( ) ( ) ()
1 Netshut...1 1.1....1 1.1.1....1 1.1.2. OS...1 1.2....2 2...2 2.1....2 2.2. Linux(RPM )...3 2.3. Solaris(PKG )...4 3 Netshut...7 3.1....7 3.2....8 3.3. Netshut...9 3.4. Syslog...10 3.4.1....11 3.5....12 4...13 4.1.1. Linux(rpm)...13 4.1.2. Solaris(pkg)...13 5...14 5.1....14 5.2. IP...14 5.2.1. IP...14 5.2.2. IP...16
1Netshut 1.1. Netshut (TCP/IP) Web/SNMP UPS Netshut Web/SNMP (TCP/IP) Web/SNMP GX 10.28.01 UPS GX100GX200 LAN TCP/IP 1.1.1. Netshut CPU Pentium MH MB MB 1.1.2. OS OS Linux Red Hat Enterprise Linux Server 5.3 (x86,x64) Suse Linux Enterprise Server 11(x86,x64) Cent OS 5.4(x86,x64) Solaris Solaris 10(x86,x64,SPARC) 1
2 1.2. doshutdown.sh Web/SNMP Web/SNMP Web/SNMP 2 2.1. root (root) (Solaris, Linux ) su
2.2. Linux(RPM ) Web/SNMP CD-ROM CD-ROM CD-ROM CDROM mount /dev/hdc /media RPM CD-ROM Netshut Linux cd /media/netshut/linux RPM rpm Redhat or Cent OS rpm -ivh Netshut-X.Y.Z 1 -EL53.i386.rpm Suse Linux rpm -ivh Netshut-X.Y.Z 2 -SUSE11.i586.rpm /usr/local/ Netshut Netshut... ####################[100%] 1:Netshut ####################[100%] Netshut /sbin/service Netshut start 1 X.Y.Z X Y Z 2 X.Y.Z X Y Z 3
2.3. Solaris(PKG ) Web/SNMP CD-ROM CD-ROM CD-ROM CDROM /etc/init.d/volmgt start PKG CD-ROM Netshut Solaris cdrom0 cd /cdrom/cdrom0/netshut/solaris /usr/tmp PKG PKG PKG CD cp Netshut-X.Y.Z-ARCH.pkg.gz /usr/tmp cd /usr/tmp gzip gzip -d Netshut-X.Y.Z-ARCH.pkg.gz pkgadd pkgadd -d Netshut-X.Y.Z-ARCH.pkg all Enter 4
5
6 Netshut /etc/init.d/netshut start
3Netshut 3.1. Netshut OS Netshut run level = 2, 3, 4, 5 OS Linux Netshut /sbin/service Netshut start Netshut /sbin/service Netshut stop Netshut /sbin/service Netshut restart Solaris Netshut /etc/init.d/netshut start Netshut /etc/init.d/netshut stop 7
8 3.2. Web/SNMP 8 8 PC 1 /usr/local/netshut Netshutcmd Netshutcmd Netshutcmd < IP-Address> < > [-SC] IP-Address IP-Address Netshut TCP 7006 -SC /usr/local/netshut/doshutdown.sh /usr/local/netshut/doshutdown.sh vi vi /usr/local/netshut/doshutdown.sh Netshut Netshut Netshut LAN LAN
IP-Address 192.168.1.100 192.168.1.101 192.168.1.102 7006/TCP 3.3. Netshut #!/bin/sh /usr/local/netshut/netshutcmd 192.168.1.100 7006 -SC /usr/local/netshut/netshutcmd 192.168.1.101 7006 -SC /usr/local/netshut/netshutcmd 192.168.1.102 7006 -SC sleep 1 sync; sync; sync; /sbin/init 0 & exit 0 Netshut /usr/local/netshut/netshut.conf vi vi /usr/local/netshut/netshut.conf Netshut 3.1 9
10 3.4. Syslog Netshut OS /var/log/messages
3.4.1. Oct 13 19:20:28 ups-sv224 Netshut[2677]: Netshut Start (port 7006). Oct 13 19:22:23 ups-sv224 Netshut[2677]: Netshut Recv Start (from 10.65.11.130). Oct 13 19:22:23 ups-sv224 Netshut[2677]: Netshut CMD OK (from 10.65.11.130). 11
3.5. Netshut doshutdown.sh doshutdown.sh doshutdown.shos doshutdown.sh ( ) doshutdown.sh #!/bin/sh sleep 1 sync; sync; sync; /sbin/init 0 & exit 0 [batch.sh] doshutdown.sh2 2 () UPS OS OS #!/bin/sh /root/shutdown_scripts/batch.sh a shutdown sleep 1 sync; sync; sync; /sbin/init 0 & exit 0 12
4 4.1.1. Linux(rpm) Linux rpm rpm -e Netshut 4.1.2. Solaris(pkg) Solaris pkgrm pkgrm Netshut 13
14 5 5.1. 5.2. IP 5.2.1. IP
iptables -L -n Chain INPUT (policy ACCEPT) Netshut-Firewall all -- 0.0.0.0/0 0.0.0.0/0 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT) RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) Chain Netshut-Firewall (1 references) ACCEPT tcp -- 10.65.2.164 0.0.0.0/0 tcp dpt:7006 Chain RH-Firewall-1-INPUT (2 references) ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ACCEPT tcp -- 192.168.1.10 0.0.0.0/0 tcp spt:7006 iptables /sbin/service iptables save 15
5.2.2. IP Firewall IP Red Hat Enterprise Linux Server Web/SNMP 192.168.1.10 root iptables filter Netshut-Firewall iptables -t filter -N Netshut-Firewall Netshut-Firewall 192.168.1.10 7006/TCP (DROP ) iptables -t filter -A Netshut-Firewall -p tcp --dport 7006 -s 192.168.1.10 -j DROP INPUT Netshut-Firewall 1 iptables -t filter -I INPUT Netshut-Firewall iptables -L -n Chain INPUT (policy ACCEPT) Netshut-Firewall all -- 0.0.0.0/0 0.0.0.0/0 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT) RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) Chain Netshut-Firewall (1 references) DROP tcp -- 10.65.2.164 0.0.0.0/0 tcp dpt:7006 Chain RH-Firewall-1-INPUT (2 references) : : : REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ACCEPT tcp -- 192.168.1.10 0.0.0.0/0 tcp spt:7006 16
iptables /sbin/service iptables save 17