Linux IT 1 2009

1 PAM 1 1.1 PAM................................................. 1 1.2 PAM................................................ 2 1.3 pam unix.................................................. 3 1.4...................................... 4 1.5..................................... 5 1.6 root................................ 5 1.7 root........................................... 6 1.8 root...................................... 6 1.9........................................... 6 1.10 Apache PAM........................................ 7 1.11 Apache.......................................... 7 1.12 mod authnz external................................... 8 1.13 PAM pwauth.............................. 8 1.14 PAM....................................... 9 1.15.................................................. 10 1.16..................................................... 10 2 Apache PAM 11 2.1 Apache PAM........................................ 11 2.2 Apache.................................... 11 2.3 mod authnz external................................... 12 2.4 PAM pwauth.............................. 12 2.5 PAM....................................... 13 2.6.................................................. 13 2.7..................................................... 13 3 SELinux 15 3.1 SELinux............................................... 15 3.2............................................ 15 3.3 SELinux............................................... 15 3.4 SELinux............................................. 16 3.5 SELinux...................................... 16 3.6......................................... 17

3.7.............................. 17 3.8................................................ 17 3.9......................................... 18 3.10 SELinux........................................ 19 3.11 SELinux...................................... 19 3.12 SELinux............................................. 20 3.13 SELinux.............................. 20 3.14 SELinux........................................... 21 3.15 SELinux............................................. 21 3.16..................................................... 21 3.17............................................ 21 3.18............................................ 22 3.19.................................... 23 3.20...................................... 24 3.21................................................ 26 3.22............................................. 27 3.23.......................................... 28 3.24..................................... 28 3.25 MCS...................................... 31 3.26..................................................... 32 4 Tripwire 33 4.1................................................ 33 4.2 Tripwire................................................ 33 4.3................................................ 33 4.4..................................................... 35 4.5............................................. 35 4.6................................................ 36 4.7............................................ 36 4.8..................................................... 37 4.9............................................. 37 4.10......................................... 38 4.11.......................................... 39 4.12................................................... 39 5 Snort 41 5.1 snort................................................ 41 5.2 BASE................................................... 44 5.3 SnortALog................................................. 49 6 SNMP 51 6.1 SNMP................................................... 51 6.2 SNMP........................................... 52

6.3 net-snmp.............................................. 52 6.4.................................................. 53 6.5 MIB............................................ 55 6.6................................................. 55 6.7 SNMPv3............................................. 55 6.8 OID............................................... 56 6.9................................................. 57 6.10............................................. 57 6.11............................................... 58 6.12............................................... 60 6.13.......................................... 62 6.14............................................ 63 6.15............................................. 64 6.16 RRDTool............................................... 64 6.17 RRDTool Cacti.................................... 64 6.18.................................................. 64 6.19..................................................... 65 7 MRTG 67 7.1 SNMP............................................... 67 7.2 MRTG....................................... 68 8 GNUPG 71 8.1 GnuPG................................................ 71 8.2............................................. 71 8.3............................................. 72 8.4..................................................... 77 9 iptables 79 9.1 LAN........................................ 79 9.2 VirtualBox............................................. 79 9.3 Linux................................................ 79 9.4 Windows.............................................. 80 9.5.................................................. 80 9.6.................................................. 80

1 1 PAM 1.1 PAM PAM *1 Sun Microsystems OS Solaris Linux HP-UX Mac OS X UNIX su password ssh PAM 1.1 1.1 PAM 1. PAM 2. PAM PAM 3. PAM /etc/pam.d /etc/pam.d/other 4. PAM *1 Pluggable Authentication Modules

1.2. PAM 1. PAM 5. 6. 7. PAM PAM 8. 1.2 PAM PAM /etc/pam.d 1: PAM [ ] 4 1.1 PAM auth account password session 1.2 PAM required requisite sufficient optional 2

1. PAM 1.3. PAM UNIX 1.3 PAM pam unix pam userdb pam access pam time pam nologin pam securetty pam rootok pam shells pam wheel pam group UNIX Berkley DB root root su root CentOS5.3 /etc/pam.d/system-auth 2: system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so auth required pam_nologin account required pam_unix.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so 1.3 pam unix pam unix UNIX 3

1.4. 1. PAM 1.4 pam unix debug audit use first pass try first pass not set pass likeauth noreap nodelay nullok syslog syslog 2 1.5 password use authtok shadow md5 bigcrypt nis remember=x try first pass md5 DEC C2 NIS RPC X 1.4 pam time pam time /etc/ pam.d/system-auth 3: pam time account required pam_time.so pam time /etc/security/time.conf 4 (;) services ttys users 1 login su login su ttyp*&!tty* * 4

1. PAM 1.5. times 24 8 6 2000-0600 (Mo Tu We Th Fr Sa Su) Wk Wd Al 7 11 TuWe0700-2300 4: time.conf service;ttys;users;times!!login login doraemon nobita doraemon nobita & login & su login su * foo* foo doraemon 8 6 5: pam time login;ttyp*&tty*;doraemon;!al2000-0600 1.5 pam nologin auth 6: pam nologin auth required pam_nologin /etc/nologin 1.6 root pam securetty auth /etc/pam.d/login 7: pam securetty auth required pam_securetty.so /etc/securetty root 5

1.7. ROOT 1. PAM 1.7 root pam rootok root root /etc/pam.d/ auth 8: pam rootok auth sufficent pam_rootok.so 1.8 root pam wheel su /etc/pam.d/su auth 9: pam wheel auth required pam_wheel.so debug use uid trust deny syslog uid uid( ) uid( ) s group= wheel GID 0 wheel GID 0 su CentOS5.3 /etc/pam.d/su pam wheel 10 (1) wheel su (2) wheel su 10: CentOS /etc/pam.d/su ( ) #auth sufficient pam_wheel.so trust use_uid <- (1) #auth required pam_wheel.so use_uid <- (2) 1.9 pam unix pam cracklib 2 pam unix password ( 1.5) pam cracklib 1.6 6

1. PAM 1.10. APACHE PAM 1.6 pam cracklib debug type=unix UNIX New UNIX password: UNIX retry=n 1 difok=n 5 difignore=n 23 difok ( ) minien=n 9 5 5 dcredit=-n 1 N ucredit=-n 1 N lcredit=n 1 N ocredit=-n 1 ( ) N use authtok 1.10 Apache PAM Apache BASIC Linux Apache PAM Linux Apache Apache mod authnz external Apache 1.11 Apache Apache http://172.16.32.10/ sakabe/ Apache /usr/local/ apache2 7

1.12. MOD AUTHNZ EXTERNAL 1. PAM $ tar jxfv httpd-2.2.14.tar.bz2 $ cd httpd-2.2.14 $./configure --enable-rule=shared_core --enable-module=so $ make -j2 $ sudo make install 1.2 Apache 1.12 mod authnz external mod authnz external http://code.google.com/p/mod-auth-external/ $ tar zxfv mod_authnz_external-3.2.3.tar.gz $ cd mod_authnz_external-3.2.3 $ sudo /usr/local/apache2/bin/apxs -c mod_authnz_external.c $ sudo /usr/local/apache2/bin/apxs -i -a mod_authnz_external.la $ grep authnz /usr/local/apache2/conf/httpd.conf LoadModule authnz_external_module modules/mod_authnz_external.so <- 1.3 mod authnz external 1.13 PAM pwauth pwauth mod authnz external PAM 8

1. PAM 1.14. PAM $ tar zxf pwauth-2.3.8.tar.gz $ cd pwauth-2.3.8 $ vim config.h 267 #define SERVER_UIDS 72 #define SERVER_UIDS 2 $ make $ sudo cp pwauth /usr/libexec $ sudo chmod u+s /usr/libexec/pwauth 1.4 pwath /etc/pam.d/pwauth 11: /etc/pam.d/pwauth auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_nologin.so account required /lib/security/pam_pwdb.so Apache /usr/local/apache2/conf/httpd.conf 12: httpd.conf AddExternalAuth pwauth /usr/libexec/pwauth SetExternalAuthMethod pwauth pipe httpd.conf 152.htaccess 13: httpd.conf AllowOverride None AllowOverride All 1.14 PAM PAM.htaccess /usr/local/ apache2/htdocs 14:.htaccess 9

1.15. 1. PAM AuthType Basic AuthName Your-Site-Name AuthBasicProvider external AuthExternal pwauth require valid-user 1.15 /usr/local/apache2/logs/error log pwauth INSTALL 1.16 (/var/log/messages /var/log/secure) 1. /var/log/secure PAM 2. /etc/pam.d 3. Linux /etc/pam.d/system-auth 4. doraemon 10 1 5. 9 30 6 ssh 6. root 7. nobita wheel wheel doraemon wheel nobita su 8. 3 2 9. chage 10

11 2 Apache PAM 2.1 Apache PAM Apache BASIC Linux Apache PAM Linux Apache Apache mod authnz external Apache 2.1 Apache PAM 2.2 Apache Apache

2.3. MOD AUTHNZ EXTERNAL 2. APACHE PAM $ yum -y install httpd-devel 2.2 Apache 2.3 mod authnz external mod authnz external http://code.google.com/p/mod-auth-external/ 2.3 # tar zxfv mod_authnz_external-3.2.5.tar.gz # cd mod_authnz_external-3.2.5 # apxs -c mod_authnz_external.c # apxs -i -a mod_authnz_external.la $ grep authnz /etc/httpd/conf/httpd.conf LoadModule authnz_external_module modules/mod_authnz_external.so <- 2.3 mod authnz external 2.4 PAM pwauth pwauth mod authnz external PAM http://code.google.com/p/pwauth/ 2.4 # tar zxf pwauth-2.3.8.tar.gz # cd pwauth-2.3.8 # vim config.h 267 #define SERVER_UIDS 72 #define SERVER_UIDS 48 # make # cp pwauth /usr/libexec # chmod u+s /usr/libexec/pwauth 2.4 pwath 12

2. APACHE PAM 2.5. PAM /etc/pam.d/pwauth 15 15: /etc/pam.d/pwauth auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_nologin.so account required /lib/security/pam_pwdb.so Apache /etc/httpd/conf/httpd.conf 16: httpd.conf AddExternalAuth pwauth /usr/libexec/pwauth SetExternalAuthMethod pwauth pipe httpd.conf 328.htaccess 17: httpd.conf AllowOverride None AllowOverride All 2.5 PAM PAM.htaccess /var/www/html/.access 18:.htaccess AuthType Basic AuthName Your-Site-Name AuthBasicProvider external AuthExternal pwauth require valid-user 2.6 /var/logs/httpd/error log pwauth INSTALL 2.7 1. 2. /var/www/secret http://localhost/secret/ HTML 3. PAM 13

15 3 SELinux 3.1 SELinux SELinux Linux SELinux 3.2 MAC : Mandatory Access Control root SELinux MAC DAC : Discretionary Access Control Linux TE : Type Enforcement RBAC : Role Based Access Control 3.3 SELinux SELinux 1. 2. 3. 4. 5. 6.

3.4. SELINUX 3. SELINUX 3.4 SELinux SELinux SELinux 3.1 SELinux SELinux TE *1 TE te RBAC *2 3.5 SELinux SELinux 3 I/O 3.2 SELinux *1 Type Enforcement *2 Role Based Access Control 16

3. SELINUX 3.6. 3.6 SELinux SELinux 3 SELinux ID ID 1 ( ) SELinux 1 SELinux root r sysadm r t sysadm t t 3.7 3.8 SELinux 2 allow auditallow dontaudit 17

3.9. 3. SELINUX 3.1 allow (auditallow ) auditallow (allow ) dontallow 3.9 SELinux 2 ( ) ( ) 3.3 18

3. SELINUX 3.10. SELINUX 3.4 3.10 SELinux SELinux 1. 2. SELinux 3. 4. 5. SELinux 3.11 SELinux SELinux /etc/selinux CentOS targeted 3.5 19

3.12. SELINUX 3. SELINUX 3.5 3.12 SELinux chcon setfile FC( ) checkpolicy getenforce SELinux setenforce SELinux newrole run init init / getsebool SELinux setsebool SELinux seinfo SELinux 3.13 SELinux SELinux id ls ps cron login cron 20

3. SELINUX 3.14. SELINUX logrotate pam SELinux API ssh 3.14 SELinux SELinux 2 permissive enforcing Linux DAC SELinux SELinux 3.15 SELinux SELinux 4 staff r sysadm r sysadm r system r user r 3.16 Linux 1. SELinux 2. HTTPD 3. SELinux SELinux 4. root SELinux 5. ls su sudo httpd 6. xinetd dhclien bash 7. SELinux 8. SELinux enfocing Samba SELinux 3.17 CentOS SELinux /etc/selinux/targeted/policy/policy.21 3.6 base 21

3.18. 3. SELINUX 3.6 3.18 19 19: allow allow < > < >:< > < >; 3.2 3.3 3.2 file dir lnk file chr file blk file tcp socket udp socket TCP TCP UDP UDP 22

3. SELINUX 3.19. 3.3 read execute no trans execute append write create unlink name bind name connect smb t user home dir t 20: allow allow smbd_t user_home_dir_t:dir read; 3.19 2.te.fc 21: te module local 1.0; require { type httpd_t; class file { write create append execute }; class dir { write rmdir read }; } allow httpd_t httpd_sys_content_t:file { write append create }; 22: fc # squid /usr/sbin/squid -- system_u:object_r:squid_exec_t /usr/sbin/squid(/.*)? system_u:object_r:squid_cache_t /var/spool/squid(/.*)? system_u:object_r:squid_cache_t 23

3.20. 3. SELINUX 3.20 SELinux (enforcing) fswiki 3.20.1 http://172.16.32.10/ sakabe/linuxsecurity/selinux/ fswiki wiki3 6 3 1.zip ( 3.7 ) # cd /var/www/html # unzip wiki3_6_3_1.zip # mv wiki3_6_3_1 wiki # cd wiki # sh./setup.sh # setsebool -P httpd_builtin_scripting 0 # yum -y install selinux-policy-devel # cd # mkdir work # cp /usr/share/selinux/devel/makefile work # cd work 3.7 fswiki CentOS httpd /etc/httpd/conf/httpd.conf 23 (DocumentRoot CGI ) (apachectl -k start) 23: httpd.conf 319: Options Indexes FllowSymLinks ExecCGI 779: AddHandler cgi-script.cgi SELinux Enforcing wiki(hhtp:// /wiki/wiki.cgi) Internal Server Error 3.20.2 1. SELinux permissive wiki 2. audit2allow te 3. 4. 24

3. SELINUX 3.20. 3.20.3 permissive httpd Web http:// /wiki/wiki.cgi 3.8 fswiki SELinux SELinux 3.20.4 audit2allow te te SELinux audit2allow audit 3.9 audit local local.te # audit2allow -a -l -m local > local.te 3.9 audit2allow te audit2allow 3.4 3.4 audit2allow -a audit message -d dmesg -h -i -l -m module/require -M -o -r require -R -v 25

3.21. 3. SELINUX 3.20.5 local.te make local.te local.pp semodule # make # semodule -i local.pp # semodule -l.. iscsid 1.0.0 local 1.0 milter 1.0.0.. # semodule -r local 3.10 SELinux enforcing Web wiki SELinux 3.21 wiki SELinux /var/www/html/wiki /var/www/html (httpd sys content) /var/www/html /var/www/html/wiki /var/www/ html/wiki 1. 2. (fc te ) 3. Permissive 4. audit2allow te 26

3. SELINUX 3.22. # rm local.te # semodule -r local 3.11 local 3.21.1 te local.te 24 24: te module local 1.0; type wiki_write_t; files_type(wiki_write_t) 3.21.2 fc local.fc 25 25: /var/www/html/wiki(/.*)? gen_context(system_u:object_r:wiki_write_t s0) 3.21.3 te fc # make # semodule -i local.pp # restorecon -RF /var/www/html/wiki # ls -Z /var/www/html 3.12 3.22 (wiki write t) SELinux permissive SELinux audit2allow local.te 27

3.23. 3. SELINUX # audit2allow -a -l -r >> local.te # make # semodule -i local.pp 3.13 audit2allow wiki 3.23 SELinux /usr/share/selinux/devel/include 3.24 1. te a b c d 2. fc a 3. 4. 5. /root/work1 testapp t 26: /usr/local/bin/testapp 28

3. SELINUX 3.24. #!/bin/sh mkdir -p /etc/testapp while read i; do echo $i > /etc/testapp/hoge done 3.24.1 te testapp testapp.te 27: testapp.te # policy_module(testapp, 1.0) # type testapp_exec_t; files_type(testapp_exec_t) # type testapp_t; # domain_type(testapp_t) domain_entry_file(testapp_t, testapp_exec_t) unconfined_domtrans_to(testapp_t, testapp_exec_t) init system domain( ) init daemon domain( ) domain type( ) domain entry type( ) unconfined domtrans to( ) 3.24.2 fc /usr/local/bin/testapp testapp exec t testapp.fc 28: testapp.fc /usr/local/bin/testapp gen_context(system_u:object_r:testapp_exec_t,s0) 3.24.3 29

3.24. 3. SELINUX # mkdir work1 # cd work1 # cp /usr/share/selinux/devel/makfile. # make # semodule -i testapp.pp # restorecon -RF /usr/local/bin/testapp 3.14 3.24.4 permissive # setenforce 0 # /usr/local/bin/testapp 3.15 testapp ps -ez grep testapp testapp Ctrl+D # ps -ez grep testapp user_u:system_r:testapp_t 719 pts/1 00:00:00 testapp 3.16 3.24.5 enforcing 29: te fc te type testapp_write_t;files_type(testapp_write_t) allow testapp_t testapp_write_t:dir create_dir_perms; allow testapp_t testapp_write_t:file create_file_perms; fc /etc/testapp(/.*)? gen_context(system_u:object_r:testapp_write_t,s0) 30

3. SELINUX 3.25. MCS /etc/testapp testapp write t # make # semodule -i testapp.pp # restorecon -RF /etc/testapp 3.17 SELinux # audit2allow -a -l -r >> testapp.te # make # semodule -i testapp.pp 3.18 3.25 MCS MCS(Multi Category Security) root c0,c1,c2,..c255 256 3.25.1 SELinux chcat chcat chcat -d chcat -l chcat -l -L 31

3.26. 3. SELINUX # chcat -l c0 root # chcat -l c1 nobita # chcat -L -l root root: s0:c0 # chcat -L -l nobita nobita: s0:c1 nobita $ chcat c1 test.txt $ ls -Z test.txt -rw-r--r-- sakabe wheel user_u:object_r:user_home_t:s0:c2 test.txt root # cat ~sakabe/test.txt SELinux # setenforce 1 # cat ~sakabe/test.txt cat: /home/sakabe/test.txt: 3.19 id $ id -Z user_u:system_r:unconfined_t:s0:c2 3.20 /etc/selinux/targeted/setrans.conf 30: s0: = s0:c1=is02 3.26 32

33 4 Tripwire Tripwire IDS 4.1 UNIX 1. diff 2. md5 3. ls 4.2 Tripwire Tripwire Purdue COAST (http://www.cerias.purdue.edu/coast/) UNIX 1. ( ) 2. 3. 4. Tripwire Tripwire 4.3 tripwire-2.4.2-src.tar.bz2

4.3. 4. TRIPWIRE $ su - # tar jxf tripwire-2.4.2-src.tar.bz2 # cd tripwire-2.4.2-src #./configure --prefix=/opt/tripwire # make # vim install/install.cfg 96 TWMAILMETHOD=SMTP # make install Installer program for: Tripwire(R) 2.4 Open Source ( ) Press ENTER to view the License Agreement. Please type "accept" to indicate your acceptance of this license agreement. [do not accept] accept ( ) Continue with installation? [y/n]y ---------------------------------------------- Creating key files... ( ) Enter the site keyfile passphrase: Verify the site keyfile passphrase: Generating key (this may take several minutes)...key generation complete. ( ) Enter the local keyfile passphrase: Verify the local keyfile passphrase: Generating key (this may take several minutes)...key generation complete. ( ) ---------------------------------------------- Creating signed policy file... Please enter your site passphrase: Wrote policy file: /opt/etc/tw.pol ( ) make[1]: /home/sakabe/linuxsecurity/tripwire-2.4.2-src 4.1 tripwire 34

4. TRIPWIRE 4.4. /opt/tripwire/etc twcfg.txt twpol.txt /opt/ tripwire/sbin twadmin twprint 4.4 4.5 perl twpolmake.pl # PATH=$PATH:/opt/tripwire/sbin # cd /opt/tripwire/etc # perl twpolmake.pl twpol.txt > twpol.txt.new # twadmin -m P -c tw.cfg -p tw.pol -S site.key twpol.txt.new 4.2 4.5.1 ( 4.3) 35

4.6. 4. TRIPWIRE # tripwire -m i -c tw.cfg Please enter your local passphrase: Parsing policy file: /opt/etc/tripwire/tw.pol Generating the database... *** Processing Unix File System *** The object: "/misc" is on a different file system...ignoring. The object: "/net" is on a different file system...ignoring. The object: "/selinux" is on a different file system...ignoring. The object: "/sys" is on a different file system...ignoring. The object: "/var/lib/nfs/rpc_pipefs" is on a different file system...ignoring. The object: "/mnt/hgfs" is on a different file system...ignoring. Wrote database file: /opt/tripwire/lib/tripwire/beta.localdomain.twd The database was successfully generated. 4.3 4.6 ( 4.4) /opt/tripwire/lib/tripwire/report # tripwire -m c -c tw.cfg Parsing policy file: /opt/tripwire/etc/tw.pol *** Processing Unix File System *** Performing integrity check... Wrote report file: /var/lib/tripwire/report/xxxxxx.twr ( ) All rights reserved. Integrity check complete. 4.4 Tripwire cron 4.7 ( 4.5) [x] x 36

4. TRIPWIRE 4.8. # env LANG=C tripwire -m u -r /opt/tripwire/lib/tripwire/report/xxxxxx.twr Please enter your local passphrase: Wrote database file: /opt/tripwire/lib/tripwire/fc6.localdomain.twd 4.5 4.8 1. Tripwire 2. touch /etc/hosts touch test00.txt 3. Tripwire 4. Tripwire 4.9 Tripwire + 4.1 37

4.10. 4. TRIPWIRE 4.1 a b c d g i l m n p r s t u C H M S (+CMSH ) i i ID ID i ( ) i ID ID CRC-32 HAVAL MD5 SHA 4.10 4.2 4.1 4.2 Device +pugsdr-intlbamccmsh Dynamic +pinugtd-srlbamccmsh Growing +pinugtdl-srbamccmsh IgnoreAll -pinugtsdrlbamccmsh IgnoreNone +pinugtsdrbamccmsh-l ReadOnly +pinugtsdbmcm-rlacsh Temporary +pugt 38

4. TRIPWIRE 4.11. 4.11 twpol.txt.new Apache (/home/httpd /www) :MyWeb WEBROOT Apache DocumentRoot ReadOnly 1 CGIBIN Apache cgi-bin ReadOnly Apache /www/logs Growing # twadmin -m P -c tw.cfg -p tw.pol -S site.key twpol.txt.new # Apache Linux # # twprint -m r --twrfile 4.6 4.12 (http://172.16.32.10/ sakabe/) (sakabe@hac.neec.ac.jp) Word OpenOffice HTML LS 100427 Tripwire Tripwire 4 Tripwire 39

41 5 Snort Tripwire IDS snort snort 5.1 snort snort snort http://www.snort.org/ (http://172.16.32.10/ sakabe/) libpcap : libpcre : Perl mysql mysql-server mysql-devel : MySQL snort

5.1. SNORT 5. SNORT $ rpm -q libcap # rpm -ivh snort-2.8.6-1.rh5.i386.rpm # rmp -ivh snort-mysql-2.8.6-1.rh5.i386.rpm MySQL snort $ mysql -u root -p > GRANT ALL PRIVILEGES ON *.* TO snort@localhost IDENTIFIED BY snort WITH GRANT OPTION; >exit; $ echo "CREATE DATABASE snort;" mysql -u snort -p Enter password: $ mysql -D snort -u snort -p < /usr/share/snort-2.8.6/schemas/create_mysql Enter password: # mkdir -p /etc/snort/rules # cp./etc/*.{conf,config,map} /etc/snort # tar zxf snort_rules.tar.gz -C /etc/snort 5.1 snort snort snort 5.1.1 snort.conf snort.conf NIC var HOME NET $eth0 ADDRESS var RULE PATH /etc/snort/rules output database: log, mysql, user=root password=root dbname=snort host=localhost output alert syslog: LOG AUTH LOG ALERT 5.1.2 42

5. SNORT 5.1. SNORT # snort -A full -c /etc/snort/snort.conf ( ) --== Initialization Complete ==--,,_ -*> Snort! <*- o" )~ Version 2.8.5.1 (Build 114) By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2009 Sourcefire, Inc., et al. Using PCRE version: 7.8 2008-09-05 5.2 snort PC nmap Linux Ctrl+C snort var/log/snort alert nmap # nmap -P0 172.16.11.xx Linux 5.3 snort IP IP 31: /var/log/snort/alert [**] [122:1:0] (portscan) TCP Portscan [**] [Priority: 3] 12/09-11:38:04.669027 172.16.114.1 -> 172.16.114.129 PROTO:255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:162 DF 5.1.3 snort 1. # snort -v [-d -X] [-C] [-e] [ ] 2. # snort [-i ] [-P ] [ ] 3. 43

5.2. BASE 5. SNORT # snort -r [ ] 4. # snort -c /etc/snort/snort.conf -b -s 5. snort # snort -D [-u user] [-g group] [-m umask] -c... 5.1 snort -v -d 16 ASCII -X -e Ethernet -i -r libcap -c -D -b libcap -s 5.2 BASE BASE(Basic Analysis and Security Engine) snort Web GUI BASE base adodb (http://172.16.32.10/ sakabe/) 1. base-1.4.5.tar.gz 2. adodb511.tgz 3. php-gd 4. php-pearp 5. php-mysql 5.2.1 BASE 44

5. SNORT 5.2. BASE # tar zxf base-1.4.5.tar.gz # mv base-1.4.4 /var/www/base # unzip adodb511.tgz # mv adodb51 /var/www/base/adodb # chown -R apache:apache /var/www/base # cp /var/www/base/base_conf.php.dist /var/www/base/base_conf.php 5.4 BASE 5.2.2 BASE BASE (/var/www/base/base conf.php) $BASE Language = japanese ; BASE URL $BASE urlpath = /base ; $DBlib path = /var/www/base/adodb ; $archive dbname = snort ; $alert dbname = snort ; $alert password = snort ; 5.2.3 BASE PHP PHP # yum -y install php-mysql # yum -y install php-gd php-pear # pear config-set http_proxy http://cache2.st1.hac.neec.ac.jp:8080/ config-set succeeded <- # pear upgrade PEAR-1.5.4 # pear upgrade PEAR-1.9.0 # pear channel-update pear.php.net # pear upgrade-all # pear install --alldeps Image_Graph-alpha ( ) install ok: channel://pear.php.net/image_canvas-0.3.2 install ok: channel://pear.php.net/numbers_roman-1.0.2 install ok: channel://pear.php.net/image_graph-0.7.2 5.5 PHP 45

5.2. BASE 5. SNORT 5.2.4 httpd BASE BASE httpd /etc/httpd/conf.d/base.conf 32: base.conf Alias /base /var/www/base <Directory "/var/www/base"> Order deny,allow Deny from all Allow from 127.0.0.1 Allow from 172.16.10.0/24 </Directory> 5.2.5 PHP PHP /etc/php.ini 33: php.ini error_reporting = E_ALL & ~E_NOTICE ; ;error_reporting = E_ALL ; 5.2.6 BASE MySQL Apache snort Web BASE(http:// localhost/base/) snort # service mysqld start # service httpd start # snort -Dd -c /etc/snort/snort.conf 5.6 5.7 5.7 BASE 46

5. SNORT 5.2. BASE - 5.8 Create BASE AG BASE 5.8 BASE - 5.9 Main page TCP UDP ICMP ( 5.10) 5.9 BASE 47

5.2. BASE 5. SNORT 5.10 BASE 5.11 BASE 48

5. SNORT 5.3. SNORTALOG 5.12 BASE 5.3 SnortALog BASE SnortALog HTML PDF 5.3.1 # export http_proxy=http://cache2.st1.hac.neec.ac.jp:8080/ # perl -MCPAN -e install GD::Graph # tar zxf snortalog_v2.4.2.tgz # cd snortalog # cp -r picts /var/www/html 5.13 5.3.2 snortalog snort /var/www/html/snort.html (EUC) http://localhost/snort.html 49

5.3. SNORTALOG 5. SNORT # cat /var/log/snort/alert./snortalog.pl -n 100 -report -o /var/www/html/snort.html -g png -l ja -pictsdir./picts/ 5.14 5.15 SnortALog 50

51 6 SNMP SNMP *1 Net-SNMP 6.1 SNMP CPU SNMP SNMP UDP SNMP SNMP MIB *2 MIB RFC MIB MIB SNMP MIB MIB SNMP 3 SNMP MIB OID(Object ID) 6.1 OID1.3.6.1.2.1.1 iso.org.dod.internet.mgmt.mib-2.system Net-SNMP MIB http://net-snmp.sourceforge.net/docs/mibs/ SNMP SNMPv1 IP SNMP SNMPv2c SNMPv3 v1 SNMP SNMP *1 Simple Network Managemento Protocol *2 Management Information Base

6.2. SNMP 6. SNMP 6.1 MIB 6.2 SNMP SNMP net-snmp yum $ su - # yum -y install net-snmp net-snmp-utils # mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.org 6.2 net-snmp 6.3 net-snmp net-snmp /etc/snmp/snmpd.conf 6.2 34 root 52

6. SNMP 6.4. 34: snmpd.conf # syslocation myserver # syscontact admin@example.com ## # SNMPv3 # mywriter # rwuser mywriter auth # myreader rouser myreader # SNMPv1/v2c # myprivate localhost rwcommunity myprivate localhost # mypublic 172.16.11.0/255.255.255.0 rocommunity mypublic 172.16.11.0/255.255.255.0 noauth auth priv 6.4 snmpd.conf SNMP # service snmpd start 6.3 SNMP SNMPv1 v2c myprivate OID1.3.6.1.2.1.1.4.0 snmpget OID # snmpget -c myprivate -v 1 localhost.1.3.6.1.2.1.1.4.0 SNMPv2-MIB::sysContact.0 = STRING: "admin@example.com" 6.4 OID1.3.6.1.2.1.1.4.0 snmpget OID snmpwalk SNMP 53

6.4. 6. SNMP 6.1 SNMP -a SNMPv3 MD5 SHA -A SNMPv3 -c SNMPv1 v2c -l SNMPv3 noauthnopriv authnopriv authpriv -x DES AES -X authpriv -v SNMP 1 2c 3 -O -On OID -Os snmpwalk OID 1.3.6.1.2.1.1(iso.org.dod.internet.mgmt.mib-2.system) SNMP 1 # snmpwalk -v 1 -c myprivate localhost.1.3.6.1.2.1.1 SNMPv2-MIB::sysDescr.0 = STRING: Linux fc6.localdomain.6.22.14-72.fc6 #1 SMP Wed Nov 21 15:12:59 EST 2007 i686 SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10 ( ) SNMPv2-MIB::sysORUpTime.7 = Timeticks: (2) 0:00:00.02 SNMPv2-MIB::sysORUpTime.8 = Timeticks: (2) 0:00:00.02 6.5 snmpwalk OID public # snmpwalk -v 1 -c public 172.16.11.201.1.3.6.1.2.1.1 SNMPv2-MIB::sysDescr.0 = STRING: EPSON Type-B 10Base-T/100Base-TX Print Server SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI:: enterprises.1248.1.1.2.1.3.5.69.73.80.69.54 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (292056116) 33 days, 19:16:01.16 SNMPv2-MIB::sysContact.0 = STRING: SNMPv2-MIB::sysName.0 = STRING: LP-9100-D6DDD9 SNMPv2-MIB::sysLocation.0 = STRING: SNMPv2-MIB::sysServices.0 = INTEGER: 72 54

6. SNMP 6.5. MIB 6.5 MIB MIB snmpset 6.2 MIB i u s x 16 d 10 n NULL o ID t a IP b 2 www.example.com 6.6 # snmpset -v 1 -c myprivate localhost.1.3.6.1.2.1.1.5.0 s www.example.com SNMPv2-MIB::sysName.0 = STRING: www.example.com 6.6 6.6 SNMPv3 mywriter myreader snmpd.conf 35 35: SNMPv3 createuser mywriter MD5 mypasswordforwriter DES myencpassforwrite createuser myreader MD5 mypasswordforread DES myencpassforread snmpd /var/net-snmp/snmpd.conf 6.7 SNMPv3 snmpget syscontact 6.7 55

6.8. OID 6. SNMP # snmpget -c myprivate -v 3 -l authnopriv -u mywriter -a MD5 -A mypasswordforwriter localhost.1.3.6.1.2.1.1.4.0 SNMPv2-MIB::sysContact.0 = STRING: admin@example.com 6.7 SNMPv3 6.8 OID SNMP MIB OID MIB RFC1213 *3 12 MIB-II MIB-II 6.3 6.3 MIB-II OID system interfaces at ip icmp tcp udp egp transmission snmp TCP/IP IP Ethernet MAC IP IP ICMP ICMP TCP ESTABLISHED LISTEN UDP LISTEN EGP Exterior Gateway Protocol SNMP SNMP OID MIB OID system.4 system 1.3.6.1.2.1.1 *3 http://tools.ietf.org/html/rfc1213 56

6. SNMP 6.9. # snmpget -c myprivate -v 1 localhost system.4.0 # snmpwalk -c myprivate -v 1 localhost system.4 6.8 OID 6.9 Net-SNMP MIB UCD-SNMP 6.10 ucdavis.4.xxx snmpget # snmpget -c myprivate -v 1 localhost memavailreal.0 UCD-SNMP-MIB::memAvailReal.0 = INTEGER: 4460 6.9 6.4 OID 57

6.11. 6. SNMP 6.4 OID memindex cdavis.4.1 0 memerrorname ucdavis.4.2 swap memtotalswap ucdavis.4.3 memavailswap ucdavis.4.4 memtotalreal ucdavis.4.5 memavailreal ucdavis.4.6 memtotalswaptxt ucdavis.4.7 memtotalrealtxt ucdavis.4.9 memtotalfree ucdavis.4.11 memminimumswap ucdavis.4.12 memavailswap memswaperror 1 memshared ucdavis.4.13 membuffer ucdavis.4.14 memcached ucdavis.4.15 memusedswaptxt ucdavis.4.16 memusedrealtxt ucdavis.4.17 memswaperror ucdavis.4.100 memavailswap memminimumswap 1 memswaperrmsg ucdavis.4.101 memswaperror 1 6.11 SNMP snmpd.conf httpd sendmail 36 36: httpd sendmail proc httpd proc sendmail snmpd.conf senmset # snmpset -c myprivate -v 1 localhost versionupdateconfig.0 i 1 6.10 snmpd.conf 58

6. SNMP 6.11. snmpd.conf proc 37: proc proc snmpwalk ( 6.11) prerrorflag 1 # snmpwalk -c myprivate -v 1 localhost prtable UCD-SNMP-MIB::prIndex.1 = INTEGER: 1 UCD-SNMP-MIB::prIndex.2 = INTEGER: 2 UCD-SNMP-MIB::prNames.1 = STRING: httpd UCD-SNMP-MIB::prNames.2 = STRING: senmail UCD-SNMP-MIB::prMin.1 = INTEGER: 0 UCD-SNMP-MIB::prMin.2 = INTEGER: 0 UCD-SNMP-MIB::prMax.1 = INTEGER: 0 UCD-SNMP-MIB::prMax.2 = INTEGER: 0 UCD-SNMP-MIB::prCount.1 = INTEGER: 9 UCD-SNMP-MIB::prCount.2 = INTEGER: 0 UCD-SNMP-MIB::prErrorFlag.1 = INTEGER: 0 UCD-SNMP-MIB::prErrorFlag.2 = INTEGER: 1 UCD-SNMP-MIB::prErrMessage.1 = STRING: UCD-SNMP-MIB::prErrMessage.2 = STRING: No senmail process running. UCD-SNMP-MIB::prErrFix.1 = INTEGER: 0 UCD-SNMP-MIB::prErrFix.2 = INTEGER: 0 UCD-SNMP-MIB::prErrFixCmd.1 = STRING: UCD-SNMP-MIB::prErrFixCmd.2 = STRING: 6.11 prtable 6.5 59

6.12. 6. SNMP 6.5 prtable OID Index ucdavis.2.1 Names ucdavis.2.2 proc Min ucdavis.2.3 prcount prerrorflag 1 Max ucdavis.2.4 prcount prerrorflag 1 Count ucdavis.2.5 ErrorFlag ucdavis.2.100 prmin < prcount prmax < prcount 1 ErrMessage ucdavis.2.101 prerrorflag 1 ErrFix ucdavis.2.102 1 prerrfixcmd ErrFixCmd ucdavis.2.103 prerrfix 1 procfix ( ) ext- Table(ucdavis.8) 6.12 dsktable(ucdavis.9) 38: disk [ ] [ ] 20% 39 39: disk / 20% 60

6. SNMP 6.12. [root@fc6 ~]# snmpset -c myprivate -v 1 localhost versionupdateconfig.0 i 1 UCD-SNMP-MIB::versionUpdateConfig.0 = INTEGER: 1 # snmpwalk -c myprivate -v 1 localhost dsktable UCD-SNMP-MIB::dskIndex.1 = INTEGER: 1 UCD-SNMP-MIB::dskPath.1 = STRING: / UCD-SNMP-MIB::dskDevice.1 = STRING: /dev/mapper/volgroup00-logvol00 UCD-SNMP-MIB::dskMinimum.1 = INTEGER: -1 UCD-SNMP-MIB::dskMinPercent.1 = INTEGER: 20 UCD-SNMP-MIB::dskTotal.1 = INTEGER: 14603080 UCD-SNMP-MIB::dskAvail.1 = INTEGER: 2789376 UCD-SNMP-MIB::dskUsed.1 = INTEGER: 11061768 UCD-SNMP-MIB::dskPercent.1 = INTEGER: 80 UCD-SNMP-MIB::dskPercentNode.1 = INTEGER: 12 UCD-SNMP-MIB::dskErrorFlag.1 = INTEGER: 1 UCD-SNMP-MIB::dskErrorMsg.1 = STRING: /: less than 20% free (= 80%) 6.12 dsktable 6.6 dsktable OID dskindex ucdavis.9.1 dskpath ucdavis.9.2 disk dskdevice ucdavis.9.3 dskminimum ucdavis.9.4 disk ( % ) dskminpercent ucdavis.9.5 disk ( % ) dsktotal ucdavis.9.6 ( ) dskavail ucdavis.9.7 ( ) dskused ucdavis.9.8 ( ) dskpercent ucdavis.9.9 dskpercentnode usdavis.9.10 i dskerrorflag usdavis.9.100 dskminimum dskminpercent 1 dskerrormsg ucdavis.9.101 dskerrorflag 1 61

