<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
<TITLE>Linux Security HOWTO: �$B%M%C%H%o!<%/$N%;%-%e%j%F%#�(B</TITLE>
<LINK HREF="Security-HOWTO-8.html" REL=next>
<LINK HREF="Security-HOWTO-6.html" REL=previous>
<LINK HREF="Security-HOWTO.html#toc7" REL=contents>
</HEAD>
<BODY>
<A HREF="Security-HOWTO-8.html">�$B<!$N%Z!<%8�(B</A>
<A HREF="Security-HOWTO-6.html">�$BA0$N%Z!<%8�(B</A>
<A HREF="Security-HOWTO.html#toc7">�$BL\<!$X�(B</A>
<HR>
<H2><A NAME="network-security"></A> <A NAME="s7">7. �$B%M%C%H%o!<%/$N%;%-%e%j%F%#�(B</A></H2>
<P>�$B%M%C%H%o!<%/$K@\B3$9$k;~4V$,D9$1$l$PD9$$$[$I�(B,
�$B%M%C%H%o!<%/$N%;%-%e%j%F%#$,=EMW$K$J$C$F$-$^$9�(B.
�$B%M%C%H%o!<%/$N%;%-%e%j%F%#$rGK$k$3$H$O�(B,
�$BJ*M}E*$"$k$$$O%m!<%+%k$N%;%-%e%j%F%#$rGK$k$h$j$b4JC1$J$3$H$,B?$/�(B,
�$B$h$j$"$j$U$l$?$3$H$G$9�(B.
<P>�$B%M%C%H%o!<%/$N%;%-%e%j%F%#3NJ]$r;Y1g$9$k$?$a$NNI$$%D!<%k$O$?$/$5$s$"$j�(B,
�$B$3$l$i$NB?$/$O�(B Linux �$B$N3F%G%#%9%H%j%S%e!<%7%g%s$K$bIUB0$7$F$$$^$9�(B.
<P>
<H2><A NAME="ss7.1">7.1 �$B%Q%1%C%HEpD0�(B</A>
</H2>
<P>�$B?/F~<T$,%M%C%H%o!<%/>e$G$h$jB?$/$N%7%9%F%`$N%"%/%;%98"$rF@$k$?$a$K$h$/�(B
�$B;H$&J}K!$N0l$D$,�(B, �$B4{$K0-MQ$7$F$$$k%[%9%H>e$G%Q%1%C%HEpD0%W%m%0%i%`$r;H�(B
�$B$&$3$H$G$9�(B. �$B$3$N!VEpD0%W%m%0%i%`!W$O�(B, �$B%$!<%5%M%C%H>e$N%Q%1%C%H%9%H%j!<�(B
�$B%`$N�(B <CODE>passwd</CODE>, <CODE>login</CODE>, <CODE>su</CODE> �$B$N$h$&$J$b$N$r4F;k$7�(B,
�$B$=$N8e$N%H%i%U%#%C%/$r%m%0$K;D$7$^$9�(B. �$B$3$N$h$&$K$7$F�(B, �$B?/F~<T$OGK$m$&$H�(B
�$B$5$($H$7$F$$$J$$%7%9%F%`$N%Q%9%o!<%I$bF@$F$7$^$$$^$9�(B. �$BJ?J8$N�(B(�$B0E9f2=$5�(B
�$B$l$F$$$J$$�(B)�$B%Q%9%o!<%I$O�(B, �$B$3$N$h$&$J967b$KBP$7$FHs>o$K@H<e$G$9�(B.
<P>�$BNc�(B: �$B%[%9%H�(B A �$B$O4{$KGK$i$l$F$$$^$9�(B. �$B967b<T$O%Q%1%C%HEpD0%W%m%0%i%`$r%$�(B
�$B%s%9%H!<%k$7$^$9�(B. �$B%[%9%H�(B C �$B$+$i%[%9%H�(B B �$B$X$N4IM}<T$N%m%0%$%s$r=&$$=P$7�(B
�$B$^$9�(B. �$B$^$:4IM}<T$,�(B B �$B$K%m%0%$%s$9$k$H$-$K�(B, �$B8D?M$N%Q%9%o!<%I$rF~<j$7$^�(B
�$B$9�(B. �$B$=$l$+$i�(B, �$B4IM}<T$O2?$+LdBj$r=hM}$9$k$?$a$K�(B <CODE>su</CODE> �$B$r<B9T$7$^�(B
�$B$9�(B. �$B$3$N$H$-$K�(B, �$B%[%9%H�(B B �$B$N�(B root �$B$N%Q%9%o!<%I$,F~<j$G$-$^$9�(B. �$B8e$G�(B, �$B4I�(B
�$BM}<T$,C/$+$rB>$N%5%$%H$N%[%9%H�(B Z �$B$K�(B <CODE>telnet</CODE> �$B$5$;$^$9�(B. �$B$3$&$7$F�(B,
�$B967b<T$O%[%9%H�(B Z �$B$N�(B password/login �$B$rF~<j$9$k$3$H$,$G$-$^$9�(B.
<P>�$B:#F|$G$O�(B, �$B967b<T$O$3$N967b$r9T$&$?$a$K%7%9%F%`$rGK$kI,MW$J$I$"$j$^$;$s�(B.
�$B%N!<%H%Q%=%3%sEy$r7zJ*$K;}$A9~$_�(B, �$B%M%C%H%o!<%/$K7R$$$G$7$^$($P$h$$$N$G�(B
�$B$9�(B.
<P>�$B$3$N967b$rKI$0$K$O�(B, <CODE>ssh</CODE> �$BEy$N%Q%9%o!<%IG'>Z$r0E9f2=$7$^$9�(B. POP
�$B$N>l9g$K$O�(B APOP �$BEy$r;H$&$3$H$G�(B, �$B$3$N967b$rKI$0$3$H$,$G$-$^$9�(B. (�$BDL>o$N�(B
POP �$B$O�(B, �$B%Q%9%o!<%I$r0E9f2=$;$:$K%M%C%H%o!<%/>e$KN.$9$N$G�(B, �$B$3$N967b$KBP�(B
�$B$7$FHs>o$K@H<e$G$9�(B. )
<P>
<H2><A NAME="ss7.2">7.2 �$B%7%9%F%`%5!<%S%9$H�(B tcp_wrappers</A>
</H2>
<P><EM>�$B$I$s$J�(B</EM>�$B%M%C%H%o!<%/$G$"$l�(B, Linux �$B%7%9%F%`$r@\B3$9$kA0$K$^$:3N�(B
�$BG'$9$Y$-$3$H$O�(B, �$B$I$N%5!<%S%9$rDs6!$9$k$+$G$9�(B. �$BDs6!$9$kI,MW$,L5$$%5!<%S�(B
�$B%9$OL58z$K$9$k$Y$-$G$"$j�(B, �$B$=$&$9$k$3$H$G�(B �$B?4G[$N<o$r0l$D8:$i$9$3$H$,$G�(B
�$B$-�(B, �$B967b<T$,%;%-%e%j%F%#%[!<%k$rC5$9M>CO$b0l$D8:$j$^$9�(B.
<P>Linux �$B$G%5!<%S%9$rL58z$K$9$k$?$a$NJ}K!$O?'!9$"$j$^$9�(B.
<CODE>/etc/inetd.conf</CODE> �$B%U%!%$%k$r8+$l$P�(B, <CODE>inetd</CODE> �$B7PM3$GDs6!$5$l�(B
�$B$F$$$k%5!<%S%9$r3NG'$9$k$3$H$,$G$-$^$9�(B. �$BI,MW$NL5$$%5!<%S%9$O�(B, �$B%3%a%s%H%"�(B
�$B%&%H$7$F�(B(�$B9T$N@hF,$K�(B <CODE>#</CODE> �$B$rA^F~$7$^$9�(B), inetd �$B$N%W%m%;%9$K�(B
SIGHUP �$B$rAw$k$3$H$GL58z$K$9$k$3$H$,$G$-$^$9�(B.
