Professional Documents
Culture Documents
Linux
Linux
Web Linux
Linux
Linux Linux
Linux
Linux
Linux
Linux
Linux
2 / 38
Linux
//
hosts.allow hosts.deny
daemon_list client_list [ command]
daemon_list daemon rpcbindvsftpd sshd
client_list client_list
daemon_list daemon
3 / 38
hosts.allow hosts.deny
daemon hosts.allow
daemon hosts.deny
hosts.allow hosts.deny
hosts.allow hosts.deny
daemon
hosts.deny
$ cat etchosts.deny
...
ALL:ALL:echo '%c tried to connect to %d and was blocked'>> /var/log/tcpwrappers.log
...
hosts.allow
/var/log/tcpwrappers.log %c %d
daemon
hosts.deny hosts.allow
hosts.allow OpenSSH daemon sshscpsftp
192.168.
$ cat etchosts.allow
sshd ALL
in.telnet LOCAL
in.telnet 192.168. 127.0.0.1
...
ALL sshdLOCAL
IP 192.168.
4 / 38
chroot jail
UNIX Linux UNIX
chroot /
/home/sam/jail/home/sam
jail / jail
chrootjail
chroot jail chroot jail
chrootjail
5 / 38
Linux Choot
chroot
chroot jail root /usr/sbin/chroot directorydirectory
directory shell/home/sam
/home/sam/jail chroot jail
#/usr/sbin/chroot/home/sam/jail
/usr/sbin/chroot: '/bin/bash'
chroot jail bash shell Jail jail
/ chroot /bin/bash chroot jail
$ pwd
/home/sam/jail
$ mkdir bin lib
6 / 38
$ cp binbash bin
$ ldd binbash
linux-gate.so.1 = (0x0089c000)
libtinfo.so.5 = liblibtinfo.so.5 (0x00cdb000)
libdl.so.2 = liblibdl.so.2 (0x00b1b000)
libc.so.6 = liblibc.so.6 (0x009cb000)
libld-linux.so.2 (0x009ae000)
$ cp /lib/{libtinfo.so.5,libdl.so.2,libc.so.6,ld-linux.so.2} lib
chroot jail
chroot
$ su
Password:
# /usr/sbin/chroot .
bash-3.2# pwd
/
bash-3.2# ls
bash ls command not found
bash-3.2#
chroot bashbash- 3.2#Pwd
shell bash ls chroot jail
ls /bin/ls jail
chroot jail chroot jail
jail jail
7 / 38
bash 50
bash coreutils SRPMS
su jail root su root
chroot jail chroot jail root
Fedora RHEL su PAM jail jail su
su su PAM
su /etc/passwd /etc/shadow jail etc
chroot jail
chroot jail bin libfile
jail
chroot jail
jail shell jail jail
jail chroot jail
# /usr/sbin/chroot jailpath /bin/su user daemonname &
jailpath jail user daemondaemonname
daemon jail
chroot jail DNS jail
vsftpd FTP chroot jail
9 / 38
LINUX WIFI
LINUX
wlan
0 iwlist wlan0
ifconfig wlan0 up wlan0
iwlist wlan0
root@texas:/etc/wpa_supplicant# iwlist wlan0 scanning
wlan0
Scan completed :
Cell 01 - Address: 00:1D:7E:0F:D3:38
GHz (Channel 3)
Channel:3
Frequency:2.422
key:on
ESSID:"kippis"
Mb/s
Encryption
Mb/s; 54
Mb/s
Mode:Master
Extra:tsf=00000895bfd8b177
010882848B960C121824
Version 1
1
CCMP
0406000200000000
IE: Unknown:
IE: IEEE 802.11i/WPA2
TKIP
Extra:
IE: Unknown:
DD180050F2020101800003A4000027A4000042435E0062322F00
2D1A6E1803FFFF000000000000000000000000000000000000000000
IE: Unknown:
IE: Unknown:
10 / 38
3D1603050000000000000000000000000000000000000000
IE: Unknown:
DD1E00904C336E1C03FFFF000000000000000000000000000000000000000000
IE:
Unknown: DD1A00904C3403050000000000000000000000000000000000000000
