Linux

Linux
Linux
Web Linux

Linux

Linux Linux chroot

jailTCP wrapperchroot

chroot jail TCP wrapper Linux

Linux Choot
LINUX WIFI
quid ACL
Squid

Linux Linux

Linux
Linux
Linux
Linux
Linux

2 / 38

 chroot jail TCP wrapper Linux

Linux

TCP wrapper chroot jail

TCP Wrappers hosts.allow hosts.deny

//

TCP wrapper /etc/hosts.allow /etc/hosts.deny

libwrap.so daemon
daemon daemon

hosts.allow hosts.deny
daemon_list client_list [ command]
daemon_list daemon rpcbindvsftpd sshd
client_list client_list
daemon_list daemon

3 / 38

hosts.allow hosts.deny

daemon hosts.allow

daemon hosts.deny

hosts.allow hosts.deny

hosts.allow hosts.deny
daemon
hosts.deny
$ cat etchosts.deny
...
ALL:ALL:echo '%c tried to connect to %d and was blocked'>> /var/log/tcpwrappers.log
...
hosts.allow
/var/log/tcpwrappers.log %c %d
daemon
hosts.deny hosts.allow
hosts.allow OpenSSH daemon sshscpsftp
192.168.
$ cat etchosts.allow
sshd ALL
in.telnet LOCAL
in.telnet 192.168. 127.0.0.1
...
ALL sshdLOCAL
IP 192.168.

4 / 38

 chroot jail
UNIX Linux UNIX
chroot /

/home/sam/jail/home/sam
jail / jail
chrootjail
chroot jail chroot jail
chrootjail

(TechTarget Mark G. Sobell, Prentice Hall Dan)

5 / 38

 Linux Choot

chroot
chroot jail root /usr/sbin/chroot directorydirectory
directory shell/home/sam
/home/sam/jail chroot jail
#/usr/sbin/chroot/home/sam/jail
/usr/sbin/chroot: '/bin/bash'
chroot jail bash shell Jail jail
/ chroot /bin/bash chroot jail

chroot jail chroot jail bash jail

/home/sam/jail/bin bin /bin/bash bash
jail lib
bash ldd bash
lib
linux-gate.so.1 DSO lib

$ pwd
/home/sam/jail
$ mkdir bin lib

6 / 38

$ cp binbash bin
$ ldd binbash
linux-gate.so.1 = (0x0089c000)
libtinfo.so.5 = liblibtinfo.so.5 (0x00cdb000)
libdl.so.2 = liblibdl.so.2 (0x00b1b000)
libc.so.6 = liblibc.so.6 (0x009cb000)
libld-linux.so.2 (0x009ae000)
$ cp /lib/{libtinfo.so.5,libdl.so.2,libc.so.6,ld-linux.so.2} lib
chroot jail
chroot
$ su
Password:
# /usr/sbin/chroot .
bash-3.2# pwd
/
bash-3.2# ls
bash ls command not found
bash-3.2#
chroot bashbash- 3.2#Pwd
shell bash ls chroot jail
ls /bin/ls jail
chroot jail chroot jail
jail jail

7 / 38


bash 50
bash coreutils SRPMS
su jail root su root
chroot jail chroot jail root
Fedora RHEL su PAM jail jail su
su su PAM
su /etc/passwd /etc/shadow jail etc

chroot jail
chroot jail bin libfile
jail
chroot jail
jail shell jail jail
jail chroot jail
# /usr/sbin/chroot jailpath /bin/su user daemonname &
jailpath jail user daemondaemonname
daemon jail
chroot jail DNS jail
vsftpd FTP chroot jail

root root Procmail vsftpd

su jail
8 / 38

 root chroot jail jail

su jail setuid
jail

(TechTarget Mark G. Sobell, Prentice Hall Dan)

9 / 38

 LINUX WIFI

LINUX

wlan
0 iwlist wlan0
ifconfig wlan0 up wlan0

iwlist wlan0
root@texas:/etc/wpa_supplicant# iwlist wlan0 scanning
wlan0

Scan completed :
Cell 01 - Address: 00:1D:7E:0F:D3:38

GHz (Channel 3)

Channel:3

Frequency:2.422

Quality=70/70 Signal level=-39 dBm

key:on

ESSID:"kippis"

Mb/s

Encryption

Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6

9 Mb/s; 12 Mb/s; 18 Mb/s

Bit Rates:24 Mb/s; 36 Mb/s; 48

Mb/s; 54
Mb/s

Mode:Master

Extra:tsf=00000895bfd8b177

Last beacon: 170ms ago

IE: Unknown: 00066B6970706973

010882848B960C121824
Version 1
1

IE: Unknown: 030103

Group Cipher : TKIP

CCMP

Group Cipher : TKIP

0406000200000000

Authentication Suites (1) : PSK

IE: Unknown:
IE: IEEE 802.11i/WPA2

Pairwise Ciphers (1) :

Authentication Suites (1) : PSK

TKIP

Extra:

IE: WPA Version

Pairwise Ciphers (1) :
IE: Unknown:

IE: Unknown:

DD180050F2020101800003A4000027A4000042435E0062322F00
2D1A6E1803FFFF000000000000000000000000000000000000000000

IE: Unknown:
IE: Unknown:
10 / 38

3D1603050000000000000000000000000000000000000000

IE: Unknown:

DD1E00904C336E1C03FFFF000000000000000000000000000000000000000000

IE:

Unknown: DD1A00904C3403050000000000000000000000000000000000000000
Unknown: 2A0103

IE: Unknown: 32043048606C

00:18:39:2C:5D:94

Channel:11

11)

Cell 02 - Address:

Frequency:2.462 GHz (Channel

Quality=25/70 Signal level=-85 dBm

key:on

ESSID:"ilestvivant"

Mb/s

IE:

Encryption

Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11

Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s

36

Mb/s; 48 Mb/s; 54
Mb/s

Mode:Master

Extra:tsf=000001981a060177

Last beacon: 5150ms ago

IE: Unknown:

000B696C657374766976616E74
Unknown: 03010B
TKIP

IE: WPA Version 1

Authentication Suites (1) :

IE: Unknown:

IE: Unknown: 2A0100

32080C1218243048606C
00:26:F2:5F:6A:36

IE: Unknown:

Cell 03 - Address:
Channel:6

Frequency:2.437 GHz (Channel

Quality=20/70 Signal level=-90 dBm

key:on

IE:

Group Cipher :

IE: Unknown: 0406010200000000

050400010000

6)

IE: Unknown: 010482848B96

Pairwise Ciphers (1) : TKIP

PSK

Extra:

ESSID:"valkrustlaan9"

Mb/s; 18 Mb/s

Encryption
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11

24 Mb/s; 36 Mb/s; 54 Mb/s

Bit Rates:6 Mb/s; 9

Mb/s; 12 Mb/s; 48
Mb/s

Mode:Master

Last beacon: 5740ms ago

Extra:tsf=000007b3896f1192
IE: Unknown:

000D76616C6B727573746C61616E39
010882840B162430486C
050400030000

Extra:

IE: Unknown:
IE: Unknown: 030106

IE: Unknown: 2A0100

IE: Unknown:
IE: Unknown:

2F0100

IE: IEEE 802.11i/WPA2 Version 1

Group Cipher :

TKIP

Pairwise Ciphers (2) : CCMP TKIP

Authentication Suites (1) :

PSK

IE: Unknown: 32040C121860

IE: Unknown:

2D1A7C181BFFFF000000000000000000000000000000000000000000
3D1606080000000000000000000000000000000000000000

IE: Unknown:
IE: Unknown:
11 / 38

DD0E0050F204104A0001101044000102
DD090010180200F0050000
TKIP

IE: Unknown:
IE: WPA Version 1

Group Cipher :

Pairwise Ciphers (2) : CCMP TKIP

PSK

Authentication Suites (1) :

IE: Unknown:

DD180050F2020101800003A4000027A4000042435E0062322F00

IE: Unknown:

DD1E00904C337C181BFFFF000000000000000000000000000000000000000000

IE:

Unknown: DD1A00904C3406080000000000000000000000000000000000000000
Address: 00:0C:F6:3B:83:C0
11)

Channel:11

Frequency:2.462 GHz (Channel

Quality=18/70 Signal level=-92 dBm

key:on

ESSID:"Sitecom"

