ÅÌÁ³¤Ê³«È¯Æüµ­ ¥«¥ì¥ó¥À¡¼
2007ǯ 2·î
Æü ·î ²Ð ¿å ÌÚ ¶â ÅÚ
« 1·î   4·î »
 123
45678910
11121314151617
18192021222324
25262728  
ÅÌÁ³¤Ê³«È¯Æüµ­¤Î¸¡º÷
¥á¥¤¥ó¥á¥Ë¥å¡¼
iifp group site
¤´ÍøÍѤˤ¢¤¿¤Ã¤Æ
¥â¥Ð¥¤¥ë¥µ¥¤¥È

¥â¥Ð¥¤¥ë¥µ¥¤¥È¥¢¥É¥ì¥¹
[PR]

2007ǯ2·î15Æü(ÌÚÍËÆü)

¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤Î¤³¤È

¥«¥Æ¥´¥ê¡¼: - admin @ 13»þ40ʬ04ÉÃ

¼Ú¤ê¤Æ¤¤¤ëÀìÍÑ¥µ¡¼¥Ð¡ÊFedoraCore6¡Ë¤ËHTTP¡¦HTTPS¡¦SSH¤òÆþ¤ì¤¿¤Î¤Ç¡¢¥»¥­¥å¥ê¥Æ¥£¤ò¶¯²½¤·¤è¤¦¤È»×¤¤¤Þ¤¹¡£
»ÈÍѤ¹¤ë¥³¥Þ¥ó¥É¤Ï
#iptables
¤Ç¤¹¡£

¤Þ¤º¤Ï¡¢¸½¾õ¤Î³Îǧ¡£
#iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination



¤Èɽ¼¨¤µ¤ì¤Þ¤·¤¿¡£
Á´Éô¼õ¤±ÉÕ¤±¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¡£

¼è¤ê¹ç¤¨¤º¡¢Ì¤¤ÀTELNET¤äFTP¤Î¥µ¡¼¥Ó¥¹¤¬µ¯Æ°¤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢TELNET¤äFTP¤Î¥µ¡¼¥Ó¥¹¤ò¼è¤ê½ü¤¯¤³¤È¤Ë¤·¤Þ¤¹¡£
#vi /etc/xinetd.d/telnet

# default: on 
# description: The telnet server serves telnet sessions; it uses  
#       unencrypted username/password pairs for authentication. 
service telnet 

        flags           = REUSE 
        socket_type     = stream 
        wait            = no 
        user            = root 
        server          = /usr/sbin/in.telnetd 
        log_on_failure  += USERID 
        disable         = yes¡¡¢«¡Öno¡×¤ò¡Öyes¡×¤Ë 
}

¤Ë¤¹¤ë¡£
¥µ¡¼¥Ó¥¹¤òºÆµ¯Æ°
#/etc/rc.d/init.d/xinetd restart
¤³¤ì¤ÇTELNET¤Ï»ÈÍѤǤ­¤Ê¤¤¡£

FTP¤Ï
#service vsftp off
#chkcinfgi vsftp off
¤Ç¥µ¡¼¥Ó¥¹¤òÄä»ß¤¹¤ë¡£

¤µ¤Æ¡¢¤¤¤è¤¤¤èËÜÂê¤Î¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤ÎÀßÄê¡£
¤Þ¤º¡¢
# iptables -P INPUT ACCEPT
# iptables -P FORWARD DROP
# iptables -P OUTPUT ACCEPT
1¹ÔÌܤϡ¢INPUT¡ÊÆþÎϡˤòACCEPT¡Êµö²Ä¡Ë¡¢2¹ÔÌܤÏFORWARD¡Ê¥ë¡¼¥¿¤È¤·¤Æ»ÈÍѡˤÏDROP¡ÊÇË´þ¡Ë¡¢OUTPUT¡Ê½ÐÎϡˤÏACCEPT¡£

¼¡¤Ë
# iptables -F
¼è¤ê¹ç¤¨¤º¡¢¥ë¡¼¥ë¤ò¥¯¥ê¥¢¤·¤Æ¡£

cmp(ping)¤È¼«Ã¼Ëö¤«¤é¤ÎÆþÎϤòµö²Ä
# iptables -A INPUT -p icmp -j ACCEPT
# iptables -A INPUT -i lo -j ACCEPT

Web¡¢POP¡¢smtp ¤Ë¤è¤ëÀܳ¤òµö²Ä
# iptables -A INPUT -p tcp –dport 80 -j ACCEPT
# iptables -A INPUT -p tcp –dport 110 -j ACCEPT
# iptables -A INPUT -p tcp –dport 25 -j ACCEPT

ssh ¤Ë¤è¤ëÀܳ¤òµö²Ä
# iptables -A INPUT -p tcp –dport 22 -j ACCEPT

ɬÍפʤ顦¡¦¡¦¡¦¡¦
¥í¡¼¥«¥ë¤Î¾üËö¤«¤éWebmin¤Ç¤ÎÀܳ¤òµö²Ä(Webmin¤Î¥Ý¡¼¥È:10000)
# iptables -A INPUT -s 192.168.0.0/24 -p tcp –dport 10000 -j ACCEPT

TCP¤ÎÀܳ³«»Ï¤È±þÅú¡¢FTP¥Ç¡¼¥¿¤Ê¤É¤òµö²Ä
# iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

¾¤ÎÀܳ¤Ï¤¹¤Ù¤ÆÇË´þ(¥Ý¥ê¥·¡¼¤ÎºÆÀßÄê)
# iptables -P INPUT DROP
¢¨¤³¤Î»þÅÀ¤Ç¡¢¾åµ­¤ÎÀßÄ꤬ͭ¸ú¤Ê¤Î¤Ç´Ö°ã¤Ã¤Æ¤â
¢¨# iptables -F
¢¨¤Ê¤ó¤Æ¤·¤Ê¤¤¤è¤¦¤ËÃí°Õ¡ª¡ª
¢¨¤³¤ì¤ä¤Á¤ã¤Ã¤Æ¡¢¥µ¡¼¥Ð¤òºÆµ¯Æ°¤¹¤ë¤Ï¤á¤Ë¤Ê¤Ã¤¿¡¦¡¦¡¦¡¦

¤³¤ó¤Ê´¶¤¸¤Ç¡¢Â¾¤Ë¤â¤¢¤ë¤±¤É¼è¤ê¹ç¤¨¤ºOK¡ª
¤½¤ì¤«¤é¥ë¡¼¥ë¤òÊݸ¡£¡Ê¤³¤ì¤·¤Ê¤¤¤È¥µ¡¼¥ÐºÆµ¯Æ°»þ¤ËÀßÄ꤬¾Ã¤¨¤ë¡Ë
# /etc/init.d/iptables save
¤Ç¡¢¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤ÎºÆµ¯Æ°
# service iptables restart
¤³¤ì¤ÇOK¡ª


TrackBacks

¤³¤Î¥³¥á¥ó¥È¤ÎRSS

TrackBack URL : http://project.iifp.biz/modules/xmaoh0/archives/2007/02/15/67/trackback/

¤³¤ÎÅê¹Æ¤Ë¤Ï¡¢¤Þ¤À¥³¥á¥ó¥È¤¬ÉÕ¤¤¤Æ¤¤¤Þ¤»¤ó

¥³¥á¥ó¥È

 
Åê¹Æ¤µ¤ì¤¿ÆâÍƤÎÃøºî¸¢¤Ï¥³¥á¥ó¥È¤ÎÅê¹Æ¼Ô¤Ëµ¢Â°¤·¤Þ¤¹¡£
Presented by office forplus © 2007