Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE Guida di Installazione Pagina 127
- Pagina / 282
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
Chapter 9. TCP Wrappers and xinetd 127
two files, /etc/hosts.allow and /etc/hosts.deny, each service’s file in /etc/xinetd.d can
contain access control rules based on the hosts that will be allowed to use that service.
The following options are supported in the xinetd files to control host access:
• only_from — Allows the hosts specified to use the service.
• no_access — Blocks these hosts from using this service.
• access_times — Specifies the time range when a particular service may be used. The time range
must be stated in a HH:MM-HH:MM format using 24-hour notation.
The only_from and no_access options can use a list of IP addresses or host names, or you can
specify an entire network. Like TCP wrappers, combining xinetd access control with the proper
logging configuration for that service, you can not only block the request but also record every attempt
to access it.
For example, the following /etc/xinetd.d/telnet file can be used to block telnet access to a
system by a particular network group and restrict the overall time range that even legitimate users can
log in:
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
no_access = 10.0.1.0/24
log_on_success += PID HOST EXIT
access_times = 09:45-16:15
}
In this example, when any system from the 10.0.1.0/24 subnet, such as 10.0.1.2, tries to telnet
into the boo host, they will receive a message stating Connection closed by foreign host.
In addition, their login attempt is logged in /var/log/secure:
May 15 17:35:47 boo xinetd[16188]: START: telnet pid=16191 from=10.0.1.2
May 15 17:38:49 boo xinetd[16252]: START: telnet pid=16256 from=10.0.1.2
May 15 17:38:49 boo xinetd[16256]: FAIL: telnet address from=10.0.1.2
May 15 17:38:49 booxinetd[16252]: EXIT: telnet status=0 pid=16256
9.3.1.4. Binding and Port Redirection
The service configuration files for xinetd also support binding the service to a particular IP address
and redirecting incoming requests for that service to another IP address, hostname, or port.
Binding, controlled with the bind option in the service configuration files, specifically links the ser-
vice to a particular IP address in use with the system, only allowing requests that use that IP address
to access the service. This is particularly useful for systems with multiple network adapters and using
multiple IP addresses, such as machines being used as firewalls, with one network adapter facing the
Internet and the other connected to an internal network. Attackers attempting to connect for a specific
service, such as telnet or FTP, via the Internet connection may be blocked from connecting to the
service while internal users may connect to the service via the NIC connected to the internal network.
The redirect option, which accepts an IP address or hostname followed by a port number, tells the
service to redirect any requests for this service to the specified location. This feature can be used to
- Red Hat Linux 7.3 1
- The Official Red Hat Linux 1
- Reference Guide 1
- Table of Contents 3
- Introduction 7
- 1.2. For the More Experienced 9
- 2. Document Conventions 10
- Mail backupfiles mail reports 11
- [stephen@maturin stephen]$ 12
- 3. Using the Mouse 13
- 5. More to Come 13
- 6. Sign Up for Support 13