<P><CODE>/etc/services</CODE> �$B%U%!%$%kFb$N%5!<%S%9$r:o=|�(B
(�$B$^$?$O%3%a%s%H%"%&%H�(B) �$B$9$kJ}K!$b$"$j$^$9�(B.
�$B$3$l$K$h$j%m!<%+%k$N%/%i%$%"%s%H$b%5!<%S%9$r8+$D$1$i$l$J$/$J$j$^$9�(B
(�$BNc$($P�(B <CODE>ftp</CODE> �$B$N9`$r:o=|$7�(B,
�$B$=$N%^%7%s$+$i%j%b!<%H%5%$%H$X�(B ftp �$B$9$k$H�(B,
"unknown service" �$B$H$$$&%(%i!<$K$J$k$G$7$g$&�(B).
�$B$7$+$7�(B, �$B%5!<%S%9$N:o=|$KH<$&%H%i%V%k$K8+9g$&$@$1$N2ACM$O$J$$$G$7$g$&�(B.
�$B$H$$$&$N$b�(B,
<CODE>/etc/services</CODE> �$B$+$i%5!<%S%9$r:o=|$7$F$b%;%-%e%j%F%#$,8~>e$9$k$o$1$G$O$J$$$+$i$G$9�(B.
<CODE>/etc/services</CODE> �$B$G�(B <CODE>ftp</CODE> �$B$N9`L\$r%3%a%s%H%"%&%H$7$F$$$F$b�(B,
�$B%m!<%+%k$N%f!<%6$,�(B <CODE>ftp</CODE> �$B$r;H$$$?$1$l$P�(B,
FTP �$B$N0lHLE*$J%]!<%HHV9f$r;H$&%/%i%$%"%s%H$rMQ0U$9$l$P$A$c$s$HF0:n$9$k$N$G$9$+$i�(B.
<P>�$BM-8z$J$^$^;D$7$F$*$/$H$h$$%5!<%S%9$K$O0J2<$N$h$&$J$b$N$,$"$j$^$9�(B:
<P>
<UL>
<LI><CODE>ftp</CODE></LI>
<LI><CODE>telnet</CODE> (or <CODE>ssh</CODE>)</LI>
<LI>mail, such as <CODE>pop-3</CODE> or <CODE>imap</CODE></LI>
<LI><CODE>identd</CODE></LI>
</UL>
<P>�$BFCDj$N%Q%C%1!<%8$r;H$o$J$$$3$H$,J,$+$C$F$$$k$J$i$P�(B, �$B$=$N%Q%C%1!<%8$rA4�(B
�$BIt:o=|$9$kJ}K!$b$"$j$^$9�(B. Red Hat �$B%G%#%9%H%j%S%e!<%7%g%s$G$O�(B,
<CODE>rpm -e <I>�$B%Q%C%1!<%8L>�(B</I></CODE> �$B$H$$$&%3%^%s%I$,%Q%C%1!<%8A4BN$r�(B
�$B:o=|$9$k%3%^%s%I$G$9�(B. Debian �$B$N>l9g$O�(B, <CODE>dpkg --remove</CODE> �$B%3%^%s%I�(B
�$B$GF1MM$N$3$H$,<B9T$G$-$^$9�(B.
<P>�$B2C$($F�(B, rsh/rlogin/rcp �$B%f!<%F%#%j%F%#�(B(/etc/inetd.conf �$B$+$i�(B login
(<CODE>rlogin</CODE> �$B$,;HMQ�(B), shell(<CODE>rcp</CODE> �$B$,;HMQ�(B), exec
(<CODE>rsh</CODE> �$B$,;HMQ�(B)�$B$N9`L\$r4^$`�(B)�$B$,�(B <CODE>/etc/inetd.conf</CODE> �$B$+$i5/F0�(B
�$B$5$l$k$N$rL58z$K$7$?$$$H;W$&$3$H$G$7$g$&�(B. �$B$3$l$i$N%W%m%H%3%k$OHs>o$K4m�(B
�$B81$G$9$7�(B, �$B2a5n$K$b967b$r<u$1$k860x$H$J$C$F$-$^$7$?�(B.
<P><CODE>/etc/rc.d/rc[0-9].d</CODE>
(Red Hat �$B$N>l9g�(B. Debian �$B$G$O�(B <CODE>/etc/rc[0-9].d</CODE>)
�$B%G%#%l%/%H%j$r%A%'%C%/$7�(B,
�$BITMW$J%5!<%P$,5/F0$5$l$F$$$J$$$+$I$&$+3NG'$7$^$7$g$&�(B.
�$B$3$&$$$C$?%G%#%l%/%H%jCf$N%U%!%$%k$O<B:]$K$O�(B
<CODE>/etc/rc.d/init.d</CODE> �$B%G%#%l%/%H%j�(B
(Red Hat �$B$N>l9g�(B. Debian �$B$G$O�(B <CODE>/etc/init.d</CODE>)
�$BCf$N%U%!%$%k$X$N%7%s%\%j%C%/%j%s%/$G$9�(B.
<CODE>init.d</CODE> �$B%G%#%l%/%H%jCf$N%U%!%$%k$NL>A0$rJQ99$9$k$H�(B,
�$B$=$N%U%!%$%k$KBP$9$k%7%s%\%j%C%/%j%s%/$rL58z$K$9$k$3$H$,$G$-$^$9�(B.
�$BFCDj$N%i%s%l%Y%k$N%5!<%S%9$@$1$rL58z$K$7$?$$>l9g$O�(B,
�$B$=$N%5!<%S%9$KBP1~$9$k%7%s%\%j%C%/%j%s%/$NBgJ8;z�(B 'S' �$B$r>.J8;z$N�(B 's'
�$B$KL>>NJQ99$7$F$/$@$5$$�(B. �$B$3$l$O0J2<$N$h$&$K9T$$$^$9�(B:
<P>
<BLOCKQUOTE><CODE>
<PRE>
root# cd /etc/rc6.d
root# mv S45dhcpd s45dhcpd
</PRE>
</CODE></BLOCKQUOTE>
<P>BSD �$B%9%?%$%k$N�(B <CODE>rc</CODE> �$B%U%!%$%k$N%7%9%F%`$N>l9g$K$O�(B, �$BITMW$J%W%m%0�(B
�$B%i%`$O�(B <CODE>/etc/rc*</CODE> �$B$+$iC5$7$^$9�(B.
<P>�$B$[$H$s$I$N�(B Linux �$B%G%#%9%H%j%S%e!<%7%g%s$K$O�(B, �$BA4$F$N�(B TCP �$B%5!<%S%9$r�(B
�$B!V%i%C%T%s%0�(B(�$BJq$`�(B)�$B!W$9$k�(B tcp_wrappers �$B$,IU$$$F$$$^$9�(B.
tcp_wrapper(<CODE>tcpd</CODE>)�$B$O�(B, <CODE>inetd</CODE> �$B$,<B:]$N%5!<%P$NBe$o$j$K�(B
�$B8F$S=P$7$^$9�(B. <CODE>tcpd</CODE> �$B$O%5!<%S%9$rMW5a$7$?%[%9%H$r%A%'%C%/$7�(B, �$B%5!<�(B
�$B%P$N5/F0$+%"%/%;%95qH]$r9T$$$^$9�(B. <CODE>/etc/hosts.allow</CODE> �$B%U%!%$%k$r�(B
�$B:n$j�(B, �$B$=$N%^%7%s$N%5!<%S%9$r<u$1$kI,MW$,$"$k%^%7%s$@$1$r;XDj$7$^$7$g$&�(B.
<P>�$B2H$+$i%@%$%"%k%"%C%W@\B3$7$F$$$k%f!<%6$O�(B,
<EM>�$BA4$F�(B</EM>�$B$r5qH]$9$k@_Dj$r$*4+$a$7$^$9�(B.
<CODE>tcpd</CODE> �$B$O%5!<%S%9$X$N%"%/%;%9<:GT$r5-O?$9$k$3$H$b$G$-$k$N$G�(B,
�$B967b$r<u$1$?:]$K$O7Y9p$r<u$1$k$3$H$,$G$-$^$9�(B.
�$B?7$7$$%5!<%S%9$rDI2C$9$k:]$K$O�(B, �$B$=$l$,�(B TCP �$B%Y!<%9$N$b$N$J$i�(B,
�$BI,$:�(B tcp_wrappers �$B$r;H$&@_Dj$K$9$Y$-$G$9�(B.
�$BNc$($PDL>o$N%@%$%"%k%"%C%W%f!<%6$O30It$+$i$N@\B3$r6X;_$9$k$3$H$,$G$-$^$9$,�(B,
�$B$=$N>uBV$G$b%a!<%k$N<hF@$d%$%s%?!<%M%C%H$X$N%M%C%H%o!<%/@\B3$O$G$-$^$9�(B.
�$B$3$l$r9T$&$K$O�(B, <CODE>/etc/hosts.allow</CODE> �$B$K0J2<$N@_Dj$rDI2C$7$F$/$@$5$$�(B:
<P>ALL: 127
<P>�$B$^$?�(B, �$BEvA3$J$,$i�(B <CODE>/etc/hosts.deny</CODE> �$B$b4X78$"$j$^$9�(B.
<P>ALL: ALL
<P>�$B$3$l$K$h$j�(B, �$B30It$+$i$"$J$?$N%^%7%s$X$N@\B3$OA4$F6X;_$5$l$^$9$,�(B, �$BFbIt$+�(B
�$B$i%$%s%?!<%M%C%H>e$N%5!<%P$X$N@\B3$O5v$5$l$^$9�(B.
<P>tcp_wrappers �$B$,<i$l$k$N$O�(B <CODE>inetd</CODE> �$B$+$i<B9T$9$k%5!<%S%9$@$1$G$"$j�(B,
�$BB>$rA*Br$9$kM>CO$O$[$H$s$I$J$$$3$H$r3P$($F$*$$$F$/$@$5$$�(B.
�$B%5!<%S%9$OB>$K$b$?$/$5$s<B9T$5$l$F$$$k$+$b$7$l$^$;$s�(B.
<CODE>netstat -ta</CODE> �$B$r<B9T$9$l$P�(B,
�$B$*;H$$$N%^%7%s$G9T$o$l$F$$$k%5!<%S%9$rA4$FI=<($9$k$3$H$,$G$-$^$9�(B.
<P>
<H2><A NAME="ss7.3">7.3 DNS �$B>pJs$N3NG'�(B</A>
</H2>
<P>�$B<+J,$N%M%C%H%o!<%/>e$NA4$F$N%[%9%H$K4X$7$F:G?7$N�(B DNS �$B>pJs$rJ]$D$3$H$O�(B,
�$B%;%-%e%j%F%#$N8~>e$K7R$,$j$^$9�(B. �$B5v2D$5$l$F$$$J$$%[%9%H$,%M%C%H%o!<%/$K�(B
�$B7R$,$l$?:]$K$O�(B, �$B$=$N%[%9%H$,�(B DNS �$B%(%s%H%j$r;}$?$J$$$3$H$+$i<1JL$9$k$3�(B
�$B$H$,$G$-$^$9�(B. �$B%5!<%S%9$NB?$/$O@5$7$$�(B DNS �$B%(%s%H%j$r;}$?$J$$%^%7%s$+$i�(B
�$B$N@\B3$r<u$1IU$1$J$$$h$&$K@_Dj$9$k$3$H$,$G$-$^$9�(B.
<P>
<H2><A NAME="ss7.4">7.4 <CODE>identd</CODE></A>
</H2>
<P><CODE>identd</CODE> �$B$O0lHLE*$K�(B <CODE>inetd</CODE> �$B$NBe$o$j$H$J$k>.$5$J%W%m%0%i�(B
�$B%`$G$9�(B. <CODE>identd</CODE> �$B$O$I$N%f!<%6$,$I$N�(B TCP �$B%5!<%S%9$r<u$1$F$$$k$+�(B
�$B$r>o$K4F;k$7�(B, �$BMW5a$K1~$8$F$3$N7k2L$rJs9p$7$^$9�(B.
<P>�$BB?$/$N?M$O�(B <CODE>identd</CODE> �$B$NM-1W$5$r8m2r$7$F$*$j�(B, <CODE>identd</CODE> �$B$r�(B
�$BL58z$K$7$?$j�(B, �$B30It%5%$%H$+$i$N�(B <CODE>identd</CODE> �$B$X$N%j%/%(%9%H$r%V%m%C�(B
�$B%/$7$?$j$7$F$$$^$9�(B. <CODE>identd</CODE> �$B$O%j%b!<%H%5%$%H$r=u$1$k$?$a$K$"$k�(B
�$B$N$G$O$"$j$^$;$s�(B. �$B%j%b!<%H$N�(B <CODE>identd</CODE> �$B$+$iF@$?%G!<%?$,@5$7$$$+�(B
�$B$I$&$+$rCN$k=Q$O$"$j$^$;$s�(B. <CODE>identd</CODE> �$B$N%j%/%(%9%H$OG'>Z$r9T$$$^�(B
�$B$;$s�(B.
<P>�$B$=$l$G$O�(B, �$B$I$&$7$F�(B identd �$B$r;H$&$N$G$7$g$&$+�(B? �$B$=$l$O�(B<EM>�$BFI<T$N3'$5$s�(B</EM>�$B$r�(B
�$B=u$1$F$/$l$k$+$i$G$"$j�(B, �$BDI@WD4::$N:]$N%G!<%?$K$J$k$+$i$G$9�(B.
<CODE>identd</CODE> �$B$,0-MQ$5$l$F$$$J$1$l$P�(B, �$B%j%b!<%H%5%$%H$K�(B TCP �$B%5!<%S%9�(B
�$B$r<u$1$?%f!<%6L>$d%f!<%6�(BID �$B$rCN$i$;$k$3$H$,$G$-$^$9�(B. �$B%j%b!<%H%5%$%H$N�(B
�$B4IM}<T$,La$C$F$-$FH`$i$N%5%$%H$,967b$5$l$F$$$k$H8@$C$F$-$?>l9g�(B, �$B4JC1$K�(B
�$B$=$N%f!<%6$KBP$7$F9TF0$r5/$3$9$3$H$,$G$-$^$9�(B. �$B$b$7�(B <CODE>identd</CODE> �$B$,�(B
�$BF0$$$F$$$J$1$l$P�(B, �$BBgNL$N%m%0$rD4$Y�(B, �$B$=$N;~$KC/$,$$$?$N$+D4$Y$J$1$l$P$J�(B
�$B$j$^$;$s$,�(B, �$B$=$N%f!<%6$rFM$-;_$a$k$3$H$O0lHL$K$H$F$b;~4V$,$+$+$k:n6H$G�(B
�$B$9�(B.
<P>�$B$[$H$s$I$N%G%#%9%H%j%S%e!<%7%g%s$KIUB0$7$F$$$k�(B <CODE>identd</CODE> �$B$O0lHL�(B
�$B$K;W$o$l$F$$$k$h$j$b:Y$+$$@_Dj$,2DG=$G$9�(B. �$BFCDj$N%f!<%6$K$D$$$F�(B
<CODE>identd</CODE> �$B$rL58z$K$9$k$3$H$,$G$-$^$9$7�(B(<CODE>.noident</CODE> �$B%U%!%$�(B
�$B%k$r:n$j$^$9�(B), <CODE>identd</CODE> �$B%j%/%(%9%H$N%m%0$rA4$F;D$9$3$H$b$G$-$^�(B
�$B$9$7�(B(�$B$3$N@_Dj$r$*4+$a$7$^$9�(B), �$B%f!<%6L>$NBe$o$j$K%f!<%6�(BID �$B$d�(B NO-USER �$B$r�(B
�$BJV$9$h$&$K$9$k$3$H$5$($G$-$^$9�(B.
