Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE Guida di Installazione Pagina 49
- Pagina / 282
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
Chapter 2. The /proc File System 49
• message_burst — Tenths of seconds required to write a new warning message. This is used to
prevent Denial of Service (DoS) attacks. The default setting is 50.
• message_cost — Also used to prevent DoS attacks by placing a cost on every warning message.
The higher the value of this file (default of 5), the more likely the warning message will be ignored.
The idea is that an attacker could bombard your system with requests that generate errors and fill
up your logs or require all of your system’s resources to handle error logging. The settings in mes-
sage_burst and message_cost are designed to be modified based on your system’s acceptable
risk versus the need for comprehensive logging.
• netdev_max_backlog — Sets the maximum number of packets allowed to queue when a partic-
ular interface receives packets faster than the kernel can process them. The default value for this
file is 300.
• optmem_max — Configures the maximum ancillary buffer size allowed per socket.
• rmem_default — Sets the receive socket buffer’s default size in bytes.
• rmem_max — Sets the receive socket buffer’s maximum size in bytes.
• wmem_default — Sets the send socket buffer’s default size in bytes.
• wmem_max — Sets the send socket buffer’s maximum size in bytes.
The /ipv4 directory contains additional networking settings. Many of these settings, used in con-
junction with one another, are very useful in preventing attacks on the system or using the system to
act as a router.
Caution
An erroneous change to these files may affect your remote connectivity to the system.
Here are some of the most important files in the /proc/net/ipv4/ directory:
• icmp_destunreach_rate, icmp_echoreply_rate, icmp_paramprob_rate and
icmp_timeexeed_rate — Set the maximum ICMP send packet rate, in hundredths of a second,
to hosts under certain conditions. A setting of 0 removes any delay and is not a good idea.
• icmp_echo_ignore_all and icmp_echo_ignore_broadcasts — Allows the kernel to ignore
ICMP ECHO packets from every host or only those originating from broadcast and multicast ad-
dresses, respectively. A value of 0 allows the kernel to respond, while a value of 1 ignores the
packets.
• ip_default_ttl — Sets the default Time To Live (TTL), which limits the number of hops a packet
may make before reaching its destination. Increasing this value can diminish system performance.
• ip_forward — Permits interfaces on the system to forward packets to one other. By default, this
file is set to 0. Setting this file to 1 will enable network packet forwarding.
• ip_local_port_range — Specifies the range of ports to be used by TCP or UDP when a local
port is needed. The first number is the lowest port to be used, and the second number specifies the
highest port. Any systems that expect to require more ports than the default 1024 to 4999 should
use the 32768 to 61000 range in this file.
• tcp_syn_retries — Provides a limit on the number of times your system will re-transmit a SYN
packet when attempting to make a connection.
• tcp_retries1 — Sets the number of permitted re-transmissions attempting to answer an incom-
ing connection. Default of 3.
• tcp_retries2 — Sets the number of permitted re-transmissions of TCP packets. Default of 15.
- Red Hat Linux 7.3 1
- The Official Red Hat Linux 1
