Part III: System Administration Tools
Chapter 9: Bypassing Automatic Configurations to Gain Control
Debian
系统启动 /etc/inittab 调用 /etc/init.d/rcS
SysV启动脚本 /etc/rc?.d
运行级别和启动X /etc/X11/default-display-manager
cron: /etc/crontab 调用 /etc/cron.interval
超级服务 inetd, xinetd
邮件服务器
模块update-modules 根据/etc/modutils目录自动创建 /etc/modules.conf
网络配置: 启动脚本/etc/init.d/networking 配置文件/etc/network
启动文件: /etc/rc.boot 以及 /etc/rcS.d
SysV 启动脚本模板
#!/bin/bash
case "$1" in
start)
/usr/local/bin/bigserv
;;
stop)
/usr/bin/killall bigserv
;;
restart)
$0 stop
$0 start
;;
esac
~/.xinitrc ==> startx
~/.xsession ==> XDM,KDM,GDM
~/.vnc/xstartup ==> VNC server
Chapter 10: Using Multiple OSs
GRUB
# grub
grub> find /boot/grub/stage1
(hd0,5)
grub> root (hd0,5)
grub> setup (hd0)
grub> quit
Chapter 11: Managing Packages
Chapter 13: Managing Printers
Chapter 14: Programs and Processes
ps
top
pstree
w
jobs
lsof
netstat
nice/renice
kill/killall
Chapter 15: Creating a Custom Kernel
Chapter 16: Optimizing X Configuration
Chapter 17: Protecting Your System with Backups
cp
cpio
dump
smbtar
tar
Chapter 18: System Security
攻击方法
好的密码
本地服务
# netstat -ap
$ nmap -sT www.debsir.org
Part IV: Networking Tools
Chapter 19: Basic Network Configuration
网卡
驱动 /etc/modules.conf
DHCP
客户端 dhclient/pump 调用程序 /sbin/ifup 配置文件 /etc/network/interfaces, /etc/dhclient.conf RedHat /etc/sysconfig/network,/etc/sysconfig/network-scripts/ifcfg-eth0
配置生效: # /etc/rc.d/init.d/network stop|start
查看进程: $ ps ax | grep dhcpcd
静态地址
测试
Xtraceroute
优化网络
Chapter 20: Controlling Network Access
防火墙工具
Shorewall 调用配置文件 /etc/sysconfig/iptables
Red Hat Security Level Configuration: redhat-config-securitylevel 和 lokkit 调用 iptables
Knetfilter 配置文件 /etc/iptables_rules.cfg
防火墙模板
#!/bin/bash
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# Let traffic on the loopback interface pass
iptables -A OUTPUT -d 127.0.0.1 -o lo -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -i lo -j ACCEPT
# Let DNS traffic pass
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 -j ACCEPT
# Let clients' TCP traffic pass
iptables -A OUTPUT -p tcp --sport 1024:65535 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 1024:65535 -m state \
--state ESTABLISHED,RELATED -j ACCEPT
# Let local connections to local SSH server pass
iptables -A OUTPUT -p tcp --sport 22 -d 172.24.1.0/24 -m state \
--state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -s 172.24.1.0/24 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
TCP Wrappers
通常由 inetd 调用
配置文件 /etc/inetd.conf /etc/hosts.allow 和 /etc/hosts.deny
服务名解析 /etc/services
TCP Wrappers配置格式(/etc/hosts.allow 和 /etc/hosts.deny)
service-names : client-list [: shell-command ]
service-names : 例如 in.ftpd 或 in.telnetd
client-list : ip地址或ip地址范围, 主机名, 域名, 用户名 例如 172.24.45.0/24 EXCEPT 172.24.45.72
/etc/hosts.allow 格式
in.telnetd : 172.24.45.2 trex.pangaea.edu
vsftpd : 172.24.45. EXCEPT 172.24.45.1
imapd : .pangaea.edu EXCEPT router.pangaea.edu
ipop3d : sue@trex.pangaea.edu
xinetd
格式
service swat
{
port = 901
socket_type = stream
wait = no
only_from = 127.0.0.1
user = root
server = /usr/sbin/swat
disable = no
}
使用Jail
chroot
Chapter 21: Detecting Intruders
Tripwire
策略文件格式:
TWBIN = /usr/sbin ;
# Tripwire binaries
(
rulename = "Tripwire Binaries",
)
{
$(TWBIN)/siggen -> $(ReadOnly) ;
$(TWBIN)/tripwire -> $(ReadOnly) ;
$(TWBIN)/twadmin -> $(ReadOnly) ;
$(TWBIN)/twprint -> $(ReadOnly) ;
}
/usr/bin -> $(ReadOnly) ;
/etc -> $(Dynamic) ;
初始化数据库
/etc/tripwire/twinstall.sh
tripwire --init
校验
tripwire --check
修改Tripwire配置
twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt # 修改配置文件
twadmin --create-polfile -S /etc/tripwire/site.key /etc/tripwire/twpol.txt # 修改策略
tripwire --update-policy -S /etc/tripwire/site.key /etc/tripwire/twpol.txt # 创建新的策略文件
tripwire --update --twrfile /var/lib/tripwire/report/knox.luna.edu-20031212-155357.twr # 更新数据库
chkrootkit
Part V: Server Tools
Chapter 22: Running Servers
SysV启动脚本
位置: Debian /etc/init.d /etc/rc?.d Redhat /etc/rc.d/init.d/ /etc/rc.d/rc?.d
chkconfig/ntsysv/redhat-config-services/ksysv
本地启动脚本: /etc/rc.boot
Chapter 23: Getting More from a Web Server
web服务器: apache/roxen/zeus/kHTTPd
apache服务器配置
Chapter 24: Serving Files
FTP
NFS
Samba
Chapter 25: Delivering E-Mail
服务器: Sendmail/Postfix/Exim/qmail
Chapter 26: Providing Remote Login Access
字符模式远程访问: OpenSSH
GUI 远程访问: XDMCP Server/VNC
Chapter 27: Miscellaneous Servers
DHCP
DNS
NTP
燃烧吧, 我的小宇宙!
生命不息,博客不止!
博客归档
-
▼
2007
(67)
-
▼
十月
(20)
- Linux Power Tools: (III) System Administration Tools
- Linux Power Tools: (II) User Tools
- Linux Power Tools: (I) Hardware Tools 2
- Linux Power Tools: (I) Hardware Tools 1
- 心情
- 文件名编码转换工具convmv
- 学习笔记:VIM-1 基本操作4
- netbeans下不能输入中文问题的解决
- 学习笔记:VIM-1 基本操作3
- 学习笔记:VIM-1 基本操作2
- wget 使用技巧
- Debian 下时区的设定
- netstat 及 traceroute
- CA
- Error: REPORT of '/svn/!svn/vcc/default': 200 OK
- Apache2的启动参数
- OpenSSL Command-Line HOWTO
- 常见数字证书格式和文件扩展名
- apache2下的限速模块
- dns信息及nslookup 使用
-
▼
十月
(20)
没有评论:
发表评论