<P>
<H2><A NAME="ss7.5">7.5 SATAN, ISS �$B$=$NB>$N%M%C%H%o!<%/C5::%W%m%0%i%`�(B</A>
</H2>
<P>�$B%^%7%s$d%M%C%H%o!<%/$N%]!<%H$d%5!<%S%9$NC5::$r9T$&�(B
�$B%=%U%H%&%'%"$N%Q%C%1!<%8$O$$$m$$$m$"$j$^$9�(B.
SATAN �$B$d�(B ISS, SAINT, Nessus �$B$O$3$N<o$N%Q%C%1!<%8$NCf$G$bFC$KM-L>$J$b$N$G$9�(B.
�$B$3$N%=%U%H%&%'%"$OD4::BP>]$N%^%7%s�(B
(�$B$"$k$$$O%M%C%H%o!<%/>e$NA4$F$NBP>]%^%7%s�(B) �$B$N@\B32DG=$J%]!<%HA4$F$K@\B3$7�(B,
�$B$=$N%]!<%H$GDs6!$5$l$F$$$k%5!<%S%9$K$D$$$FD4$Y$h$&$H$7$^$9�(B.
�$B$3$N>pJs$K4p$E$$$F�(B,
�$B%5!<%P$KBP$9$kFCDj$N967b$KBP$7$F%^%7%s$,@H<e$G$"$k$+$I$&$+�(B
�$BD4$Y$k$3$H$,$G$-$^$9�(B.
<P>SATAN(Security Administrator's Tool for Analyzing Networks)�$B$O%&%'%V$N�(B
�$B%$%s%?%U%'!<%9$r;}$D%]!<%HC5::%W%m%0%i%`$G$9�(B. �$B%^%7%s$"$k$$$O%M%C%H%o!<�(B
�$B%/$KBP$7$F�(B, light, medium, strong �$B$$$:$l$+$N%A%'%C%/$r9T$&@_Dj$,$G$-$^�(B
�$B$9�(B. SATAN �$B$rF~<j$7�(B, �$B<+J,$N%^%7%s$d%M%C%H%o!<%/$r8!::$7�(B, �$B8+$D$+$C$?LdBj�(B
�$B$r=$@5$9$k$H$h$$$G$7$g$&�(B. �$BI,$:�(B, SATAN �$B$O�(B
<A HREF="http://metalab.unc.edu/pub/packages/security/Satan-for-Linux/">metalab</A> �$B$+M-L>�(B FTP/�$B%&%'%V%5%$%H$+$iF~<j$7$^$7$g$&�(B. �$B2a5n$K�(B, �$B%H�(B
�$B%m%$$NLZGO$,;E9~$^$l$?�(B SATAN �$B$,%M%C%H%o!<%/>e$GG[I[$5$l$?$3$H$,$"$k$+�(B
�$B$i$G$9�(B.
<A HREF="http://www.trouble.org/~zen/satan/satan.html">http://www.trouble.org/~zen/satan/satan.html</A>. SATAN �$B$O$7$P$i$/�(B
�$B99?7$5$l$F$$$J$$$?$a�(B, �$B$3$N8e$G@bL@$9$kB>$N%D!<%k$NJ}$,Lr$KN)$D$+$b$7$l�(B
�$B$^$;$s�(B.
<P>ISS (Internet Security Scanner) �$B$b%]!<%H$r8!::$9$k%W%m%0%i%`$G$9�(B. ISS
�$B$O�(B SATAN �$B$h$j$bF0:n$,7Z$$$N$G�(B, �$BBg5,LO%M%C%H%o!<%/$K8~$$$F$$$k$G$7$g$&�(B.
�$B$?$@$7�(B, �$BF@$i$l$k>pJs$O�(B SATAN �$B$NJ}$,>\$7$$$h$&$G$9�(B.
<P>Abacus �$B$O�(B, �$B%[%9%H%Y!<%9$N%;%-%e%j%F%#$H?/F~<TH/8+$N5!G=$r;}$D%D!<%k$G�(B
�$B$9�(B. �$B>\$7$$>pJs$K$D$$$F$O�(B WWW �$B>e$N%[!<%`%Z!<%8$r8+$F$/$@$5$$�(B.
<A HREF="http://www.psionic.com/abacus">http://www.psionic.com/abacus/</A><P>SAINT �$B$O�(B SATAN �$B$N?7$7$$%P!<%8%g%s$G$9�(B. SAINT �$B$O%&%'%V%Y!<%9$G$"$j�(B, SATAN
�$B$h$j$b?7$7$$8!::$,$?$/$5$sDI2C$5$l$F$$$^$9�(B. �$B>\$7$/$O�(B
<A HREF="http://www.wwdsi.com/saint">http://www.wwdsi.com/saint</A>
�$B$r8+$F$/$@$5$$�(B.
<P>Nessus �$B$O%U%j!<$N%;%-%e%j%F%#8!::%W%m%0%i%`$G$9�(B. �$B$3$l$O�(B GTK �$B$K$h$k;H$$�(B
�$B$d$9$$%0%i%U%#%+%k%$%s%?%U%'!<%9$r;}$C$F$$$^$9�(B. �$B$^$?�(B, �$B?7$7$$%]!<%HC5::�(B
�$B$r@_Dj$9$k$?$a$NAG@2$i$7$$%W%i%0%$%s5!9=$rHw$($F$$$^$9�(B. �$B>\$7$$>pJs$K$D�(B
�$B$$$F$O�(B
<A HREF="http://www.nessus.org/">http://www.nessus.org</A>
�$B$r8+$F$/$@$5$$�(B.
<P>
<H3>�$B%]!<%HC5::$r<u$1$?$3$H$N8!=P�(B</H3>
<P>SATAN �$B$d�(B ISS �$B$J$I$NC5::%W%m%0%i%`$K$h$kC5::$r<u$1$?$3$H$r�(B
�$B7Y9p$9$k$?$a$K@_7W$5$l$?%D!<%k$,$$$/$D$+$"$j$^$9�(B.
�$B$7$+$7�(B, tcp_wrappers �$B$r$&$^$/;H$$�(B,
�$B%m%0$rDj4|E*$K8+$F$$$l$P�(B, �$B$3$N$h$&$JC5::$,$"$C$?$3$H$O$o$+$j$^$9�(B.
�$B:GDc8B$N@_Dj$G$b�(B, SATAN �$B$O�(B Red Hat �$B$NI8=`%7%9%F%`$N%m%0$K:/@W$r;D$7$^$9�(B.
<P>�$B!V8+$($J$$!W%]!<%HC5::$b$"$j$^$9�(B. TCP ACK �$B%S%C%H$,%;%C%H$5$l$F$$$k%Q%1%C�(B
�$B%H�(B(�$B3NN)$5$l$F$$$k@\B3$G$O$=$&$J$C$F$$$^$9�(B)�$B$OB?J,�(B, �$B%Q%1%C%H%U%#%k%?%j%s%0�(B
�$B$r9T$&KI2PJI$rDL2a$9$k$G$7$g$&�(B. <EM>�$B3NN)$5$l$F$$$k%;%C%7%g%s$r;}$?$J$$�(B</EM>
�$B%]!<%H$+$iJV$5$l$k�(B RST �$B%Q%1%C%H$O�(B, �$B$=$N%]!<%H$,@8$-$F$$$k>Z5r$H$7$F<u�(B
�$B$1<h$k$3$H$,$G$-$^$9�(B. TCP wrappers �$B$O$3$l$r8!=P$G$-$J$$$H;W$$$^$9�(B.
<P>
<H2><A NAME="ss7.6">7.6 <CODE>sendmail</CODE>, <CODE>qmail</CODE> �$BEy$N�(B MTA</A>
</H2>
<P>�$B%f!<%6$KDs6!$9$k%5!<%S%9$NCf$G$bFC$K=EMW$J$b$N$N�(B 1 �$B$D$O�(B, �$B%a!<%k%5!<%P�(B
�$B$G$9�(B. �$B;DG0$J$,$i�(B, �$B$3$l$O967b$KFC$K<e$$$b$N$N�(B 1 �$B$D$G$b$"$j$^$9�(B. �$BC1$K$=�(B
�$B$NM}M3$O�(B, �$B$d$i$J$1$l$P$J$i$J$$;E;v$N?t$,B?$$$3$H$H�(B, �$B0lHL$K�(B root �$B%f!<%6�(B
�$B$N8"8B$rI,MW$H$9$k$+$i$G$9�(B.
<P><CODE>sendmail</CODE> �$B$r;H$&>l9g$K$OFC$K�(B, �$BI,$::G?7%P!<%8%g%s$r;H$&$3$H$,=E�(B
�$BMW$G$9�(B. <CODE>sendmail</CODE> �$B$K$O%;%-%e%j%F%#$NLdBj$ND9$$D9$$Nr;K$,$"$j$^�(B
�$B$9�(B. �$B$$$D$bI,$::G?7%P!<%8%g%s$rF0:n$5$;$^$7$g$&�(B.
<A HREF="http://www.sendmail.org/">http://www.sendmail.org</A><P>�$B%a!<%k$rAw?.$9$k$@$1$J$i�(B sendmail �$B$r<B9T$9$kI,MW$O$J$$$3$H$OCN$C$F$*$$�(B
�$B$F$/$@$5$$�(B. �$B2HDm%f!<%6$G$"$l$P�(B, sendmail �$B$r40A4$K;H$($J$/$7$F$7$^$$�(B,
�$B%a!<%k$NAw?.$K$OC1$K%a!<%k%/%i%$%"%s%H$r;H$&$H$$$&$3$H$b$G$-$^$9�(B.
sendmail �$B$N5/F0%U%!%$%k$+$i�(B "-bd" �$B%U%i%0$r:o=|$7$F$bNI$$$G$7$g$&�(B. �$B$3$l�(B
�$B$K$h$j%a!<%kAw?.$N%j%/%(%9%H$,L58z$K$J$j$^$9�(B. �$B8@$$49$($l$P�(B, �$B:#$^$G$N5/�(B
�$BF0%9%/%j%W%H$G$O$J$/0J2<$N%3%^%s%I$r;H$C$F�(B sendmail �$B$r<B9T$9$l$P$h$$$H�(B
�$B$$$&$3$H$G$9�(B:
<BLOCKQUOTE><CODE>
<PRE>
# /usr/lib/sendmail -q15m
</PRE>
</CODE></BLOCKQUOTE>
�$B$3$l$K$h$j�(B sendmail �$B$O�(B, �$B:G=i$KAw?.$7$?$H$-$K$&$^$/G[Aw$G$-$J$+$C$?%a!<�(B
�$B%k$K$D$$$F�(B, 15 �$BJ,$4$H$KAw?.%-%e!<$r%U%i%C%7%e$7$^$9�(B.
<P>�$B4IM}<T$NB?$/$O�(B sendmail �$B$r;H$o$J$$$G�(B, �$BJL$N%a!<%kG[Aw%(!<%8%'%s%H$r;H$&�(B
�$B$h$&$K$J$C$F$$$^$9�(B. <CODE>qmail</CODE> �$B$X$N>h$j49$($r8!F$$7$F$b$h$$$G$7$g�(B
�$B$&�(B. <CODE>qmail</CODE> �$B$OE0DlE*$K%;%-%e%j%F%#$KCm0U$7$F@_7W$5$l$F$$$^$9�(B.
<CODE>qmail</CODE> �$B$O9bB.$+$D0BDj�(B, �$B0BA4$G$9�(B. <CODE>qmail</CODE> �$B$O�(B
<A HREF="http://www.qmail.org">http://www.qmail.org</A> �$B$GF~�(B
�$B<j$9$k$3$H$,$G$-$^$9�(B.
<P>�$BLuCm�(B:
<A HREF="http://www.jp.qmail.org">http://www.jp.qmail.org</A>
�$B$b;29M$K$J$k$G$7$g$&�(B.
<P>qmail �$B$NBP93GO$O�(B "postfix" �$B$G$9�(B.
�$B$3$l$O�(B tcp_wrappers �$BEy$N%;%-%e%j%F%#4XO"%D!<%k$N:n<T$G$"$k�(B
Wietse Venema �$B;a$,=q$+$l$?$b$N$G$9�(B.
�$B0JA0$O�(B vmailer �$B$H8F$P$l�(B, IBM �$B$N;Y1g$r<u$1$F$$$^$7$?�(B.
�$B$3$l$bE0DlE*$K%;%-%e%j%F%#$KG[N8$7$F=q$+$l$?%a!<%kG[Aw%(!<%8%'%s%H$G$9�(B.
postfix �$B$K4X$9$k$b$C$H>\$7$$>pJs$K$D$$$F$O�(B
<A HREF="http://www.postfix.org/">http://www.postfix.org</A> �$B$r$4Mw$/$@$5$$�(B.
<P>
<H2><A NAME="ss7.7">7.7 �$B%5!<%S%9K832967b�(B</A>
</H2>
<P>�$B!V%5!<%S%9K832967b�(B(Denial of Service attack, DoS attack)�$B!W$O�(B, �$B%j%=!<%9�(B
�$B$r?)$$DY$9$3$H$K$h$j�(B, �$B@5Ev$J%j%/%(%9%H$K1~$8$i$l$J$$$h$&$K$7$?$j�(B, �$B@5Ev�(B
�$B$J%f!<%6$,%^%7%s$K%"%/%;%9$G$-$J$$$h$&$K$9$k967b$G$9�(B.
<P>�$B%5!<%S%9K832967b$O6aG/$H$F$bA}$($F$$$^$9�(B. �$B$3$3$G$O�(B, �$BM-L>$J$b$N$d:G6a$N�(B
�$B$b$N$r$$$/$D$+>R2p$7$^$9�(B. �$B?7$7$$$b$N$,>o$K8=$l$k$N$G�(B, �$B$3$3<($9Nc$O$[$s�(B
�$B$N0lIt$K2a$.$J$$E@$K$OCm0U$7$F$/$@$5$$�(B. �$B:G?7$N>pJs$rCN$k$K$O�(B, Linux �$B$N�(B
�$B%;%-%e%j%F%#4XO"%a!<%j%s%0%j%9%H$d�(B bugtraq �$B%a!<%j%s%0%j%9%H$d$3$l$i$N�(B
�$B%"!<%+%$%V$rFI$_$^$7$g$&�(B.
<P>
<UL>
<LI><B>SYN Flooding</B> - SYN flooding �$B$O%M%C%H%o!<%/$G$N%5!<%S%9K83296�(B
�$B7b$G$9�(B. �$B$3$l$O�(B TCP �$B@\B3$r3NN)$9$k:]$N<j=g$N!VH4$17j!W$rMxMQ$9$k$b$N$G$9�(B.
�$B?7$7$$�(B Linux �$B%+!<%M%k�(B(2.0.30 �$B0J9_�(B)�$B$K$O�(B, SYN flooding �$B967b$K$h$j%f!<%6�(B
�$B$,%^%7%s$d%5!<%S%9$K%"%/%;%9$G$-$J$/$J$k$3$H$rKI$0$?$a$N@_Dj%*%W%7%g%s�(B
�$B$,$"$j$^$9�(B. �$B%+!<%M%k$NE,@Z$JKI8fMQ%*%W%7%g%s$K$D$$$F$O�(B,
<A HREF="Security-HOWTO-6.html#kernel-security">�$B%+!<%M%k$N%;%-%e%j%F%#�(B</A>
�$B$N>O$r;2>H$7$F$/$@$5$$�(B.
<P>
</LI>
<LI><B>Pentium �$B$N�(B "F00F" �$B%P%0�(B</B> -�$B$3$l$O:G6a8+$D$+$C$?$b$N$G�(B, �$BFC�(B
�$BDj$N%"%;%s%V%j%3!<%I$r=c@5$N�(B Intel Pentium �$B%W%m%;%C%5$KAw$k$H�(B, �$B%^%7%s�(B
�$B$,%j%V!<%H$7$F$7$^$&$H$$$&$b$N$G$9�(B. �$B$3$N1F6A$O�(B, �$B<B9T$7$F$$$k�(B OS �$B$K4X78�(B
�$B$J$/�(B Pentium �$B%W%m%;%C%5$r@Q$s$G$$$kA4$F$N%^%7%s$,<u$1$^$9�(B(�$B8_49�(B CPU �$B$d�(B
Pentium Pro, Pentium II �$B$G$OLdBj$"$j$^$;$s�(B). Linux 2.0.32 �$B0J9_$K$O�(B, �$B$3�(B
�$B$N%P%0$KBP$9$kBP=h$,F~$C$F$$$k$N$G�(B, �$B%^%7%s$,;_$^$C$F$7$^$&$3$H$O$"$j�(B
�$B$^$;$s�(B. �$B%+!<%M%k�(B 2.0.33 �$B$G$NBP=h$O$5$i$K2~NI$5$l$F$*$j�(B, �$B%+!<%M%k�(B
2.0.32 �$B$h$j$b$*4+$a$G$-$^$9�(B. �$B8=:_�(B Pentium �$B$r;H$C$F$$$k$N$J$i�(B, �$B%+!<%M%k�(B
�$B$N%P!<%8%g%s$r$9$0$K>e$2$^$7$g$&�(B!
<P>
</LI>
<LI><B>Ping Flooding</B> - Ping flooding �$B$OC1=c$JNOG$$;$N%5!<%S%9K832�(B
�$B967b$G$9�(B. �$B967b<T$OBP>]$H$J$k%^%7%s$K�(B ICMP �$B%Q%1%C%H$N!V9??e�(B(flood)�$B!W$r�(B
�$BAw$j$^$9�(B. �$B967b$9$kB&$N%^%7%s$,967b$r<u$1$kB&$N%^%7%s$h$j9-$$%P%s%I�(B
�$BI}$r;}$C$F$$$?>l9g�(B, �$B967b$r<u$1$?%^%7%s$O%M%C%H%o!<%/$K2?$bAw$l$J$/$J$C�(B
�$B$F$7$^$$$^$9�(B. �$B$3$N967b$N0l<o$G$"$k�(B "smurfing �$B967b�(B" �$B$G$O�(B, �$B$"$k%[%9%H$K�(B
�$BBP$7$F�(B, <EM>�$B$"$J$?$N�(B</EM>�$B%^%7%s$N�(B IP �$B%"%I%l%9$rJVEz@h$H$7$?�(B ICMP �$B%Q%1%C�(B
�$B%H$rAw$j�(B, �$B$P$l$J$$$h$&$K9??e$rAw$j$^$9�(B. "smurf" �$B967b$K4X$9$k>pJs$O�(B
<A HREF="http://www.quadrunner.com/~chuegen/smurf.txt">http://www.quadrunner.com/~chuegen/smurf.txt</A> �$B$G>\$7$/D4$Y$k$3�(B
�$B$H$,$G$-$^$9�(B.
<P>ping flooding �$B967b$r<u$1$?>l9g$O�(B, <CODE>tcpdump</CODE> �$B$J$I$N%D!<%k$r;H$C�(B
�$B$F$I$3$+$i%Q%1%C%H$,Mh$?$N$+�(B(�$B$"$k$$$OMh$?$h$&$K8+$($k$N$+�(B)�$B$rD4$Y�(B, �$BFI<T�(B
�$B$N3'$5$s$,@\B3$7$F$$$k%W%m%P%$%@$K$3$N%G!<%?$K4p$E$$$FAjCL$7$^$7$g$&�(B.
ping flood �$B967b$O%k!<%?$N%l%Y%k$dKI2PJI$NMxMQ$G4JC1$K;_$a$k$3$H$,$G$-�(B
�$B$^$9�(B.
<P>
</LI>
<LI><B>Ping o' Death</B> - Ping o' Death �$B967b$O�(B, ICMP ECHO REQUEST �$B%Q%1%C�(B
�$B%H$r3JG<$9$k$?$a$N%+!<%M%k$N%G!<%?9=B$BN$h$j$bBg$-$$�(B ICMP ECHO REQUEST
�$B%Q%1%C%H$rAw$k$b$N$G$9�(B. �$B5pBg$J�(B(65,510 �$B%P%$%H�(B) "ping" �$B%Q%1%C%H�(B 1 �$B$D$rAw$C�(B
�$B$?$@$1$GB?$/$N%7%9%F%`$,%O%s%0$7$?$j�(B, �$B%/%i%C%7%e$9$k$3$H$5$($"$k$?$a�(B,
�$B$3$NLdBj$O$=$N$^$^�(B "Ping o' Death" �$B$H$$$&L>A0$r<x$1$i$l$^$7$?�(B. �$B$3$NLd�(B
�$BBj$O$:$C$HA0$K=$@5$5$l$F$$$k$N$G�(B, �$B8=:_$O?4G[$NI,MW$OA4$/$"$j$^$;$s�(B.
<P>
</LI>
<LI><B>Teardrop / New Tear</B> - �$B$4$/:G6a$N967b$G�(B, Linux �$B$H�(B Windows �$B%W%i%C�(B
�$B%H%U%)!<%`$N�(B IP �$B%U%i%0%a%s%F!<%7%g%s$N%P%0$rMxMQ$7$?$b$N$G$9�(B. �$B$3$l$KBP�(B
�$B$9$k=$@5$O%+!<%M%k$N%P!<%8%g%s�(B 2.0.33 �$B$G9T$o$l$F$*$j�(B, �$B$3$N=$@5$rM-8z$K�(B
�$B$9$k$?$a$K%3%s%Q%$%k;~$N%*%W%7%g%s$rA*Br$9$kI,MW$O$"$j$^$;$s�(B. �$B8+$?$H$3�(B
�$B$m�(B, Linux �$B$O�(B 'newtear' �$B967b$O<u$1IU$1$J$$$h$&$G$9�(B.
<P>
</LI>
</UL>
�$B$[$H$s$I$N967b$K4X$9$k%3!<%I$*$h$S$=$N%3!<%I$NF0:n86M}$K4X$9$kFM$C9~$s�(B
�$B$@@bL@$O�(B,
<A HREF="http://www.rootshell.com">http://www.rootshell.com</A> �$B$N8!:w%(%s%8%s$r;H$C$FD4$Y$k$3$H$,$G�(B
�$B$-$^$9�(B.
<P>
<H2><A NAME="ss7.8">7.8 NFS (Network File System) �$B$N%;%-%e%j%F%#�(B</A>
</H2>
<P>NFS �$B$OBgJQ9-$/;H$o$l$F$$$k%U%!%$%k6&M-%W%m%H%3%k$G$9�(B. <CODE>nfsd</CODE> �$B$H�(B
<CODE>mountd</CODE> �$B$,F0:n$7$F$$$k%5!<%P%^%7%s$O�(B, �$B%+!<%M%k$K�(B NFS �$B%U%!%$%k�(B
�$B%7%9%F%`$N%5%]!<%H$,AH$_9~$^$l$F$$$kB>$N%^%7%s�(B(NFS �$B%/%i%$%"%s%H5!G=$r�(B
�$B%5%]!<%H$7$F$$$l$P�(B Linux �$B$G$J$/$F$b9=$$$^$;$s�(B)�$B$K%U%!%$%k%7%9%F%`A4BN$r�(B
�$B!V%(%/%9%]!<%H!W$9$k$3$H$,$G$-$^$9�(B. <CODE>mountd</CODE> �$B$O�(B
<CODE>/etc/mtab</CODE> �$B$K5-O?$5$l$F$$$k%^%&%s%H$5$l$F$$$k%U%!%$%k%7%9%F%`�(B
�$B$r4F;k$7$F$$$^$9�(B. �$B$3$l$i$N%U%!%$%k%7%9%F%`$O�(B <CODE>showmount</CODE> �$B%3%^%s�(B
�$B%I$GI=<($9$k$3$H$,$G$-$^$9�(B.
<P>�$BB?$/$N%5%$%H$G$O�(B, �$B%f!<%6$N%[!<%`%G%#%l%/%H%j$rDs6!$9$k$?$a$K�(B NFS �$B$rMQ�(B
�$B$$$F$*$j�(B, LAN �$B$N$I$N%^%7%s$K%m%0%$%s$7$?>l9g$K$bF1$8%[!<%`%G%#%l%/%H%j�(B
�$B$r;H$&$3$H$,$G$-$^$9�(B.
<P>�$B%U%!%$%k%7%9%F%`$r%(%/%9%]!<%H$9$k;~$K$O�(B, �$B>/$7$@$1%;%-%e%j%F%#$r$+$1$k�(B
�$B$3$H$,$G$-$^$9�(B. <CODE>nfsd</CODE> �$B$K$O%j%b!<%H$N�(B root �$B%f!<%6�(B(�$B%f!<%6�(BID = 0)
�$B$r�(B nobody �$B%f!<%6$H$7$F07$o$;�(B, �$B%(%/%9%]!<%H$7$?%U%!%$%kA4BN$K$O%"%/%;%9�(B
�$B$G$-$J$$$h$&$K@_Dj$G$-$^$9�(B. �$B$7$+$7�(B, �$B8D!9$N%f!<%6$O<+J,$N�(B(�$B$"$k$$�(B
�$B$O>/$J$/$H$bF1$8%f!<%6�(B ID �$B$N�(B)�$B%U%!%$%k$K$O%"%/%;%9$G$-$k$N$G�(B, �$B%m!<%+%k�(B
�$B$N%9!<%Q!<%f!<%6$O$=$N%f!<%6$H$7$F%m%0%$%s$9$k$+�(B <CODE>su</CODE> �$B$r9T$($P�(B,
�$B$=$N%f!<%6$N%U%!%$%kA4$F$K%"%/%;%9$9$k$3$H$,$G$-$^$9�(B. �$B$D$^$j�(B, �$B$3$NJ}K!�(B
�$B$OFI<T$N3'$5$s$N%j%b!<%H%U%!%$%k%7%9%F%`$r%^%&%s%H$G$-$k967b<T$KBP$7$F�(B
�$B$O$A$g$C$H$7$?K832$K$7$+$J$j$^$;$s�(B.
<P>NFS �$B$r;H$o$J$1$l$P$J$i$J$$>l9g$O�(B, �$BK\Ev$KI,MW$J%^%7%s$@$1$K%(%/%9%]!<%H�(B
�$B$9$k$3$H$rE0Dl$7$^$7$g$&�(B. �$B%k!<%H%G%#%l%/%H%j0J2<A4It$r%(%/%9%]!<%H$9$k�(B
�$B$h$&$J$3$H$O@dBP$K9T$C$F$O$J$j$^$;$s�(B. �$B%(%/%9%]!<%H$NI,MW$,$"$k%G%#%l%/�(B
�$B%H%j$@$1$r%(%/%9%]!<%H$7$^$7$g$&�(B.
<P>NFS �$B$K4X$9$k>\$7$$>pJs$K$D$$$F$O�(B NFS HOWTO �$B$r;2>H$7$F$/$@$5$$�(B. �$B$3$l$O�(B
<A HREF="http://metalab.unc.edu/mdw/HOWTO/NFS-HOWTO.html">http://metalab.unc.edu/mdw/HOWTO/NFS-HOWTO.html</A> �$B$K$"$j$^$9�(B.
<P>
<H2><A NAME="ss7.9">7.9 NIS (Network Information service) (�$B$+$D$F$N�(B YP)</A>
</H2>
<P>NIS (�$B$+$D$F$N�(B YP) �$B$O�(B, �$BB??t$N%^%7%s$K>pJs$rG[I[$9$k$?$a$N;EAH$_$G$9�(B.
NIS �$B%^%9%?$O>pJs%F!<%V%k$rJ];}$7�(B, �$B$3$l$r�(B NIS �$B%^%C%W%U%!%$%k$KJQ49$7$^�(B
�$B$9�(B. �$B$3$N%^%C%W$O%M%C%H%o!<%/>e$GF@$k$3$H$,$G$-$k$N$G�(B, NIS �$B%/%i%$%"%s%H�(B
�$B$O%m%0%$%sL>�(B, �$B%Q%9%o!<%I�(B, �$B%[!<%`%G%#%l%/%H%j�(B, �$B%7%'%k$N>pJs�(B(�$BI8=`E*$J�(B
<CODE>/etc/passwd</CODE> �$B%U%!%$%k$K=q$+$l$F$$$kA4$F$N>pJs�(B)�$B$rF@$k$3$H$,$G$-�(B
�$B$^$9�(B. �$B$3$l$K$h$j�(B, �$B%Q%9%o!<%I$r0lEYJQ$($k$@$1$G�(B, NIS �$B%I%a%$%s>e$NA4$F$N�(B
�$B%^%7%s$G?7$7$$@_Dj$rM-8z$K$G$-$^$9�(B.
<P>NIS �$B$OA4$/0BA4$G$O$"$j$^$;$s�(B. �$B$=$b$=$b0BA4$K$9$k$D$b$j$b$J$/�(B, �$B<j7Z$GJX�(B
�$BMx$K;H$&$3$H$,L\E*$G$7$?�(B. NIS �$B%I%a%$%s$NL>A0$r?dB,$G$-$l$PC/$G$b�(B(�$B%M%C�(B
�$B%H%o!<%/$N$I$3$+$i$G$b�(B)�$B%Q%9%o!<%I%U%!%$%k$N%3%T!<$rF@$k$3$H$,$G$-�(B,
"Crack" �$B$d�(B "John the Ripper" �$BEy$r;H$C$F%Q%9%o!<%I$rGK$k$3$H$,$G$-$^$9�(B.
�$B$^$?�(B, �$B$J$j$9$^$7Ey$N1x$$%H%j%C%/$b?'!92DG=$G$9�(B. NIS �$B$r;H$o$J$1$l$P$J$i�(B
�$B$J$$>l9g$K$O�(B, �$B$3$N4m81@-$OCN$C$F$*$$$F$/$@$5$$�(B.
<P>NIS+ �$B$H8F$P$l$k�(B NIS �$B$h$j$b$:$C$H0BA4$JBeBX:v$,$"$j$^$9�(B. �$B>\$7$/$O�(B NIS
HOWTO �$B$r;2>H$7$F$/$@$5$$�(B:
(
<A HREF="http://metalab.unc.edu/mdw/HOWTO/NIS-HOWTO.html">http://metalab.unc.edu/mdw/HOWTO/NIS-HOWTO.html</A>).
<P>
<H2><A NAME="ss7.10">7.10 �$BKI2PJI�(B(�$B%U%!%$%"%&%)!<%k�(B)</A>
</H2>
<P>�$BKI2PJI$O�(B, �$B%m!<%+%k$N%M%C%H%o!<%/$K=PF~$j$G$-$k>pJs$r@)8f$9$k$?$a$N;EAH$_$G$9�(B.