- Reference Guide 1
- Table of Contents 3
- Introduction 7
- 1.2. For the More Experienced 9
- 2. Document Conventions 10
- Mail backupfiles mail reports 11
- [stephen@maturin stephen]$ 12
- 3. Using the Mouse 13
- 5. More to Come 13
- 6. Sign Up for Support 13
- System Reference 15
- Chapter 1 17
- File System Structure 17
- 1.2.1. FHS Organization 18
- /usr/local/sbin." 19
- /usr." 20
- 1.3. Special File Locations 21
- Chapter 2 23
- The /proc File System 23
- 2.2. Top-Level Files in /proc 24
- /proc File System 25 25
- /proc File System 26
- /proc File System 27 27
- /proc File System 29 29
- /proc File System 31 31
- /proc File System 33 33
- /proc File System 35 35
- 2.3. Directories in /proc 37
- /proc File System 39 39
- /proc File System 41 41
- /proc File System 43 43
- /proc File System 45 45
- /proc File System 47 47
- /proc File System 49 49
- /proc File System 51 51
- 2.4. Using sysctl 52
- 2.5. Additional Resources 52
- /proc File System 53 53
- Chapter 3 55
- /etc/lilo.conf 56
- 3.2.2. Init 58
- 3.2.3. SysV Init 60
- 3.3. Sysconfig Information 61
- • CLOCKMODE= 63
- DESKTOP="GNOME" 64
- LANG="en_US" 65
- • DEVICE= 68
- • ROOTDIR=" 68
- /dev/raw/raw1 /dev/sda1 70
- /dev/raw/raw2 8 5 70
- • CARDTYPE= 71
- /etc/sysconfig/ Directory 72
- 3.4. Init Runlevels 73
- 3.6. Shutting Down 74
- ELILO boot loader 75
- Chapter 4 77
- 4.1.2. GRUB Features 78
- 4.2. Terminology 79
- 4.2.2. File Names 80
- 4.3. Interfaces 81
- 4.4. Commands 82
- 4.6. Additional Resources 84
- 86 Chapter 4. GRUB 86
- Chapter 5 87
- The ext3 File System 87
- /sbin/fdisk /dev/hdb 88
- /sbin/mkfs -t ext3 /dev/hdbX 89
- /sbin/tune2fs -j /dev/hdbX 90
- -y /dev/hdb1 91
- Chapter 6 93
- Users and Groups 93
- 6.3. Standard Groups 94
- 6.4. User Private Groups 96
- /usr/lib/emacs/site-lisp 97
- 6.5. Shadow Utilities 98
- Chapter 7 99
- X Servers and Clients 99
- 7.2. The XFree86 Server 100
- 7.3.1. Window Managers 104
- 7.4. Runlevels 105
- 7.4.2. Runlevel 5: prefdm 106
- 7.5. Fonts 107
- 7.5.1. xfs Configuration 108
- 7.5.2. Adding Fonts 108
- 7.6. Additional Resources 109
- 7.6.2. Useful Websites 110
- 7.6.3. Related Books 110
- Security Reference 111
- Chapter 8 113
- 8.3. PAM Modules 114
- 8.4. PAM Module Control Flags 115
- 8.5. PAM Module Paths 116
- 8.6. PAM Module Arguments 116
- 8.8. PAM and Device Ownership 118
- 8.9. Additional Resources 119
- Chapter 9 121
- TCP Wrappers and xinetd 121
- 9.2.1. Formatting Rules 122
- 9.4. Additional Resources 128
- 9.4.2. Useful Websites 129
- Chapter 10 131
- SSH Protocol 131
- 10.3. Layers of SSH Security 132
- 10.3.2. Authentication 133
- 10.3.3. Connection 134
- 10.5.1. X11 Forwarding 135
- 10.5.2. Port Forwarding 135
- • telnet 136
- Chapter 10. SSH Protocol 137 137
- 138 Chapter 10. SSH Protocol 138
- Chapter 11 139
- Kerberos 139
- 11.3. Kerberos Terminology 140
- 11.4. How Kerberos Works 141
- 11.5. Kerberos and PAM 142
- 11.8. Additional Resources 145
- 146 Chapter 11. Kerberos 146
- Chapter 12 147
- 12.3. File Locations 150
- 12.4. Tripwire Components 151
- 12.6. Selecting Passphrases 152
- 12.9. Printing Reports 153
- /etc/hosts, type a 154
- 12.12. Tripwire and Email 156
- 12.13. Additional Resources 157
- Network Services Reference 159
- Chapter 13 161
- Network Scripts 161
- 13.1.2. Dialup Interfaces 162
- 13.1.3. Alias and Clone Files 164
- /sbin/service network action 165
- 13.3. Network Functions 166
- Chapter 14 167
- Firewalling with iptables 167
- 14.3.1. Tables 169
- 14.3.2. Structure 169
- 14.3.3. Commands 169
- 14.3.4. Parameters 170
- 14.3.5. Match Options 171
- 14.3.6. Target Options 173
- 14.3.7. Listing Options 174
- 14.5. Additional Resources 175
- Chapter 15 177
- 178 Chapter 15. Apache 178
- /sbin/service httpd start 179
- /sbin/service httpd stop 179
- /sbin/service httpd restart 179
- /sbin/service httpd reload 179
- 15.3.20. ClearModuleList 183
- 15.3.21. AddModule 183
- 15.3.22. ExtendedStatus 183
- 15.3.23. Port 183
- 15.3.24. User 183
- 15.3.25. Group 184
- 15.3.26. ServerAdmin 184
- 15.3.27. ServerName 184
- 15.3.28. DocumentRoot 184
- 15.3.29. Directory 184
- 15.3.30. Options 185
- 15.3.31. AllowOverride 185
- 15.3.32. Order 185
- 15.3.35. UserDir 186
- 15.3.36. DirectoryIndex 186
- 15.3.37. AccessFileName 186
- 15.3.33. Allow 186
- 15.3.34. Deny 186
- 15.3.44. ErrorLog 188
- 15.3.45. LogLevel 188
- 15.3.46. LogFormat 188
- 15.3.47. CustomLog 188
- 15.3.48. ServerSignature 189
- 15.3.49. Alias 189
- 15.3.50. ScriptAlias 189
- 15.3.51. Redirect 190
- 15.3.52. IndexOptions 190
- 15.3.53. AddIconByEncoding 190
- 15.3.54. AddIconByType 190
- 15.3.62. AddLanguage 192
- 15.3.63. LanguagePriority 192
- 15.3.64. AddType 192
- 15.3.65. AddHandler 192
- 15.3.66. Action 192
- 15.3.67. MetaDir 193
- 15.3.68. MetaSuffix 193
- 15.3.69. ErrorDocument 193
- 15.3.70. BrowserMatch 193
- 15.3.71. Location 193
- 15.3.72. ProxyRequests 195
- 15.3.73. ProxyVia 195
- 15.3.74. Cache Directives 195
- 15.3.75. NameVirtualHost 195
- 15.3.76. VirtualHost 196
- 15.3.77. SetEnvIf 196
- 15.5. Using Virtual Hosts 198
- 15.6. Additional Resources 200
- Chapter 16 201
- 16.1.2. POP 202
- 16.1.3. SMTP 202
- 16.2.1. Mail User Agent 203
- 16.2.2. Mail Transfer Agent 203
- 16.3. Sendmail 204
- /etc/sendmail.cf by running: 206
- FEATURE(’ldap_routing’)dnl 208
- 16.4. Fetchmail 209
- • daemon 210
- 16.5. Procmail 212
- 16.5.1. Procmail Configuration 213
- 16.5.2. Procmail Recipes 214
- /dev/null 217
- 16.6. Security 218
- 16.7. Additional Resources 219
- 16.7.2. Useful Websites 220
- 16.7.3. Related Books 220
- Chapter 17 221
- 17.2. BIND Configuration Files 222
- 17.2.1. /etc/named.conf 223
- • include " 224
- • key " 224
- • view " 225
- • zone " 226
- 17.2.2. Zone Files 227
- $ORIGIN domain.com 228
- 259200 3D 231
- 604800 1W 231
- 31536000 365D 231
- SOA records 231
- 17.3. Using rndc 233
- 17.3.2. Command Line Options 235
- 17.4. BIND Advanced Features 236
- 17.6. Additional Resources 237
- 17.6.2. Useful Websites 238
- 17.6.3. Related Books 238
- Chapter 18 239
- Network File System (NFS) 239
- 18.1.1. NFS and portmap 240
- 100003 3 udp 2049 nfs 241
- 100021 1 udp 1028 nlockmgr 241
- 100021 3 udp 1028 nlockmgr 241
- 100021 4 udp 1028 nlockmgr 241
- [root@bleach /]# 241
- 18.2.1. /etc/exports 242
- 18.3.1. /etc/fstab 243
- 18.3.2. autofs 244
- 18.4. Securing NFS 245
- 18.5. Additional Resources 246
- 18.5.2. Related Books 247
- Chapter 19 249
- 19.3. Uses for LDAP 250
- 19.4. LDAP Terminology 250
- 19.6. OpenLDAP Files 251
- 19.6.2. The schema Directory 252
- 19.9. OpenLDAP Setup Overview 254
- 19.11. Additional Resources 256
- 19.11.2. Useful Websites 257
- 19.11.3. Related Books 257
- Appendixes 259
- Appendix A 261
- A.2. CD-ROM Module Parameters 262
- A.3. SCSI parameters 264
- A.4. Ethernet Parameters 267
Prodotti e manuali riguardandi Software di system management Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE
(6 pagine)© 2020, manymanuals.it. Tutti i diritti riservati | 0.030 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale