Sophie

Sophie

distrib > Mandriva > 2008.1 > x86_64 > media > main-release > by-pkgid > 17a4b2c1b6ee695e469f771cfdbee1d0 > files > 1310

howto-html-ja-10.1-4mdv2008.1.noarch.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
 <TITLE>Linux Security HOWTO: $B%+!<%M%k$N%;%-%e%j%F%#(B</TITLE>
 <LINK HREF="Security-HOWTO-7.html" REL=next>
 <LINK HREF="Security-HOWTO-5.html" REL=previous>
 <LINK HREF="Security-HOWTO.html#toc6" REL=contents>
</HEAD>
<BODY>
<A HREF="Security-HOWTO-7.html">$B<!$N%Z!<%8(B</A>
<A HREF="Security-HOWTO-5.html">$BA0$N%Z!<%8(B</A>
<A HREF="Security-HOWTO.html#toc6">$BL\<!$X(B</A>
<HR>
<H2><A NAME="kernel-security"></A> <A NAME="s6">6. $B%+!<%M%k$N%;%-%e%j%F%#(B</A></H2>

<P>$B$3$3$G$O%;%-%e%j%F%#$K4XO"$9$k%+!<%M%k@_Dj%*%W%7%g%s$N@bL@$H(B,
$B$=$l$i$NF0:n$d;H$$J}$K4X$9$k@bL@$r9T$$$^$9(B.
<P>$B%+!<%M%k$O%3%s%T%e!<%?$N%M%C%H%o!<%/$r@)8f$9$k$N$G(B, $B%+!<%M%k$r$3$N>e$J(B
$B$/0BA4$K$7$F$*$/$3$H$H(B, $B%+!<%M%k$=$N$b$N$,GK$i$l$J$$$h$&$K$9$k$3$H$O=E(B
$BMW$G$9(B. $B:G6a=P8=$7$?%M%C%H%o!<%/967b$N$$$/$D$+$rKI$0$?$a$K(B, $B%+!<%M%k$N(B
$B%P!<%8%g%s$O:G?7$KJ]$D$h$&$K$9$Y$-$G$9(B. $B?7$7$$%+!<%M%k$O(B 
<A HREF="ftp://ftp.kernel.org">ftp://ftp.kernel.org</A> $B$^$?$O$*;H$$$N%G%#%9%H%j%S%e!<%7%g%s(B
$B$N%Y%s%@$+$iF~<j$G$-$^$9(B. 
<P>$BK\2H$N(B Linux $B%+!<%M%kMQ$K$R$H$D$KE}9g$5$l$?(B
$B0E9f2=%Q%C%A$rDs6!$7$F$$$k9q:]E*$J%0%k!<%W$b$"$j$^$9(B.
$B$3$N%Q%C%A$O(B, $B3F<o0E9f%5%V%7%9%F%`$dM"=P@)8B$N$?$a$KK\2H$N%+!<%M%k$K(B
$B4^$^$l$F$$$J$$5!G=$rDs6!$7$^$9(B. $B>\$7$$>pJs$K$D$$$F$O(B
$B%0%k!<%W$N(B WWW $B%Z!<%8(B 
<A HREF="http://www.kerneli.org">http://www.kerneli.org</A> $B$r$4Mw$/$@$5$$(B.
<P>
<H2><A NAME="ss6.1">6.1 $B%P!<%8%g%s(B 2.0 $B$N%+!<%M%k$N%3%s%Q%$%k%*%W%7%g%s(B</A>
</H2>

<P>2.0.x $B%+!<%M%k$G$O0J2<$N%*%W%7%g%s$,3:Ev$7$^$9(B.
$B%+!<%M%k$r@_Dj$9$k:]$K$3$l$i$N%*%W%7%g%s$r3NG'$9$k$3$H$K$J$k$G$7$g$&(B.
$B$3$3$K5s$2$?%3%a%s%H$NB?$/$O(B
<CODE>./linux/Documentation/Configure.help</CODE> $B$+$i<h$C$F$$$^$9(B.
$B$3$N%3%a%s%H$O(B, $B%+!<%M%k$N%3%s%Q%$%k;~$K(B<CODE>make config</CODE> $B$N(B
Help $B5!G=$G;2>H$G$-$k%I%-%e%a%s%H$HF1$8$b$N$G$9(B. 
