2005/08/18 18:54 http://blog.naver.com/jujac/20015983550
(네이버블로그에서 옮겨옴)
◎ ntsysv 명령으로 불필요한 데몬을 모두 죽인다.
◎ telnet과 FTP서비스에 대한 IP Address의 통제권한 부여
( TCP Wrappers를 이용 )
a. hosts.deny : 접속을 차단
■ vi Edit Console
=====================================================
#=====================================================
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
in.telnetd:ALL
in.ftpd:ALL
b. hosts.allow : 접속을 허용
■ vi Edit Console
=====================================================
#=====================================================
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
in.telnetd:123.123.123.123
in.ftpd:123.123.123.123
c. 변경후 xinetd restart필요
■ vi Edit Console
=====================================================
[root@ns etc]$ cd /etc/rc.d/init.d=====================================================
[root@ns init.d]$ ./xinit.d stop
Stoping xinetd: [OK]
[root@ns init.d]$ ./xinit.d start
Starting xinetd: [OK]
[root@ns init.d]$ _
◎ 포트제어
a. setup명령에 의한 firewall configuration 제어
b. /etc/services 파일 직접제어
댓글 없음:
댓글 쓰기