| |
# tar xvfp tcp_wrappers_7.6.tar
# cd tcp_wrappers_7.6
# make REAL_DAEMON_DIR=/usr/sbin sunos5
# cp tcpd tcpdchk tcpdmatch try-from safe_finger /usr/sbin
# cp *.3 /usr/local/man/man3
# cp *.5 /usr/local/man/man5
# cp *.8 /usr/local/man/man8
1. /etc/inetd.conf ÆÄÀϼöÁ¤Çϱâ
/etc/inetd.conf ÆÄÀÏÀº ÀÎÅͳݼöÆÛµ¥¸óÀ̶ó´Â tcpdÀÇ È¯°æ¼³Á¤ÆÄÀÏ Áï, tcpd ÄÁÆ®·ÑÆÄÀÏÀ̶ó°í ÇÒ¼ö ÀÖ´Ù.
ÀÌ ÆÄÀÏ¿¡´Â ÀÎÅͳݼºñ½º¸¦ À§ÇÑ °¢Á¾ µ¥¸óµéÀÇ ½ÇÇàÀ§Ä¡ ¹× ¿É¼ÇµéÀÌ ¼³Á¤µÇ¾î ÀÖÀ¸¸ç ÀÌÁ¦ ¿ì¸®´Â ¿øÇÏ´Â ÀÎÅͳݼºñ½º(¿¹, telnet, ftp, popµî)¿¡ tcp_wrapper¸¦ Àû¿ëÇϱâ À§Çؼ ´ÙÀ½°ú °°Àº ¼ÂÆÃÀ» ÇؾßÇÑ´Ù.
¾Æ·¡´Â ftp¿Í telnetÀÇ ¼³Á¤»çÇ׸¸À» º¸¿©ÁØ °ÍÀÌ´Ù.
/etc/inetd.confÆÄÀÏÀ» vi·Î ¿¾î¼ ¾Æ·¡¿Í °°ÀÌ °íÃÄÁÖ¸éµÈ´Ù.
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
¸¸¾à, ´Ù¸¥¼ºñ½ºµéµµ tcp_wrapper¸¦ Àû¿ëÇÏ¿© ¼ºñ½ºµÇ±æ ¿øÇÑ´Ù¸é ±× ¿¹¸¦ ¾Æ·¡¿¡ º¸ÀδÙ.
ftp stream tcp nowait root /usr/sbin/tcpd ftpd
telnet stream tcp nowait root /usr/sbin/tcpd ftpd
tftp dgram udp wait nobody /usr/sbin/tcpd tftpd -n
finger stream tcp nowait nobody /usr/sbin/tcpd fingerd
exec stream tcp nowait root /usr/sbin/tcpd rexecd
login stream tcp nowait root /usr/sbin/tcpd rlogind
shell stream tcp nowait root /usr/sbin/tcpd rshd
talk dgram udp wait root /usr/sbin/tcpd talkd
ntalk dgram udp wait root /usr/sbin/tcpd talkd
2. /etc/hosts.allow ¿Í/etc/hosts.deny ÆÄÀϼ³Á¤Çϱâ
3. ÀÎÅͳݼöÆÛµ¥¸ó (inetd) Àç½ÃÀÛÇϱâ
[/etc/init.d:@sms #] ps -ef | grep inetd
root 173 1 0 5¿ù 10 ? 0:09 /usr/sbin/inetd -s
root 21869 16438 0 15:41:08 pts/7 0:00 grep inetd
[/etc/init.d:@sms #]
[/etc/init.d:@sms #] kill -9 173
[/etc/init.d:@sms #]
[/etc/init.d:@sms #] /usr/sbin/inetd -s
[/etc/init.d:@sms #]
[/etc/init.d:@sms #] ps -ef | grep inetd
root 21883 16438 0 15:41:53 pts/7 0:00 grep inetd
root 21881 1 0 15:41:44 ? 0:00 /usr/sbin/inetd -s
[/etc/init.d:@sms #]
[/etc/init.d:@sms #]
4. Å×½ºÆ®
tcpdÀÇ ·Î±×ÆÄÀÏ secureÀÇ ¿¹
# tail -f secure
Aug 22 14:32:21 hlxsvr in.ftpd[3988]: connect from 210.101.112.240
Aug 22 14:40:36 hlxsvr in.telnetd[4007]: connect from 210.101.112.241
Aug 22 14:40:44 hlxsvr login: LOGIN ON 1 BY sspark FROM 210.101.112.241
Aug 22 19:34:13 hlxsvr in.telnetd[4243]: connect from 210.101.112.240
Aug 22 19:34:16 hlxsvr login: LOGIN ON 0 BY sspark FROM 210.101.112.240
Aug 22 19:40:05 hlxsvr in.telnetd[4283]: connect from 210.101.112.241
Aug 22 19:40:11 hlxsvr login: LOGIN ON 2 BY sspark FROM 210.101.112.241
Aug 22 20:03:48 hlxsvr in.telnetd[4330]: connect from 210.101.112.240
Aug 22 20:03:57 hlxsvr login: LOGIN ON 3 BY sspark FROM 210.101.112.240
Aug 22 20:07:37 hlxsvr in.telnetd[4370]: connect from 210.101.112.240
Aug 22 20:07:55 hlxsvr login: LOGIN ON 3 BY sspark FROM 210.101.112.240
Aug 22 21:52:05 hlxsvr in.telnetd[4798]: connect from 210.101.112.240
Aug 22 21:52:14 hlxsvr login: LOGIN ON 3 BY sspark FROM 210.101.112.240
Aug 22 22:17:02 hlxsvr in.telnetd[4859]: refused connect from 168.126.63.21
Aug 22 22:17:19 hlxsvr in.telnetd[4860]: refused connect from 210.101.112.240
Aug 22 22:26:54 hlxsvr in.telnetd[4893]: connect from 168.126.3.3
Aug 22 22:26:59 hlxsvr login: LOGIN ON 4 BY sspark FROM soback.kornet.net
Aug 22 22:27:05 hlxsvr in.telnetd[4910]: connect from 168.126.63.21
Aug 22 22:27:08 hlxsvr login: LOGIN ON 4 BY sspark FROM w4.kornet.net
Aug 22 22:27:48 hlxsvr in.telnetd[4927]: refused connect from 210.222.17.54
|