<P>
<UL>
<LI>Network Firewalls
(CONFIG_FIREWALL)
<P>$B$3$N%*%W%7%g%s$O(B Linux $B%^%7%s$G%U%!%$%"%&%)!<%k$r9=C[$9$k:]$d(B
IP $B%^%9%+%l!<%I$r9T$&:]$KM-8z$K$9$Y$-$G$9(B.
$BC1$KIaDL$N%/%i%$%"%s%H%^%7%s$K$9$k$D$b$j$J$i$P(B no $B$H@_Dj$9$k$N$,0BA4$G$7$g$&(B.
<P>
</LI>
<LI>IP: forwarding/gatewaying
(CONFIG_IP_FORWARD)
<P>IP forwarding $B$rM-8z$K$9$k$H(B, Linux $B%^%7%s$OK\<AE*$K%k!<%?$K$J$j$^$9(B.
$B$3$N%^%7%s$,%M%C%H%o!<%/$K7R$,$C$F$$$k$H(B,
$B$"$k%M%C%H%o!<%/$+$iJL$N%M%C%H%o!<%/$K%G!<%?$rE>Aw$7$F$$$k$+$b$7$l$:(B,
$B$3$l$r5/$5$J$$$?$a$K@_CV$5$l$F$$$kKI2PJI$r$?$V$s2u$7$F$$$^$9(B.
$BDL>o$N%@%$%"%k%"%C%W%f!<%6$O$3$l$rL58z$K$7$?$$$H;W$&$G$7$g$&$7(B,
$BB>$N%f!<%6$O$3$l$r9T$&$3$H$N%;%-%e%j%F%#E*$J0UL#$rNI$/9M$($k$Y$-$G$9(B.
$BKI2PJI$N%^%7%s$O$3$l$rM-8z$K$7(B,
$BKI2PJI$N%=%U%H%&%'%"$HAH$_9g$o$;$F;H$*$&$H9M$($k$G$7$g$&(B.
<P>IP forwarding $B$O0J2<$N%3%^%s%I$GF0E*$KM-8z$K$9$k$3$H$,$G$-$^$9(B:
<P>
<BLOCKQUOTE><CODE>
<PRE>
        root#  echo 1 > /proc/sys/net/ipv4/ip_forward
</PRE>
</CODE></BLOCKQUOTE>

$B$^$?<!$N%3%^%s%I$GL58z$K$9$k$3$H$,$G$-$^$9(B:
<BLOCKQUOTE><CODE>
<PRE>
        root#  echo 0 > /proc/sys/net/ipv4/ip_forward
</PRE>
</CODE></BLOCKQUOTE>

/proc $B$K$"$k%U%!%$%k$O!V2>A[E*!W$J%U%!%$%k$G$"$j(B,
$BI=<($5$l$k%U%!%$%k$NBg$-$5$O(B,
$B$=$3$+$i=P$F$/$k%G!<%?$NNL$rH?1G$7$F$$$J$$$3$H$O3P$($F$*$$$F$/$@$5$$(B.
<P>
</LI>
<LI>IP: syn cookies
(CONFIG_SYN_COOKIES)
<P>$B!V(BSYN $B967b!W$O%5!<%S%9K832(B(DoS)$B967b$N$R$H$D$G$9(B.
$B%^%7%s$N%j%=!<%9$rA4$F6t$$DY$7$F$7$^$$(B, $B%j%V!<%H$9$k$O$a$KDI$$9~$_$^$9(B.
$B$3$N%*%W%7%g%s$rM-8z$K$7$F$*$+$J$$M}M3$OIaDL$O9M$($i$l$^$;$s(B.
2.2.x $B7O$N%+!<%M%k$G$O(B,
$B$3$N@_Dj%*%W%7%g%s$OC1$K(B syn cookie $B$r5v2D$9$k$@$1$G(B, $BM-8z$K$O$7$^$;$s(B.
$B$3$l$rM-8z$K$9$k$K$O0J2<$N%3%^%s%I$r<B9T$9$kI,MW$,$"$j$^$9(B:
<P>
<BLOCKQUOTE><CODE>
<PRE>
                root# echo 1 > /proc/sys/net/ipv4/tcp_syncookies &lt;P>
</PRE>
</CODE></BLOCKQUOTE>
<P>
</LI>
<LI>IP: Firewalling
(CONFIG_IP_FIREWALL)
<P>$B$3$N%*%W%7%g%s$,I,MW$K$J$k$N$O(B, $B%^%7%s$rKI2PJI$H$7$F@_Dj$9$k;~$d(B,
IP $B%^%9%+%l!<%I$r9T$&;~$K(B PPP $B$N%@%$%"%k%"%C%W%$%s%?%U%'!<%97PM3$G(B
$B2?<T$+$,%@%$%"%k%"%C%W%^%7%s$KF~$C$F$/$k$N$rKI$.$?$$;~$G$9(B. 
<P>
<P>
</LI>
<LI>IP: firewall packet logging
(CONFIG_IP_FIREWALL_VERBOSE)
<P>$B$3$N%*%W%7%g%s$r;H$&$H(B, $BAw?.<T(B, $B<u?.<T(B,
$B%]!<%HEy$NKI2PJI$,<u$1<h$C$?%Q%1%C%H$K4X$9$k>pJs$,5-O?$5$l$^$9(B.
<P>
</LI>
<LI>IP: Drop source routed frames
(CONFIG_IP_NOSR)
<P>$B$3$N%*%W%7%g%s$OM-8z$K$9$Y$-$G$9(B. $B;OE@$G7PO)@_Dj$5$l$?%U%l!<%`(B
(source routed frames) $B$O(B,
$B=*E@$^$G$NA4BN$N%Q%9$r%Q%1%C%HFb$K;}$C$F$$$^$9(B.
$B$D$^$j(B, $B%Q%1%C%H$,DL$k%k!<%?$O%Q%1%C%H$r8!::$9$kI,MW$,$J$/(B,
$BC1$KE>Aw$9$l$P$h$$$H$$$&$3$H$G$9(B.
$B$3$l$O4m81$G$"$k$+$b$7$l$J$$%G!<%?$r%7%9%F%`$KF~$l$k2DG=@-$r;}$A$^$9(B.
<P>
</LI>
<LI>IP: masquerading
(CONFIG_IP_MASQUERADE)
<P>Linux $B%^%7%s$,KI2PJI$H$7$FF0:n$7$F$$$k>l9g(B,
$B$=$N%m!<%+%k%M%C%H%o!<%/$N%3%s%T%e!<%?$N$R$H$D$,30It$K@\B3$7$h$&$H$9$k$H(B,
Linux $B%^%7%s$O$=$N%[%9%H$N!V2>LL$rHo$k!W$3$H$,$G$-$^$9(B.
$B$D$^$j(B, Linux $B%^%7%s$O%m!<%+%k%M%C%H%o!<%/Fb$N%^%7%s$,A[Dj$7$F$$$k(B
$B=*E@%"%I%l%9$X%H%i%U%#%C%/$rE>Aw$7$^$9$,(B,
$B$3$N%H%i%U%#%C%/$,KI2PJI$N%^%7%s$+$iMh$?$h$&$K8+$;$+$1$^$9(B.
$B>\$7$$>pJs$K$D$$$F$O(B 
<A HREF="http://www.indyramp.com/masq">http://www.indyramp.com/masq</A> $B$r$4Mw$/$@$5$$(B. 
<P>
</LI>
<LI>IP: ICMP masquerading
(CONFIG_IP_MASQUERADE_ICMP)
<P>$BA0$N%*%W%7%g%s$O(B TCP $B%H%i%U%#%C%/$H(B
UDP $B%H%i%U%#%C%/$N%^%9%+%l!<%G%#%s%0$7$+9T$$$^$;$s$,(B,
$B$3$N%*%W%7%g%s$O(B ICMP $B$N%^%9%+%l!<%G%#%s%0$b9T$&$h$&$K$7$^$9(B.
<P>
</LI>
<LI>IP: transparent proxy support
(CONFIG_IP_TRANSPARENT_PROXY)
<P>$B$3$N%*%W%7%g%s$O(B, Linux $B%^%7%s$NKI2PJI$NF)2aE*%j%@%$%l%/%H5!G=$rM-8z$K$7$^$9(B.
$B$D$^$j(B, $B%m!<%+%k%M%C%H%o!<%/$,;OE@$G$"$j(B,
$B$+$D=*E@$,%j%b!<%H%[%9%H$G$"$k$h$&$JG$0U$N%M%C%H%o!<%/%H%i%U%#%C%/$,(B
$B%m!<%+%k$N%5!<%P(B ($B$$$o$f$k!VF)2aE*%W%m%-%7%5!<%P!W(B) $B$K%j%@%$%l%/%H$5$l$^$9(B.
$B$3$l$K$h$j(B, $B%m!<%+%k$N%3%s%T%e!<%?$K%j%b!<%HB&$HDL?.$7$F$$$k$H;W$o$;$J$,$i(B,
$B<B:]$K$O%m!<%+%k$N%W%m%-%7$H@\B3$7$?>uBV$K$7$^$9(B. $B>\$7$/$O(B
IP-Masquerading HOWTO $B$H(B 
<A HREF="http://www.indyramp.com/masq">http://www.indyramp.com/masq</A> $B$r$4Mw$/$@$5$$(B. 
<P>
</LI>
<LI>IP: always defragment
(CONFIG_IP_ALWAYS_DEFRAG)
<P>$BIaDL$O$3$N%*%W%7%g%s$OL58z$K$J$C$F$$$^$9$,(B,
$BKI2PJI$d(B IP $B%^%9%+%l!<%I$r9T$&%[%9%H$r9=C[$9$k>l9g$K$O(B,
$B$3$N%*%W%7%g%s$rM-8z$K$7$?$/$J$k$O$:$G$9(B.
$B$"$k%[%9%H$+$iJL$N%[%9%H$^$G%G!<%?$,Aw$i$l$k;~(B,
$B%G!<%?$OI,$:$7$bC1FH$N%G!<%?%Q%1%C%H$@$1$GAw$i$l$k$o$1$G$O$J$/(B,
$BJ#?t8D$N%Q%1%C%H$KJ,3d$5$l$^$9(B. $B$3$N$d$jJ}$NLdBjE@$O(B,
$B%]!<%HHV9f$O:G=i$N%Q%1%C%H$K$7$+3JG<$5$l$F$$$J$$$3$H$G$9(B.
$B$D$^$j(B, $B2?<T$+$,F~$C$F$$$J$$$O$:$N>pJs$r(B
$B$=$N@\B3$N;D$j$N%Q%1%C%H$KF~$l$k$3$H$,2DG=$J$N$G$9(B.
$B$3$N%*%W%7%g%s$O(B, teardrop $B967b$KBP$9$k%Q%C%A$rEv$F$F$$$J$$FbIt%[%9%H$KBP$9$k(B
teardrop $B967b$bKI$0$3$H$,$G$-$k$O$:$G$9(B. 
<P>
</LI>
<LI>Packet Signatures
(CONFIG_NCPFS_PACKET_SIGNING)
<P>$B$3$N%*%W%7%g%s$O(B 2.2.x $B7ONs$N%+!<%M%k$GMxMQ2DG=$J%*%W%7%g%s$G(B,
$B%;%-%e%j%F%#$r6/8G$K$9$k$?$a$K(B NCP $B%Q%1%C%H$K=pL>$r$9$k$h$&$K$7$^$9(B.
$BDL>o$OL58z$K$7$F$*$$$F9=$$$^$;$s$,(B, $BI,MW$J$i$P$I$&$>(B.
<P>
</LI>
<LI>IP: Firewall packet netlink device
(CONFIG_IP_FIREWALL_NETLINK)
<P>$B$3$l$O<B$KJXMx$J%*%W%7%g%s$G(B, $B%f!<%66u4V%W%m%0%i%`$N%Q%1%C%H$N@hF,$N(B
128 $B%P%$%H$r2r@O$7(B,
$B@5Ev$5$K4p$E$$$F$=$N%Q%1%C%H$r5v$9$+5qH]$9$k$+$r7h$a$k$h$&$K$G$-$^$9(B. 
</LI>
</UL>
<P>
<H2><A NAME="ss6.2">6.2 $B%P!<%8%g%s(B 2.2 $B$N%+!<%M%k$N%3%s%Q%$%k%*%W%7%g%s(B</A>
</H2>

<P>2.2.x $B%+!<%M%k$G$bB?$/$N%*%W%7%g%s$OF1$8$G$9$,(B,
$B?7$7$$%*%W%7%g%s$b$$$/$D$+3+H/$5$l$F$$$^$9(B. $B$3$3$K5s$2$?%3%a%s%H$NB?$/$O(B
<CODE>./linux/Documentation/Configure.help</CODE> $B$+$i<h$C$F$$$^$9(B.
$B$3$N%3%a%s%H$O(B, $B%+!<%M%k$N%3%s%Q%$%k;~$K(B <CODE>make config</CODE> $B$N(B
Help $B5!G=$G;2>H$G$-$k%I%-%e%a%s%H$HF1$8$b$N$G$9(B.
$B0J2<$G$O?7$7$/DI2C$5$l$?%*%W%7%g%s$@$1$r<($7$^$9(B.
$BI,MW$JB>$N%*%W%7%g%s$K$D$$$F$O(B, 2.0 $BMQ$N@bL@$r;2>H$7$F$/$@$5$$(B.
2.2 $B%+!<%M%k$K$*$1$k:GBg$NJQ99E@$O(B, IP firewalling $B$N%3!<%I$G$9(B.
2.2 $B%+!<%M%k$+$i$O(B, IP firewalling $B$r9T$&$K$O(B,
<CODE>ipchains</CODE> $B$r;H$&$h$&$K$J$j$^$7$?(B.
2.0 $B%+!<%M%k$G;H$o$l$F$$$?(B <CODE>ipfwadm</CODE> $B$O;H$$$^$;$s(B.
<P>
<UL>
<LI>Socket Filtering
(CONFIG_FILTER)
<P>$BBgDq$N?M$K$H$C$F$O(B, $B$3$N%*%W%7%g%s$K(B no $B$r@_Dj$7$F$*$/$N$,0BA4$G$9(B.
$B$3$N%*%W%7%g%s$r;H$&$H(B, $B%f!<%66u4V$N%U%#%k%?$rG$0U$N%=%1%C%H$K@\B3$7$F(B,
$B%Q%1%C%H$r<u$1<h$k$+5qH]$9$k$+$r7h$a$k$3$H$,$G$-$^$9(B.
$B$I$&$7$F$bI,MW(B, $B$+$D%U%#%k%?$N$h$&$J%W%m%0%i%`$rAH$a$J$$$N$J$i(B,
$B$3$N%*%W%7%g%s$K$O(B no $B$r@_Dj$9$Y$-$G$9(B. $BK\(B HOWTO $B$N<9I.;~E@$G$O(B,
TCP $B$r=|$/A4$F$N%W%m%H%3%k$,%5%]!<%H$5$l$F$$$^$9(B. 
<P>
</LI>
<LI>Port Forwarding
$B%]!<%HE>Aw(B (Port Forwarding) $B$O(B IP $B%^%9%+%l!<%I$X$NDI2C5!G=$G$"$j(B,
$B;XDj$5$l$?%]!<%H$K$*$1$k0lIt$N%Q%1%C%H$K$D$$$F(B,
$BKI2PJI$N30It$+$iFbIt$X$NE>Aw$r5v2D$7$^$9(B.
$B$3$N%*%W%7%g%s$,LrN)$D$N$O(B, $BNc$($P(B WWW $B%5!<%P$rKI2PJI$NCf$d(B
IP $B%^%9%+%l!<%I$r9T$&%[%9%H$N8e$m$G<B9T$7(B,
$B$3$l$r30$N@$3&$+$i%"%/%;%9$G$-$k$h$&$K$7$?$$>l9g$G$9(B.
$B30It$N%/%i%$%"%s%H$,KI2PJI$N(B 80 $BHV%]!<%H$K%j%/%(%9%H$rAw$k$H(B,
$BKI2PJI$O$3$N%j%/%(%9%H$r(B WWW $B%5!<%P$KE>Aw$7$^$9(B.
WWW $B%5!<%P$O%j%/%(%9%H$r=hM}$7(B,
$B$=$N7k2L$rKI2PJI7PM3$G85$N%/%i%$%"%s%H$KAw$j$^$9(B.
$B%/%i%$%"%s%H$K$H$C$F$O(B, $BKI2PJI$N%^%7%s$G(B WWW $B%5!<%P$,F0$$$F$$$k$h$&$K8+$($^$9(B.
$B$3$N5!G=$O(B, $BKI2PJI$N8e$m$KA4$/F1$89=@.$N(B WWW $B%5!<%P$,J#?t$"$k>l9g$K(B
$BIi2YD4@0(B (load balancing) $B$r9T$&$?$a$K$b;H$($^$9(B.

$B$3$N5!G=$K4X$9$k>pJs$O(B 
http://www.monmouth.demon.co.uk/ipsubs/portforwarding.html $B$K$"$j$^$9(B
(WWW $B$r8+$k$K$O(B, $B%$%s%?!<%M%C%H$K@\B3$7$F$*$j(B, $B$+$D(B lynx $B$d(B Netscape 
$B$N$h$&$J%W%m%0%i%`$,;H$($k%^%7%s$,I,MW$G$9(B). $B0lHLE*$J>pJs$K$D$$$F$O(B 
ftp://ftp.compsoc.net/users/steve/ipportfw/linux21/ $B$r$4Mw$/$@$5$$(B. 
<P>
</LI>
<LI>Socket Filtering
(CONFIG_FILTER)
$B$3$N%*%W%7%g%s$r;H$&$H(B,
$B%f!<%66u4V%W%m%0%i%`$OG$0U$N%=%1%C%H$K%U%#%k%?$rIU$1$k$3$H$,$G$-(B,
$BFCDj$N<oN`$N%G!<%?$r%=%1%C%H7PM3$G<hF@$9$k:]$K5v2D$9$k$+5qH]$9$k$+$r(B
$B%+!<%M%k$K;X<($9$k$3$H$,$G$-$^$9(B.
Linux $B$N%=%1%C%H%U%#%k%?%j%s%0$O(B,
$B8=:_(B TCP $B$r=|$/A4$F$N<oN`$N%=%1%C%H$GF0:n$7$^$9(B.
$B>\$7$/$O%F%-%9%H%U%!%$%k(B <CODE>./linux/Documentation/networking/filter.txt</CODE>
$B$r$4Mw$/$@$5$$(B.

$BLuCm(B: $B%+!<%M%k$N%=!<%9$K4^$^$l$F$$$k%F%-%9%H%U%!%$%k$N$3$H$G$9(B.
<P>
</LI>
<LI>IP: Masquerading
$B%+!<%M%k(B 2.2 $B$N(B IP $B%^%9%+%l!<%I$O2~NI$5$l$F$$$^$9(B.
$BFC<l$J%W%m%H%3%k$N%^%9%+%l!<%G%#%s%0Ey$N%5%]!<%H$,DI2C$5$l$F$$$^$9(B.
$B>\$7$/$O(B IP Chains HOWTO $B$r$4Mw$/$@$5$$(B. </LI>
</UL>
<P>
<H2><A NAME="ss6.3">6.3 $B%+!<%M%k%G%P%$%9(B</A>
</H2>

<P>Linux $B$K$O(B, $B%;%-%e%j%F%#$N8~>e$K$b;H$($k%V%m%C%/%G%P%$%9$d(B
$B%-%c%i%/%?%G%P%$%9$,$$$/$D$+$"$j$^$9(B. 
<P><CODE>/dev/random</CODE> $B$H(B <CODE>/dev/urandom</CODE> $B$H$$$&(B,
$B$$$D$G$b%i%s%@%`$J%G!<%?$r<h$j=P$;$k(B
2 $B$D$N%G%P%$%9$,%+!<%M%k$KMQ0U$5$l$F$$$^$9(B.
<P>
<P><CODE>/dev/random</CODE> $B$H(B <CODE>/dev/urandom</CODE> $B$O$I$A$i$b0BA4$G$"$j(B, 
PGP $B$N80$d(B <CODE>ssh</CODE> $B$N%A%c%l%s%8J8;zNs$N@8@.$d(B,
$B%i%s%@%`$J?t;z$rI,MW$H$9$kB>$N%"%W%j%1!<%7%g%s$GMxMQ$G$-$k$O$:$G$9(B.
$B$3$l$i$rF~NO$H$7$F?t$N=i4|%7!<%1%s%9$rM?$($F$b(B,
$B967b<T$,<!$N?t$rM=B,$9$k$3$H$OIT2DG=$J$O$:$G$9(B.
$B$3$l$i$NF~NO$+$iF@$??t;z$,$"$i$f$k0UL#$K$*$$$F8@MUDL$j%i%s%@%`$G(B
$B$"$k$3$H$rJ]>Z$9$k$?$a(B, $BBgJQ$JEXNO$,9T$o$l$F$-$^$7$?(B.
<P>2 $B$D$N%G%P%$%9$NM#0l$N0c$$$O(B,
<CODE>/dev/random</CODE> $B$O%i%s%@%`$J%P%$%HNs$rA4$F;H$&E@$H(B,
$B7W;;$r9T$&$?$a$N%f!<%6$NBT$A;~4V$,$h$jD9$$E@$G$9(B.
$B0lIt$N%7%9%F%`$G$O(B, $B%f!<%6$,@8@.$7$?%(%s%H%m%T!<$,(B
$B%7%9%F%`$KF~$k$N$rBT$DD9$$4V(B, $B%V%m%C%/$5$l$F$7$^$&$3$H$KCm0U$7$F$/$@$5$$(B.
$B$7$?$,$C$F(B, <CODE>/dev/random</CODE> $B$r;H$&A0$K$O5$$rIU$1$kI,MW$,$"$j$^$9(B.
($B$3$l$NMxMQ$N:GNI$N>lLL$O$*$=$i$/(B,
$B5!L)%-!<F~NO>pJs$r@8@.$9$k;~$G(B, $B%f!<%6$K!V$O$$(B, $B$b$&==J,$G$9!W(B
$B$HI=<($9$k$^$G%-!<%\!<%I$r7+$jJV$7C!$$$F$b$i$&>l9g$G$9(B)
<P><CODE>/dev/random</CODE> $B$OHs>o$K9bIJ<A$N%(%s%H%m%T!<$r;}$A(B, $B3d$j9~$_4V$N(B
$B;~4VEy$NB,DjCM$+$i@8@.$7$F$$$^$9(B. $B$3$N%G%P%$%9$O==J,$J%S%C%H?t$N%i%s%@(B
$B%`%G!<%?$,MxMQ2DG=$K$J$k$^$G%V%m%C%/$7$^$9(B. 
<P><CODE>/dev/urandom</CODE> $B$bF1MM$G$9$,(B, $B%(%s%H%m%T!<$NJ];}NL$,>/$J$/$J$k$H(B, 
$B8=:_J];}$7$F$$$kCM$N0E9f3XE*$K6/$$%O%C%7%eCM$rJV$7$^$9(B. 
$B$3$l$O(B <CODE>/dev/random</CODE> $B$[$I0BA4$G$O$"$j$^$;$s$,(B, $B$[$H$s$I$NL\E*$K(B
$BBP$7$F$O$3$l$G==J,$G$9(B. 
<P>$B$3$N%G%P%$%9$O0J2<$N$h$&$K$7$FFI$_=P$9$3$H$,$G$-$^$9(B:
<P>
<BLOCKQUOTE><CODE>
<PRE>
        root#  head -c 6 /dev/urandom | mmencode
        root#  head -c 6 /dev/urandom | mimencode
</PRE>
</CODE></BLOCKQUOTE>

$B$3$l$O%3%s%=!<%k$K(B 8 $B$D$N%i%s%@%`$JJ8;z$r=PNO$7$^$9(B.
$B%Q%9%o!<%I@8@.$J$I$K$h$$$G$7$g$&(B.
<CODE>mimeencode</CODE> $B$O(B <CODE>metamail</CODE> $B%Q%C%1!<%8$KF~$C$F$$$^$9(B. 
<P>$B%"%k%4%j%:%`$N@bL@$K$D$$$F$O(B, 
<CODE>/usr/src/linux/drivers/char/random.c</CODE> $B$r;2>H$7$F$/$@$5$$(B. 
<P>$B$3$l$K$D$$$FI.<T(B(Dave)$B$K65$($F$/$@$5$C$?(B, Theodore Y. Ts'o $B$5$s(B,
Jon Lewis $B$5$sB>$N(B Linux-kernel ML $B$N3'$5$s$K46<U$7$^$9(B. 
<P>
<HR>
<A HREF="Security-HOWTO-7.html">$B<!$N%Z!<%8(B</A>
<A HREF="Security-HOWTO-5.html">$BA0$N%Z!<%8(B</A>
<A HREF="Security-HOWTO.html#toc6">$BL\<!$X(B</A>
</BODY>
</HTML>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional