Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 32
- Pagina / 82
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
connections from 192.168.1.0, our LAN. For xinetd's purposes, this denotes any IP address beginning
with "192.168.1". Note that the syntax is different from inetd. The server statement in this case is the
tftp daemon, in.tftpd. Again, this assumes that libwrap/tcpwrappers support is compiled into xinetd. The
user running the daemon will be "nobody". Yes, there is a user account called "nobody", and it is wise to
run such daemons as non−root users whenever possible. Lastly, the disable statement is xinetd's way of
turning services on or off. In this case, it is "on". This is on here only as an example. Do NOT run tftp as a
public service as it is unsafe.
5.4. PortSentry
Portsentry works quite differently than the other tools discussed so far. Portsentry does what its name implies
−− it guards ports. Portsentry is configured with the /etc/portsentry/portsentry.conf file.
Unlike the other applications discussed above, it does this by actually becoming the listening server on those
ports. Kind of like baiting a trap. Running netstat −taup as root while portsentry is running, will show
portsentry as the LISTENER on whatever ports portsentry is configured for. If portsentry senses a connection
attempt, it blocks it completely. And then goes a step further and blocks the route to that host to stop all
further traffic. Alternately, ipchains or iptables can be used to block the host completely. So it makes an
excellent tool to stop port scanning of a range of ports.
But portsentry has limited flexibility as to whether it allows a given connection. It is pretty much all or
nothing. You can define specific IP addresses that it will ignore in
/etc/portsentry/portsentry.ignore. But you cannot allow selective access to individual ports.
This is because only one server can bind to a particular port at the same time, and in this case that is
portsentry itself. So it has limited usefulness as a stand−alone firewall. As part of an overall firewall strategy,
yes, it can be quite useful. For most of us, it should not be our first line of defense, and we should only use it
in conjunction with other tools.
Suggestion on when portsentry might be useful:
As a second layer of defense, behind either ipchains or iptables. Packet filtering will catch the
packets first, so that anything that gets to portsentry would indicate a misconfiguration. Do not use in
conjunction with inetd services −− it won't work. They will butt heads.
•
As a way to catch full range ports scans. Open a pinhole or two in the packet filter, and let
portsentry catch these and re−act accordingly.
•
If you are very sure you have no exposed public servers at all, and you just want to know who is up
to what. But do not assume anything about what portsentry is protecting. By default it does not watch
all ports, and may even leave some very commonly probed ports open. So make sure you configure it
accordingly. And make sure you have tested and verified your set up first, and that nothing is
exposed.
•
All in all, the packet filters make for a better firewall.
5.5. Proxies
The dictionary defines "proxy" as "the authority or power to act on behalf of another". This pretty well
describes software proxies as well. It is an intermediary in the connection path. As an example, if we were
Security Quick−Start HOWTO for Red Hat Linux
5.4. PortSentry 29
- Hal Burgiss 1
- Table of Contents 2
- 1. Introduction 4
- 1.2. Notes 5
- 1.3. Copyright 5
- 1.4. Credits 6
- 1.5. Disclaimer 6
- 1.7. Feedback 7
- 2. Foreword 8
- 2.2. Before We Start 9
- 3.1. System Audit 10
- 3.3. Stopping Services 12
- 3.3.1. Stopping Init Services 13
- 3.3.2. Inetd 14
- 3.3.2. Inetd 12 15
- 3.3.3. Xinetd 16
- 3.3.4. When All Else Fails 17
- 3.4. Exceptions 18
- 4. Step 2: Updating 20
- 4. Step 2: Updating 18 21
- 5.1. Strategy 22
- 5.2.1. ipchains 23
- 5.2.1. ipchains 21 24
- 5.2.2. iptables 26
- 5.2.2. iptables 24 27
- 5.3. Tcpwrappers (libwrap) 29
- 5.3.1. xinetd 31
- 5.4. PortSentry 32
- 5.5. Proxies 32
- 5.6. Individual Applications 33
- 5.7. Verifying 35
- 5.8. Logging 36
- 5.9. Where to Start 37
- 6. Intrusion Detection 39
- # chattr +i /bin/ps 40
- −−−i−−−−−−−−−− /bin/ps 40
- # chattr −i /bin/ps 40
- 7. General Tips 43
- # must exist 44
- root: hal@bigcat 44
- 8. Appendix 46
- 8.2. Common Ports 48
- 8.3. Netstat Tutorial 51
- 8.4. Attacks and Threats 59
- 8.4.2. Rootkits 60
- 8.4.3. Worms and Zombies 60
- 8.4.4. Script Kiddies 61
- 8.4.5. Spoofed IPs 61
- 8.4.6. Targeted Attacks 61
- 8.4.8. Brute Force 62
- 8.5. Links 63
- 8.6. Editing Text Files 65
- 8.7. nmap 68
- 8.8. Sysctl Options 71
- 8.8. Sysctl Options 69 72
- 8.9. Secure Alternatives 73
- 8.9. Secure Alternatives 71 74
- 8.9. Secure Alternatives 72 75
- 8.9. Secure Alternatives 73 76
- 8.10.2. iptables II 77
- 8.10.2. iptables II 75 78
- 8.10.2. iptables II 76 79
- 8.10.2. iptables II 77 80
- 8.10.3. Summary 81
- 8.10.4. iptables mini−me 82
© 2020, manymanuals.it. Tutti i diritti riservati | 0.018 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale