Linux (Linux Business Initiative ( ) ) 1998 12 17 InternetWeek 98 ( ) Internet Week98 1998 Motoharu Kubo, Japan Network Information Center
Linux 1. 2. 3. 4. 5. 6. 7. 8. 9. Q&A
Linux( ) BP Software Design UNIX PC UNIX Linux OS 10 Linux OS OS OS OS Linux Business Initiative Linux Linux web 30
Linux Linux Linux ( ) ( ) Red Hat TurboLinux Slackware Debian Caldera Linux Slackware Red Hat Debian Red Hat ( ) RedHat 5.2 Red Hat Red Hat /etc Slackware /usr/local/etc Red Hat RPM OK Red Hat
RPM Red Hat RPM OK Red Hat Red Hat 4.2 5.2 PC (AT ) (Red Hat 5.2 ) Server (Custom ) PC X X Red Hat SCSI X : CD-ROM FTP updates 4.2 Red Hat 5.2(5.1 ) Server Work
Station Server Custom Server NT Server rpm -i X X FTP (Red Hat ) updates (RPM ) sendmail X X
ps ax /etc/inetd.conf /etc/hosts.allow 4.2 pwconv5 5.x pwconv telnet Red Hat ps TCP wrapper
. WWW WWW UNIX. Linux UNIX UNIX
NT OS NT WWW CGI Mac co.jp! CERT Advisory JPNIC NIC DNS JP
telnet pop well-known DNS bind bind ps ps ls? telnet FTP POP IMAP FTP FTP WWW HTTP
telnet FTP Windows POP IMAP POP IMAP telnet?? : : : WWW WWW TCP/IP Socket??? WWW CGI?
? telnet ( telnet ) SSH telnet 90 telnet POP WWW CGI CGI?
JPCERT Linux tcp wrapper Tripwire swatch Linux IP Linux TCP wrapper Tripwire swatch ( )
telnet FTP UNIX /etc/passwd /etc/shadow
CGI Red Hat /etc/passwd /etc/passwd root:xf4xqo72tyxgy:0:0:root:/root:/bin/bash root: /etc/shadow pwconv5 (4.2) pwconv (5.x) Linux /etc/passwd /etc/shadow shadow root Linux Red Hat PAM Red Hat 4.2 pwconv5( 5 ) Red Hat 5.x pwconv
PAM Qualcomm qpopper PAM ( ) ( ) telnet telnet popper APOP telnet telnet r-cmd telnet UNIX telnet telnet rlogin rcp
telnet telnet r-cmd root /etc/passwd root su root root root X root (OTP) ( ) OPIE S/Key opie-2.22 logdaemon-5.6 RPM ( ) RPM
Secure Shell (SSH) ssh-2.0.9 RPM FTP SSH Secure SHell telnet r-cmd rcp RPM OTP v.s. SSH OTP SSH rlogin rsh rcp OTP SSH telnet OTP DHCP IP SSH
r-cmd telnet rlogin rsh rcp r-cmd SSH r-cmd r s scp OTP SSH OTP SSH Linux telnet SSH OTP inetd telnet ftp pop imap finger /etc/inetd.conf inetd Linux ps sendmail WWW httpd pop telnet inetd telnet inetd inetd inetd.conf /etc/inetd.conf 1 1 # / tcp wrapper /etc/inetd.conf
imap imap #imap stream tcp nowait root /usr/sbin/tcpd imapd stream tcp nowait root /usr/sbin/tcpd imapd inetd SIGHUP inetd.conf telnet pop # inetd.conf TCP wrapper imap imap # imap intetd.conf inetd SIGHUP TCP wrapper (tcpd) /usr/sbin/tcpd /etc/hosts.allow /etc/hosts.deny 2 /etc/hosts.allow man 5 hosts_access TCP wrapper inetd.conf TCP wrapper inetd imap imap inetd TCP wrapper /usr/sbin/tcpd tcpd IP imap tcpd imapd TCP wrapper TCP wrapper tcpd tcpd /etc/hosts.allow /etc/hosts.deny deny allow
/etc/hosts.allow ALL: ALL: ALLOW inetd.conf (192.168.0.0/255.255.255.0) ALL: 192.168.0.0/255.255.255.0: ALLOW ALL: ALL: DENY ALL telnet ftp pop 192.168.0.0/255.255.255.0 ALLOW ALL:ALL: DENY IP IP
ALL: ALL: spawn (/usr/sbin/safe_finger -l @%h /bin/mail -s "%d-%h" root) &: DENY DENY ALL:ALL DENY finger root telnet popper ALL: 192.168.0.0/255.255.255.0: ALLOW in.ftpd: ALL: ALLOW popper: 210.123.45.67: ALLOW ALL: ALL: DENY /usr/sbin ftp ftpd in.ftpd ftp popper popper popd popper (210.123.45.67) popper "ALL: ALL: DENY" popper in.telnetd telnet telnet telnet
Phf (WWW ) phf /etc/passwd /var/log/httpd/access_log... "GET/cgi-bin/phf?... 404-404 CERT JPCERT Advisories Phf WWW Apache WWW Phf httpd access_log access_log 400 OK httpd WWW CGI CGI WWW CGI WWW CGI
( ) DNS (named) (sendmail) WWW (httpd) inetd DNS named sendmail Red Hat Slackware /etc/rc.d/rc3.d/ S( ) S80sendmail ( ) "S" "K" /etc/rc.d/rc3.d/ rc3 X xdm S S Start 80 10 20 S10 sendmail S K Kill
S K _ s /etc/rc.d/rc3.d/ [start stop] Windows Linux sendmail S80sendmail stop 5.2 start stop restart sendmail Red Hat 5.2 Red Hat 4.2 Red Hat 4.2 IP 5.2 Red Hat 5.x
tftp finger sunrpc 69/udp 79/tcp 111/tcp,111/udp netbios 137-139/tcp snmp exec login shell 161/udp 512/udp 513/tcp t14/tcp telnet imap telnet Linux IP ipfwadm Red Hat 4.2 Linux IP ipfwadm 2.2 4.2
telnet imap telnet DNS NAT/IP IP OCN 16 IP IP IP
streamworks UDP IP
20
/var/log/messages FAIL INVALID /var/log/secure refuse warning last /var/log/maillog /var/log/httpd/access_log WWW " 40" "phf" /var/log/messages FAIL INVALID grep ftp grep /var/log/secure messages refuse warning last last maillog to from to from cc "we do not relay"
syslog WWW access_log grep " 40" phf swatch /FAILED/ /INVALID/ mail=admin mail=admin Tripwire swatch /var/log/messages FAILED INVALID perl admin perl perl perl perl M 64M 128M
grep /etc/ /bin/ /sbin/ Tripwire Tripwire ( ) /etc/ ( ) /etc/ ( ) ( ) Red Hat /etc/ /etc/ /etc/ /etc/ /var/
CERT http://www.cert.org (1988 ) CERT Advisories CERT Advisories FTP CERT Advisories (ftp://info.cert.org/pub/cert_advisories/) CERT Bulletins (ftp://info.cert.org/pub/cert_bulletins/) CERT Advisories (http://www.voj.toda.saitama.jp/cert-ca.shtml ) CERT Bulletins (http://www.voj.toda.saitama.jp/cert-vb.shtml ) CERT 1988 CERT Advisories CERT Advisories ftp (IPA) http://www.ipa.go.jp/index-j.html (http://www.ipa.go.jp/security/index-j.html) (IPA) Linux
IPA Excel word (JPCERT/CC) http://www.jpcert.or.jp/ CERT JPCERT/CC JPCERT linux-security-jp Linux CERT Advisories http://www.3ware.co.jp/opensoc/index.html linux-security-jp Windows Linux 7,800 JPCERT CERT Advisories CERT COAST Red Hat FTP ftp://ftp.redhat.com/ FTP
CERT Advisories Red Hat FTP Advisories Red Hat URL
phf telnet pop3 bind telnet pop bind imap phf mscan telnet pop readme JP telnet Linux bind Linux Linux Linux named root named Linux named root
named named DNS DoS OS DoS Denial of Service OS SYN TCP syn SYN SYN 10 100 SPAM ( ) /etc/mail/ip_allow /etc/mail/relay_allow (5.2) SPAM SPAM
sendmail WIDE sendmail Red Hat 5.2 sendmail /etc/mail/ ip_allow relay_allow /etc/mail/ip_allow 127.0.0.1 192.168.0 192.168.0 192.168.0 /etc/mail/relay_allow mydomain.co.jp sendmail "Software Design"
PC PC Linux PC Linux PC I O Linux DBMS RDB Linux DB2 Linux
VB Delphi Notes Linux Wnn6 dp-note Java Linux IBM sendmail MTA sendmail MTA Cobalt Cube (Q&A)
IDG Linux Red Hat Q A Windows-NT UNIX Linux NT UNIX NT Microsoft ( ) Microsoft UNIX Linux UNIX Linux NT UNIX 10 30 0.
SI Linux Web Linux DOC DOC
Linux Case Linux SE
9. Q&A : ISP WWW telnet : TCP wrapper telnet SSH Windows TeraTerm SSH SSH telnet : BOF Solaris FreeBSD Linux Linux : Solaris FreeBSD Linux FreeBSD Linux Solaris FreeBSD Linux UNIX Linux FreeBSD Linux
OS : TCP/IP TCP wrapper LAN PC TTY :? : : PPP TTY PPP PAP CHAP Radius NTT :
: : SSH NT Linux : SSH Data Fellows SSH e-mail SSH OK SSH SSH F-Secure : Linux Solaris DiskSuite RAID Linux RAID UPS APC Linux
: RAID Linux RAID3 5 RAID WWW OS UPS APC APC Linux UPS Linux UPS RAID UPS : Solaris FreeBSD Linux AT 24 NT Ultra5 Solaris Linux PC UNIX? : PC PC UNIX
OS