tcp_wrapper 셋팅하기(hosts.deny)
작성자 관리자 작성시간 2003-08-20 11:03:07
 

# tar xvfp tcp_wrappers_7.6.tar

# cd tcp_wrappers_7.6

# make REAL_DAEMON_DIR=/usr/sbin sunos5

# cp tcpd tcpdchk tcpdmatch try-from safe_finger /usr/sbin

#  cp *.3 /usr/local/man/man3

# cp *.5 /usr/local/man/man5

# cp *.8 /usr/local/man/man8

1. /etc/inetd.conf 파일수정하기



/etc/inetd.conf 파일은 인터넷수퍼데몬이라는 tcpd의 환경설정파일 즉, tcpd 컨트롤파일이라고 할수 있다.

이 파일에는 인터넷서비스를 위한 각종 데몬들의 실행위치 및 옵션들이 설정되어 있으며 이제 우리는 원하는 인터넷서비스(예, telnet, ftp, pop등)에 tcp_wrapper를 적용하기 위해서 다음과 같은 셋팅을 해야한다.



아래는 ftp와 telnet의 설정사항만을 보여준 것이다.

/etc/inetd.conf파일을 vi로 열어서 아래와 같이 고쳐주면된다.



ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a

telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd



만약, 다른서비스들도 tcp_wrapper를 적용하여 서비스되길 원한다면 그 예를 아래에 보인다.



ftp stream tcp nowait root /usr/sbin/tcpd ftpd

telnet stream tcp nowait root /usr/sbin/tcpd ftpd

tftp dgram udp wait nobody /usr/sbin/tcpd tftpd -n

finger stream tcp nowait nobody /usr/sbin/tcpd fingerd

exec stream tcp nowait root /usr/sbin/tcpd rexecd

login stream tcp nowait root /usr/sbin/tcpd rlogind

shell stream tcp nowait root /usr/sbin/tcpd rshd

talk dgram udp wait root /usr/sbin/tcpd talkd

ntalk dgram udp wait root /usr/sbin/tcpd talkd



2. /etc/hosts.allow 와/etc/hosts.deny 파일설정하기

3. 인터넷수퍼데몬 (inetd) 재시작하기



[/etc/init.d:@sms #] ps -ef | grep inetd

root 173 1 0 5월 10 ? 0:09 /usr/sbin/inetd -s

root 21869 16438 0 15:41:08 pts/7 0:00 grep inetd

[/etc/init.d:@sms #]

[/etc/init.d:@sms #] kill -9 173

[/etc/init.d:@sms #]

[/etc/init.d:@sms #] /usr/sbin/inetd -s

[/etc/init.d:@sms #]

[/etc/init.d:@sms #] ps -ef | grep inetd

root 21883 16438 0 15:41:53 pts/7 0:00 grep inetd

root 21881 1 0 15:41:44 ? 0:00 /usr/sbin/inetd -s

[/etc/init.d:@sms #]

[/etc/init.d:@sms #]

4. 테스트

tcpd의 로그파일 secure의 예



# tail -f secure

Aug 22 14:32:21 hlxsvr in.ftpd[3988]: connect from 210.101.112.240

Aug 22 14:40:36 hlxsvr in.telnetd[4007]: connect from 210.101.112.241

Aug 22 14:40:44 hlxsvr login: LOGIN ON 1 BY sspark FROM 210.101.112.241

Aug 22 19:34:13 hlxsvr in.telnetd[4243]: connect from 210.101.112.240

Aug 22 19:34:16 hlxsvr login: LOGIN ON 0 BY sspark FROM 210.101.112.240

Aug 22 19:40:05 hlxsvr in.telnetd[4283]: connect from 210.101.112.241

Aug 22 19:40:11 hlxsvr login: LOGIN ON 2 BY sspark FROM 210.101.112.241

Aug 22 20:03:48 hlxsvr in.telnetd[4330]: connect from 210.101.112.240

Aug 22 20:03:57 hlxsvr login: LOGIN ON 3 BY sspark FROM 210.101.112.240

Aug 22 20:07:37 hlxsvr in.telnetd[4370]: connect from 210.101.112.240

Aug 22 20:07:55 hlxsvr login: LOGIN ON 3 BY sspark FROM 210.101.112.240

Aug 22 21:52:05 hlxsvr in.telnetd[4798]: connect from 210.101.112.240

Aug 22 21:52:14 hlxsvr login: LOGIN ON 3 BY sspark FROM 210.101.112.240

Aug 22 22:17:02 hlxsvr in.telnetd[4859]: refused connect from 168.126.63.21

Aug 22 22:17:19 hlxsvr in.telnetd[4860]: refused connect from 210.101.112.240

Aug 22 22:26:54 hlxsvr in.telnetd[4893]: connect from 168.126.3.3

Aug 22 22:26:59 hlxsvr login: LOGIN ON 4 BY sspark FROM soback.kornet.net

Aug 22 22:27:05 hlxsvr in.telnetd[4910]: connect from 168.126.63.21

Aug 22 22:27:08 hlxsvr login: LOGIN ON 4 BY sspark FROM w4.kornet.net

Aug 22 22:27:48 hlxsvr in.telnetd[4927]: refused connect from 210.222.17.54
목록 | 입력 | 수정 | 답변 | 삭제