Mb/s

Cell 04 -

Encryption

Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6

9 Mb/s; 12 Mb/s; 18 Mb/s

Bit Rates:24 Mb/s; 36 Mb/s; 48

Mb/s; 54
Mb/s

Mode:Master

Last beacon: 5130ms ago

Extra:tsf=0000003836a9619b
IE: Unknown: 000753697465636F6D

Unknown: 010882840B160C121824

IE: Unknown: 03010B

050402030000

IE: Unknown: 2A0104

32043048606C

IE: WPA Version 1

TKIP
PSK

Extra:

Pairwise Ciphers (1) : TKIP

IE:
IE: Unknown:

IE: Unknown:
Group Cipher :
Authentication Suites (1) :

IE: Unknown: DD0700E04C01020300

iwlist wlan0 ESSIDs

WPA
wpa_supplicant.conf
/etc/wpa_supplicant
PSK SSID WPA
wpa_supplicant.conf WPA
root@texas:/etc/wpa_supplicant# cat wpa_supplicant.conf
network={

ssid="mynetwork"

key_mgmt=WPA-PSK

psk="69ABC9DF20" }

After creating this file, you can run a first test to see if you can connect to the network that is
specified using the wpa_supplicant command. To do this, use the following command:
wpa_supplicant -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf
12 / 38


wpa_supplicant B daemon IP
DHCP dhclient wlan0 IP
DHCP IP
wpa_supplicant

(TechTarget Tom Nolle )

13 / 38

Squid ACL

Web
Web

Squid
Squid AIXDigitalUNIXFreeBSDHP-UXIrixLinuxNetBSD
NextstepSCOSolarisOS/2 Web Squid
Squid I/O Squid
Squid DNS DNS server
Squid DNS server DNS server
DNS DNS
Red Hat Enterprise Linux RPM
#/etc/rc.d/init.d/squid start #service squid start

Squid ACL
ACL
ACL

14 / 38


acl aclname acltype string1
acl aclname acltype file

acltype srcdstsrcdomaindstdomainurl_regexurlpath_regextimeport
protomethod
src
acl aclname src ip-address/netmask ... ip
acl aclname src addr1-addr2/netmask ...
dst IP
acl aclname dst ip-address/netmask ...
srcdomainSquid IP DNS
acl aclname srcdomain foo.com ...
dstdomain URL
acl aclname dstdomain foo.com ...
time
acl aclname time [day-abbrevs] [h1:m1-h2:m2][hh:mm-hh:mm]

S Sunday
M Monday
T Tuesday
W Wednesday
H Thursday
F Friday
A Saturday
15 / 38

h1m1 h2m2[hhmm-hhmm]
port
acl aclname port 80 70 21 ...
acl aclname port 0-1024 ...
proto
acl aclname proto HTTP FTP ...
method
acl aclname method GET POST ...
url_regexURL
acl aclname url_regex[-i] pattern
urlpath_regexURL-path
acl aclname urlpath_regex[-i] pattern
ACL
acltype ACL
ACL
ACL ACL
ACL
ACL
ACL Squid
http_access

deny allallow all

16 / 38

http_access Action 1 AND 2 AND

http_access

(TechTarget )

17 / 38

 Squid

Reverse Proxy Internet

Internet

Internet
, Web http
Internet
Internet Web

Web Web
CGI
Web
Web

Nginx Squid SocksApacheJigsaw

Delegate
Squid
Squid Web DNS
Squid IP URL Squid
18 / 38


Web

Squid
HTML CGI ASP
JSP Web HTTP
HTTP
Last-Modified
Expires
Cache-Control
Pragma Pragma:no-cache
squid
http_port 80 accel vhost vport
cache_peer 192.172.1.133 parent 80 0 no-query originserver
cache_peer_domain www.test.com 192.172.1.133
acl sites dstdomain www.test.com
http_access allow sites
http_access deny all
cache_dir ufs /var/spool/squid3 100 16 256
cache_mgr yourmail@somesite.com
cache_mem 64 MB
maximum_object_size_in_memory 1028 KB
access_log /var/log/squid3/access.log squid

http_port 80 accel vhost vpor Squid 80vhost vport

IP
cache_peer 192.172.1.133 parent 80 0 no-query originserver Web Server IP
cache_peer_domain www.test.com 192.172.1.133
19 / 38

www.test.com Web Server 192.172.1.133

acl sites dstdomain www.test.com
http_access allow siteshttp_access deny all
cache_dir ufs /var/spool/squid3 100 16 256cache_mgr yourmail@somesite.comcache_mem 64
MBmaximum_object_size_in_memory 1028 KBaccess_log /var/log/squid3/access.log squid

(TechTarget )

20 / 38

 Linux

Linux

Linux
Linux

Linux email Web

Linux
John the Ripper

Linux /etc/passwd
rcp/rcopy NIS

21 / 38


Linux
netstat

Nmap

Lastlog
/var/log/messages

bug

bug bug

Linux Linux Ubuntu Linux

>>

Web
VPN SSH
Web bug
Web
Web PerlPythonRuby PHP
SQL Java Web

(TechTarget King Ables Odyssey)

22 / 38

 Linux

Linux

Linux

Linux

Linux 1
CPU ID 2

Linux Linux Linux who

wps top
Linux
who who
w who w
w who
ps top

23 / 38


Linux

PROC CPU

PROC

PROC

/proc/1

1 /proc

/proc/cpuinfo

/proc/devices

/proc/dma

DMA

/proc/filesystems
/proc/interrupts

/proc/ioports

I/O

/proc/kcore

/proc/kmsg

syslog

/proc/ksyms

/proc/loadavg

/proc/meminfo

swap
24 / 38

/proc/modules

/proc/net

/proc/stat

/proc/version

/proc/uptime

/proc/cmdline

1 PROC

1/proc /proc
1
3193

1 /ls/proc
2 3193 2

25 / 38

 2 3193
3status

Name:

scientific_comp //

State: R (running)
Tgid:

3193

Pid:

3193

PPid:

// ID
// ID

3123

TracerPid:

//

// ID
0

// ID

Uid:

6004

6004

6004

6004

Gid:

6004

6004

6004

6004 // GID

FDSize: 256
Groups: 6004

// UID

//
//

ID IDUIDGID

26 / 38

fork

ulimit ulimit f
K 3 ulimit
shell yes test.txt
ulimit
yes
ls test.txt
ulimit 20KB

3 ulimit
root
/etc/profile ulimit 4
5 root 4 5

27 / 38

 4 root ulimit

5 root ulimit
ulimit
ulimit 20KB
20KB 10 100 20KB
Ulimit

6 ulimit
ulimit 8 9

28 / 38

 6 ulimit

(TechTarget )

29 / 38

 Linux

Linux
Web Linux

Linux
1

passwd

Linux /etc/passwd /etc/shadow

crack john the
ripper
2
Linux Daemon
/etc/inetd Inetd Internet daemon
TCP UDP inetd

30 / 38

 Linux TCP UDP /etc/inetd.conf

/etc/inetd.conf
httpsmtptelnet ftp tftp
imap/ipop gopher daytime
time fingerefingersystat netstat
finger
Linux Inetd
/etc/inetd.conf /etc/services

Linux Red Hat Linux 7.2 xinetd

(TechTarget

31 / 38

 Linux

3
Linux

Unix Linux /etc/passwd Linux

/etc/passwd
/etc/shadow

Linux
PAM Linux Linux PAM

PAM

PAM DES

Linux PAM Linux

4
Linux
ID

32 / 38

 Linux
/etc/hosts.allow /etc/hosts.deny Linux
/var/log/secure
ID ID

root
root
Linux /etc/securetty root Red Hat
Linux rtys root root
root
su
5r
Linux r rloginrcp
root .rhosts
hosts.equiv root
r
PAM r /etc/pam.d/rlogin
home .rhosts
6root
Root Linux

sudo
sudo
sudo

33 / 38

sudo sudo
Linux sudo
sudo
sudo
/etc/cat

(TechTarget )

34 / 38

 Linux

7
Linux
Linux

su

8
IDS
35 / 38

 Linux Netfilter/Iptables
Linux Snort LIDSLinux
Intrusion Detection System

IP / IDS

9
Linux

Linux
Linux Linux

10
Linux Linux

Kernel Linux
Kernel Kernel
2.0.x

Kernel Kernel

Internet Linux
Red Hat www.redhat.comDebian Linux
36 / 38

www.debian.orgTurbolinux www.turbolinux.comSuSE
www.suse.com/index_us.htmlFedora fedora.redhat.com Linux
Linux

(TechTarget )

37 / 38

 TechTarget