Unknown: 2A0103
00:18:39:2C:5D:94
Channel:11
11)
Cell 02 - Address:
key:on
ESSID:"ilestvivant"
Mb/s
IE:
Encryption
36
Mb/s; 48 Mb/s; 54
Mb/s
Mode:Master
Extra:tsf=000001981a060177
IE: Unknown:
000B696C657374766976616E74
Unknown: 03010B
TKIP
32080C1218243048606C
00:26:F2:5F:6A:36
IE: Unknown:
Cell 03 - Address:
Channel:6
key:on
IE:
Group Cipher :
050400010000
6)
PSK
Extra:
ESSID:"valkrustlaan9"
Mb/s; 18 Mb/s
Encryption
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11
Mb/s; 12 Mb/s; 48
Mb/s
Mode:Master
Extra:tsf=000007b3896f1192
IE: Unknown:
000D76616C6B727573746C61616E39
010882840B162430486C
050400030000
Extra:
IE: Unknown:
IE: Unknown: 030106
IE: Unknown:
IE: Unknown:
2F0100
Group Cipher :
TKIP
PSK
IE: Unknown:
2D1A7C181BFFFF000000000000000000000000000000000000000000
3D1606080000000000000000000000000000000000000000
IE: Unknown:
IE: Unknown:
11 / 38
DD0E0050F204104A0001101044000102
DD090010180200F0050000
TKIP
IE: Unknown:
IE: WPA Version 1
Group Cipher :
PSK
IE: Unknown:
DD180050F2020101800003A4000027A4000042435E0062322F00
IE: Unknown:
DD1E00904C337C181BFFFF000000000000000000000000000000000000000000
IE:
Unknown: DD1A00904C3406080000000000000000000000000000000000000000
Address: 00:0C:F6:3B:83:C0
11)
Channel:11
key:on
ESSID:"Sitecom"
Mb/s
Cell 04 -
Encryption
Mb/s; 54
Mb/s
Mode:Master
Extra:tsf=0000003836a9619b
IE: Unknown: 000753697465636F6D
Unknown: 010882840B160C121824
050402030000
32043048606C
TKIP
PSK
Extra:
IE:
IE: Unknown:
IE: Unknown:
Group Cipher :
Authentication Suites (1) :
ssid="mynetwork"
key_mgmt=WPA-PSK
psk="69ABC9DF20" }
After creating this file, you can run a first test to see if you can connect to the network that is
specified using the wpa_supplicant command. To do this, use the following command:
wpa_supplicant -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf
12 / 38
wpa_supplicant B daemon IP
DHCP dhclient wlan0 IP
DHCP IP
wpa_supplicant
13 / 38
Squid ACL
Web
Web
Squid
Squid AIXDigitalUNIXFreeBSDHP-UXIrixLinuxNetBSD
NextstepSCOSolarisOS/2 Web Squid
Squid I/O Squid
Squid DNS DNS server
Squid DNS server DNS server
DNS DNS
Red Hat Enterprise Linux RPM
#/etc/rc.d/init.d/squid start #service squid start
Squid ACL
ACL
ACL
14 / 38
acl aclname acltype string1
acl aclname acltype file
acltype srcdstsrcdomaindstdomainurl_regexurlpath_regextimeport
protomethod
src
acl aclname src ip-address/netmask ... ip
acl aclname src addr1-addr2/netmask ...
dst IP
acl aclname dst ip-address/netmask ...
srcdomainSquid IP DNS
acl aclname srcdomain foo.com ...
dstdomain URL
acl aclname dstdomain foo.com ...
time
acl aclname time [day-abbrevs] [h1:m1-h2:m2][hh:mm-hh:mm]
S Sunday
M Monday
T Tuesday
W Wednesday
H Thursday
F Friday
A Saturday
15 / 38
h1m1 h2m2[hhmm-hhmm]
port
acl aclname port 80 70 21 ...
acl aclname port 0-1024 ...
proto
acl aclname proto HTTP FTP ...
method
acl aclname method GET POST ...
url_regexURL
acl aclname url_regex[-i] pattern
urlpath_regexURL-path
acl aclname urlpath_regex[-i] pattern
ACL
acltype ACL
ACL
ACL ACL
ACL
ACL
ACL Squid
http_access
16 / 38
(TechTarget )
17 / 38
Squid
Internet
, Web http
Internet
Internet Web
Web Web
CGI
Web
Web
Web
Squid
HTML CGI ASP
JSP Web HTTP
HTTP
Last-Modified
Expires
Cache-Control
Pragma Pragma:no-cache
squid
http_port 80 accel vhost vport
cache_peer 192.172.1.133 parent 80 0 no-query originserver
cache_peer_domain www.test.com 192.172.1.133
acl sites dstdomain www.test.com
http_access allow sites
http_access deny all
cache_dir ufs /var/spool/squid3 100 16 256
cache_mgr yourmail@somesite.com
cache_mem 64 MB
maximum_object_size_in_memory 1028 KB
access_log /var/log/squid3/access.log squid
(TechTarget )
20 / 38
Linux
Linux
Linux
Linux
Linux
John the Ripper
Linux /etc/passwd
rcp/rcopy NIS
21 / 38
Linux
netstat
Nmap
Lastlog
/var/log/messages
bug
bug bug
Web
VPN SSH
Web bug
Web
Web PerlPythonRuby PHP
SQL Java Web
22 / 38
Linux
Linux
Linux
Linux
Linux 1
CPU ID 2
23 / 38
Linux
PROC CPU
PROC
PROC
/proc/1
1 /proc
/proc/cpuinfo
/proc/devices
/proc/dma
DMA
/proc/filesystems
/proc/interrupts
/proc/ioports
I/O
/proc/kcore
/proc/kmsg
syslog
/proc/ksyms
/proc/loadavg
/proc/meminfo
swap
24 / 38
/proc/modules
/proc/net
/proc/stat
/proc/version
/proc/uptime
/proc/cmdline
1 PROC
1/proc /proc
1
3193
1 /ls/proc
2 3193 2
25 / 38
2 3193
3status
Name:
scientific_comp //
State: R (running)
Tgid:
3193
Pid:
3193
PPid:
// ID
// ID
3123
TracerPid:
//
// ID
0
// ID
Uid:
6004
6004
6004
6004
Gid:
6004
6004
6004
6004 // GID
FDSize: 256
Groups: 6004
// UID
//
//
ID IDUIDGID
26 / 38
fork
ulimit ulimit f
K 3 ulimit
shell yes test.txt
ulimit
yes
ls test.txt
ulimit 20KB
3 ulimit
root
/etc/profile ulimit 4
5 root 4 5
27 / 38
4 root ulimit
5 root ulimit
ulimit
ulimit 20KB
20KB 10 100 20KB
Ulimit
6 ulimit
ulimit 8 9
28 / 38
6 ulimit
(TechTarget )
29 / 38
Linux
Linux
Web Linux
Linux
1
passwd
30 / 38
(TechTarget
31 / 38
Linux
3
Linux
Linux
PAM Linux Linux PAM
PAM
PAM DES
4
Linux
ID
32 / 38
Linux
/etc/hosts.allow /etc/hosts.deny Linux
/var/log/secure
ID ID
root
root
Linux /etc/securetty root Red Hat
Linux rtys root root
root
su
5r
Linux r rloginrcp
root .rhosts
hosts.equiv root
r
PAM r /etc/pam.d/rlogin
home .rhosts
6root
Root Linux
sudo
sudo
sudo
33 / 38
sudo sudo
Linux sudo
sudo
sudo
/etc/cat
(TechTarget )
34 / 38
Linux
7
Linux
Linux
su
8
IDS
35 / 38
Linux Netfilter/Iptables
Linux Snort LIDSLinux
Intrusion Detection System
IP / IDS
9
Linux
Linux
Linux Linux
10
Linux Linux
Kernel Linux
Kernel Kernel
2.0.x
Kernel Kernel
Internet Linux
Red Hat www.redhat.comDebian Linux
36 / 38
www.debian.orgTurbolinux www.turbolinux.comSuSE
www.suse.com/index_us.htmlFedora fedora.redhat.com Linux
Linux
(TechTarget )
37 / 38
TechTarget