6.13. 6. SNMP 6.13 latbale 40 load 40: load [1 ] [5 ] [15 ] 1 10 41: load 10 # snmpwalk -c myprivate -v 1 localhost latable UCD-SNMP-MIB::laIndex.1 = INTEGER: 1 UCD-SNMP-MIB::laIndex.2 = INTEGER: 2 UCD-SNMP-MIB::laIndex.3 = INTEGER: 3 UCD-SNMP-MIB::laNames.1 = STRING: Load-1 UCD-SNMP-MIB::laNames.2 = STRING: Load-5 UCD-SNMP-MIB::laNames.3 = STRING: Load-15 UCD-SNMP-MIB::laLoad.1 = STRING: 0.01 UCD-SNMP-MIB::laLoad.2 = STRING: 0.03 UCD-SNMP-MIB::laLoad.3 = STRING: 0.00 UCD-SNMP-MIB::laConfig.1 = STRING: 10.00 UCD-SNMP-MIB::laConfig.2 = STRING: 10.00 UCD-SNMP-MIB::laConfig.3 = STRING: 10.00 UCD-SNMP-MIB::laLoadInt.1 = INTEGER: 1 UCD-SNMP-MIB::laLoadInt.2 = INTEGER: 2 UCD-SNMP-MIB::laLoadInt.3 = INTEGER: 0 UCD-SNMP-MIB::laLoadFloat.1 = Opaque: Float: 0.010000 UCD-SNMP-MIB::laLoadFloat.2 = Opaque: Float: 0.030000 UCD-SNMP-MIB::laLoadFloat.3 = Opaque: Float: 0.000000 UCD-SNMP-MIB::laErrorFlag.1 = INTEGER: 0 UCD-SNMP-MIB::laErrorFlag.2 = INTEGER: 0 UCD-SNMP-MIB::laErrorFlag.3 = INTEGER: 0 UCD-SNMP-MIB::laErrMessage.1 = STRING: UCD-SNMP-MIB::laErrMessage.2 = STRING: UCD-SNMP-MIB::laErrMessage.3 = STRING: 6.13 62

6. SNMP 6.14. latable 6.7 latable OID laindex.n ucdavis.10.1.n lanames.n ucdavis.10.2.n Load-1 Load-5 Load-15 laload.n ucdavis.10.3.n ( ) laconfig.n ucdavis.10.4.n load laload laerrorflag 1 laloadint.n ucdavis.10.5.n 100 laloadfloat.n ucdavis.10.6.n laerrorflag.n ucdavis.100.n laconfig 1 laerrmessage.n ucdavis.101.n laerrorflag 1 6.14 file 42: file file [ ] [ ] /var/log/messages 10MB 43: file file /var/log/messages 102400 6.8 filetable OID fileindex ucdavis.15.1 filename ucdavis.15.2 file filesize ucdavis.15.3 ( ) filemax ucdavis.15.4 ( ) fileerrorflag 1 fileerrorflag ucdavis.15.100 filesize filemax 1 fileerrormsg ucdavis.15.101 fileerrorflag 1 63

6.15. 6. SNMP 6.15 MRTG RRDTool RRDTool SNMP RRDTool cacti 6.16 RRDTool RRDTool RRD Round Robin Database RRD RRDTool SNMP SNMP snmpget RRD 6.17 RRDTool Cacti RRDTool Cacti yum cacti MySQL # yum -y install rrdtool cacti # mysqladmin -u root -p create cacti # mysql -u root -p cacti < /var/www/cacti.sql # mysql -u root -p mysql mysql>grant all privileges on cacti.* to cactiuser@localhost identified by cacti ; mysql>exit; # vim /var/www/cacti/include/config.php $database_password = "cacti" # crontab -e */5 * * * * /usr/bin/php /var/www/cacti/poller.php > /dev/null 2>&1 6.14 RRDTool Cacti 6.18 http://localhost/cacti/ 64

6. SNMP 6.19. 6.15 Cacti 1 6.18 Cacti 6.16 Cacti 2 6.19 6.17 Cacti 3 6.20 6.19 1. Net-SNMP 65

6.19. 6. SNMP 2. snmpwalk OID 3. SNMPv3 4. SNMP RFC1213 OID 5. SNMP public 6. Smaba DHCP X 66

67 7 MRTG SNMP MRTG 7.1 SNMP SNMP snmpd # mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.1 # vim /etc/snmp/snmpd.conf # service snmpd start 7.1 10.211.55.0 44: /etc/snmp/snmpd.conf com2sec local localhost private com2sec mynetwork 10.211.55.0/24 public group MyROGroup v1 mynetwork group MyROGroup v2c mynetwork view all included.1 80 access MyROGroup "" any noauth exact all none none access MyROGroup "" any noauth exact all all none proc httpd disk / 10000 load 12 14 14

7.2. MRTG 7. MRTG 7.2 MRTG MRTG yum # yum -y install mrtg # vim /etc/mrgt/mrtg.cfg 7.2 MRTG 10.211.55.4 Linux IP 45: /etc/mrtg/mrtg.cfg # for UNIX WorkDir: /var/www/mrtg ### Global Defaults # to get bits instead of bytes and graphs growing to the right # Options[_]: growright, bits Options[_]: growright, noinfo EnableIPv6: no Refresh: 300 Language:eucjp ###################################################################### # System: # Description: # Contact: # Location: ###################################################################### Target[eth0]: \eth0:public@10.211.55.4: SetEnv[eth0]: MRTG_INT_IP="10.211.55.4" MRTG_INT_DESCR="eth0" MaxBytes[eth0]: 12500000 Title[eth0]: eth0 PageTop[eth0]: <h1>eth0 </h1> ### CPU Load Average ### Target[cpu]:.1.3.6.1.4.1.2021.10.1.5.1&.1.3.6.1.4.1.2021.10.1.5.2:public@10.211.55.4 MaxBytes[cpu]: 100 Unscaled[cpu]: dwmy Options[cpu]: gauge, absolute, growright, noinfo, nopercent YLegend[cpu]: CPU Load(%) ShortLegend[cpu]: (%) LegendI[cpu]: 1 68

7. MRTG 7.2. MRTG LegendO[cpu]: 5 Legend1[cpu]: 1 (%) Legend2[cpu]: 5 (%) Title[cpu]: CPU PageTop[cpu]: <h1>cpu </h1> ### Memory Free #### Target[mem]:.1.3.6.1.4.1.2021.4.6.0&.1.3.6.1.4.1.2021.4.4.0:public@10.211.55.4 MaxBytes1[mem]: 1035060 MaxBytes2[mem]: 2097144 Unscaled[mem]: dwmy Options[mem]: gauge, absolute, growright, noinfo YLegend[mem]: Mem Free(Bytes) ShortLegend[mem]: Bytes kilo[mem]: 1024 kmg[mem]: k,m,g,t,p LegendI[mem]: Real LegendO[mem]: Swap Legend1[mem]: [MBytes] Legend2[mem]: [MBytes] Title[mem]: PageTop[mem]: <H1> </H1> ### Disk Used #### Target[disk]:.1.3.6.1.4.1.2021.9.1.9.1&.1.3.6.1.4.1.2021.9.1.9.1:public@10.211.55.4 MaxBytes[disk]: 100 Unscaled[disk]: dwmy Options[disk]: gauge, absolute, growright, nopercent, noinfo YLegend[disk]: Disk Used(%) ShortLegend[disk]: (%) LegendI[disk]: / Disk used LegendO[disk]: / Disk Used Legend1[disk]: / Disk used Legend2[disk]: / Disk used Title[disk]: PageTop[disk]: <H1> </H1> EUC # cp /etc/mrtg/mrtg.cfg /etc/mrtg/mrtg.cfg.org # nkf -e /etc/mrtg/mrtg.cfg.org > /etc/mrtg/mrtg.cfg 7.3 MRTG mrtg.sh 46: mrtg.sh #!/bin/bash LOCK=/var/lock/mrtg/mrtg_l 69

7.2. MRTG 7. MRTG CONFCACHE=/var/lib/mrtg/mrtg.ok export LANG=ja_JP.eucJP mrtg /etc/mrtg/mrtg.cfg --lock-file $LOCK --confcache-file $CONFCACHE MRTG MRTG 3 /etc/httpd/conf.d/mrtg.conf Allow from 172.16.11 MRTG # indexmaker --columns=1 \ --addhead="<meta HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; \ charset=euc-jp\">" /etc/mrtg/mrtg.cfg > \ /var/www/mrtg/index.html MRTG http://localhost/mrtg/ 70

71 8 GNUPG GnuPG 8.1 GnuPG GnuPG(Gnu Private Gurad) 2 GnuPG gpg 8.2 8.2.1 c ASCII a $ gpg -c $ gpg -c -a 8.1 c a gpg asc 8.2.2 decrypt

8.3. 8. GNUPG $ gpg $ gpg --decrypt 8.2 8.3 8.3.1 gen-key $ gpg --gen-key : (1) DSA Elgamal ( ) (2) DSA ( ) (5) RSA ( )? < Enter 8.3 1024 DSA keypair will have 1024 bits. ELG-E keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) < Enter 2048 8.4 72

8. GNUPG 8.3. <n> 0 = = n <n>w = n <n>m = n <n>y = n? (0) < Enter Key does not expire at all? (y/n) y < y Enter 8.5 ID ID : "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>" : Kazuhisa Sakabe < : k-sakabe@ca2.so-net.ne.jp < : My Key. < ID : Kazuhisa Sakabe (My Key.) <k-sakabe@ca2.so-net.ne.jp> (N) (C) (E) OK(O) (Q)? o < o 8.6 73

8.3. 8. GNUPG <- ++++++++++++++++++ ++++++++++.+++++++ gpg: /home/sakabe/.gnupg/trustdb.gpg: gpg: 981365BF gpg: gpg: 3 1 PGP gpg: : 0 : 1 : 0 : 0-, 0q, 0n, 0m, 0f, 1u pub 1024D/981365BF 2010-09-06 = 0EC1 73F0 6BDB C8AD D50A 6747 DCFE 8500 9813 65BF uid Kazuhisa Sakabe (My Key.) <k-sakabe@ca2.so-net.ne.jp> sub 2048g/78C7203B 2010-09-06 8.7 2 /.gnupg 8.3.2 list-secret-keys list-public-keys (pub) (sec) ID ID $ gpg --list-secret-keys /home/sakabe/.gnupg/secring.gpg ------------------------------- sec 1024D/981365BF 2010-09-06 uid Kazuhisa Sakabe (My Key.) <k-sakabe@ca2.so-net.ne.jp> ssb 2048g/78C7203B 2010-09-06 8.8 74

8. GNUPG 8.3. $ gpg --list-public-keys /home/sakabe/.gnupg/pubring.gpg ------------------------------- pub 1024D/981365BF 2010-09-06 uid Kazuhisa Sakabe (My Key.) <k-sakabe@ca2.so-net.ne.jp> sub 2048g/78C7203B 2010-09-06 8.9 8.3.3 export $ gpg -a --export ID > 8.10 8.3.4 import $ gpg --import 8.11 8.12 75

8.3. 8. GNUPG $ gpg --list-public-keys /home/sakabe/.gnupg/pubring.gpg ------------------------------- pub 1024D/981365BF 2010-09-06 uid Kazuhisa Sakabe (My Key.) <k-sakabe@ca2.so-net.ne.jp> sub 2048g/78C7203B 2010-09-06 pub 1024D/EA079F13 2010-09-06 uid Nobita Nobi (test) sub 2048g/CE26C2E7 2010-09-06 8.12 8.3.5 1. 2. 3. e r a $ gpg -e -r ID $ gpg -e -r ID -a 8.13 8.3.6 clearsign 76

8. GNUPG 8.4. $ gpg --clearsign $ cat test1.txt.asc -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) id8dbqfmhqjx3p6fajgtzb8rai3kakcgehxjr56puh2zpjbc+bvg4roizacel5wb oxuuifbxpbgpvshrqopno08= =mres -----END PGP SIGNATURE----- 8.4 77

79 9 iptables 9.1 LAN Linux LAN Windows PC LAN 9.2 VirtualBox VirtualBox LAN 1. VirtualBox 2. 2 3. I-O DATA Linux 9.3 Linux Linux 2 LAN IP DHCP root eth1 IP # ifconfig eth1 192.168.1.254/24 # echo "1" > /proc/sys/net/ipv4/ip_forward 9.1 Linux

9.4. WINDOWS 9. IPTABLES 9.4 Windows Windows $ route add 192.168.1.0 mask 255.255.255.0 172.16.11.xx 9.2 OS 9.5 LAN 2 OS OS ping 9.6 1 A 172.16.11.0/24 B 192.168.1.0/24 Web 172.16.11.190 A B 192.168.1.100 80