- System Reference 15
- Chapter 1 17
- File System Structure 17
- 1.2.1. FHS Organization 18
- /usr/local/sbin." 19
- /usr." 20
- 1.3. Special File Locations 21
- Chapter 2 23
- The /proc File System 23
- 2.2. Top-Level Files in /proc 24
- /proc File System 25 25
- /proc File System 26
- /proc File System 27 27
- /proc File System 29 29
- /proc File System 31 31
- /proc File System 33 33
- /proc File System 35 35
- 2.3. Directories in /proc 37
- /proc File System 39 39
- /proc File System 41 41
- /proc File System 43 43
- /proc File System 45 45
- /proc File System 47 47
- /proc File System 49 49
- /proc File System 51 51
- 2.4. Using sysctl 52
- 2.5. Additional Resources 52
- /proc File System 53 53
- Chapter 3 55
- /etc/lilo.conf 56
- 3.2.2. Init 58
- 3.2.3. SysV Init 60
- 3.3. Sysconfig Information 61
- • CLOCKMODE= 63
- DESKTOP="GNOME" 64
- LANG="en_US" 65
- • DEVICE= 68
- • ROOTDIR=" 68
- /dev/raw/raw1 /dev/sda1 70
- /dev/raw/raw2 8 5 70
- • CARDTYPE= 71
- /etc/sysconfig/ Directory 72
- 3.4. Init Runlevels 73
- 3.6. Shutting Down 74
- ELILO boot loader 75
- Chapter 4 77
- 4.1.2. GRUB Features 78
- 4.2. Terminology 79
- 4.2.2. File Names 80
- 4.3. Interfaces 81
- 4.4. Commands 82
- 4.6. Additional Resources 84
- 86 Chapter 4. GRUB 86
- Chapter 5 87
- The ext3 File System 87
- /sbin/fdisk /dev/hdb 88
- /sbin/mkfs -t ext3 /dev/hdbX 89
- /sbin/tune2fs -j /dev/hdbX 90
- -y /dev/hdb1 91
- Chapter 6 93
- Users and Groups 93
- 6.3. Standard Groups 94
- 6.4. User Private Groups 96
- /usr/lib/emacs/site-lisp 97
- 6.5. Shadow Utilities 98
- Chapter 7 99
- X Servers and Clients 99
- 7.2. The XFree86 Server 100
- 7.3.1. Window Managers 104
- 7.4. Runlevels 105
- 7.4.2. Runlevel 5: prefdm 106
- 7.5. Fonts 107
- 7.5.1. xfs Configuration 108
- 7.5.2. Adding Fonts 108
- 7.6. Additional Resources 109
- 7.6.2. Useful Websites 110
- 7.6.3. Related Books 110
- Security Reference 111
- Chapter 8 113
- 8.3. PAM Modules 114
- 8.4. PAM Module Control Flags 115
- 8.5. PAM Module Paths 116
- 8.6. PAM Module Arguments 116
- 8.8. PAM and Device Ownership 118
- 8.9. Additional Resources 119
- Chapter 9 121
- TCP Wrappers and xinetd 121
- 9.2.1. Formatting Rules 122
- 9.4. Additional Resources 128
- 9.4.2. Useful Websites 129
- Chapter 10 131
- SSH Protocol 131
- 10.3. Layers of SSH Security 132
- 10.3.2. Authentication 133
- 10.3.3. Connection 134
- 10.5.1. X11 Forwarding 135
- 10.5.2. Port Forwarding 135
- • telnet 136
- Chapter 10. SSH Protocol 137 137
- 138 Chapter 10. SSH Protocol 138
- Chapter 11 139
- Kerberos 139
- 11.3. Kerberos Terminology 140
- 11.4. How Kerberos Works 141
- 11.5. Kerberos and PAM 142
- 11.8. Additional Resources 145
- 146 Chapter 11. Kerberos 146
- Chapter 12 147
- 12.3. File Locations 150
- 12.4. Tripwire Components 151
- 12.6. Selecting Passphrases 152
- 12.9. Printing Reports 153
- /etc/hosts, type a 154
- 12.12. Tripwire and Email 156
- 12.13. Additional Resources 157
- Network Services Reference 159
- Chapter 13 161
- Network Scripts 161
- 13.1.2. Dialup Interfaces 162
- 13.1.3. Alias and Clone Files 164
- /sbin/service network action 165
- 13.3. Network Functions 166
- Chapter 14 167
- Firewalling with iptables 167
- 14.3.1. Tables 169
- 14.3.2. Structure 169
- 14.3.3. Commands 169
- 14.3.4. Parameters 170
- 14.3.5. Match Options 171
- 14.3.6. Target Options 173
- 14.3.7. Listing Options 174
- 14.5. Additional Resources 175
- Chapter 15 177
- 178 Chapter 15. Apache 178
- /sbin/service httpd start 179
- /sbin/service httpd stop 179
- /sbin/service httpd restart 179
- /sbin/service httpd reload 179
- 15.3.20. ClearModuleList 183
- 15.3.21. AddModule 183
- 15.3.22. ExtendedStatus 183
- 15.3.23. Port 183
- 15.3.24. User 183
- 15.3.25. Group 184
- 15.3.26. ServerAdmin 184
- 15.3.27. ServerName 184
- 15.3.28. DocumentRoot 184
- 15.3.29. Directory 184
- 15.3.30. Options 185
- 15.3.31. AllowOverride 185
- 15.3.32. Order 185
- 15.3.35. UserDir 186
- 15.3.36. DirectoryIndex 186
- 15.3.37. AccessFileName 186
- 15.3.33. Allow 186
- 15.3.34. Deny 186
- 15.3.44. ErrorLog 188
- 15.3.45. LogLevel 188
- 15.3.46. LogFormat 188
- 15.3.47. CustomLog 188
- 15.3.48. ServerSignature 189
- 15.3.49. Alias 189
- 15.3.50. ScriptAlias 189
- 15.3.51. Redirect 190
- 15.3.52. IndexOptions 190
- 15.3.53. AddIconByEncoding 190
- 15.3.54. AddIconByType 190
- 15.3.62. AddLanguage 192
- 15.3.63. LanguagePriority 192
- 15.3.64. AddType 192
- 15.3.65. AddHandler 192
- 15.3.66. Action 192
- 15.3.67. MetaDir 193
- 15.3.68. MetaSuffix 193
- 15.3.69. ErrorDocument 193
- 15.3.70. BrowserMatch 193
- 15.3.71. Location 193
- 15.3.72. ProxyRequests 195
- 15.3.73. ProxyVia 195
- 15.3.74. Cache Directives 195
- 15.3.75. NameVirtualHost 195
- 15.3.76. VirtualHost 196
- 15.3.77. SetEnvIf 196
- 15.5. Using Virtual Hosts 198
- 15.6. Additional Resources 200
- Chapter 16 201
- 16.1.2. POP 202
- 16.1.3. SMTP 202
- 16.2.1. Mail User Agent 203
- 16.2.2. Mail Transfer Agent 203
- 16.3. Sendmail 204
- /etc/sendmail.cf by running: 206
- FEATURE(’ldap_routing’)dnl 208
- 16.4. Fetchmail 209
- • daemon 210
- 16.5. Procmail 212
- 16.5.1. Procmail Configuration 213
- 16.5.2. Procmail Recipes 214
- /dev/null 217
- 16.6. Security 218
- 16.7. Additional Resources 219
- 16.7.2. Useful Websites 220
- 16.7.3. Related Books 220
- Chapter 17 221
- 17.2. BIND Configuration Files 222
- 17.2.1. /etc/named.conf 223
- • include " 224
- • key " 224
- • view " 225
- • zone " 226
- 17.2.2. Zone Files 227
- $ORIGIN domain.com 228
- 259200 3D 231
- 604800 1W 231
- 31536000 365D 231
- SOA records 231
- 17.3. Using rndc 233
- 17.3.2. Command Line Options 235
- 17.4. BIND Advanced Features 236
- 17.6. Additional Resources 237
- 17.6.2. Useful Websites 238
- 17.6.3. Related Books 238
- Chapter 18 239
- Network File System (NFS) 239
- 18.1.1. NFS and portmap 240
- 100003 3 udp 2049 nfs 241
- 100021 1 udp 1028 nlockmgr 241
- 100021 3 udp 1028 nlockmgr 241
- 100021 4 udp 1028 nlockmgr 241
- [root@bleach /]# 241
- 18.2.1. /etc/exports 242
- 18.3.1. /etc/fstab 243
- 18.3.2. autofs 244
- 18.4. Securing NFS 245
- 18.5. Additional Resources 246
- 18.5.2. Related Books 247
- Chapter 19 249
- 19.3. Uses for LDAP 250
- 19.4. LDAP Terminology 250
- 19.6. OpenLDAP Files 251
- 19.6.2. The schema Directory 252
- 19.9. OpenLDAP Setup Overview 254
- 19.11. Additional Resources 256
- 19.11.2. Useful Websites 257
- 19.11.3. Related Books 257
- Appendixes 259
- Appendix A 261
- A.2. CD-ROM Module Parameters 262
- A.3. SCSI parameters 264
- A.4. Ethernet Parameters 267
Prodotti e manuali riguardandi Software di system management Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE
(6 pagine)© 2020, manymanuals.it. Tutti i diritti riservati | 0.021 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale