ 31337 ¨ 31340 b ��l�mn��n�o�pn_ O�q b elite dwY�(�¦�d��k£��o/sr�_�t�V�uv ©�*$��£��n��w�x x ��y�znYn(n¦�{n´n=�> O}|�3 x ��YnZn��1nV�~�-%��n6nI-�l1��A��n��9:�G�a�f��cn��¡�£��{k´�� M �kYkZ�=�> Oiptables -A OUTPUT -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP

60 � � � 7 � � � . � � ��

iptables -A FORWARD -o eth0 -p tcp --dport 31337 --sport 31337 -j DROP

�%�%�%��%��9��9��<�%�IP �%�%�� %�% %�9¡%¢%£%¤9¥%¦%§%¨%©«ªs¬�%§%®¯ª_°%±��¥�¡�£%²³

192.168.1.0/24 �� ª´��µ�¶�·�¸�¹�º�»�¨�¼�£�½�£�¤�¥�£�¤�¾�¿�ÀÂÁÃ±eth0 Ä ª´��Å�Æ (DROP) Ç��¡�£

IP ��ÉÈ IP �� ¥�Ê�Ë�Ì�ÍÏÎÑÐÉÒ�Ó�Ô��Õ�Ö�×�Ø�¥�Ì�Í�§�Ù�Ú�·�¸�Û�µ�¥�Ü�Ý]ª�Ê�Ë�Þ�¦�ß¾�¿(eth0)

¥�à�á��#�i¥IP ��â�ã�äæåèç�é Õ�ÖÏÎ

iptables -A FORWARD -s 192.168.1.0/24 -i eth0 -j DROP

ê êêìëëëîíííïñðñòñóîôîõñö¯÷

appended øîùìúñûýü REJECT þ DROP ÿ�� ö� REJECT ÿ�� ! connection refused " ö$#�%�&�'�(�)�*�+�,�-�.�/ìöñòîó�0 ü21 DROP ÷43�5�6�7�8 ø$� �9�:�;�< ü=1�> (�?ìòîó�0�@�A ö�B�CD&�'EGF�H�I�J�K�L�MONQP�R�SD3�A òîó�TDU ÿQ� üWV�1YX[Z *�\D]�^X òñó�0�_ >�`�a�b�cýü21�>�d�e�f�g +�, ü2h�i ðîòñó REJECT

7.6. iptables j j jlkkknmmmloo olpppiptables

ÍOq%¥srOt��OuOvOwOxOyOzO{}|�~��s��Ö��Éß�£�¤}��s�O��¥�¨�¼O�s�¯ª��O�s��¨¼O�O� Á

connection tracking Ä Î ¨�¼O�O� ä�ã ¨�©O�O�O��·O�O�� ª�uOxOyOz��O�O��O�%¥�¨�©O ¡]ª£¢�¤s¥�Õ�Ö}�s¦�§

• ¨�©«ª NEW ¬ — ¸�Ì�Ís®s¯�°�±s²�¥�¨�©]ª´�± HTTP®s¯ÏÎ

• ³µ´�¶«ª ESTABLISHED ¬ — ·s¸s ¸s¹��¨�©�¥�Ì�ÍÏÎ• º¼»�©½ª RELATED ¬ — ·O¸ ¹��¨�©%¥�Ì�Í¯ª�®O¯�°[±�·�¸O²%¥�¨�©¯ª �± é�çO¾ FTP

¥�¨�©¯ª à¨�¼s¿�Ò

20 À�ÁOÂ}Ã}ÄsÅ ¿�º}Æ 1024��À]ªÈÇ�² ³ ¥�¨�¼s¿ Î

• É�ÊD©Ëª INVALID ¬ —»�¨}Ìs�s�s��Í ªÈÎ ·s¸ Ê�Ë�¨�©�¥�Ì�ÍÏÎ��sÏ�Þ�Ê�Ë�£�¤sÐsÑsÒ�¶]ªÈÓsÔ

iptables¥}ÕsÖs s¡ Á

stateful ÄØ×sÙÚÀÜÛ ²}ÝsÐsÑsÒ�¶}ÞsßsÆsà O¡ Ástateless Ä ¥ Á �±

UDP Ä ÎÜáO�OÆ�² ³ ÖÌO�O�¯ª�âsãOä ¸�ÖÌ��å�¥�Ì�Í¯ª ×�Ø�æ[ç%¥�è Î

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ALLOW

7.7. ip6tablesé ¸ ²�·Oê%¥�£%½�£�¤OÐOÑOÒ�¶ Áìë%ÒIPv6 Ä ¥Oísî¯ª�ïsðOñóò IPv4 (

¥IP).32 �Oô�� ¥O�s�JÎ IPv6õsö

128 �sô ¥ �� ª@Ð�÷sø ³ IPv6¥}ù}ú�£�¤ ã ��sûsü�ý IPv4 þOÿ�� ¥ IP �� Î� é<² ³

Netfilter 6è vOw��

ip6tables �� ª Red Hat Enterprise Linux � õOö IPv6 �� ¹%º]ª² ³ip6tables

¥ � ·��sÆs± ç IP6Tables�s�]ª´��² ³ ��¥ �� §sÕ}��§

service ip6tables start

7 � � � . � � �� 61

� ��

iptables �� !�"�#�$ ip6tables �� &%service iptables stopchkconfig iptables off

'(�)ip6tables *�+,-.0/21�3�456�798;: )< chkconfig =>?�@*+�A�B�CDEFGIH

chkconfig --level 345 ip6tables on

J�K�L�MON 8QP�AR�S�T iptables U�V�W�XY8QZ\[ ip6tables ]�^ 128 _�`OA_�a�bcHed ' 8gf�hi )�<jk A�lm�=6 < SSH 8 in < IPv6 o�pqrsutip6tables -A INPUT -i eth0 -p tcp -s 3ffe:ffff:100::1/128 --dport 22 -j ACCEPT

'vxw , IPv6 pqr�s�A�>zy|{�}98;:~��_, http://www.ipv6.org/ p��A IPv6 Information Page H

7.8. � � �� J @��y w ,O��T Linux Netfilter ��-�.OA�{}��Y8 '�v >�y�{}Y8g:�~�� j�kA{��H

7.8.1. � � �� z��x��z��

• Red Hat Enterprise Linux ~� �¡£¢¥¤� w , iptables ¦ L UV�§¨�A��©u8;ª«\[�¬��® k¯�° A�±²�H• iptables A man page �¤��zy ¯�° A�¦ L�³ ( A�´ ( H•J�µ�¶

C T /etc/services ¢2h i· �¸¹A�*+�ºO» i¼ P�½�A�r¾�¿À�H

7.8.2. Á Á Á�ÂÂÂÃ�� 0ÄÄÄ�ÅÅÅ

• http://www.netfilter.org/ — Netfilter T iptables ÆÇA�È M p�IH• http://www.tldp.org/ — ¤� w ,��ÉÊT�ËÌ�A��zy¥� < ¡�A Linux Í0Î|Ï�ÐÆÇp��H• http://www.iana.org/assignments/port-numbers — Ñ Internet Assigned Numbers Authority ¬�Ò�Óo�Ô¡�T�¸¹�*+�r¾¿À�A�È M ºO»ÕH

7.8.3. Ö Ö Ö�×××x�� 0� ��x� ��z��

• Red Hat Linux Firewalls 8eØ�ÙÚt Bill McCarty 8ÜÛOÝ�ÞÚt Red Hat Press —'�ß fzà�á )�<�â'

Netfilter T iptables D�/�ã0ä�åOæxA�çxªOèOéOêOëì8QÉOÊOpOqxTx�O��£8îíOïOªxð�ñxòxA�~O�ózô0õ f0öz÷�A ¯zø H ó ¢�ªz«&[|ù0ú0�z�O�zû ¶ìü l0ýz�0�O�zþxÿ ü i0¼ )0< �� d'lokkit �=�� 5±D�H

• Ñ Robert Ziegler ��Y8 New Riders Press. ��COA Linux Firewalls ¦ ó — ��¢|¤�� )�< 2.2 Ý��A ipchains i¼ Netfilter T iptables =ÉÊ��A�U w {�}98;��\[�d '�� T� !�"�# -.D�$bA�%�&�'�( � H

62 ) ) ) 7 * * * . + + +�,, ,.---

III./ / /1000122 24333655 587771999

:�;�<�=�>�?A@CB�D�E�F�G�HJI�K�L�M�N�OJI�P�;�Q�RTSVU�W�X�Y�Z�[�\�]�^�I�_�`badc�e�f�LJg�h�ijAkml�n�]�^�I.o�p�q�r�sutAv�@wB�x�E�c�e�M�X�Y�I�y.z{S

|| |~}} }�� 8 � � � .D D D�EE E��

............................................................................................................................... 65

�8 � .� � ��

��J��J�� ¡�¢�£�¤¦¥d§�¨�©�ª�«�¬J.®�¯�°��±�²�³µ´C¶·¥¹¸»º�«�¼��½�¾�¿�À�Á�¢�ÂÃ�Ä�Å�Æ�Ç�È ¯�°�±�²�«JÉ�ÊJ�®T³VËÍÌwÎ�«�¬�Ï�Ð Ç ¾�Ñ�Ò�Ó�Ô�Õ�Ô�Ë��Öw×�Î¦¥ÙØJÚ�Û�Ü�«�Ï�Ð Ç¾�Ô�ËJ��Ý�Þ¦¥dßJà�á�â�ã�Ô�ËÍäw«�¬�½�¾�å�¬Jæ�ç��è�é�ê�ëJ��ìT³í�®�î�ï�±�²�«�¬�¼�ð�ñ�ò�ó�¯°��.ô�õ�ö�÷{³ ø�Ø·¥úù�û�Â Ã ��ü�ý�þ�ÿ��w��b¥�� • �� ¢��ù�û�Â Ã�� ³• !�"�# ã�$�å�%�&�¢�'�(�)�*�¢�+�,�� {³• �� - Ô�Ë�.�¼�/�0 Ç�1�2�3 ñ�4�¿�� ³ÌwÊ��5�±�²�¢�Â Ã ��£�6�7¦¥d� Ç ¾�8:9��¡�;�<�=�7�>J��?�@¦¥ú�J÷�óJ��A�ã�±�²�B�Ó��C��¡�D 3 ;�EGFIHJ��³KJ�ø�L�M�«�¬�N�ã -�O�P ��Q�½�¾J��R�TS�U Ä�V�W � �� ¥X�Y�� ÇGZ ù�û��C �� ;�EGFIHJ��³Vù�[��;A´.÷��Q�½�¾J��\�]�^�[�_�S�U Ä�` ��X�a�å�b�c�¢�d�e¦¥ ��Q�½�¾�f�Xg�hiZ X��³8.1. j j j�kk k�lllnmmm�oooqppp�rr r�sss�tttu � ó ��v�w ]�^�x��Ô�Ë¦¥�y�¶J��Ô�Ë�D 3�Ä ;�ÌTz��±�²·��{�¼�À�é·��|�)�Î � Ô�Ë��}�Îb� ÚÛ�Ü�¢J�®�î�ï�±�²�~�~�A��ü¦¥�� - ù�û�A�ãJ��¡ Ä�Ç�1 '�(�/��T³ ÌmÊ�=��¢�Ô�Ë��J��>��¿¦¥d±�²��¢�À�é��;�E�H��JÉ�� ³Vß�]�^��ã��X��C±�²J��8:9�ä�¥�y�� -� ^�Ô�Ë Ç�1�� À�é�%��¢�'�(·¥Ùù�;�]��<�=�7�>��?�@�³��Ç�1 À�é�'�(J��z�¢�� Ã �J� `�� ¥� �ø Å�Æ ��É�X�¡��?��¢�£·¥dØ�¤�ü�±�²�¥J�®b� �ì�¦�§�¬�¨�)�*�¥Aä©a�³y��ªJæ�½�¾�¿�Â Ã ¢�«�Ð�¬�¼�ð Ç ��±�²·�dÔ�Ë�¢��ì¦¥¬�¬�§�¨J��®��¯�®�°¦¥f�±�²�³�´:µ�¬�¶· ±�²J��½�¾�¿G¸I_T³K¹ - ó»º©¼C��±�²�¢�Ô�ËJ��¡�½�ö�¾�Ú��½�¾:³�´�î�ï � «�Bi¿IÀ�ß��¸I_·¥�.Á L�M�«�¬�ß�§�¨��® � º�Â ��Ã�Ä ³]:^J½J¾�³�´��îJïi; - ÔJËJ¢�±J² Ç ¾��:]iÅGÆ�Ç:Èi+ ¥ îJï�� :É:� «:ÊiËR¿:Ì.ÊJó�ÔJË��¤Jç¿·� �� ¿�¢�«�¼�¿ÎÍÏy�Ð

1.1.4 Ñ äTA Ã�Ò ��Ó�³KÔ�Õ�Ö¦¥d½�¾:³�´J��î�ï�¬�]�^�î�×:Ø�ÙGÚIÛ¦¥�½ö�Ü�Ý ¸ßÞ�±�²�¢J��¡J��à��J��ìT³Vù�^:Ø�Ù �:á�â ½J�±�²�ã�ä�Ø�Ù¦¥úÊ ¸åÞ�±�²�Ö�æ�ç�å�±�²�A�ãèTéJ��½�¾�¿:³�´T³Kê�ð � ½J�ëIì:Ø�Ù¦¥ � A�ãJ��¢�í Ä�î�ï ÷ O � äu¢�ð�ñ:ò�ó�� ï:ô ¥�õ�ö�÷�ø¿Tù�½�½�¾�¿úÍüû�ý�ð�½�¾�³�´�A�«��þ�ð ��ÿ ó�Ó��è Æ ³u yJó ��i- ó��:C:½Jö:]:^J½�¾i³�´��î�ï ¥ ó �:g ±:²:\:]:^��.¬�� M:;�� è 2 Ì��f #��Ö¦¥dó�þ g ±�²�\�]�^��·¥�� Ç � MRè� �¾�Ì�If # ��è � Ö�³ ��þ��¼�Ê�±�²·� Ô�Ë�¢�� ì�Ö¦¥dô�õJ��.�¼��; - óJ��ìJ��¢��T³K¬ Z õ��MJ��·��®��¢�£�¤¦¥úø�ö�ó�Â�«¬�E ! å�´T{��M��£�z�³8.2. � � � �� !!! """ ###%$$$ && &½�¾:³�´�î�ï�«�¬' î ÷�(�^ ï � �*)+-,�./ÎÍ

Outside looking inÓT¢ º ÆIÇ�±�}ÎÍ

inside lookingaround

Ó{³=�ó)+�ßJ�0�ñ�½�ö:³�´�î�ïJ�·¥dþ�~�Ê�;��)�+1J�®»º©¼w��±�²�³32�µ�8:9��+�4 g5 ó�)�§¨��0�ñ�/:?:@ ³íó�/JÓ��6:;�§J¨�A�/�Ó��

— 7 Ú�� IPÖ.×�8�9 �

DMZ : U ä.��±J² � ÚJÛ�Ü:Ö��+�Ç;�4�~�~T³DMZ

;=<?>�@�? :�A Ídemilitarized zone

¥�ûB=< ä�C :�A Ó��DE¦¥�F Á ;;�ÊÆIÇ�Ô�ËÎÍHG�y�x��J��â�ã : U�Ô�Ë:Ó�¢+�Ç�Ô�ËÎÍIG�y�Ô�Õ�Ô�Ë�Ó � �C� ��J û�� Ô�ËT³K]�K�ðL ¥

DMZ:� � ` �JÑJÒJÔ�Õ�ÔJË��|i)JÎ ¥MG:y�ÔON�|�)JÎ Í

HTTPÓ·�

FTP|:)�Î¦�QP��i|:)�Î

ÍSMTP

Ó �d¬�¨DNS

|�)�Î�~�~�³

66 R R R 8 S S S . T T T�UUUVVV�WW W�XXX�YYY

Z[]\_^�`abc TUdef�gih3jlk [-m�n�o�p�q�rs^ h otu�vwx�y�z�{|} h3j�~��s��Q��u�v�[��q�r g�h*�� z��*��l��l��M�l��*�� ¡��¢£��¤�¥ T�U�VW�X�Y�¦�§�¨�©�ª z«�¬ h p�o�®�¯O^l`°�±²�[³�´�zµ�¶ — � y�·Oz¸�¹�º»�¼½¾�3¿]À ª `�«z�®�¯sÁ h�ÂÃ ��¥ÄÅ�ÆÇÈ TUd �°��É}�Ê�Ë�Ì�¹¾�3®�¯O^�`z�Í U�ÎÏÐ�Z�ÑÓÒÕÔ�`-Ö�×�z�Ø�ÙÚ�Û�Ü�}�Ý�Þ�zß�à�á�â��^l`��¢�z�ã�ä�å�æ�ç�ç�è¾�êé�ë�ì h Z�[�íî"inside looking around" gih [ï�ßà �ð-ñ z��¢ h3jlkª `�«z�qr»ß�Ì®¯zO^�`��3òó [°]\õô�Ço®�¯�¹` h [�z�ö÷°�ø�ì�ù k�ú wxyz��3Ì�¹`[�ûüz�ßà�z�qr��¢�° �ýþ ¨ ¶ÿ��Ì TU�V�WXY �� Y�� ×lz�Ð��p h ��° TUV�WX�Y Z� �� Y� z R ò�� h��XY�� z��° � ÛÜ Y� Á h�Ã�� XY ° � a�� TUd�� Ìz V�W�h �� Y�� ì° ��!�" û�# $z��¢��ßà�%�&�z�é�'�(�)vò��*÷�z�åæ h �� + ì�z T�U u»�v�*÷z��-,îò � XY °ï�.�/�0ò�� 1�2��3 *�4�5��6

(false positives) 7�8 *�4 5��6 (false negatives)�

T�U�d z�{�|:9�;v��¡�<�û�Û�Ü�z�=�>��¡�<�Í ¨ z�?�@�ò�A:B h ��Û�ÜDCFEû ¨ ï�Ü�z X�Y => hHG [�z�qrì�,î�I�< h °ï�KJ�[Í�ä � 0L$ò�M�3�*�4�5��6��ON�{v j�k åÅ�4�5�P�ÛÜ}�z�4�5 hHQ�R ° � vÐs�lz��3��M�=�>u�S � #�$ �� ì�NßÌz V�W ÒT3�*�4�5 ��6�èVUM��M�=�>u�S N � #�$ �� ì�W � ß�Ìz V�W Ò 8 *�4 5 ��6�èÿ�$Ì�X�<-m�nÈ�Y[Z TU�V�WXY �� Y� z�Ns��p��O\�Åíî�� Y� h�G k^] Ä�_�E hH`�a ab�� M�Ð��pÿ�

b bbdcccegfghgigjFkglnmdogpgqsrutgvdwgxgygzg{F|g}dogjFkn~F�n{d�d�g�g�F�g�g�F�g��

��z ��l��0L,�î T�UVlW�X�Y z�ò M�Bp£�

• � ù�3 *�� T�U z��•Ì�� #�$��E h�� 0��Ìz^��

• ð�] q�r h�� q�r�Í��Ì�� ] ö�÷• � í�ù ��¡�¢�£�9 ��¤�¥�ü�z #�¦• §�¨�© ª�« ��¬ �z�®�®^¯ °

8.2.1. ± ± ±K²²²K³³ ³�´´´KµµµK¶¶¶K···k Z¸¡�¢ TU�V�WXY =�>�z�¹�º hH»�¼ ò�� TU�VlWXY z�Ä�_�½v ©�¨�¾ ¢�z�� © N�¿z h CgE�À¨ y�·�Á�Â�È�Y Bz P�¤�Ã�ã�ïz�Ä�_ ½�Ä�Å h Ã�� ò�Æ�þ^@��ÈÇÉBz � ��ï��Z �ò ��Ê^Ë�z Ì�Í �Î�Ïv�X�<�zsCgÄÑÐÒX�<v�2�Ó�Ô�ò`��¼v�2 Ó�Ô�Õ��%�&��%�&-Á�z�û ¨ ��¢ÑÐÖX�<v�×®�¯zO^�`�P¹`ÑÐõ��M�ØÚÙ�z�Û�v ©�Ü 2�z h j�k I <�ï��¡�¢�[�Ý�È�2 ¹�º�Þ M�=�>��ß�Ô�·Û�Ü��M�=�>zlÄ�_��Ô�à:á� »�¼ Ä _�½z�� h ��â��z % ã��

• http://www.isecom.org/projects/osstmm.htm — äKåçæ[èsé T U d Ys ÄÈ_s½Èêsë (The OpenSource Security Testing Methodology Manual) (OSSTMM)

• http://www.owasp.org/ — ä�å�æ^è�é %�ì í�Ü�å�Å T�U�d �� (The Open Web Application SecurityProject)

î î î8 ï ï ï . ð ð ð�ññ ñ�òòò óóó�ôôô�õõõ 67

8.3. ö ö öD÷÷ ÷DøøøDùùùDúúúüûûûô�õ�ý�þ�ÿ�� !�"�#�$�%�þ�&('�)�*�+�,�-�.��&�/�0��1��2�,�3�!�4��5�-�.7698�:�;�<��-�.�,�=�>�?�@�AB��C��76EDGFIHJ<��&K'Úð�ñ�ò�óL�M ,�N�O�@�P�Q�R�SUTWV�X��Y��Z6[�\^]B_�`�a ,��b�ý�� )�*�c a ,��>��<��d�e�f�g��;�)�*�ð�ñ�ò ó�,�ô õ76 [�h�i ��;>�j�k�l�mon��p�q�r�s��,��utwv�;��,�x��y i�z � [ ��S�{�|�� [ ��} ` S76 [ ��S�~��,��}��,�� `�� b�� [�� , \�]�hK� 6@�&�/�g��,��f \ S��,��/�N�0��S�� ¡�¢�£�*76E¤�¥�ý�*�,�¦��§ i ��õ�¨��>© õ�¨�ª��« [ ,�� [ ��¬��®�4��,�¯��ó��°��3�±��,�²�³�´�µ (README) ¶· S man page 6¹¸�º�»�¼��D��½��¾�¿�ÀKÁB;��,�� ïÂm��Ã�Ä�¶ · r�s�Å�Æ�Ç�È��þ��É ] ��Z6þ�®��Ê�Ë�,��Ì�S�ý��,��Í�Î�Ï�ÐÑ6

8.3.1. Ò Ò Ò^ÓÓÓ nmap Ô Ô Ô^Õ ÕÕ^ÖÖÖ^×× ×Nmap S�Ø�ÙK; Red Hat Enterprise Linux +�,��K�(c(�KÚ(ÛKÜK,��K�Ý�-ý:þ��K �&Þ'J�K��(��,�#$Â6 Nmap ß�¡(�(� ]Jà �á�(�Kf \ S(�� (�(�(�(��âKN(ã�äK��(,��(�å6æf(Ø�ÙçT�c��(èK, manpage þ�é�ê�Á�; � ,�ë�ì�í��î�,�ï�ð��ñ69k�l�ò�ó�ô�ý�þ�D��^+õ�� nmap �&�'�-�.�k�l�þ�öD�<��k�l�+õ�(�B÷�,�ø�ù�úZ6nmap û�þ�ü�ý�ð�ñ�ò�ó�ô�õ�, î ��P�Q��ª�ý�þ�&�'��þ�5�,�� [ -�.��r�s�ý�þ��ë�ì��ÿ

nmap �¨�%�&K'B��5 h�i -�.��)�*�,�>�j�k�lZ6 Nmap S��,�v��Â��þ�� §��ð�ñ�� í�� ,��Ñ6

8.3.1.1. � � �� Nmap��D shell é�� ®�� nmap ��)�* nmap ��1��J¾�@��.��,�-�.��¶ IP ��Ñ6

nmap foo.example.com

��,�� t�� !�¾��#"Z��$�;�X�-�.�,��$ z �� %�&^þ�®�,'�K')(Starting nmap V. 3.50 ( www.insecure.org/nmap/ )Interesting ports on localhost.localdomain (127.0.0.1):(The 1591 ports scanned but not shown below are in state: closed)Port State Service22/tcp open ssh25/tcp open smtp111/tcp open sunrpc443/tcp open https515/tcp open printer950/tcp open oftep-rpc6000/tcp open X11

Nmap run completed -- 1 IP address (1 host up) scanned in 71.825 seconds

Nmap ��*�+�í�,�-�� N�ã��,��x��ø�ù�ú�.�*�õ�¨��<��î0/�1�@�Á�2 ` ?�@�¶�3��^+B»� � ,�k�l�ò�ó�ô� ��S�� [�4�5 ,Ñ6¥�?(ÁB;�� Nmap ,�É ] ��6�7�®�8��,�9��:;(http://www.insecure.org/

68 < < < 8 = = = . > > >�???�@@@�AA A�BBB�CCC

8.3.2. NessusNessus D�E�F�?�G�H0I�>�?�J�K�L�M�NPO Nessus I�Q�R�S�T�U�V�U�W�X�Y�Z0[�\�]0I�^�_�`�a�bdcfeg M�Nihkjml'n�o0I�K�L�M�NPO Nessus p�q�r0s�I�t�=0u�v�wPOyx�z�{0I;O Nessus M�N�|0}�~��ihs��y��K�L�Z��'��I�@�A��h��U�� Nessus M�N��j g I��O��|�}� ��;O� �D�Y��¡�¢��£�¤�¥�¦�§�¨�~�£�¤�¥�¦�§©h

ªªª¬«««®

Red Hat Enterprise Linux ¯±°³²f´ Nessus µ®¶¬·®¸¬¹®º¬»¬¼f½¬¾À¿ÂÁ¬Ã®Ä³Å®Æ¬Ç¬ÈÉ¯ËÊ¬Ì³»®Í³Î®Ï¬½¬¾®ÅÐfÑfÒfÓfÔ ¾fÕfÖf×fØ®Ù®¼Ë½f¾fÚ®ÛfÜf¾Ý¿

j�Þ#ß�à�U�W Nessus I��máÉu�¦;O�â�ã�ä�å�æ�a�ç�I�è�é�a�êìëhttp://www.nessus.org/

8.3.3. NiktoNikto D0E0í0x#î#I CGI K0L#M0NïOñð0p#Y0Z0ò0ó CGI M#N0ô#I�>0?�@�AïOñ 0Y#Z0Z0E0F0õ#ö#I�é0N÷�ø ò�óPOyZ�W ÷ õ�ö0ù�ú�B�C�^�_ihûs��0Iýümþýÿ��POy��M�N�� I�� h j��I�a��G�� CGI M�N�ô;O Nikto ��D�W ÷ ò�ó��G��>�?�J�I��u�� h

ª ªª¬«««®

Red Hat Enterprise Linux ¯±°®²Ë´ Nikto µf¶®·f¸f¹fº®»®¼Ë½f¾Ý¿ Á®ÃfÄfÅfÆfÇ¬È³¯ Ê¬Ì®»fÍ®ÎfÏ®½f¾¬Å ÐfÑÒfÓfÔ ¾fÕ®Öf×fØfÙ®¼f½f¾fÚfÛfÜ®¾Ý¿

ß�à Nikto Iý�má�u�¦;O Y�Z�à�å�æ�a�ç! #"�$ìëhttp://www.cirt.net/code/nikto.shtml

8.3.4. VLAD the ScannerVLAD D&% Bindview, Inc. ')(#I RAZOR *�+),.-ý¡#I�E#í#@�A0K0L#M0NïOñY0Z#U0W#s ÷ ò#ó0>0?@0A;h�s��ò#ó SANS /�í)0��I0E�1#>�?&2�354 j SNMP 2�3�`)6)7�8)9:2�3#��;ìh=<)>ms0ðj Nessus ?��@��I��©O VLAD �D�A�V��B�C�D�E)h

ªªª¬«««®

Red Hat Enterprise Linux ¯±°¬²®´ VLAD µ®¶¬·®¸¬¹®º¬»¬¼f½¬¾À¿ÂÁ¬Ã®Ä¬Å®Æ®Ç¬È ¯ËÊ®Ì¬»®Í¬Î®Ï®½®¾¬Å ÐÑfÒfÓfÔ ¾®ÕfÖf×fØfÙ¬¼Ë½f¾fÚfÛ®Üf¾Ý¿

ß�à VLAD I��má�uý¦;O�Y�Z��å�æ RAZOR *�+�a�ê�Iýa�ç! #"�$ìëhttp://www.bindview.com/Support/Razor/Utilities/

F F F8 G G G . H H H�II I�JJJ�KKK�LLL�MMM 69

8.3.5. N N N.OOO.PP P.QQQ!RRR.SSS.TTT.UU UV)W�X)Y�Z\[^]�_�`�acbed�f:g�h�i)j!Z�k)lnm=o)p)q)j)X�r�s)t�uwvNovell

t�uxvWindows y)z_

Linux y�z�{�{ Z�k�l|m~}�� H�I��L�M Z��Z H�I�� ve��Z��/PBX t�u�¡�¢|m¤£�Z�¥�¦¨§ª©�p

war walking — «�¬� Y�®�¯��°�±�Z�²�³wbµ´�¶· r�s�t�u�Z H�I�J�K — ¸ � Y�i�´�¹��º�»�¼�½�Z��¾�¿�À ·ÂÁ Z�Ã�¦nbÅÄ�Æ ¸�Ç�È�É Y�Z�¡�¢�ÊË[Ì §ÎÍ�p�Ï��Z�Ð�ÑÒmÔÓ�Õ�_�Ö�× ��Ø�Ù _�� H�I�J�K�L�M Z�Ú��Û�ÜÝm

70 Þ Þ Þ 8 ß ß ß . à à à�ááá�âââ�ãã ã�äää�ååå

IV. æ æ æèçççêéé éêëëëêìì ìîíííèïïï

ð�ñ�ò�ó�ô�õ�ö�ð�ñ�÷�ø�ò�ù�ú�û�ü�ý�þ�ÿ�õ��û�� õ��û�� ! õ�"�#$%&�û�'()��*+,-��./1023�4567��$�%&98;:�û1<�= ��>? ,A@B��1��C�D�E9FG��H�I�J�K1��L��õ��1��û1M1NO� õ�P1Q�R1S1T�$L%�&�'1(�û1U1VA@

WW WYXX X[ZZZ]\\ \9 ^ ^ ^ . _ _ _�`` ` � � ��ûûû�óóó�ôô ô ........................................................................................................................... 7310 ^ ^ ^ . � � ��aaa7771�� .................................................................................................................................... 79

b9 c .d d dfee ehgggfiiikjj jhlllnmm m

op�q�rts;uvw�xq�yz{�|�}~��q��1��O��1�)��t��O��{��~�� ¡¢�t£1¤1¥�¦�§¨�©)�«ª¬��{��1®��¯°��¡¢1±��q1²�³A´Bµ]�v�¶1y�·�¸q1w1¹�º��1�1»¼�q1½�¾¿�À{�Á1Â1Ã�Ä�Å1v�qÆ´Ç;È q�w¹º�½¾ºyÉÊË±vËÌ~Í�Î��1��Ï�Ð�Á)��ÑÒ�ÑÓtÔÖÕ�×ØÙ1ÚÛ�³1~ÜÝ�Þ�Ïß�q�à¡)��á Ç �â�Êãä��åçæ;èé�º�q1êë´íì�î�ï�q�ð�Ìñ��òó�ôõö1÷ø�ùúû�ü�ýqÿþ��)��½��q�� q��{��½�¾��Ý�q�Ñ1Ó��A´B��O��uv��§¢��©�¼1{��y1¾��»�¼O�À{ð�� ô��{"!Ö�$#;Ë�%��q�&'A´)( ��*�1��$+Gä�Ä��,�§1��-�á È q1�*.��1� ´9.1. / / /100 0122213335444)666577 798881:::1222;333< Û1��*��1�� (IDS)

Ä < Û�²�=q**>�?��@O�«{�Ì�§�A*B1��Õ�C*D�E*F�*?1î�ï��µ�qL��ÑÓ�G�ëÍDSÌ§��H�IKJ�G��q�L��M�N�q�H Ç �PO�Q�R*S

IDSq�T�U þ��VÄvKW�X

%*Y�q�Ï*Z�Ú�[*\�Iq1��E�¦¿�P��1{�]�~* 1ôAÍDS�{yz <�^ ��{�|�}�_�`�ab�dc1Ì{��O� â1Ê��{�e*fÑ�Ó�q*G�b�dg�hÑÓ1��i��jlk;qý�m{��KA�B�Ï�Ð�q�w¹�ºÞ1Þëón�p�q�Y�r�s�tq��1��L�)�ÀðÌ

IDS�åçævu�w�x�Ky�zºq|{¨1ê�A´

9.1.1. IDS } } }l~~~��ÄIDS{��â�r��q��ÄÌ§�p�j��*S�u��q

IDS~�YÍÎ½¾º�L��q9£��O��á�Û

��IDS �� q��d� < u IDS

��q��º{��ºIDSq��åçævu�� {

��¡*¢� < Û�£*¤"kv¥ ´¢�¦��knowledge-based

¥OqIDS

��§�¨�Ï�Ð�©"ª�r�«�¬�q�`�a�L�¿�®�%�¯��G��)�À��`�a1��ä��°��±��©ñë´ ��µ��²�behavioral-based

¥ÆqIDS ³ ��´�µ�r��Ï�ZðÌ�G�O��¶�¶�*·��¸Jq�¹�L)�®ºLµ�áçæv»Äîï�`�aq�¼�½A´ ��

IDS ¾ Ä�¿�À�q��Ý)��Á�Á�¹ ��Â kvÃ�Ä�r��Å=)��Æ�Ç�r��È§�q��É�Ê�Ëë´®Ì� �qIDS Í ��Î��¡�¢��dÏ�Ð�Ñ�q��jb� w�¹�q|Æ�Ç�Ò��Ó1Á�©ñ�q�w�Ô�Õ�Õ)��» < £w�x�Q�KN�q��1��ë´®Ö�×�Ø�Ùtævu��1��ÚO��Y��{úÛvT*Ü��Y��Ý�q*L�ÞA´9½t¾"ß$àák¿�®TlJ$âtq

IDS ³ Ä�²"ã$�ä�host-based

¥ ��Ñ9Ó"�å�network-based

¥O´ ¦9ñæ�û"çè)��©ñ�Å�é��lêÖÍÎÁ��ëóH��²*ã¥�q�ë�uÑ�Ó��"kA�Àõ��_1~yzA´ � ñ ³ Äì�r��Ê�ËÕ�Ñ Ç < Û�¹�L)��í�î�ï~*Ì� ��Áë´ ÑÓ��q IDS

ä�·�²�ã��q�ð�ñ)�®ºLµ��=�¡-��*�"k �PÊ�Ë*Ñ�ò��y�z�q1��ó*ôO�«ä�Ä�õ|H1��q*R1Ý ´

9.2. ö ö ö1÷÷ ÷1øøø IDS< Ût²"ã$�çq IDS

A$B9å æ*ù"àt{9úæÛ��t�çÏúZ$c9Ìå� Ñ9Óæk1î9ï$?úûtÌ9q9�9µ"¥K?ç�K�ä�ýü�ÈúþØ�� ú¥ë´ ²úãK� qIDS

glÿ1å æ�uK�K�9q�ÆKÇKÒKÞ � h � �í� � ��K�� íÑ�Ó�� ¯��ÞÞú¥)�dO � í�� Ô;¢ú`KaúE Ç �� q < Û ª ^ ÏÐK©��lLû�´ UNIX�

Linuxq²Kãú�

IDS � �� syslog

¡�¢{��â�§��p�ô��q��ãß��pKNq�h � ��±K¥�A��Æ�Ç�[�¤�q*��AÝ�{

Red Hat Enterprise LinuxkÖú~

sysklogd£�¤)��½� � !;�ðÌ syslog �� ´Bá�£�¤��h��h � ß��ë´B²�ãµ��q

IDS��Ñ�ò�Æ�Ç�Ò�Þ�� ÑÓ��h � [�¤*Æ�Ç�� q�!�çK¥b��A�B�â�ô�� {�â#"%$;q��pºÞ&�p��*.'KJ�q�ß�O��O � í��â�ô�(*)~�â+"%$-,�j�qÆ�Ç*Ò�ÞO�À{�ì1��©¼LØ��A*BA´

74 . . . 9 / / / . 0 0 0�111�222�33344 4�555�666

789 4 IDS :;<=>?@ABCDEA�4F�G�HI�JLKNM�O�=P�?@A�B�4�F�G�QSRT<U�23V�WX�Y�Z 5�4�[�\�A�B]^K`_�a�<�b�c�d�e�A�B4�f�@�g�hiRkj�l�m 128 n�o�p�q�r4 md5sum s�l�m 160n�o�p�q�r4 sha1sum ]�t�u�v�b�c�w�>�x (checksum) y{z�| 7�8�9 4 IDS O�}�~��c�w�>�x��b�c�� AB��KN_a��C �� AB�4��x��AB�4�w>x�y��j[\�4�ABw>x��LK IDSO�}�<��s�� 8�� 2�3�V�W X y{�� Tripwire

Y�¡�¢ 4�£�¤¥K`O�¦�. 9.2.1 §L�%¨�©ªy

9.2.1. TripwireTripwire � Linux �*«�¬ �® 7�8 ¯�°�± 4 IDS K Tripwire 4�²�³�´n - Tripwire, Inc.

¯Linux 4�µ¶ ²·¹¸*º�»¼4�½�¾�¿ÀKÁ_�Â Ã GNU GPL Ä�Å¼4�Æ�Ç�È��ÉyËÊ ;�<�Ì http://www.tripwire.org/ ÍÎ

Tripwire y

Ï ÏÏÑÐÐÐÓÒÒÒ

Red Hat Enterprise Linux ÔÑÕÑÖØ× Tripwire ÙÛÚÓÜÓÝÑÞÓßÑà Tripwire áÓâÓã+äæåÓçÑèÑéÑÖØ×ÓêìëÓíïîØð-ñòÙóØôØõÓö âÓãØëØ÷ØøØùÓúØûØãØüØýÓþØÿ��ÓáÓâØã��Øãòä

9.2.2. � � �� IDS �� RPMRPM Package Manager (RPM) �� bc;< ¡¢ t��b�� 78�¯�°±�� IDS 4�£��LK RPM lm�� ; ¢ tP��<U�M��4��! �y��"=>�4��#�$�%�&?@�23�ABC�DEA�;�'�(�)�*4�2�3�V�W X t,+��-�m ¢ 4ªy<�.�4�/�´10�243�� ; ¢ t�=�> Red Hat Enterprise Linux 2�3�5�A�B H�I J�4 RPM �� K76�89

Red Hat Enterprise Linux 2�3�V�W�:�; <�Í Î�< $ ¡�¢ RPM 4�H�I�F�d�y

= ==�>>>?�@�ACB ñØá�D�EGF�HGI >GJGK Red Hat GPG L�M�NGO�Pìá RPM Q�M�R Ù ëÑ÷�Q�MGSÓãGT�U�VGW�XÑê�O�PìáY ð�Z�[�\Óþ�]Ø÷ Red Hat á Y ð�^�_ Ù ë�S ó�`�a ë�E Y ð `�b T�c Red Hat ädS óØó root eØí�f K ?�@ F�HT J�K Q�Mhg ÏØó W�XÓê�O�PÓá RPM i�j�k�lnm version oqp4rrpm --import /usr/share/doc/rpm- s version t /RPM-GPG-KEY

rpm -V package_name

-V ��}=P package_name ��4�AB�y�j�u�£,��v�m�3xw[�\�de�y�z�{D�E^K}|�~��5�� RPM F�G�Q��,��|¥K�v�m�[�\�A�B�(,)�*��y{j,u�£��3�w�� K��S.5....T c /bin/ps

|,��~��A�B��n��(�),*��y{Ê��^K`��@��1�-��A�BiR��j�¦ /etc/ ��n(,)�*��4��A�]�s��AB �N?��¡�¢��y¤£�.�/�´*O ¯ Ê�0�¥�¦�+��§�c � o Y�¨�© 4 ��ª R«5�¬��-4 S.5....T ]^K� �n®�¯ ¸Ñb�c�°�±�²�³�y• . — ��c�1�´��n�,µ��c�=�>�¶,·• ? — ��c�1�´�³�w¼¸Ñb�c�A�B,¸�r�(�¹�Í^K�-�;,'��A�B�Ç�º��4�»x¼• S — 1,´�³�w�b�c�A�B ��½ ¶ ¡�¢�¦�2�3,54�A�B�½,¾,¿�@,¾�s�½• 5 — 1,´�³�w�b�c�A�B4 md5 w�>�x�C½ ¶ ¡,¢4�½�¾�w�>�x��• M — 1,´�0�1��b�c�A�B4�Ç�º,��s�A�B�À 9 �,�

Á Á Á9 Â Â Â . Ã Ã Ã�ÄÄ Ä,ÅÅÅ�ÆÆÆ�ÇÇÇ�ÈÈÈ,ÉÉ É 75

• D — Ä,Ê�Ë�Ì�Í�Î,Ï�Ð�Ñ�Ò�Ç major/minor Ó�Ô�Õ,Ö�×• L — Ä,Ê�Ë�Ì�Í�Î,×�Ó�Ø�Ù�Ú�Û�Ü�Ý�Þ1ßnÍ�Î�Ñ,Ò,à�á• U — Ä,Ê�Ë�Ì�Í�Î,Ñ�Ò�Ç,â�ã,ä�ÚnÛ�å�Ü�æ• G — Ä,Ê�Ë�Ì�Í�Î,Ñ�Ò�Ç,ç�è,â�ã�ä�ÚnÛ,å�Üéæ• T — Ä,Ê�Ë�Ì�Ñ�Ò�Ç mtime ê�ë,ì�í

rpm -Va

-Va î�ï�ê1ë�ð�ãéÚ�ñ�Ï�Ç1ò1óhô¤õ�ö1÷1ø1ù1ú�Ç�ê1ë�Ä�Ê�û�ü�ý,þ�ÿ�Ç�ì1í�� -V îï ô�Õ��ú,Ç ��ý�� ô��!Þ�ú�ê�ë��Í�Î�Únñ,Ï�Ç,ò,ó��

rpm -Vf /bin/ls

-Vf î�ï�ê�ë�Í�Î�Úxñ�Ï�ò�ó�ûxÇ�Î��Ñ�Ò ô�� Í�Î�� !�ê�ë�Í�Î,÷�"�Ç,Ñ�Ò�# ô%$�&�'ã�(�Ç)�

rpm -K application-1.0.i386.rpm

-K î�ï�÷�(�*�ê�ë�Í�Î RPM ò�ó�Ñ�Ò�Ç md5 +�ë�,�- GPG .�Â/�0$�1�2�ê�35476�ñ�Ï�Ç,ò�ó�&8 Û:9 Red Hat ;�þ�ÿ��<�È GPG =�>�?�Í�Î GPG @�>�A�Ç�è�B�ð�.�Â�&�'�ã (�Ç)�DCFE�G�� .H Ç,ò�ó�6 I�J K�� L�M�Ç,ì�í N�OQPapplication-1.0.i386.rpm (SHA1) DSA sha1 md5 (GPG) NOT OK(MISSING KEYS: GPG#897da07a)

��ñ�Ï�E,Û�. H Ç,ò,ó�# ô�R�S�� T�U ô��xÞ�ú V5CFE,Û� Red Hat, Inc. Ç W�X ô%Y�ö�÷�Z�[,ã\�] Ç ^�_,Ô`�RPM &�Í�Î�a�Z�b�c�Ç�d�e ô��÷�ø�9Ff5g�h�ê�ë�Úxñ�Ï�ò�ó�- RPM ò�ó�Ñ�Ò�Ç�d�e�i�j $�Î�k�l`�b�m n�o��ù Red Hat Enterprise Linux ñ�Ï��p ô�q�r RPM s t�uwvyx (/var/lib/rpm/) ?�z�Z�{| Ç�}�~��L��5��`�0L��Ç��÷�ø�ø�$�Î z�Z�{ | Ç�s t�u�*�ê�ë�Ñ�Ò�-,ò�ó ô�Y�Õ�&��Å�Æ ��Ç�s t�u ô��!Þ \�] Ç ��(�ä�� f�ÚnÛ � �éæ�s t u ô�Y��1æGê�ë�Ù��)�

9.2.3. � � �:��:�� 5��5��:�� IDS� M�� 4æ¢¡�£�¤�¥�Ç�¦�§�¨�È�É�Ã�Ä�Å�Æ/�0© j�Ü:gnñ�Ï�-�ª�«��Ç�s N ô¬R 5®7$�¯�d�e�Ç�°± �

² ²²�³³³µ´´´¶¸·¸¹¸º¸»µ¼¸½¸¾µ¿yÀµÁ

Red Hat Enterprise Linux ÂÄÃÆÅ¸ÇµÈ ¾¸É¸Ê¸ËÍÌÏÎ¸Ð¸ÑµÒµ¿yÀ¸Á¸¶¸Ó�Ô¸Õ ÂÄÃ×Ö¸Ø¸ÙÚyÛ¸º¸¶¸Üµ¹¸º¸»¸¼¸ÝµÞ¸ßµàyÛ¸ºµá¸â¸ã¸ºwÌ

• SWATCH http://sourceforge.net/projects/swatch/ — Simple WATCHer (SWATCH) ��(59 syslogJ�K�Ç�ä�x�Ñ�Ò ô¬*�å�æ�Å�Æ�ç�è�é�ê�2��(�ä�ª�«�Ñ�Ò�Ç�ë�¤��/� SWATCH &�ì�ª�í�*�ä�x��(�ä ]�î ï�ð þ�ÿ�s N�?�ª�«,Ñ�Ò�û ô�ñ Y�ú�Ú�Û ì�ò ó�ô (�Þ,Í�Î�¦�§�¨,Ç IDS �

• LIDS http://www.lids.org/ — The Linux Intrusion Detection System (LIDS) &�Í,Î�õ�U�ö�÷ ^�_ ô��&�Í�Î�ç�è�d�e ô ú�÷�ø�(�ù |�ú�û �� (ACLs) * ú�û Ñ�Ò�Ç�ö�Ý ô}õ�ö�ü�ý��^�þ�-�Ñ�Ò ô4��& root ��(,ä��Õ�ÿ��)�

76 � � � 9 � � � . � � ��

9.3. �� IDS�� IDS !"#$%'&)( �� * IDS ��+,-./0 �21435 ��6789 ��:; (=<> :; ?�@ (=ABCD�EFG�H � :�;IJ�KLMN�O?�@ �QPRC�DSTVUXWYZ[ GH � :; ( JK�� IDS GA 89 \^]`_a4b � ��cde � ?�f�g (ihj��k J�K:;lmJKnopq 7 UXrs nopq 7t�u ��vw(=xy�z{ J�K|}�~��5 z � @��I�� Q��w(�A�� t�� J�� Z K��Q�� U14�� %�� ( �� IDS �� I¡¢ (=GA 89 £�¤ ¥ � ��¦ ��A�BGA��§¨© GHzª � IDSa 0« �p¬2® I¯ £ � o° U 14� TCP/IP ± M ��%« � P p (=�² ³��´ µ�¶'·¹¸89º $�» ��¼½ º $AB¾� �� <�>�� ¬¿ A À�Á 14� AÂÃ�Ä � ��¦ ��ÅÆÇ �Q« ��p�È�ÉwÊ

• Ë2Ì IP Í�Î• Ï�� c�d (DoS)

• arp Ð�Ñ�Ò�Ó• DNS Ô�Õ�Ö É• ×�Ø�$ c�d£�¤ ¥ �� IDS Ù ¶ �� ÚÛ +Ü � promiscuous Ý$Þ( Z xy'ß¹à ÚÛá Ñ ��â z�ª��k J�K�:�; (�ã�G�A�ä�å�s�Â�� ifconfig l�æ�ç +�Ü promiscuous Ý�$ Ê

ifconfig eth0 promisc

A�% L�èé ��#�$�ê ¦ ifconfig ë�ì eth0 íïî�/�A promiscuous (PROMISC) Ý�$�ê ¦ Ueth0 Link encap:Ethernet HWaddr 00:00:D0:0D:00:01

inet addr:192.168.1.50 Bcast:192.168.1.255 Mask:255.255.252.0UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1RX packets:6222015 errors:0 dropped:0 overruns:138 frame:0TX packets:5370458 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:100RX bytes:2505498554 (2389.4 Mb) TX bytes:1521375170 (1450.8 Mb)Interrupt:9 Base address:0xec80

lo Link encap:Local Loopbackinet addr:127.0.0.1 Mask:255.0.0.0UP LOOPBACK RUNNING MTU:16436 Metric:1RX packets:21621 errors:0 dropped:0 overruns:0 frame:0TX packets:21621 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0RX bytes:1070918 (1.0 Mb) TX bytes:1070918 (1.0 Mb)

��ð�ñ�s tcpdump (Red Hat Enterprise Linuxa`ò D )

¬�¿ (�ó��G�A�ô I�õ�ö £Q÷ � ��ø ÷�ù�ú ��Ê

tcpdump: listening on eth002:05:53.702142 pinky.example.com.ha-cluster > \heavenly.example.com.860: udp 92 (DF)02:05:53.702294 heavenly.example.com.860 > \pinky.example.com.ha-cluster: udp 32 (DF)02:05:53.702360 pinky.example.com.55828 > dns1.example.com.domain: \PTR? 192.35.168.192.in-addr.arpa. (45) (DF)02:05:53.702706 ns1.example.com.domain > pinky.example.com.55828: \6077 NXDomain* 0/1/0 (103) (DF)02:05:53.886395 shadowman.example.com.netbios-ns > \172.16.59.255.netbios-ns: NBT UDP PACKET(137): QUERY; BROADCAST02:05:54.103355 802.1d config c000.00:05:74:8c:a1:2b.8043 root \0001.00:d0:01:23:a5:2b pathcost 3004 age 1 max 20 hello 2 fdelay 15

û û û9 ü ü ü . ý ý ý�þþ þ�ÿÿÿ�� 77

02:05:54.636436 konsole.example.com.netbios-ns > 172.16.59.255.netbios-ns:\NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST02:05:56.323715 pinky.example.com.1013 > heavenly.example.com.860:\udp 56 (DF)02:05:56.323882 heavenly.example.com.860 > pinky.example.com.1013:\udp 28 (DF)

�� (pinky.example.com) ��! tcpdump "�#�$&%

9.3.1. Snort'�(

tcpdump )�*�+�,-��.�/�0�1��32 �4 ��5�6�7�8�9�:�;�� IDS �=<>7�2 �4�?�@� ��A�B�C�D��E% tcpdump F�GIHJ"�+��K�L ��M�N�O ��P�Q�) � 8�9�#�$�R�S!TVUW� 4�X�Y�Z�[ � ?�@�\ %8-9-]_^_� IDS `-F ?�@ �-�a� �_A-b-c-d_�-e �-� �_f � (-g-h_i 2 �-� 8_9-j-k-l_�-#-$-RTm%Snort )�8�n IDS �32�o�p�q�r��s�t�u�v�w�#�$ 5 e ��x�y Y 7�� z�o�{-��|�}�~��-��ÿ�� % Snort ��,�A�� libcap �>k��p�� tcpdump ��8�9��#�$�� g�� %�� 2-�-w-{-�-�a� Snort �-�_�-�-�_��)_2��-�_�-�-�� ü�¡ ÿ-�¢% Snort £-+-8-9-¤ID�¥-¦_��-K�§��¨�ª©�o�p�«-¬�¦-��K�L�z��T&�ªp��®�¯�x-°�x�y��¥�¦¢%±��,�Q�o�p�²�³�¦-��x�y��p´�µ �ü�� ¶ 2 �� Snort �ü��·�¸�¹�º»U½¼�z http://www.snort.org/lists.html

\ ��p��¾�"�+� Snort ��,�Q��o�p�¿�À&%=Á�n ?�Â ��Ã�Ä�Å�Æ!ÇÈ¤�É�� Snort ~�Ê�v�7ÌËÎÍ��¥�¦��w�{��Ï�Ð��xy�7�Ñ�Ò�� IDS %

Ó ÓÓÕÔÔÔ×ÖÖÖ

snort ØÚÙ×ÛÚÜÚÝ Red Hat Enterprise Linux ÞàßâáÚãÚäÚåÚæ×çÚèéßëêÚì×í×îÚÛÚÜ×Ý×ïÚðòñÎóòÞ�ßâô×õÚöò÷ÎøÚùïÚúÚûÚùÚü×ýÚþÚÿ��ÚøÚù��×ù��

� � z��, Snort ��¥��ÈK�L�� ¼�z http://www.snort.org/ ��x��&%

78 � � � 9 � � � . � � ��

!10 " .# # #%$$ $'&&&)(((

*�+�,.-�/�0�1�2�3�4�-�5�6�798;:�<�=�>�-�?�@.A�BDC.E�F.-HGJI�K�L�M�N�O.A�B�P�Q.- RTS�C�U�0V�W�-�X�YHG10.1. Z Z Z\[[ [\]]]\^^^`___Daaa?�@.A�B�C�b.cdReS�f�?�@.-�:�<�g�K�heij8lkem.n�o.-�U�0j8p*�q.r�:�<�s�tj8pb�c�u�v�:�<.w�x�y-�z�{j8p|�L~}��*��e��.-��j8;:�<�U�0�V�W�-��i��.-��HGJ��<�?�@.r�/�0�1��3�4j8p?�@.-�A�B��*�m�U�0�V�W��ei��.-��. �¡�¢�hT£.n�¤98p��¥�¦��§�C�F�¨�©�ª�U�n�«�-�¬��1HG® *�he¯�°�°�±�².³�-�´�6j8p².³�-�µ�¶�C��O�·�¸�>�¹�º�»�¼�½�¾�+�,¿GlÀ��P�Q�+�,��3�4�-�56j8pÁ�Â�°�Ã�:�7�Ä�¡.-�Å�4��¿GÇÆ�ÈÊÉ�ËÍÌ.-�+�,ÏÎÍÐ� dÑe¼�n�«.-�2��j8pÒ�Ä�¡�M�n�«�Å��9�<.Ó�n�«�2��ÕÔ×Ö�Ø�Ù.-�Ó�Ú�Û�Ü.Ý��Þ�ß�-�²�àT?�áj8;f�â�ã�ä��r�å�{�¼�Q�æ�ç�è�Ö�+�,��3�4-�é êÍë�ì�í�L�îdïÍð�ñ�1�- hÍi�|�ò�ó�²�³�ô�á�Ù�- õTÞöG÷.ø��-�/�0�1��3�4.-�s�tÕÔù�e��¼�ú��.-�Ý�Ì�û ïe².³�ü�ý��Íq�|�k�þ�È`8p:�ÿ�-�3�4��ò�ó�n�¤��3�4�|��£��j8p��f�Å��.n�«¿G��±�ü��¡��m�ô�á�Ù�Þ��.-�� j8ps��-�²³��j8p��².³�E��F��+�,��3�4.-�� *��¼��Ñ��.-��²�³�-��j8��q��¡�c�M�N��ø�?�@�A�B�-� �F�1��ë�:�<�!��ª�-�"�ìHG10.2. # # #%$$ $%&&&%'''\]]] ^ ^ ^`__ _~aaa%(((%)))Ëeª�O�*�+�:�<�?�@.A�B��,j8pí�L��<�²�³�-�-�.j80/��.ø�1�2�3��í�L�+��O�4�5�Á�C�É� �F-öG :�<768��-�?�@�A�B��,�Ä��3�4��9�:�-��8;/�â98;��ü�Ä��<�=�²�³��-�>�?�� GÖÏU�0ÏVÏW -A@ABÏ©DC 8Ç+�,ÏCDEÏ�Ï��3Ï4ÏíD�D �F Ô � r�*AFÏ¨Ï�HG��ÏÖÏ?DIDJ�� rÏ-A�Ï�Î�8J�AKd?�5MLANA�dP�Q�ÝPOQ dFÏ-.C�RASd MTM�dPdQ9GU��F �Ïr.�AVMWdÙdMYX�ZA[]\Ï-.+�, 8_^F MA`.¢d-d ÏÑ�¼dn.¤ 8badMdÓ.Äd� 3Mc Y �Md]eMf / 0�-.+d, f �d��Gg^.F]CMC

Security Focus�

h 8http://www.securityfocus.com/

8�÷ Ä.�ji.�jf éjfjkjlj� k�m.��]m�n�¼.+�,�o�pdø�q.-�ð�rj8s��s�J��t��u�v98;f2002 w root DNS x�y�z ��m�n�-�?�@ 1 GÈ{c�+�,�2�3�4.ø�E�|�1.-j}�+�°��C��F�ë�U�0�V�W�~��ïe:��<�=�Y��*.-�� j8

�A��¼��J�»�¡98��F�ë�V�W�:�Ú�¡�¢��L��O��©dhÍi��-�´�6öG?�@�A�B��,��Ä�� àÍr]�Í<��• �M� -��f�<��?�@�-�P�Q•?�@�-��

•��n�¤�- h��

•h��?�@��=�>�-�� :�<�?�@.-�A�B.E��C�Ëeª�L�I�K.A�B.-98¢¡��j��-�´�6�7�§��A£Íý�¤�¥�-�P�Q¿GJ��*�3��¦�§�´�6.-

¨�©��ª��hei.-� dÑ¿80«�Ä��~�¬�ïe:�<��å�K��¼�®�ª�1.-��¿G��A�Íg�K�O�hTi�ü�ý�Ä��.��.n¤��£��-�¯�°�¼�+�,��3�4��±�²�-��*�1�� öG:�<�?�@�A�B��,�M�ýA³ÍE�F�198�´�µ��•:�<d�T��¶�W�:�-�V�W Ô :�<�½�¾�·��A�B�Î�¸�Ý

1. http://www.gcn.com/21_32/web/20404-1.html

80 ¹ ¹ ¹ 10 º º º . » » »�¼¼¼�½½½�¾¾ ¾

• ¿�À�Á�Â�Ã�Ä�Å�Æ�Ç�Á�Â�È�É�Ê• Ë�Ì�Í]Î�Ï�Ð• Ñ�Ò�Ó�¾jÔ�Õ�È�Ï�Ö• ¿�À�×�Ø�È�Ù�Ú�Û�Â�È�Ø�Ü�Ý�Þ• ß�à�È�á�âäãæå�ç�È�è�é�ê�ëíì0î�ï�È�ð�ñ�Ç�ò�Ð�È�ó�Ì�ô

10.2.1. õ õ õDöööH÷÷÷AøøøHùù ùMúúúüûûû�ý ýý (CERT)þ]ÿ�� ½]¾�� (CERT) �]¿��ÍAÈ�� jÈ þjÿ ð]ñ��M»j¼�� "!#%$'&

CERT (�)�*�+já-,jÈ-.��-��¿�/�0�12�43�5��È-6�7-8�9�Â�:-;�<-:��2�>=�?-@�A-B�C�D�Õë ì¢×�E�<�F�G�H�@�I-J�K��L-M�»�N��-�-O�P�Q�È�»�Ì-R��À��»�Ì�S�T�È-U�V $ L-M�»�¼�W-X��¿�À�»�Y�Z�[�\jÈ�»�¼2�^]�_��×-��`�ba�Ù�c-djÈ CERT ��.��-e�f-g��h�i��j�k��lm?-@n-o ! # LpM�»pN�Èpq-j $CERT È-.��-A�r�ð�ñ�Ó�¾�s ì^t�u�Ó�¾�s ì^J�Kjá-v�w�x�� $ ð�ñ�Ó�¾�s�y�ò�ð�ñjá�âjÈ-z�{�Ç��| ��}~�bA�rjá-��ò�� ì^��E�k�/��à�ò��F-F $ tpu�Ó�¾-s��-�-t�u�Á-v��Ä ì^JpK�t�u-u��-�� >�-d-�-� $ �-�-�-��Æpw-x-<��íìb�-�-Gäã post-mortem ôp�p��Ý��`��ápv-wpx-�-�-��p�-�-}�È�� $�� X��×�ØjÈ~�bX�Â�� CERT ��"��\�=��@�d�å�çjÈ-.��~�4��D-P�Q��¡ �Ã-� � À��¢�£ � | È��~�b��\�@�¤�×��jÈ-¥�Ø�¦-§jÈp¨�©�ª n ÍAÎ È�� $¬«�-® �-D�¯-d�¿�À��-�-°�d�á-�w-x�Ç-±-+-<�È�²-³~�b´pµp��´�À��p¶p·��`�>±�À-P-QpOp¸p¹-�-º�5- -» $

10.2.2. ¼ ¼ ¼"½½½¿¾¾¾�ÀÀÀ"ÁÁ Ád�Â »�¼j½�¾�@�Ã�ÄjÈ �"Å ��@�Æ�� & Ã�Ç�Ý��È��È�2�^fpg�@�Ç�Ã�Ç�ÍMÎ�Èp.��-É�¿�Ê�Ã-Ç�Ë�Ì��mÍÎ�ÏmÐ�Ñ w�x�<jÈ-Z�[2�bD ÏmÒ ¿�À�P�Q-e�fpg�@�d n�oÔÓ¡Õ È-P�Q-w�x-<�Ö�É2�b×�Ã�ÇjÈpØ�Ù�Í-Ú2�Ò ¿�lmP�Q ��# ��d n�oÔÓÈÕ ½�¾�w�x�<�»�¼�È�Ý�Ã $ �Ý�ìÜÛ�Ý-É�Þ�ß�È-à-á�â��ã�9�ä � À�å�¼jÈæ�ç�è�é �bX�Â�ê o�ë�� ¸�ì�K2�¬í &-î Ø�»-G��-��È�Ý�Ãäãðï�ñ-ò�Í��ô-��ó ãðÉ�Ç�ª�ô-+jô�Ã-ÇjÈÌ��mÍ�õ�Ä $ Ã�Ç�Ë�Ì�� ×�J�ö�÷�:�;�ÍAÎ��pø�Âmù�ð�ñ�ú-ûjÈ�Ã-Ç�ü��-ý ìbþ�ÿ��È�À��ì��ÉË�Ì��È �� <~�4J-K-��Â��-<-j�Ì�È� �� ã D��Ç��Ø�ô�!��ó�Ì�Èp�-@p< $

10.3. � � �� ¿��Ý�\�¿�À�Ø�Ü�Ý�Þ2�bc�d��-e�f-g Ïm® Ù� �Üp �ß�!�]~�b�� ÜjÈ�ß�!�Ò�"2�>Z�["�ÈD�d�j-kjÈÝ��-i�#�$�%2�bO�¸�&�'��ú�û��(�)jÈ�! # ��l Ç�ð�ñ"��*��l $ ��+ � & k�»�¼jÈ�,�©��-D�-��@jÈ $ � � À�Z�[�.� �Ü� �/�Ä��10� ��mT~�32�4�d-��5��-��6�È�»�¼2�bcpd�7�h�ÂmÞjÈ-��e�f�g Ï�®-� ÀpZ-[�È�ß�!`��Ù�fpg-d�8�9�È î Ø�] $��D�5��! # È CERT ��:��-��;�¿�À�ð�ñ��-�2�0×-��¸-d�<-/�! # È�Ý�Ã $ � À-��×-J= Ä�@"��*�t�u�>�?2�'��*�i�@�A�ð�ñjÈ�>�?~�CB��-]~� � G�D�¤-�� O-ª��E�>�?`�bJ�F-ñ�×��È�GH�I�J �� $ �� ×�J�K�6 � À��-��s2�CL�Ù-�� npo È�Ø�Ü2�CM�ï-O n�o�N &�¥��¿�À�O Ñ ��P�ðñ --HoneyPot — N ® /�Z & B�d�Q�Rjá-��Èpd�¶�S�È�ð�ñ�É-t-u�T�" —

&VU @�w�x� ��`�CL�ÙX�@�A�#-E�!-��0�È�á�â $»M¼DÈA½]¾ ��# �XW�_ZY�¤A×��DÈ]á�v\[X] ��c î ØDÈ1^X_ ì't�uX>\? ìa`AÞ]Ç�bc�F�FDÈ1dX!�e# ��@fe��AÈ�¥AØAÅZg � O�E\!��Z0AÈ]áMâ�c\hDÈ��Xi�ÍXhkj�l��nm��\oXpMÈMó]Ì�É\^X_\q�d\r»2� CERT .��Ç�P�Q� ÍjÈ-�� o O��E�Í��-��ð�ñ"�¡D�-�s�t�u J Èp��á�â $ ð�ñ�Ó�¾��¯-@ îØ top É ps õ�5�v�×-�-z�´pÊ�^�_ # X # ��. î Ø~�>t-u�Ó�¾��p¯p@ î Ø snort É�Mpï tcpdump õ�5v�×��z�k�s &�w t�È-t�u�x�y $¬� Ê��.�� # �\jmª n m � À�z�{�X�|�}�È-ª n �-=�@ U�~�n-o Èð�ñ�Ù-�-�-�-�p -)Z��s�t�u J Èp�-� $

� � �10 � � � . � � �� 81

10.4. � � �� 1�� X� ��1��C�1�� ¡�¢�£�¤�¥�¦�§�¨�©�ª�«�¬1��1®¯�3°�±²1³µ´�¶\·1¸1¶1¹\�1ºZ»½¼n�1�\�\�1�1¾�¿\�1�1«1À1Á\Â1Ã �1�1Ä\Å1Æ\Ç�È1É\Ê1Ë1Ì Á1Â\Ã\Í�Î1Ï ÈÉ ¼Ð�Ñ�Ò�Ó�Ô�Õ�Ö�×�Ø1��Ù�ÚµÛ�©�ª1��Ù�Ú�Ü�Ý�Þ�ß��Cà�Ñ�á�â�ã��ä1å�æ�ç�«�À�è�é�ê1��¾�¿ë�3ì�íæ�ç1�ïîð��¸�ñXòóá�ôë�CÔ�õ1ö�÷�ø�¡�ù�ú�û�ü1��ý�þ1ÿ��¯¦C �� ¸��¯¦� ��X´��Þ�ß�Ù�Ú��3°�±��«��Þ�ß ¼Ò�Ó�� !

script "�#�$ Ü�Ý�Á�%�&�¹��Ù�Ú�'�( É ��)�á��*�+�� ¨�³�,�-�)��/.

script -q 0 file-name 121À

scriptÜ1Ý\Þ\��Þ1ß�34�5�6�7

file-name 8 ��2�§�9� 1Ü�Ý�Þ�ß�:�;\Á�â�ã�û�ü�'=<?>�Ô Ì;�@�Á�%�&�¹�Í�Ù�Ú��A�B�'�C—�D�E�B�D Ê�F B�D�G�« ¼HJI�Ü�Ý�)�á��K*�+¯�ML�¡�ù�ú��N�O��;�P��3À�L�Q�R�Â�Ã Ë�Ç�S +�¤�T�!�U ¼

10.4.1. V V VJWWWYXXXYZZZY[[ [J\\\^]]]J___ù�ú�û�ü1��ý�þ1ÿ�� Ì « É ��`�aë� S ( É ��b1��ä�c�+�d¯�Cì��`�a Ì�e Õ��½¼ ù�f�êù�ú�g��/. ��!�+�¾�¿�¸��¯�ih��¸ Ä ��j�;�@¯�3À S +�©�ª�ä�k�l�m��)�n��¤�T ¼ê�«�À� �!Red Hat Enterprise Linux

Ûfileutils o�� )�p�� dd "�#�$ ù�ú�%�q1��Ù�Ú1��rü1��s��ë�CÀ�Á�� Ç�S +�¤�T Ê ¸�«�Ö�×1Í�ÿ��Þ È�ÉJt�u ¼ Á�v�w�x�ê�y�Õ�ù�ú�ÿ��1��Ù�ÚµÛ á��1»ó��A�B¯� �z�A�B�{�|�}�ê�Ù�Ú�'��

slave ~�� 3Ñ�Î� �! � ¨�� dd "�# À�ù�ú�ì��ÿ��Þ/.

dd if=/dev/hdd bs=1k conv=noerror,sync of=/home/evidence/image1

ì\� "# Z¡\À 1K��J��\ù\ú�3��

image1�\Þ\ß¯¼

conv=noerror,sync �� 9dd "�# ÁYG� ��R1¶1¹Z�� Ç�� 5�°��b ¼ �1Á�ê�L1«�ÀJ�K��ì��Ó1�1ÿ��Þ¯� Ê�Ë�� }�� $ ��Ø��Þ�ß ¼

10.4.2. � � �YWWWY��Y��Y�� J��^ Y¡¡¡J¢¢¢£�ý�¤�¤�¸1¾�¿1��¥�¦��§ Ì � S�¨�© �¯�Cì�í�æ�ç��ª1¾�ø Ì ñ�k� �!�«�¬�í�¥��®�¯1��>�±�°�äØ��±�²1��³�! ¼ Ñ�> �� ¦ ¾�¿�¸J�� Ì � S�´ Õ1��¥�¦ ¼¶µ�é�· S ��¸�¹�¸�º�»ë� Red HatLinux

«�À Ì ( É ì�í�¼�½1Í�¾�¿1�� S Ô�¾1��¿YÀ½�ÂÁK��ö�Ã�á�ÄYÅ�æ�ç��Æ�«�À�( É &�¹ Å�ÆÎ�� ¸�� ¼Ç�È10-1

²�³X´ó��í�!�«�Þ�ß�N�O�¸�É � � "�# ��ö � ³Z´��í�Ê�,¯�C«�! $Ë�Ì ��Í�¹Z´ Þ�ß�À�Î�Þß1��Ï�²Ð<?, ��Ñ�Ò x�k�¸�;�5ÔÓÖÕ�C¯�CÀ� �9�ê�«�À�×�£�Ø È ��`1��¤�T Ê�Ë�Ì !�+1¾�¿�� îf¼ ìí�æ�çÐ< ¸1��Ù�Ú�Ù�Ú¯¦iÛ�Ü�Ý¯¦ ��Þ ��ß�à�À�Î�â�ã1��á�â�ã�ä�å�æ�C� �á�é�«�ç��Â�Ã Å�Æ�Ç �è Á�¶�·½¼

é ééëêêêíìììîðïÖñÖòÖóíôÖõíöø÷Öùëúøûýü éÖþíÿ�� ó��Öö

man page �

82 � � � 10 � � � . � ��

� � ��

� � ��

dd �� !��"�# $%�&�')(+*-,/.�0�1�2436587:9 ;�<=�>�? �� $ % ��! md5sums

7A@�BC � D�E�F�GIH�JLK�M�N�O�P�Q�!�� * �� $ % F�R�S�M�N�T�! @BU7 F�V4WYX�Z�[�\�]4^`_

dd if=/bin/ls of=ls.dd|md5sum ls.dd >ls-sum.txt

grep a�� *cb�dIeLf V�g�h !�i4j (lki 5�m�nU7A��o�p�q�r�s8tvu�w�x !y�z F�R��{�|�}�}~_��h��4�Y�� (+o

ls,ps*ifconfig

5 !�� C�� (pipe)�

� _

ps auxw |grep /bin

strings ��WYE��i�# !�iIjL��e�7A� ��E�h��F�VWY� �� 7A��o �� mail �� !�� *�� ¡�¢�£�!�¤ d��~_

strings /bin/ps |grep’mail’

file ¥�¦�§ w8tv¨�x8tA©�ª�« ! ¬ w�(+o�® g !�¯ 5 F�R��°�± (+² #� t³k i�}�} 5 ��´ s �� !�µ�| 7¶ ��E�h��´ s ��(+o

/bin/ls5 [�\I·L¸�S�¹�º��h»�¼ ¬ w��©�z�½87A��¾ ��¿�À4ÁÂ ��Ã�ÄÆÅÈÇ��I·L¸�S��É�Ê

!��h�Z ©�Ë�Ì !�� ©�Í�Î _

file /bin/ls

find Ï fcbÐd F�V4WYµ s !�� 7AÑ [��À�g�h !�Ò�Ó 7AÑ E�F�Ô�Õ�ÖY×i tvØ�Í !ÚÙ�Û��Ü�Ý tvp q�r�s }}��Ï fcb�d ! «�Þ _ @�B�C � D�EF��h Ñ ��µ scb�d�* �� !��ß | @�B ��~_

find -atime +12 -name *log*-perm u+rw

stat à�Ä�� m�nU7Aá�â�<�ã�Ø�Í !�ÜÝ tvp�q�r�s8t UID � GID "�# ! rs }�}�_ o�®�ä��å ��[�æ�Ü�S ØÍ8t �� tvç�è S�é ½U7A��ê�m�n ¡��g�h�_

stat /bin/netstat

md5sum ��h md5 ë�ì�í�î��ï�î 128 "�#! =�>�xU7Að E�F��h �� k i�� 7 F��WY� Ë�ñ |�ò�M�NT�E � S�ó ½�*�Í�Î ! © g�ô ä !��~_õô�öI÷Lø ä ��F��ù�ú ! =�>�x�m�û�U7Aü T�ý�þ�� o CD-ROM !�ÿ ��Í !�� _

md5sum /usr/bin/gdm>>md5sum.txt

Ã Ã Ã�§§§ 10-1. � � �� ÒÒÒ�ÓÓÓ

� � �10 � � � . � � �� 83

10.5. � � �� CERT !"#$%&'( ��)�*+,-.0/21436578�.��9��:�; ��<=>@?��9AB�C $ ��0/21�.�D�EF3HGJI��I��@K�L�M�N�O�P�QSRUT�V.W,�-�X�5�Y $ .Z3[ $ ��,-\/W1]� �� ! B�^_a`2b�PQ�.@,-O "cd�e Yf�gQ��ih [�jkl�mn )�*ol�m�n�p�q�r�s�t�u .�=v�)�wF3xyz{A| c =�v�Q�.�M}~�]�ih [�� .�~��R��M�N�. l�mn�� 9��.@,- "�#a�2�� :�L�.�=�v��]� '(�\�W� p | c 3�� $�� :��f (�� .)�*F3��.�,�- "# + tu ��.� ¡¢£�¤�P]�i¥ [ < =,-�:�;��i¦M�},-�§�¨� �¡�.�©�ª�¤S��«�¬�KL�®M}�,-.�¯°.�±�²�³µ´¶3,-\/W1�.�· d� p X¸¹º»�.��i��a¼2½�¾¿ÀS�iA � pÁÂ�Ã ½��DÄ�Å43�,�-Æ Ç�� p �1È �L�. "cde +�)�*?]�iÉ�©®EÊ,�-�.�Ë�ÌÍf�ÎÏ436OÐ]�9,-�Æ �Ç@� pÑ 1 &�Ò .�,-�Ó�²��9Ô�?�Õ�_��.@,�-�Ö0/2=�v�×�Ø0`�3

10.5.1. Ù Ù ÙaÚÚÚaÛÛÛaÜÜÜaÝÝ Ý\ÞÞÞÉ�©ßËÌ�.�YfÎÏ �à ¢��.�,- � pá�â�rs .�ã�ä de Ri?\å de O�ÐXæ�ç�. d�è 3YfÎÏ� �à ¢ rs )�*êéë¥ [ì ©®í r .�M}�îw�0/W1�ï�ð7ñ rs .�æç�. Ñò 3�¬�ó�ôÌ®,-\/W1�.�ÓõöXYfz � ,-�÷ø�.�0ùZ�iÔ¦�¥ [ L©�ª��M�N�.�,�- � p | c éú��.�D�E��X�û�ü��f.�)�*�ïS�i«�¬�,�-.0`ýb��ùJ_ ��þ�þ�ÿ�� 3

10.5.2. � � ��aÝÝÝaÞÞÞ��W©½\/W1,-�.�Ä��X Ñ� ��.�,-]�9É��½,-0/W1�.�Ä��X��.��i¦ ( B�^ $��ÿ �� É�43�� Ñ� ,-¦7XYfÎÏ��.��AX��Ë�Í ÿ�� â ,-0`W.�ãä de R�ÎÍ� �!�" pq�#�$ .)�*43�¥ [ | c ©®�% !�& .�' � � Ñ� ©ª�(�)�*.�,�-_X ��+,.- . � 3 þª¤

rootkitsé0/�1�2�ç�32��,�-\` c î�4�5 root 6 4�,�-�7�8�. d�e O�9 � ï�Riã�ä�,�-�:�; p�q shell×ØðX�<�=�>�?æç��¨ p�@�A�B�C .�,-�D�'43 ¥ [�E 4,- Ñ� .�Ä��iA�� | c í r .�F�G

d�e éúh [ îIH ©�® �KJ��(�L��M 4�.�N��PO2ïZ3

10.6. � � �RQQQTSSSTUUU�a�a�\ =�V .0�a?a©aª ¤0X�/�W �a� .X�Y�Z�[ � ¢aÍ a!\"a# � �a�\< = �\±R\�]aE�^�_ �pa` ¹ ÿ /PW ¾ ¿aba¹ ÿ O�cad�e�f .0LIg�h�i � OaÐ\X Ì � .\� �aÓ\²µ: å� �j � [ CommonVulnerabilities and Exposures (CVE)

.�jk é0i��http://cve.mitre.org

ïZ3l4�m��A�n�o�Ê��p c .��q�rs�t�u]�i��_�v� $ ©® � ? �� .¤�w]� � |7�X,-�)�*�¤�w�.�©®�x � ��y]�i©�® �?�.¤�w � p�z�{ A�n�|}�/�1X [s ÿ�~�� pq A�.�,�-�.��X [�s�� p�� îÕ��(�)�*�.��vF3

84 � � � 10 � � � . � � ��

V. � � ��

�� ¡�¢�£�¤�¥�¦��§�¨�©�ª«�¬��£�®�¯�°�±³²��´�µ�¶�·�¸��¹�®��£�º�»�¼�½�¾�¿�£�À�Á�Â�ÃÅÄÆ¤�¥�Ç�È�É�Ê�¼�Ë��¬�Ì��Í�Î�¤�¥�Ï� �¡�£�Ð�ÑÒ²

ÓÓ ÓÕÔÔ Ô×ÖÖÖÙØØ ØA. Ú Ú Ú�ÛÛÛ�ÜÜ Ü�ÝÝÝ�ÞÞÞ £ £ £�ßßß�àà à .......................................................................................................................... 87B.® ® ®�¯¯ ¯�£££�ááá�âââ�ããã�ää ä�ååå Ü Ü Ü�æææ�ççç ................................................................................................................ 91

C.® ® ®�¯¯¯�££ £�ÀÀÀ�ÁÁÁ�ÂÂÂ

.................................................................................................................................. 93

è éA.

ê ê êìëë ëîíííìïïïìðð ðòñññôóó óîõõõ

ö�÷�ø�ùPú�û�ü�ý�þ ÿ��û�� ÿ�� ÿ�� !��"�#�$�%'&)(+*�,

Red Hat Enterprise Linux"�#�$��-�.��/�0213��4�5�6�7�8�9��

Red HatEnterprise Linux

�:":# ;:<Åÿ>=@?BABCB5BD:EBFBGB�B:HBFB"B#Åÿ>I@JBK�L�MON P:Q �:R�ST(>UBVÅÿWNX Y � Z E F G � H F " #�4�L\[ ] ÿ_^ `B7 8 a:b " #Bc %d(>egf\�:h ]Bi j ÿW7 8 ��ý k GB l�B�:m n:"B#B%B&�fo(>lBp:q �:XBrB�B4:�Bs:C:tB`:uBv:h:]w(

• xBy ý:k)zB{:j �:R�S}|:KB~B�B�B��ûB�B�BF ��þB�Åÿ��:� �:� �B��FB�B0 �:�B� xBy ýBk:� �:Z� � � � $��ù � ÿ_u i j�M3�:� /B��Æý kB� �B� �B��B�B� �: ��_¡ �B¢��B�B��þ �:Z �B£ ¤ 1� �B� ¥d(¦U V ÿ_u v �� BF �B�B� §:¨�©:ª « ¬M®E F ¯B°��_±BU ²B³BZ � � ¥B´ µ:¶ �B· � ��B¸w(

•�l�$�¹�� º�»�¼��q��û�½ ¾��¿ À ÿ��lPö�Á�Â�� Ã)(Ä�� º�»�¼�Å�Z�Æ��Ç�È ��ÉÊZ

CAT-5/RJ-45��ü ÿ��l��ü�ú��Ë Ì�ú�Í ÿ�Î�Ï�� ÿ

10-base-2 Ð�Ñ�x�Ò ÿ�Ó�Ô�ÕPü��É802.11x

ÍBÖ × ÿ_Ø Ù uÚ1ÜÛd(¦Ý Þ ��B� V � ÿ_º » ¼ ß � 0 à á e â ã ä G � å æ Ö × ÿç 7 ��ü�ú ÿ�ËBÌ�ú ÿ_gè.ú ÿ�é ª'ê³ÿWZ � Õ�ü � � ] ë ëw(¦Þ:� ìBí��:� Bî ïÅÿ_Å:Z�÷Bº »B¼öB5B�:"B#B$�ð}ñBò ÿ�ó 4:ô:õB¡Böw(

÷gè}u v Á ø $��Bù � ÿ_� º »�úBÅ Z � û H�þ :� Á üBý þ��:Ý ÿd(>, ¹B! Å Z Ð ò�� B�B��BG:"B#B$ �:ù:�BqB�� x:y ýBk �:Î�� — �� Bü:0�B�:ÁBü:H�þw(

A.1. � � �� Bé�� ¹Bå æ ÿ_��4B� î ïd(�� ¿:À��rB]��Z �� ! ã F q�" ÿ_åBæ�#¹ � � � H��BG�$�%��Bá�& �d(�'�� B©B� �ù ��:� � ÿ�� :H�þB � §�( û*),+�- (/.�0åBæ�1�2Be�3B]:GB"B#�ð}ñ ÿ�uB¹BºB»:¼�öB��:�B:îBïBò ÿ��B0�sBC�4�ù ��ð@ñ (

A.1.1. 5 5 5*66 6�777*8887�9�: x�;Bx �:�B��<�=�> (IEEE)

zB��? � ÿWÁBüB�B�B�: �:HBFB�üB{�2�@A0�B�C:��åBæ (

A.1.1.1.Î Î ÎBÏÏ Ï:åååBæææ

Î�Ï'å'æ'�D.�ü'r']D1�2D'��ü�©DE ÿ¦��FHG'Ù�Á'ü�Î'Ï��' ÿ�.�ü'r�]�1�Å'Z �'� e'â�r']JI7DK�L'¹DM'lDN*ODP��r�]'Ë�Ì�¿HQ ÿ�#�¹HR�~�u�Î�ÏDS�ï�N�e�â'��r']HTDU (

Token Ring, FDDIGSONET

�:�1BZBu�0: B�BBl ÉFDDI V ÆB�MXWBÎBÖB× ÍZY_UBVÅÿ_Ç:È:�B�[�L:�Bu�0B�B:åBæÅÿzBZ�\ M^]B��_�2BÎBÏBÖB× ÿ��B¹�`�2B�:�Br:]B�:�:ï É ç:7 ��=:Í:Z�E ÿ�ÎBÏ:�:B��L�a�b (

A.1.1.2.M M M�üüü�cccAddd�eeeBåååBææ æ

M�üHc�d�e å æ {�2 l�f Á ühg�i��B/ 0�M�ü Ò ü É /�j Í �BrB]d(�M�üHcAd�e å:æ � 0B��k � � Òü�l�& Z � � �ü � ¥ ÿ_Æ ûhm Ù�4B� J�n �Bå æ (¦U VÅÿoM�ühc�d�e �Dprq�ö ,:/�j��:Å � $Åÿ_uÆ û�s /�jht�u 0��ü � [�v ¯ °��w�x�òÅÿ��y Ù�z:Á rB]��B¯B° Ï�xw(�M�üHc�d�e å æB�hBB´BÆ �öB]B©:] �:�B�:�BB�B�'fÒÿ�ÆB� Ð}Ñ:xBÒ � Ò üBá�&BZ � öhcAdAe ��A{BÆB� 50-93 |�} ��g�i�ú (

88 ~ ~ ~�� A. � � ��

A.1.1.3. � � �� h�h�h�H�h�h��H��h�h�H�h�h�h�h��h��H h¡h¢h£h¤H�h¥§¦¨�h©DªA«H¬hH�*��H�h®h ¯�°�±�²�³�´hµ�¶�·�¸ ¦��¹��h��º��»�¼½�o¾�¿*�r��ÀhÁÂ�oÃ�Ä�Å��Æ�¥�Ç�È�ÉZ¦�Ê�Ë�Ìª��¹��,Í�«�Î�Ï��Ð�ÑÂ�ÓÒ�Ô�Õ�®� �Ö�×�Ø�ÙHÚrÛ�Ü�Ý�Þ�ß�à��A��áAâDÌ�ãä¦

A.1.2. å å å*ææ æ*ççç�èèè*éééê

A.1.1.3 ��ë�ªAì�í�î °�± � µ�¶ �ï�¹��ð¦/ñ�ò�ó�Ü�¹�� ·�¸�ô�õ�ö�÷�ø�ù�ú �/û�ü�ýAþ�ÿ�� ù ñ��DÌ�ã ¦�� ë�ª�ì��ï�¹��Dû ¦» °�±�· ��*�ð�oÛ�Ü��ÚA� ´�� o»�� Ø��Â�oÆ�� !�"ð¦/»�"�#�Õ�$Ô�� ´�� Â�% ��Æ�"��û�&h��'�(ð¦�» °�±�· ��*� �% �� ´�� )Hû�*�Ø� ��¹�+�Ï¢�$AÔð¦» ÷høHµh¶ H��h��Z� ´�� áH °h± ��+HÏ�,��.- ¯0/Aµ�¶ 1$�Ô§¦ µ�¶ hÆh»�2��H��!3"�43�5 �76�8�9�!��A��¬ð¦ ��®� �:�; °�±�< �� ´��= �7:�;��A��>�? ¦÷�øhµ�¶ h��Ë�®� �@�A ´�� B�á�C�� ÷�ø Õ�D�Eð¦�» °�±�· ��*� � / ¼��®� �DE�� ´�� /Ìr¡�F�ñ ÷�ø Õ�G�H�I��A��J�K�ª promiscuous LNM�O ²�P�Q�R Ï�S �ÓÃ�Ä��JT Æ�!�"� �� ´�� oá�Ò��X��Øhª�ÜZ¦U!��¢ ÷�ø Õ T ®� ø ��V�W�X�Ï�¢�Y�Z\[ ³�] [��^�_ ´� �.`�a ´��b ��'�( ¯�c�d [��e�'�(f[ ²�¯ �� ¦Ug�h c ��V�i�X�Ï�®� �ë��j�'�k�l�m�n�op �7q <�r ��Û�Ü�Ø�+sLNt�¾�u�v��w�x�y�#�z�{�S}|ð¦µ�¶ ÏH�h�h� ù ñh�3~h�h� µ�¶ ��%E3��h��!� ��h��H��«�¬HZ¦ µ�¶ �Æhë� ��h��D� MAC �� h»0�}~H��'�(3��ð�.+��9�!��!�ï��H��§¦U��½� ��3� L Cisco Systems Sf[��k�� L D-Link Sf[ SMC [ �� Netgear �� 3��r¹��þ3��h� µ�¶ ½� �� 10/100-Base-T �� [ Gigabit H�I�� \[o �� IPv6 ��ð¦

A.1.3. ¡ ¡ ¡�¢¢ ¢¤£££�¥¥¥¦3§1�

(mobility) »1¨3© ø1ª 5 �¬«�3mDªH�1®3¯3° ¦¬±341²HÉHÕ³[�´1µD��²1X1¶·[/ 3�1¸1¹3ºHÒH�ù ñ�®¤»DÏ*�3�¤¼¤+3½ �tH¾1¾1¿ · w¤À·[��1e = �3ÁDÔ (PDAs) [¨ 3�D¥H¬��H�1� �/ 3l3E��H�¤'Â ¦ IEEE «Ã�ª 802.11 ¥�¬��Ä�Å �ÆK�8Ç�ÉÈ�Ê�Ë�_Â�ÆÌ�Í�¥�¬�'�(�¤�k��©�Î�Ï�Ðð¦Ñ�Ò�3«Ã�¤�Y� IEEE Ï3ÐJ� �3�1Ó3Ô � 802.11g � 3� ô3Õ � 802.11a � 802.11b ¦ 802.11g ®ÇÖ�×3�3�D¼ 802.11b ØÊ�� 802.11a ��á�� ¦802.11b � 802.11g Ä�Å�Ù�Ú��hª�Ò�Ô�»�Û��Ü�Î�� 2.4GHz ��¥�¬�w (RF) Ý�Þ*�ßL 802.11a

÷�ø5GHz

�3Ý¤Þ�SD�D¥D¬�¤¤kD�¤l1E¤à¤áÂ¦ �1j¤Ä¤Å�«� / IEEE ¤¤Y�ª1Ï1Ð �U-1âã«��¤��ä1��å�æ1çè802.11x ��ér��ê�ëð¦ì�í�Õ�Ë¤«î1åïæ�ª�� SOHO ��ð�ñ��¹�Ï�Ð��éð�Æò�ó ¯ »�¥�¬��l�E� (WAPs) ô�«��ß�àð¦õ��¥�¬��A��ê�ë�ö�÷�Õ (WISPs) ª}ø�ù��ú�û�ü�»�µ�� ÷�ø ÕÂ�Æö÷�� ý�Ý��Ú��l�E� ÷ �� ®� �±�4�Ø�$�Ô��þ��ÿ��ä¦802.11x ��Ä�Å��ï��¥�¬��J�� 5 ÷�ø 9�!�â��¬Â� ��¹�©�ª ad hoc �� / ��³ _ õ�ø ¼�ï�� h��¬��½�oá�Y��D�rË�� ½�/Ì�¡��A��á õ�ø ¼��ïÍh�¥�¬��¬ð¦��¼�� Ð�Ñ ¢Ç� � ô�õ ö �0�Ç¼0+Ç½ ¯ »��Ð�Ñ0� �� ²Ç=�� ¥�¬ ��ÇlÇE�L WAP S �! �"��¤�*¥*¬*�*��#¤Y WAP ��0H1I��¦ WAP $�%*��&('�)*¾�*1!* �¨ëD¥*¬��+��!�»��,ð¦

A.1.3.1. 802.11x � � �� -�. ¥�¬��¬�»��/�� ¯ ®� �0�1h�Â�%-�â�g�®� �2�Í�� ¯ ��3�,�4��¬��¬h��5�î�g��âÂ�Óá�Y�6 . ��j�Ä�Å��7�á�8�9�� :��Ø��óð¦ ��j�7�áH� Ó ^Añ��»�¼��}� �� Ù�Éð¦»ãm � Øã�;� 802.11x � � × � � ��<;4 Ò Ô>= � Æ�? ¿ KãÍ Ó�@;A � � ��B @�C�D ¦ / ¼ �� 802.11x � � � ¬ � ÷ ø ¸ Ý�E�� RF k { � Ì ¡�F�� NIC [ ¥ ¬ � ��G>H ²�I

J J J+KKKA. L L L�MM M+NNN�OOO�PPP�QQQ+RR R+SSS 89

TVUNetStumbler W Wellenreiter X�Y�Z�[�\�Q�O�P�]�^�_�` TaU

dsniff N snort X�Q�b�c�d�e�f�gh Y�i�j�k�l�m�n�o�p�qrQ�s�tvu!w(xzy�{�|�}�~��w��O�P�� 802.11b ��d�e WiredEquivalency Privacy (WEP) ��|+��[�}�Y RC4 w��Q 64 W 128 ��+��[��+��W AP N��+�� ¡¢u£|��¤+¥�¦��o�p��+��§�¨�©�ª�«�¬��l+®+��¯�°�Q�±�²³u´§+µ+¶�·�¸�¹�º��»�¼�x½|��¾�¿�� h�À ��Á�Â(xÃ�ÄW��Å�w�O�P�Æ À�Ç�È TVÉ�Ê ��Ë�Ì�Í�Q�Î�Ï�Ð�X��µ�ÑÒ Ç+Ó e��+��¾+¿¢u´Ô Ç ¸+Õ�Ö�×��+��O+P�qÙØ+e WEP � h Y�Ú�Ú+l�Û�Ü�s+t�Ý�m+n�Q+Þ�ß³uRed Hat Enterprise Linux àâáâã>ä�åâæ�Q 802.11x ç�èé��OOOâPPPâ¸¸¸â¹¹ ¹â___â```êq�ëâ�âìâ�â�â�âOâPâíN WEP î�ï+¾�¿�Q+_�`³u U�ð�ñ�ò d�e�OOO�PPP�¸¸ ¸+¹¹¹�___�```�Q+ó�ä�s+ô��õ+ö�÷ Red Hat Enterprise Linux ¶·�¸+¹�ø�ù¢u§�µú�üû�ï�ý�þ WEP ÿ Ç�� Y�R�S��O�P�� ò�� d�e�f�Q��vu ��_�`�� rì��°��®�R�S��O�P�Q RC4 WEP �� ú�üÿ�� U AirSnort N WEP Crack g��|�}��Q�_�` u��R�S��O�P�� ò |��ú�ü¶�·�¸�¹�f�� ¥�O�P�!��"�# ò SSH W VPN $�î�ï�y�S�¾¿�Ðú�ü| h Y�� WEP ��%�&('��*)�+�ó�,�[�%�Q�R�Svu U�- [�°��/.rd�0�1�2�3��®(x WEP �*4�5��6�� T � U�7�8 168 ��Q DES(3DES) 9��(��W�:(;(<�=+Q(9(��>�X�Q Ç@? �*;(A(B�C�Ú(D�E� �F��® VPN W SSH ��¾�¿ u!d�e��O�P�E��ü¶�·�¸�¹�f�[��G�e�HJI�K��ª�Q��ô�� T �U

Telnet W FTP X �ML�>ON@PRQTS�QO�(�(6O��(U�N+b�c�s+t�¤TV�k�l�Ý(W(X��ZY¢u��O�P�[�\�]�¦ Ó e�Q�^�_�î�ï�N�`�a�b�c�w Wi-fi Protected Access (WPA) u!¶�·�¸�¹�f h Y�î�d`�a�e�f�gú�ü¸�¹�¦��d�e�f�h�n��O�P�Q��vu WPA d�e(xji�E��û�k�l�� - Temporal KeyIntegrity Protocol (TKIP) �nm�eJo�p�Q��N�eJq�r��O�P�í�Q�s�M��Jté�´��'�[JuOvJw�xTyJz -initialization vector (IV) �üw��±�²��vu{P ò ��±�²�¦+d�e�Q IV z�g Ç@? ��¦�Y h Y�|(}�Ú(~�o�(�+Q+��O�PO�(��î�ïOl�ó(� WEP [(� u§�µ��Äd�e TKIP Q WPA ��i�E�Q�®��6��vu!��ó�î�ï��6�� T � U AES X�Q�®��6��(��@��q³��¥�°�� h�À ¤�Ú(�O��T�(��Q+��+O�P�î+ï³u�(� ó�ä 802.11 ��QT� ñ ô(��õ�öJ��Y�Ð+O(t��http://standards.ieee.org/getieee802/802.11.html

A.1.4. � � �� @�� DMZsU�� ¶�·�¸�¹�f ð ��î�d�[�(�@�Zf�� TVU O��F�( �¡O¢�� FTP N DNS X��*£(^(¤�¥+|�(f��N@¥R~O�P�¦�§J�r°�� Ç ¸��s�¨('�Q(¦�§�W��©�ª('�Q(¦(§�g��¢u!y�«O¬��F�(�QOe�f�g®�üY�Z(��e�(��gÀ ��Æ�Q�y�{�0�1��vu §�µ�� U�� ¸�¹�f�ÿ(¯�¥�¯O~�N@¥R~�oJ�¢�F£�Ö(�� Ç�° QT0�1�[�� h Y(±@��Q(²�³vu/4�5��´�Q�î�ï�� h +�¯�~�h�n�Q(f�� µ��[�¶(·�¸�d�qR¹�¦ T

DMZ X�q¢�|�©�ª�'�Q�O�P�¦�ºJ��»�O�¨�O�P�Q�h�n�¼J# ò |��Tf��¾½£Ô��,��J¿�Q@¥T~�O�P u U�- [°ú�À.�d�0�1�2�3��x DMZ qrQ�¾�gú�*;�Á�Â��h�n�y�«�¬�¨�6é�*Ã ò@Ä [��O�P�¦�º�QJ¥T~�OP¢uP ò IP ��t�QÆÅÈÇ�É�Ê��üÚ(~�o(��Ë�� (Ì Q IP ��t�Í�ì�e(f�g��*)(+��@��fO�vu/��®(��|@Î�Ï��Ä¸¹�f h Y��y�«(¬�'�ì��Ð�>��*Ñ�Ò��FÓ�Ô��FÕ�Ö��üW�×�Ø�b�c�±�²vu/m�e iptables Ù�Ú�W�d�e�L�My�«(¬�� h Y�ì��Û�Ü�Q�P�P�N�Ó�Ô�Ð�>¢u ¸�¹�f h Y�m�e�|��Ð�>��Ä¥�¯�°�Q�O�P(Ý��"�#�� É ��Þ¾�Q É ��f��N�!�Ñ�ß��Äµ@¥�~�d�e�f�à h Y�Ñ�á ?�â Q+s(ãvu |(6��à h Y�y+{ IP ä�å�QO��6(�vu�(� ó�ä iptables Ù(Ú�QO� ñ ô(��õ�ö��Ræ 7 ç¢u

A.2. è è èêéééìëëëîíí íêïïïêððð4�5 2000 ñ�ò�ó(ô�õ(ö�÷�¼ T

FBI X�N��ø�î�ï�ù�¤ TCSI � Computer Security Institute X�Q(ú�û�ü�ý

Ù@�v�*þ�ÿ 8 ��s�t�N�s(ã�Q(�� 70% °��Èu��@¥R~vu Å -�� @¥�~�î�ï�� ¯�~�î�ï�� [ â 8 �¢u��+¥�® ��¶�·+¸�¹�f�N�d+e�f h Y Ó e�Q+[+\� �� Y�R�S�¶�·�� ò ��¿�¥R~�QT�(�¢u[�\�°�×��üº�_�Q�_�¡�� Ç ¤��r��Q�� É�Ê ��£(��+ì��Q�y�«T¬@¥�~�Q¢u §�µ��h YOs�¡�[(�y�S � ��°�y�{J¥R~�W(s+M(�(�+� ��Q�_�¡O��sOã¢u

90 � � �� A. !!! """ ### $$ $ %%%&&& '''

(�) % *�+�,�".- /�0.1 2�3�4�/ BIOS 5�6� !�7 8�9�: ;�< =.> ?A@B*+�,�4 /�C D�E�F BIOS GIHJ KL 5ME N�OQP R 4 / CS T U V W< =A@ BIOSK L D E X Y Z4 / C [ \^]I_`5M4 Za [ \ b cd

S TU e T fg�% >hA@i�j�k�l Y�Z�4�/�C�m�n�o�p�2�3rqts.u v�w F�x�y ) 2�3 "�Y�Z z�W�{ |�g�}`5�~�� .% d �� z.�.��5�� BIOS

K.L ~.�^��\^� �.Z.1 �.p� �f�5�{^F�Y�Z.2�3.g�5��.��.>�h��9�@��.u� a��4�/�C�F�_� �g.¡ ¢�5�E�&�'�£�¤ _�¥�@�¦�§.%��.�'�{�|`5�¨ k ��¢ % ©�§ ª�«�5MD��¬ %�.g ) U.x.y ) 2.3.¢.®�5�N^O�¯.o.p�°�±^¡�g._^ .g^%�¢�5�².D.E^��£Q¤.³.¥.¯^o´@ ¬ D.E6 Kensington " Targus µ § ¶ ·�¸´5M¹ � º » !A@¼�½�¾ �!rqt¦.¿ j�À�Á�Â % ¼�½�¾ }�ÃIÄ�{ H�F�_Å.% _ Æ�g�5MÇ�º�È _�Æ�ÃIÄ��É��¢�%ËÊ�& '�@º »_ g ��uQÌ � D ¢�%Í��ÎÏ`5ÐE��ÑÒ ÓÔqÕU j P R�}Q%Ö ×Q"�ØÙÚ@Û�Ü Ì�D�E�Ý�/�Þ�_�ß : ½à 5Mº » ½ à á�â�ãåä�À % æ ç`5 24x7 % èé�ê ë�5ME ì�< =" ¼ ½ ¾ � �% í Ü è�é�@Bº�î��ï��#�,�UñðIò ½�à % � ��ó�"ô�n�ó`5��õ d�ö�÷ ø�í�- ß�ùÚ@ i.úû GIÒ )�ÛÜ 9ü`5MÞ _ ß: ½ à D ý þÿA@�� Í%ß : ½à Ã Ä�� Q% 1� � :`5Ð��d�� K�� @

� �B.

� � �� !!!�"" "

#$B-1 %'&(�) *+-,�./01234567�8 9:;-<�=>-?�@A�B�CDEF�GHI�JLKNMO�PQ?@�BCDEF-A�RJMSTU-,�.-A�VWYX[Z\*�+]^_�`a�5bc�d-e�Z�f g�Ph-A�HI3�ijk�l�m�n :�;ApoqArK

BBB�CCC�DDD�EEE�FF F U U Utsss u u u�vvvw A�x�y�z�A�{�| }�*�+�]�^�_�A�{�|�z�~ w�� X[x�1�2�� A�y�z�{�|��[P�Q��>?�)'��M��;��x�� K��Q Linux� A��1�2��yzA�]�^�/�{�|¡ £¢ Red Hat

Enterprise Linux ¤�¥ �� P�¦�{�|§K

¨ ?�@�S�:�; �� X©��;��¡ª£��¡ª VPN G�:�;u¬«��4¯® NAS °�z± K² ?�@�S�³�´�µ�WA¬¶�·�*�+�X©¸¹º 8'»��¼ � A�¶�·�*�+�X[� UNIXG Windows K*�+�]�^_�½¾¬¿�À�À�Á�Á�Â�»�Ã�Ä�½¸�Å�A�1�2�/�Æ�Ç�X[È�}�{�|�z~ w� �©P�É�Ê º ~¬Ë��P�E�F�A�Ì�Í�X�ÎÏ�Ð�Ñ ,�.�*�+�A�Ò�Óy�z�Ô�ÕA¬Ö�× f ~�ËØ�x�Ù�Ú�Û�Ü��2�Ý�X[B�C�D��½¾�Þ�ß�½�y�zA�B�C�Ö�×§K��à�PQ�Ö�×�á�â�ã�ä�X[å�æ�ç�è�¼ � M�:é:�; ��ê�ë X£ì�í�0�½�Ä�½�P�Q�Ö�×A1�2�/�X[å�î�Z�4�5�P�Ö�×�0ï�Õ�)'3A�<�=�X[Z�\�0�½A�ð�{<�ñ§K

>?�@�S�É�ò�:�;A¬g�2�ó�W�Z�\�yô z�õ�ö�A�B�C�D�÷��ø�ù§KCIPE ®ûú�ü�ý�þ 6 ÿ°�8�ß Ð�� A� õ�Ö�×�X��M��j�� ä�� K

��IP �� Ð 9 � ø��t8'9�:�;t%��A��ð��X��Þ�� 0�½�÷��A�E�F¡X"!B�ø�#tÓ'ó�W�x�$�%�ó�W�X[Z�&�5��:;<�=A�'�(�Å§K

��IP �� º�)�*,+.- A¡X�f ~��/0 j�H�I�/��1�2�y�Û TCP/IP

SYN-ACK A�3�4�5�6�Z�7��G oqA*�+A�8�ò�X[¥�9�½�³�´�c�:�;�î�Z1�2�3�<�=�>�Í n�?�@ ��OA�H�I§K5�A�S oqA�*�+�0 ?�@ A��¯® �� rsh ª telnet ª FTP ��°�� n1�2CB 3�=~�D�AFE.G�H�I�J�X"K?�Ln ¥�»�M�1�2�/�1�2�X"K?¬»�M�1�2�/a�2 ssh x SSL/TLS 0�1�2A PKI xN�m�O WA�P�{�G�H�I�J§K:�;�Q�R S��:�;�Q�R�T ��U JFV A�8�ò�3�W�XM�T � 1�2t% U J,V'0�Y�ZA�<�[rK P�c�¦�\A¬:�;�H�I�>�?�Ë��M�]�^_ A�Y�Z�K�ñ�<�õ�X � � Telnet ª FTPG HTTP Y�Z§K

��H�I�/�� ô Ä�½�`�:�%��A�'�(�Å¡X"a�î�Z ?�@ P�¦�H�I �K?�>�Í�Þ ô 1�2�D�b�W�H�I¯®dc�� IP ��x�e�f�W�H�I�°�3,�.�P�9��§K»�M��1�2�P�{�Ö�×�g�h¡ªji Ð {�|�*+¯® one-time passwords ° ª£x�P�{AG�H�V�W��y�¬V�k�X[3�y��{�|�l�Q5§KmL n�² »�M��M�Y�Z�9�ó�%rX[1�2��n��oA�P�{�V�W§K

92 p p p�qqq B. r r r�ss s�ttt�uuu�vvv�www�xx x�yyy�zzz�{{{�|||

u u u�vvv�www�xxx�yy y } } },~~~ p p p�� t��{�| {�|�� t��"��"{

|�� ¡�¢�£�¤�¥�¦�§�¨�©�ª« t�¬��®�¯°�"±��²�³�´��t�µ¶ £�¤�·�¸�� º¹

»�¼CGI ½�� HTTP ¾�¿�À�Á�Â�t �� "Ã�Ä�Å�Æ�¸�Ç�È�É�t�Ê�Ë�Ì�Í�ÎÏ�Ð�Ñ Ë�Ò (shell) t�Ó�§�©�{�|º¹ÕÔÖ�×HTTP

��Ø ��Ù ¼ "nobody" ½Ú�Û�Ü�Ö�Ý ��©�Ì�Í��"{�|��± Ø ��Þ�§�ß��®�àâá »�¼�ã ¿�ä��åæ�ç�è �é��ê Ý�ë�ì �� (denial ofservice) t�{�|��í°�éî�ï�£�¤�®�ð�Î��ñ�µ ¶�Ö�Ý ��ò�ó�ô�õº¹��ö�í,÷ùø�z�ú�û�ü�ý°�"þ�� ²�ÿ «�� Æ��t�x�yº¹ ��x�yá »�¼�� é{�|��ê Ý�� í�t Ñ Ë�� °�� ÝÊ�Ë°�� Ö�Ý�� t��°�� Ýö�í�© Ö�Ý t�� è ��ñ{�|��§�!�"�¡�t�£�¤�#�$�� Ü�% ¹£�¤�#�$�&�'�(�)��°� ��* � root +�,- Ì�Í �� /.10 � 0321� -5476�8 �u�v�w ��ç ©� �9�t�ö�í�:�;�z�ö�í�<=�>�? ¹

� Ý ö�í�t�u�v�w��

{�|��@��ß�A�¢�B�C�D�z�E��å��Ý ö�íâá ¼ C�F�G�H Ý�I É è t��J�K ��Ì�Í�ö�í�L°�NM��O�P�ö�í��Q � - t�� °� Ï�Ð�R�S ¡�¢�£�¤ ¹/T¼ ·�� t�E��å�ª « µ ¶ C�D�t�#�$Ü�% �VU��W�¡�¢��X�Y�Z�[�t�\] ¹

^ À�ß�A Ö�Ý ��¥�_ «�`�a t�b�c�de z�f�g -�h�i ��j�ú�£�¤�t�� °�^1k E��å�z�l��m�£�¤on1prq £�¤#�$�&�#�$�t�s ��t�u Å�Æ�·�¸�� °�"©��'�(�v�w�w�t Ö © « ¢�BF~xzy�¶�{ u�|�}�f�~ Ü t�� F÷1�}�fo.1��t�G�H�0 ¶�{ ��W�t�� ¹��ß�� i�� t��°� »�¼�ã ¿�CF�G�H Ý�I É�� 54 � ÷��Ì�Í�pH°�� k ��°�é�� Red Hat Network��µ ¶ t�£�¤�#�$ �� 4 � :�;�E��åt�� °�"��u�v�w��t�� ¹

ë�ì �� á DoSè

t�{�|ß�¢��ß��t�{�|��oq��}�f�~ Üt��Ç5�� t ád�� Ø s ��t Î��q t ��E��å è�- {�|�ß�¢��t��s ��t t�®�ð°�"��³�´ ?�y t Ö�Ý��ò�ó�Ó�§��®�ðº¹

ë�ì �� {�|âá DoSè t��ø��

2000 ¡°�"��o¢�£��¤�¥ ¹/¦�¢¸�§�¨�t�©�ª�z 8 c��å�« Jo^ À�¬ A�t ping ��®��¯�°�0�±�² �� ¹/³�´�µ�{��o¢ù¢�ª « ��¶�·t�C�Dâá¹¸�À»º zombie ¼�C�D è �"��½�¾�¿��t��À��oÁ1Â°�� kÃ�Ä µ ¶ s ��t ¹Å r - ð��Ã Ø�Æ X�t ád� Ø ��;½�¾��oÁ.t è �"©��Ä�Ç�ÈoÁ.{�|�t- ð�À� ¹#�$�� Ö�Ý iptables z�� IDSÉ ² á »�¼ snort Ê�Ë è t�Ê��Ë�ÌÍ á ingress filtering � IETF

rfc2267è ��Î�Ï�¥ i��Ð�Ñ í�t DoS

{�| ¹Ò Ò Ò�ÓÓÓB-1. r r r�sss�ttt�uuu�vv v�www�xxx�yyy

Ô ÕC.

Ö Ö ÖØ×× ×ÚÙÙÙÜÛÛÛØÝÝ ÝÚÞÞÞ

ß�àâá�ã�ä�å�àræRed Hat Enterprise Linux çâè�éâê�ë�ìîíðï�ñ�ò�ó�ô�ò�ó�ç�õ�ö á�÷âø�ù�ú�û�ü�ýþ ÿ��

/etc/services �� à�ã�� Internet Assigned Numbers Authority(IANA) ç�� á��rá (Well Known) í�� á (Registered)

�� !�" á(Dynamic)

üoý þ á�#�$�%& ÿ('*)*+ ß�à-,*.0/http://www.iana.org/assignments/port-numbers

1 113222544468789;:=<5>3?A@8B5CD?AE5F5G5H3I8J5K3L5M

TCPI

UDPM8N5687PORQ8S5T8U5>V?AW8XYO[Z8G3H

/J8K3\5]V^A@

L8MTCP _ UDP `

ã3äC-1à æ

IANA ç��a áb��oü3ý þdcWell Known Ports e ÿ ��f üoý þ��g Red Hat Enterprise

Linux hbi�ë�ì�ç�õ�ö á-j*k*l ÿnm*o FTP í SSH í �- Samba p �

ü ü ü�ýýý þ þ þ*qqq*rr r/ s s s*tttu u u

v v v*www x x x�yyy

1 tcpmux TCPü�ý þ á ë�ì�iVz*{

5 rje Remote Job Entry

7 echo Echo ë�ì9 discard ö*| ü-}*~*��á null ë�ì11 systat ö*| à3æ��ü*} ê ü�ý þ á ï�ñ*� " ë�ì13 daytime s*�P��ô�� -� æ �*��á��*�17 qotd s*�*�� û*� � ü-}�á-�*�18 msp

û*� s-�*�*� (Message Send Protocol)

19 chargen �*�*�-��ë�ì��ns*�*�*�*� á �*��-�-�20 ftp-data FTP �-� ü�ý þ21 ftp �**s*t-�*� (FTP)

ü�ý þ �� *�ë�ì-�*� (FSP) ç�õö22 ssh Secure Shell (SSH) ë�ì23 telnet Telnet ë�ì25 smtp Simple Mail Transfer Protocol (SMTP)

37 time Time �*�39 rlp �-�*�* -�*�42 nameserver

,�¡�,*¢ v*w ë�ì43 nicname WHOIS £7é�ë�ì

94 ¤ ¤ ¤-¥¥ ¥ C. ¦ ¦ ¦*§§§*¨¨¨-©© ©-ªªª*«««

© © ©*ªªª*«««*¬¬¬* / ® ® ®*¯¯¯° ° °± ± ±*²²² ³ ³ ³�´´´

49 tacacs µ*¶ TCP/IP ·-¸*¹-º*»*¼*½-¾�¨-¿*À*Á-½*¾*Â*Ã*Ä-½*¾-ÂÃ*Å*Æ

50 re-mail-ck Ç*À�¨�È*É*Ê*Ë*Ì-Í53 domain Î*Ï ±-²*Ð*ÑÓÒÕÔ

BIND Ö63 whois++ WHOIS++

ÒØ×-Ù ¨ WHOISÐ*Ñ Ö

67 bootps Bootstrap Ì-Í (BOOTP)Ð*Ñ0Ú(Û�ÜÞÝ*ß ¸-Á*à*á*Ì

Í (DHCP)Ð-Ñ*â*ã µ

68 bootpc Bootstrap (BOOTP) µ*ä-À�å Û�ÜVÝ*ß ¸*Á*à-á*ÌÍ (DHCP) µ*ä-À â*ã µ

69 tftp æ*ç*è*é-®*¯*ê*ë*Ì-Í (TFTP)

70 gopher Gopher Î�ì�Î*í�î-É*ï-ð*¼*ñ*¾71 netrjs-1 Ç*À�¨�ò*ó Ð*Ñ

72 netrjs-2 Ç*À�¨�ò*ó Ð*Ñ



79 finger µ*¶ ã µ*ô*õ*ö�÷�ë�¨ fingerÐ-Ñ

80 http µ*¶*ø*ù*÷-ë*Î (WWW)Ð*Ñ ¨-ú*î-û*®*¯*ê-ë*Ì*Í (HTTP)

88 kerberos Kerberos Î*í*º*»*Å-Æ95 supdup Telnet Ì*Í ×�Ù

101 hostname ü SRI-NIC Á-Ä*ý�¨ hostnameÐ*Ñ

102/tcp iso-tsap ISO þÞÿ�� (ISODE) ¨�Î*í��*µ��105 csnet-ns È*É�� ±*²�-Ð Ä�å Û�Ü CSO

±*²�*Ð Ä â*ã µ107 rtelnet Ç*À Telnet

109 pop2 È�*ê-ë*Ì*Í�� 110 pop3 È�*ê-ë*Ì*Í�� 111 sunrpc µ*¶-Ç*À��¨ Remote Procedure Call (RPC) ê*ë*Ì

Í Ú�Ü Î*í-è*é*Å*Æ (NFS)â-ã µ

113 auth Authentication ¼ Ident Ì*Í115 sftp �*ø�¨�è*é*®*¯*Ì-Í (SFTP)

Ð*Ñ

117 uucp-path UNIX � UNIX ��*ê*ë*Ì*Í (UUCP) í�� Ð*Ñ

119 nntp µ*¶ USENET ��*Å*Æ�¨-Î-í�� ®*¯-Ì*Í (NNTP)

123 ntp Î*í�� Ì*Í (NTP)

137 netbios-ns Red Hat Enterprise Linux ! Ú�Ü Sambaã µ�¨ NETBIOS±*²*Ð*Ñ

138 netbios-dgm ü Red Hat Enterprise Linux ! Ü Sambaã µ�¨ NETBIOS

÷�"�# Ð*Ñ

$ $ $�%%%C. & & &�'' '�(((�)))�***�+++ 95

) ) )�***�+++�,,,�-- - / . . .�///0 0 01 1 1�222 3 3 3�444

139 netbios-ssn 5 Red Hat Enterprise Linux 6�7 Samba 8�9�( NETBIOS:�;�<�=�>�?

143 imap @�A�@�B�C�D�E�F�G�H (IMAP)

161 snmp I�J�@�B�K�L�G�H (SNMP)

162 snmptrap SNMP ( Traps

163 cmip-man M�N�K�L�O�D�G�P (CMIP)

164 cmip-agent M�N�K�L�O�D�G�P (CMIP)

174 mailq MAILQ Q�R�S�T�.�/�U�V177 xdmcp X W�X�K�L�Y�Z�[�G�H (XDMCP)

178 nextstep NeXTStep \�]�^ >�_�`

179 bgp a�b�ced�G�H191 prospero Prospero f�g `�h�i�j�k�>�?

194 irc @�A�@�B�l�m�n (IRC)

199 smux SNMP UNIX o :�p

201 at-rtmp AppleTalk Bq7sr�t202 at-nbp AppleTalk

1�2�u�v

204 at-echo AppleTalk wex206 at-zis AppleTalk @�y�z�C209 qmtp {�|�S�T�.�/�G�H (QMTP)

210 z39.50 NISO Z39.50 z�}�~213 ipx @�B��e�� (IPX) ��5 Novell Netware ��q6�&�9�(�� z�}��C�G�H220 imap3 @�A�@�B�C�D�E�F�G�H��245 link LINK / 3-DNS iQuery >�?

347 fatserv FATMAN h�i�� K�L�^ >�p

363 rsvp_tunnel RSVP ��369 rpc2portmap Coda h�i�j�k portmapper

370 codaauth2 Coda h�i�j�k��>�?

372 ulistproc UNIX LISTSERV

389 ldap �� % E�F�G�H (LDAP)

427 svrloc >�?�� G�H (SLP)

434 mobileip-agent �� @�A�@�B�G�H�¡�L _�`

435 mobilip-mn �� @�A�@�B�G�H�K�L�Y443 https ¢�£�(�¤�¥�¦�.�/��C�G�H (HTTP)

444 snpp I�J�@�B�§�¨�G�H

96 © © ©�ªª ª C. « « «�¬¬¬��®® ®�¯¯¯�°°°

® ® ®�¯¯¯�°°°�±±±�²² ² / ³ ³ ³�´´´µ µ µ¶ ¶ ¶�··· ¸ ¸ ¸�¹¹¹

445 microsoft-ds º�» TCP/IP SMB

464 kpasswd Kerberos ¼�½�¾�¿�À�Á�Â�Ã�Ä468 photuris Photuris Å�Æ�Ç�È�¿�À�É�Ê�Ë�Ì487 saft Í�Î�ÏÑÐ�Ò�Ó�Ô�³�´ (SAFT) Ë�Ì488 gss-http Õ�Ö HTTP �×�Ø�Ù�Ú�Ã�Ä (GSS)

496 pim-rp-disc Õ�Ö Protocol Independent Multicast (PIM) Ã�Ä Rendezvous Point Discovery (RP-DISC)

500 isakmp Û�Ü�Û�Ý�Ù�Ú�Ë�Þ�¾�¿�À�É�Ê�Ë�Ì (ISAKMP)

535 iiop Û�Ü�Û�Ý ORB Á�Â�Ë�Ì (IIOP)

538 gdomap GNUstep Distributed Objects Mapper (GDOMAP)

546 dhcpv6-client ß�à�á�â�ã�ä�Ë�Ì (DHCP) å�æ�ç�è�Õ�é�ê547 dhcpv6-server ß�à�á�â�ã�ä�Ë�Ì (DHCP) å�æ�ç�è�Ã�Ä554 rtsp ëíì�î�ï�ð�ñ�ò�Ë�Ì (RTSP)

563 nntps º�» SSL ó�¼��Û�Ý�ô�õe³�´�Ë�Ì (NNTPS)

565 whoami whoami ö�Õ�÷ ID ø�ù587 submission ú�û�ü�ý�þ�Á�ÿ�Ê (MSA)

610 npmp-local Û�Ý��É�Ê�Ë�Ì (NPMP) è��ê / ��ø�� (DQS)

611 npmp-gui Û�Ý��É�Ê�Ë�Ì (NPMP) GUI / ��ø�� (DQS)

612 hmmp-ind �� É�Ê�Ë�Ì�� HMMP � HyperMedia ManagementProtocol �� / DQS

631 ipp Û�Ü�Û�Ý�ø��ü�Ë�Ì (IPP)

636 ldaps º�» SSL �� ª��Ë�Ì (LDAPS)

674 acap ��Õ�� à��Ë�Ì (ACAP)

694 ha-cluster Õ�Ö�!�ö�Õ�"�#�$�� Heartbeat Ã�Ä749 kerberos-adm Kerberos å�%�ç (v5) ’kadmin’ î�ï�&�É�Ê750 kerberos-iv Kerberos å('�ç (v4) �Ã�Ä765 webster Û�Ý�)�*767 phonebook Û�Ý�+�,�-873 rsync rsync Ó�Ô�³�´�Ã�Ä992 telnets º�» SSL Telnet (TelnetS)

993 imaps º�» SSL �Û�Ü�Û�Ý�ü�ý��Ë�Ì (IMAPS)

994 ircs º�» SSL �Û�Ü�Û�Ý�.0/�1 (IRCS)

995 pop3s º�» SSL �ú�2��ü�Ë�Ì�å�3�ç (POP3S)

ù ù ù�444 C-1. 5 5 5�666�®®®�¯¯¯�°°°ù�4 C-2 ø(7 UNIX 8�9��®�¯�°:�<;�=��Ã�Ä�>�?A@B+�C�ú�û�D�E�F�6�G�HI�KJ�×�L0MONQPR?�²SP� ¶

T T T�UUUC. V V V�WW W�XXX�YYY�ZZZ�[[[ 97

\^]`_�a[ b�c ] d a�e�f�g b�c0X�h \:i<j�g b�c0X�k�l�m�hOn

YYY�ZZZ�[[[�ooo�pp p / q q q�rrrs s s h h h \ \ \ t t t(uuu

512/tcp exec v�w�x�y�z�{�|�}0X�~��512/udp biff [comsat] ��0X��v0��y (biff) ��b�c (comsat)

513/tcp login x�y��0� (rlogin)

513/udp who [whod] whod ��v��0��b�c514/tcp shell [cmd]

f��U X�x�y shell (rshell) ��x�y�� (rcp)

514/udp syslog UNIX �� U b�c515 printer [spooler] }�� (lpr) ��z��517/udp talk Talk x�y0��b�c��v0��y518/udp ntalk �� talk (ntalk) x�y0��b�c��v��y519 utime [unixtime] UNIX time (utime) �� 520/tcp efs ¡�¢0X�£�¤�h \�¥ b�¦ (EFS)

520/udp router [route,routed]

�S§�¨�©�� (RIP)

521 ripng v�w��ª�� «�¬� (IPv6) X��S§�¨�©�� 525 timed

[timeserver]Time ��z�� (timed)

526/tcp tempo [newdate] Tempo

530/tcp courier [rpc] Courier Remote Procedure Call (RPC) �� 531/tcp conference [chat] �0ª��®�¯�°

532 netnews Netnews ±(²�³�´�b�c533/udp netwall v�w�µ�¶�·�¸0X netwall

540/tcp uucp [uucpd] Unix ¹ Unix X�£�¤��b�c543/tcp klogin Kerberos «�º� (v5) X�x�y��0�544/tcp kshell Kerberos «�º� (v5) X�x�y shell

548 afpovertcp »�¼ TCP X Appletalk ½�£�� (AFP)

556 remotefs[rfs_server, rfs]

Brunhoff X�x�y�£�¤�� (RFS)

� � ��¾¾¾ C-2. UNIX ¿ ¿ ¿� 0XXX�YYY�ZZZ�[[ [��¾ C-3 �(À0§R��Á�Â�Ã�³�Ä�Å�Æ�¹ IANA ÇÉÈ�Ê��0Ë��Ì�Í�X�Y�Z�[În

YYY�ZZZ�[[[�ooo�pp p / q q q�rrrs s s h h h \ \ \ t t t(uuu

1080 socks SOCKS ��Ï�v�z��Ð�Ñ�¦�b�c

98 Ò Ò Ò�ÓÓ Ó C. Ô Ô Ô�ÕÕÕ�ÖÖÖ�×× ×�ØØØ�ÙÙÙ

× × ×�ØØØ�ÙÙÙ�ÚÚÚ�ÛÛ Û / Ü Ü Ü�ÝÝÝÞ Þ Þß ß ß�ààà á á á(âââ

1236 bvcontrol[rmtcfg]

Garcilis Packeten ã�ä�å�æ�ç�è�é a

1300 h323hostcallsc H.323 telecommunication Host Call Secure

1433 ms-sql-s Microsoft SQL Server

1434 ms-sql-m Microsoft SQL Monitor

1494 ica Citrix ICA ê0ë�ä1512 wins Microsoft Windows ì�í�ì�î ß�à è�ï1524 ingreslock Ingres ð�ñ�ò�ó�ô�õ�ö (DBMS) ÷�æ�è�ï1525 prospero-np ø�ù�ú0Ö Prospero

1645 datametrics[old-radius]

Datametrics / old radius û�Ó0ü

1646 sa-msg-port[oldradacct]

sa-msg-port / old radacct û�Ó0ü

1649 kermit Kermit ý�þ�Ü�Ý�ÿ�ó�ô�è�ï1701 l2tp [l2f] �� Þ�� æ�� LT2P � Layer 2 Tunneling Protocol / �

� Þ�� Layer 2 Forwarding � L2F 1718 h323gatedisc H.323 �� Gatekeeper Discovery

1719 h323gatestat H.323 �� Gatekeeper Ö��1720 h323hostcall H.323 �� å�æ1758 tftp-mcast �� FTP ��Ü �

1759/udp mtftp ��Ü � Ö�� FTP (MTFTP)

1789 hello hello î�� é0Ö � � æ1812 radius Radius ��Ø� �!�ÿ�"�#�è�ï1813 radius-acct Radius Accounting

1911 mtp Starlight ì�î��$�%�Ü�Ý � æ (MTP)

1985 hsrp Cisco &�'�(�î�� é � æ1986 licensedaemon Cisco )�ê�*�ó�ô�õ�ö�+�,1997 gdp-port Cisco - � é�.�/ � æ (GDP)

2049 nfs [nfsd] ì�î�ý�þ�õ�ö (NFS)

2102 zephyr-srv Zephyr 021�,� �3�ç�è�é2103 zephyr-clt Zephyr ê�ë�ä2104 zephyr-hm Zephyr ��ó�ô�42401 cvspserver CVS ê0ë�ä / ç�è�ä0Ö�5�62430/tcp venus ê�7 Coda ý�þ�õ�ö (codacon ×�Ø�Ù ) Ö Venus 8�9�ó�ô�42430/udp venus ê�7 Coda ý�þ�õ�ö (callback/wbc :�; ) Ö Venus 8�9�ó�ô

4

< < <�===C. > > >�?? ?�@@@�AAA�BBB�CCC 99

A A A�BBB�CCC�DDD�EE E / F F F�GGGH H HI I I�JJJ K K KMLLL

2431/tcp venus-se Venus TCP @�N2O�P2431/udp venus-se Venus UDP @�N�O�P2432/udp codasrv Coda Q�R�S�T�U�V�W�A�B�C2433/tcp codasrv-se Coda Q�R�S�T TCP N�O�P2433/udp codasrv-se Coda Q�R�S�T UDP SFTP N�O�P2600 hpstgmgr

[zebrasrv]Zebra XMY�Z�[ b

2601 discp-client[zebra]

discp \�]�^`_ Zebra a�b�@ shell

2602 discp-server[ripd]

discp U�V�W`_cX�Y�Z�[�d�e�f�g�@�S�T�h�i (ripd)

2603 servicemeter[ripngd]

Service Meter; \�j IPv6 @ RIP S�T�h�i

2604 nsc-ccs [ospfd] NSC CCS; Open Shortest Path First S�T�h�i (ospfd)

2605 nsc-posa NSC POSA; Border Gateway Protocol S�T�h�i (bgpd)

2606 netmon [ospf6d] Dell Netmon; \�j IPv6 S�T�h�i�@ OSPF (ospf6d)

2809 corbaloc Common Object Request Broker Architecture (CORBA)k�I V�l�g�m�W3130 icpv2 n�o2n�X�p�q�r�e�f�g�s�t�uwv Internet Cache Protocol

v2 xy_zY Squid {�| / p�q�U�V�W�}�~�\3306 mysql MySQL d2��V�l3346 trnsprntproxy r��i�@�{�|4011 pxe Pre-execution Environment (PXE) V�l4321 rwhois Remote Whois (rwhois) V�l4444 krb524 Kerberos s��u (v5) ��sM��u (v4) ��W5002 rfe Radio Free Ethernet (RFE) ��e��S�T5308 cfengine ��g��wv Cfengine x5999 cvsup [CVSup] CVSup Q�R�F�G��6000/tcp x11 [X] X ��S�T�V�l7000 afs3-fileserver Andrew File System (AFS) Q�R�U�V�W7001 afs3-callback \�jM��p�q��|��@ AFS A�B�C7002 afs3-prserver AFS ~�\��d��7003 afs3-vlserver AFS �� m�¡�d2��7004 afs3-kaserver AFS Kerberos ¢�£�V�l7005 afs3-volser AFS �� |�U�V�W7006 afs3-errors AFS ¤�¥�¦�§�V�l

100 ¨ ¨ ¨�©© © C. ª ª ª�«««�¬¬¬��®® ®�¯¯¯

�®®®�¯¯¯�°°°�±± ± / ² ² ²�³³³´ ´ ´µ µ µ�¶¶¶ · · ·M¸¸¸

7007 afs3-bos AFS ¹�º�¬�»�¼�½�¾7008 afs3-update AFS ¿�À�Á�Â�¿�À�Á�¬�Ã�Ä�Á7009 afs3-rmtsys AFS Å�Æ�Ç�È�É�Ê�Ë�À�Ì9876 sd IP Í�Î�²�³�Ï�ÐwÑ IP multicast conferencing Ò�¬�Ï�Ó�Ô�Õ

ÁwÑ Session Director Ò10080 amanda Advanced Maryland Automatic Network Disk Archiver

(Amanda) Ö�×�À�Ì11371 pgpkeyserver Pretty Good Privacy (PGP) / GNU Privacy Guard (GPG)Ø�Ù ¬�Ú�Û�¿�À�Á11720 h323callsigalt H.323 Call Signal Alternate

13720 bprd Veritas NetBackup Request Ü�Ý�½�Þ (bprd)

13721 bpdbm Veritas NetBackup ß�à�á�É�Ê�Ë (bpdbm)

13722 bpjava-msvc Veritas NetBackup Java / â�ã Visual C++ (MSVC) ä�å13724 vnetd Veritas æ�ç�è�é13782 bpcd Veritas NetBackup

13783 vopied Veritas VOPIE ê�ë�½�Þ22273 wnn6 [wnn4] ì�í µ / î�ï�ð�ñ�Ü�Ý c

26000 quake Quake Ñóò�ôMõö¬�Ò÷Í�ø�ù�ú�û�ü�¿�À�Á26208 wnn6-ds Wnn6 ì�í µ / î�ï�¿�À�Á33434 traceroute Traceroute æ�ç�ý�þ�è�éÿ��

:a. ��©�� /etc/services ¬�� ¯�± 1236 �� bvcontrol �� GracilisPacketen Å�Æ��å�¿�À�Á�� "!�Þ µ�¶ ��#��%$�& µ�¶')(�* �� µ�¶�+ ��,��- µ�.b. ��©�� /etc/services ¬�� ®�¯�± 2600 Â 2606 /10 zebra 2�3��4�5� * ��6�$�& µ�¶87 �� µ�¶4'5(�* ��:9�;�� zebra ��¬ µ�¶'�+=< - µ #8>?� .c. ��©�� /etc/services ¬��A@�B��®�¯�� wnn6

')C�DFreeWnn 2�3�� <�* ��¬

� wnn4 �=E µ' ��F��®�¯6� .GG G�HHH

C-3. � � ��¬¬¬��®®®�¯¯ ¯G�H

C-4 #8>8I AppleTalk æ�ç�J '5K ß2à�L�M�²�M�ä�åwÑ DDP'

Datagram Delivery Protocol Ò%NMõö¬��N��®�¯ �

�®®®�¯¯¯�°°°�±± ± / ² ² ²�³³³´ ´ ´µ µ µ�¶¶¶ · · ·M¸¸¸

1/ddp rtmp ç10 G É�Ê�ä�å2/ddp nbp

µ�¶�O�P ä�å4/ddp echo AppleTalk Echo ä�å6/ddp zip æ�Q�ß%R�ä�åG G G�HHH

C-4. ß ß ß2ààà�SSS�²²²�³³³�TTT�RRR�äää�ååå��®® ®�¯¯¯

U U U�VVVC. W W W�XX X�YYY�ZZZ�[[[�\\\ 101

] ] ]�^C-5 _8`ba�c�d Kerberos e�f�g�h�i�j�k8l=Y%Z�[�\ m"n�o�p�q�Y�r4s v5 t�o�r Kerberos u�v�w4xy�z s5{�|�Z�[�\1}�~1� IANA �� m

ZZZ�[[[�\\\�� / � � �� 8��

751 kerberos_master Kerberos g�h752 passwd_server Kerberos �� (kpasswd) ��754 krb5_prop Kerberos v5 ��Y��760 krbupdate [kreg] Kerberos ��1109 kpop Kerberos ��i�j (KPOP)

2053 knetd Kerberos ��f��2105 eklogin Kerberos v5 �%��Y�� (rlogin)] ] ]�^^^

C-5. Kerberos (Project Athena/MIT) Z Z Z�[[[�\\\]�^

C-6 _1`=� Red Hat Enterprise Linux ¡s�¢�£¥¤b¦�§�¨ª©¬«��®�¯�°�±�²�³�´�µ��·¶�Y��¸«��i�j�¹��\�º�» ] x�¼�{�|��\�½8}¾~�� m

ZZZ�[[[�\\\�� / � � �� 8��

15/tcp netstat e�f�¿�À (netstat)

98/tcp linuxconf Linuxconf Linux ´�µ�Á�Â�Ã�Ä106 poppassd ��i�jÅ© POP s Post Office Protocol ¶��Æ�Ç�ÈÉ

(POPPASSD)

465/tcp smtps Ê�Ë SSL Y Simple Mail Transfer Protocol (SMTPS)

616/tcp gii Gated ©Ìf1Í¾´�µ�È É ¶%Î�Ï É�Ð�Ñ

808 omirr [omirrd] Online Mirror (Omirr) Ò�Ó�Ô�Õ��¸871/tcp supfileserv Software Upgrade Protocol (SUP) ��¸901/tcp swat Samba e�Ö Ð�Ñ Á�Â�Ã�Ä (SWAT)

953 rndc Berkeley Internet Name Domain u�×�w (BIND 9) ��Øj�Ã�Ä

1127/tcp supfiledbg Software Upgrade Protocol (SUP) Ù�Ú1178/tcp skkserv Simple Kana to Kanji (SKK) ÛÝÜ��È É

1313/tcp xtel French Minitel Ü�Þ�ß��´�µ1529/tcp support [prmsd,

gnatsd]GNATS È É Ú�à�á�â�´�µ

2003/tcp cfinger GNU finger ©Ìã��ä�ß%��å�æ�È É ¶2150 ninstall e�f�§�¨��¸2988 afbackup afbackup ç��è�é�ê�ë�´�µ3128/tcp squid Squid e�Ö�ì�Â�í�î

102 ï ï ï�ðð ð C. ñ ñ ñ�òòò�óóó�ôôô�õõ õ�ööö

ô ô ô�õõõ�ööö�÷÷÷�øø ø / ù ù ù�úúúû û ûü ü ü�ýýý þ þ þ8ÿÿÿ

3455 prsvp RSVP ô�õ�ö5432 postgres PostgreSQL ��4557/tcp fax FAX ù�ú��4559/tcp hylafax HylaFAX ��5232 sgi-dgl SGI ��5354 noclog NOCOL �� "!$#�%�ð�&�'�(�� (noclogd)

5355 hostmon NOCOL �� "!$#� �)�*�+5680/tcp canna Canna ,.-�-�/�ú�0�1�26010/tcp x11-ssh-offset Secure Shell (SSH) X11 3�4�ó�5�66667 ircd ��7�8�9�&�'�(�� (ircd)

7100/tcp xfs X /�:�;��(�� (XFS)

7666/tcp tircproxy Tircproxy IRC <�=��8008 http-alt >�-�/�ù�ú�?�@�� (HTTP) ó�A�BDC8080 webcache E�F��@�� (WWW) G�H��8081 tproxy I ÿ <�=�;��J9100/tcp jetdirect [laserjet,

hplj]Hewlett-Packard (HP) JetDirect ��K�L��

9359 mandelspawn[mandelbrot]

B�M X N�O�&�'�ó�P�Q Mandelbrot R�S�(��

10081 kamanda I�T Kerberos ó Amanda U�V��10082/tcp amandaidx Amanda W�X�;��J10083/tcp amidxtape Amanda Y�Z�U�V�;��J20011 isdnlog [�\��]�5�� (ISDN) %�ð�&�'20012 vboxd ISDN ^�_�`�a�&�'�(�� (vboxd)

22305/tcp wnn4_Kr kWnn b�-�ú�0�&�'22289/tcp wnn4_Cn cWnn !c-�ú�0�&�'22321/tcp wnn4_Tw tWnn !c-�ú�0�&�'��ed$f��24554 binkp Binkley TCP/IP Fidonet g�h�(��&�'�(��27374 asp 5�i�j�k��60177 tfido Ifmail FidoNet l�m�ó�g�h�(��60179 fido FidoNet n�o�g�h�p��rqc��ss s�ttt

C-6. u u u�vvv�www�óóó�ôôô�õõ õ�ööö

x x xzyyy

802.11x, 88{}|�~}�, 88�}��.� ~ , 19

BIOS, 19�}�BIOS, 19�� }�.� , 19��

, 19��, 19�.�}��}�}�

, 19��}��, 19��}��}�

��, 20� |�~ �.�� , 32

rsh, 32Telnet, 32vsftpd, 32� ��}� �� , 89 �¡ {}¢�£�¤.¥

, 83¦}§�|}¨�©}ª, 83«}¬�©}ª �}�, 83 ��®}¯

, 83|}~�� .°�±²}³

, 88´}µ, 87¶ µ�·}¸

, 87·}¸�¹}º, 88|}~�� «�¬ �� , 13»�¼}¦}§ ��

, 15½}¾�¿}À, 15Á}Â

Red Hat Network, 13Á}ÂRed Hat � «}¬ �}�}· � , 14|}~�Ã.Ä

Å}¾Nessus Æ �}� , 68Å}¾Nikto Æ �}� , 68Å}¾nmap Æ �}� , 67Å}¾VLAD the Scanner Æ �� , 68Ç}È, 65É�Ê

, 65Ë�Ì}Í��}Î}Ï�Ð, 66È�Ñ

, 65Ò.Ó�Ô}Õ( Ö ®}¯�×.� )Ø}Ù�Ú}Û �}Ü , 81

dd, 81file, 81find, 81grep, 81md5sum, 81script, 81stat, 81strings, 81

Ý �}Þ |�~}�Apache HTTP

Ý �}Þ , 41cgi|}~��

, 42ß}à, 41

FTP, 42TCP á}â �� { , 44vsftpd, 42Å}¾}ã�ä}å

, 44æ}ç}è�é, 43æ}ç}¡�ê, 43ë}ì}í�î, 43

NFS, 40·}¸}ï�ð, 41ñ}Ï}ò�ó, 41

NIS, 38IPTables, 40Kerberos, 40NIS·}ô�ç}õ

, 39securenets, 39ö}÷ ·�¸

, 39ø}ù �}ú}û�ü , 40portmap, 38Sendmail, 44ý.�

DoS, 45{NFS, 45

TCP á�â �� , 35þ}ÿ��, 36��

, 36í}î, 35

xinetd, 36SENSOR �� , 37�� DoS

Å}¾, 37�}� ¤}¥}Å�¾

, 37�� , 35ú�û}ü� �

, 45 �Ð, i��î

, i�� Red Hat Enterprise Linux �� , i�� Å}¾�� , iþ�ÿ}ã}{��, 7À�§

( Ö |}~�� «�¬ �� )©�ª��Ç}È�©}ª, 73

RPM½ ¯}��

(RPM), 74Tripwire, 74� �� , 73É�Ê

, 73·�¸�� , 76Snort, 77{ �� Ø}Ù

, 73��!, 73©�ª}|}~ �� , 1É�Ê�"�# � |�~}� , 1$�% �� þ}ÿ'& Denial of Service, DoS ( , 3��

104

( )�*�+ ),�-�.�/�0�12�3, 1,�-�4�5

, 36�7, 58�9�:�;�<�=�>�?

, 31@�A�B, 55

iptables, 56C�D�4�5, 59E�/�F�G, 60H�I

, 57J�K�1, 33L�M�N�O�P

, 60Q�R�1�S�T, 61U�V

, 55@�A�B�U�V, 55W�X�Y�:�Z

, 55[�\�]�^�Z, 55_�`�a�b�c�d

(NAT), 55e�f�gXhji L�k�l�ST

, 83hjm e�f, 83no�p�q

r�sdd, 81e�t�1u�v

, 81=�w, 79x�y�z�J�{�|

, 79,�-�}~�gX��(CERT), 80��

, 80L��1��, 80��o��t�1�S��

, 81��v, 81��, 79e�f�gX�{�|

, 79e�t�1u�v, 81��

black hat � � , 7=�w, 7:�;

, 45��1��j�, 80�� :�;��Denial of Service, DoS ��

, 3 �¡�e�¢�£, 59¤�¥

>��¦�LPC, 9, 9§�s�¨��

, 10© .�/�1�:�;, 9Y�:�Z

, 8ª�«�1�8�9�¬�X, 9�®�¨��L��¯�¨��

, 8°j± 1M�N�², 8_�`

, 7³�~�´�µ, 7¶�·�¸�¹¸»º¼8�9

(BIOS)( ) BIOS)½�¾¿�zÁÀjÂ�Ã»�

, 23

½�¾�Ä�/, 21©�Å ��Æ�1½�¾

, 21Ç��È, 23¿�z�ÀÂ�Ã»�

, 23É�Ê, 24Ë + , 24L

PAM, 24Ì�Í�>�?, 24

Crack, 24John the Ripper, 24Slurpie, 24½�¾�É�Ê

, 24Î ) 1.�/�0�Ï�Ð�L�� , 91Ñ�Ò, 91Î ) 1M�N�²Ñ�Ò, 93

*�+ , 4Ó�Ô, 5��Õ, 5¬�X, 5Ö�×�Ø�1�Ù�Ú

, ivÙ�ÚjÛ�Ü, ivÝ ��>�?

.�/�1, 33

GPG, 33OpenSSH, 33Ý ��², 93M�N�²

Î ) 1 , 93Þ * , 45ß�à _�` 1.�/�0, 88

802.11x, 88á Õ, 87>��¦

, 89Y�:�Z, 89â�ã�V�,�-

, 89L�.�/�0, 89ä�å�æ�ç _�`

(VPN), 47IPsec, 47³�~�è�³�~

, 48.�é��, 48<�=

, 51Û�Ü�Ø�1�Ù�Ú, iv° ~�¬�X�¨��

GRUB½�¾�Ä�ê, 20Ä�/

, 20ë�ì, 1,�-�}~�gXí�î�

, 80,�-�4�5ï�ð�ñ�ò�ó¨��

, 3ô�s�õö�f

, ii_�`, 87÷�ø�Z

, 88 �¡e�¢�£(DMZs), 89

105

ù�ú, 89û�ü, 88ý�ü�þ

, 88ÿ��, 87��

(NAT), 58��iptables, 58��

, 87��ü��, 87��

, 87� �, 87��

, 30��, 30��

, 30 �!�"$#�%'&, 30(�) ù�*�+

, 30(�) ù�*�+ExecShield, 30,�-�ÿ�.�/

, 310�1black hat

( 2�3 1 )grey hat, 7white hat, 7/�4

, 70�1$#'5�6, 77�8�9�:

;�< , 81

AApache HTTP = � þ

cgi��

, 42>�?, 41@�A, 41

BBIOSB

x86#�C'D�E

F�", 20G��

, 19F�", 19

black hat0�1

( 2'3 1 )

Ccupsd, 31

Ddd H ý�I�J�K�L

, 817�8�9�:�K�L, 81

DMZ( 2B�M�N ù�O

)( 2 networks)

EEFI ShellG��

F�", 20

Ffile7�8�9�:�K�L

, 81find7�8�9�:�K�L

, 81FTP

TCP P�Q �!�ÿ , 44vsftpd, 42K�L�R�S�T

, 44U�V�W�X, 43U�V�Y�Z, 43@�A

, 42[�\�]�^, 43

Ggrep7�8�9�:�K�L

, 81grey hat

0�1( 2 0�1 )

IIDS

( 2�_�`$a'b�c�d�_�` )ip6tables, 60IPsec, 47e�f�C�e�f

, 48��gih, 48.�/

, 51e�f�C�e�f, 48j ú

, 47�� ÿ ��, 51

iptables, 56chains, 56

POSTROUTING, 58PREROUTING, 59, 59k a , 57

106

lnm, 57o�p, 58q�r�s�t

, 59u�v�w�x$y'z�{, 60w�x

, 60|�}, 56~��, 57��, 57

NAT, 58, 59�� , 57�'�, 57��, 57o�p, 58��

, 60w�x, 60�

DMZs, 59��$y��, 61

KKerberos

NIS, 40

Llpd, 31lsof, 45

Mmd5sum�� |�}

, 81

NNAT

( �'�� o�� (NAT))Nessus, 68Netfilter, 56��$y��

, 61Netfilter 6, 60netstat, 45NFS, 40�� , 41�

Sendmail, 45�� , 41

Nikto, 68NIS

IPTables, 40Kerberos, 40NIS ��¡�¢�£ , 39securenets, 39��¤ �� , 39¥�x$y'��¦

, 40

§�¨, 38

nmap, 45, 67©�ª�«�¬�, 67

O

OpenSSH, 33

scp, 33

sftp, 33

ssh, 33

P

pluggable authentication modules (PAM)®�¯�°�±�y'®�², 24

portmap, 31�IPTables, 38�TCP ³�´�µ�¶ , 38

R

root, 25·�¸�¹ ��º, 26¸'¹ ��º

, 25» ²��º, 28|�}�|�}�¼�½�¾�¿

, 28�su, 28�sudo, 29À�}�y�Á��

, 26Â�Ãrooty

shell, 27|�}PAM, 28À�}SSH Ä�Å , 28

root|�}�¼

( � root)

RPMÆ Å GPG Ç�È , 14��É�Ê Å'Ë y�Ì�Í , 74Î�Ï�Ð�Ñ ��Ò�Ó y�Ô�Õ , 14, 15

107

Ssendmail, 31Ö'×

DoS, 45ØNFS, 45Ù�Ú

, 44Snort, 77sshd, 31statÛ�Ü�Ý�Þ�ß�à

, 81stringsÛ�Ü�Ý�Þ�ß�à

, 81su Ø

root, 28sudoØ

root, 29

TTCP á�â�ã�äå�æ�ç�è

, 36é�ê, 36Ø

FTP, 44Øportmap, 38ë�ì

, 35Tripwire, 74

VVLAD the Scanner, 68VPN, 47

Wwhite hat í�î

( ï'í�î )Wi-Fi ð�ñ

( ï 802.11x)

Xxinetd, 31

SENSOR ò�ó , 37ô'õDoSß�à

, 37ö�÷$ø'ù ß�à, 37

ú ú úüûû ûþýýýüÿÿÿ

��DocBook SGML v4.1 �� HTML � PDF �� DSSSL

stylesheets � �� jade wrapper �� DocBook SGML !�" ��# Emacs ��%$&��')(+*PSGML ,-��/.-0-12�

3�4 ��5-6 ')798;:�<�=�>@?A8CB�D�>@?E8;F�G�>@?E8;H-4�>I��JK8;H-L�> 1 � M Garrett LeSage ��NO �QP/R-S ��T+U Red Hat �+V�W&X/Y-Z/[ ��MI\-] �Red Hat ��^_�/V�W&X/Y-`-a ��MI�/b �/c�d/e/c�fSandra A. Moore — Red Hat Enterprise Linux g�h ��i��j x86, Itanium™

?AMD64 � Intel®

Extended Memory 64 Technology (Intel® EM64T) k-l-m-no�/k G-O/p �-q-r pts Red Hat EnterpriseLinux g-h �-�-i-�-j IBM® POWER Architecture k-l-m-no�/k G/O-p �-q-r pus Red Hat EnterpriseLinux g-h �-�/i-�-j IBM® S/390® � IBM® eServer™ zSeries® k/l-m-n2�/k G-O-p �-q/r p

John Ha — Red Hat v-w-x-h-y/z-{-|-�-}/~-v-wo�/k G-O-p �-q-r pus Red Hat Enterprise Linux g�-� {-| �-� � O-p �-q/r p�� Z s�� DocBook stylesheets � scripts �/q-r p

Edward C. Bailey — Red Hat Enterprise Linux ��}�~��2�-k G�O�p ��q�r p�s��/��L �-k GO-p �-q-r pus Red Hat Enterprise Linux g-h �/�-i-�-j x86, Itanium™?

AMD64 � Intel® ExtendedMemory 64 Technology (Intel® EM64T) k-l-m/n@� O-p-�� ZKarsten Wade — Red Hat SELinux �-�� -p-�-� �/k G-O-p �-q/r pus Red Hat SELinux �-�-/��-� �+k G-O-p �/q-r p

Andrius Benokraitis — Red Hat Enterprise Linux �/� �-� �+k G-O-p �/q-r pus Red Hat EnterpriseLinux g �� {�| �� -�� O�p ��&q�r pus Red Hat Enterprise Linux ��}�~ �� O�p��ZPaul Kennedy — Red Hat GFS v-w-!-"-�/�-}-~ p-�/� �/k G/O-p �-q-r pus Red Hat v-w-x-h/y-z{-|/�-}-~-v-w�� O-p-�-� ZMark Johnson — Red Hat Enterprise Linux ��/{-|/�-}-~-v-wo�/k G/O-p �-q-r p

Melissa Goldin — Red Hat Enterprise Linux �-�--� �-�-�-� �/k G-O/p �-q-r p

Red Hat �-�/��`-a MI�/b c�d/�-e/c�fAmanpreet Singh Alam — �/�-�/�- -¡Jean-Paul Aubry — ¢�X+ -¡David Barzilay — £I¤--¥-¦-§-X/ -¡Runa Bhattacharjee — ¨ (/© �/ -¡ª $ — «-z�$_X/ -¡Verena Fuehrer — ¬-X/ -¡�®�¯-°�±

— ²³X/ /¡N. Jayaradha — ´-µ-¶-�- /¡·-¸/¹

— º-X/ -¡Yelitza Louze — ¤/»-§�X/ -¡¼ �/½-¾ — ²³X/ -¡Ankitkumar Rameshchandra Patel — ¿ J-©-À �/ -¡Rajesh Ranjan — Á-Â-�- /¡Nadine Richter — ¬�X+ -¡Audrey Simons — ¢�X/ /¡Francesco Valente — Ã�Ä/Å-X/ -¡

110

Æ-Ç/È— É/Ê�Ë_Ì/Í-Î

Ï-Ð/Ñ— Ò/Ê�Ë_Ì/Í-Î

red hat enterprise linux 4 - mitweb.mit.edu/rhel-doc/4/rh-docs/pdf/rhel-sg-zh_tw.pdf · red hat...

Documents