�$BIaDL�(B, �$BKI2PJI$K$J$k%[%9%H$O%$%s%?!<%M%C%H$H%m!<%+%k$N�(B LAN �$B$K@\B3$5$l�(B,
�$B$"$J$?$N�(B LAN �$B$+$i%$%s%?!<%M%C%H$X$N%"%/%;%9$O�(B
�$BKI2PJI$rDL$jH4$1$k$7$+$J$$$h$&$K$J$C$F$$$^$9�(B.
�$B$3$N$h$&$K�(B, �$BKI2PJI$O%$%s%?!<%M%C%H$H�(B LAN �$B$N9T$-Mh$r@)8f$7$^$9�(B.
<P>�$BKI2PJI$K$O$?$/$5$s$N<oN`$,$"$j�(B, �$B$=$N@_DjJ}K!$b$?$/$5$s$"$j$^$9�(B.
Linux �$B$O$+$J$jNI$$KI2PJI$K$J$j$^$9�(B.
�$BKI2PJI$N%3!<%I$O�(B 2.0 �$B0J9_$N%+!<%M%k$KAH$_9~$`$3$H$,$G$-$^$9�(B.
�$B%+!<%M%k�(B 2.0 �$B$K$O�(B �$B%f!<%66u4V$GF0:n$9$k�(B <CODE>ipfwadm</CODE>,
�$B%+!<%M%k�(B 2.2 �$B$K$O�(B <CODE>ipchains</CODE> �$B$H$$$&%D!<%k$r;H$C$F�(B,
�$B5v2D$9$k%M%C%H%o!<%/%H%i%U%#%C%/$N<oN`$r�(B
�$B%7%9%F%`$NF0:nCf$KJQ99$9$k$3$H$,$G$-$^$9�(B.
�$BFCDj$N%M%C%H%o!<%/%H%i%U%#%C%/$N%m%0$r<h$k$3$H$b$G$-$^$9�(B.
<P>�$BKI2PJI$O%M%C%H%o!<%/$r<i$k$?$a$KBgJQJXMx$+$D=EMW$J5;=Q$G$9�(B. �$B$?$@$7�(B, �$BKI�(B
�$B2PJI$,$"$k$+$i$H$$$C$F�(B, �$B$=$NFbIt$N%^%7%s$N%;%-%e%j%F%#$,ITI,MW$J$o$1$G�(B
�$B$O7h$7$F$"$j$^$;$s�(B. �$B$3$l$O6K$a$F=EBg$J8m$j$G$9�(B. �$BKI2PJI$H�(B Linux �$B$K$D$$�(B
�$B$F$N>\$7$$>pJs$K$D$$$F$O�(B, metalab �$B$N:G?7$N%"!<%+%$%V$K$"$k�(B
<CODE>Firewall-HOWTO</CODE> �$B$,$H$F$bNI$$;qNA$J$N$G�(B, �$B$3$l$r;2>H$7$F$/$@$5$$�(B
(
<A HREF="http://metalab.unc.edu/mdw/HOWTO/Firewall-HOWTO.html">http://metalab.unc.edu/mdw/HOWTO/Firewall-HOWTO.html</A>).
<P>�$B99$K�(B IP-Masquerade mini-howto �$B$K$b>pJs$,$"$j$^$9�(B
(
<A HREF="http://metalab.unc.edu/mdw/HOWTO/mini/IP-Masquerade.html">http://metalab.unc.edu/mdw/HOWTO/mini/IP-Masquerade.html</A>).
<P><CODE>ipfwadm</CODE> (�$BKI2PJI$N@_Dj$rJQ99$9$k$?$a$N%D!<%k�(B)
�$B$K4X$9$k>\$7$$>pJs$O0J2<$N%[!<%`%Z!<%8$K$"$j$^$9�(B:
<A HREF="http://www.xos.nl/linux/ipfwadm/">http://www.xos.nl/linux/ipfwadm/</A><P>�$BKI2PJI$K4X$9$k7P83$r$*;}$A$G$J$$$N$K�(B, �$BC1$J$k%;%-%e%j%F%#J}?K$@$1$G$J$/�(B
�$BKI2PJI$=$N$b$N$r@_Dj$9$kM=Dj$G$"$l$P�(B, O'Reilly and Associates �$B<R$N=q@R�(B
�$B!V�(BFirewalls�$B!W$^$?$O$=$NB>$N%*%s%i%$%s%I%-%e%a%s%H$rI,$:FI$s$G$/$@$5$$�(B.
�$B$3$N=q@R$N>\$7$$>pJs$K$D$$$F$O�(B
<A HREF="http://www.ora.com/">http://www.ora.com/</A> �$B$r$4Mw$/$@$5$$�(B.
�$B9qN)I8=`5;=Q8&5f=j�(B (The National Institute of Standards and Technology)
�$B$bKI2PJI$K4X$9$kAG@2$i$7$$%I%-%e%a%s%H$r$^$H$a$F$$$^$9�(B.
�$BF|IU$O�(B 1995 �$BG/$H$J$C$F$$$^$9$,�(B, �$B8=:_$G$bHs>o$KLrN)$A$^$9�(B. �$B$3$l$O�(B
<A HREF="http://csrc.nist.gov/nistpubs/800-10/main.html">http://csrc.nist.gov/nistpubs/800-10/main.html</A> �$B$K$"$j$^$9�(B.
�$B$[$+$K$O�(B:
<P>
<UL>
<LI> The Freefire Project -- �$B%U%j!<$KMxMQ$G$-$kKI2PJIMQ%D!<%k$N%j%9�(B
�$B%H$G$9�(B.
<A HREF="http://sites.inka.de/sites/lina/freefire-l/index_en.html">http://sites.inka.de/sites/lina/freefire-l/index_en.html</A> �$B$K$"�(B
�$B$j$^$9�(B. </LI>
<LI> SunWorld Firewall Design -- O'Reilly �$B$N=q@R$NCx<T$,=q$$$?%I%-%e�(B
�$B%a%s%H$G$"$j�(B, �$B3F<o$NKI2PJI$r4JC1$K>R2p$7$F$$$^$9�(B.
<A HREF="http://www.sunworld.com/swol-01-1996/swol-01-firewall.html">http://www.sunworld.com/swol-01-1996/swol-01-firewall.html</A> �$B$K�(B
�$B$"$j$^$9�(B. </LI>
<LI>Mason -- Linux �$B8~$1$NKI2PJI<+F09=C[%D!<%k$G$9�(B.
�$B$"$J$?$,%M%C%H%o!<%/$G$d$j$?$$$3$H$r$d$l$P�(B,
�$B$=$l$r3X=,$9$kKI2PJI%9%/%j%W%H$G$9�(B!
�$B>\$7$/$O�(B:
<A HREF="http://www.pobox.com/~wstearns/mason/">http://www.pobox.com/~wstearns/mason/</A> �$B$r$I$&$>�(B.</LI>
</UL>
<P>
<H2><A NAME="ss7.11">7.11 IP Chains - Linux �$B%+!<%M%k�(B 2.2.x �$B$K$*$1$kKI2PJI$N9=C[�(B</A>
</H2>
<P>Linux �$B$N�(B IP Firewalling Chains �$B$O%+!<%M%k�(B 2.0 �$B$NKI2PJIMQ$N%3!<%I$r�(B
�$B%+!<%M%k�(B 2.2 �$BMQ$K99?7$7$?$b$N$G$9�(B.
�$B$3$l$O0JA0$N<BAu$h$j$b$:$C$HB?$/$N5!G=$r;}$C$F$$$^$9�(B. �$B0J2<$KNs5s$7$^$9�(B:
<UL>
<LI> �$B$h$j=@Fp$J%Q%1%C%HA`:n�(B</LI>
<LI> �$B$h$jJ#;($J%"%+%&%s%F%#%s%0�(B</LI>
<LI> �$BHs>o$K:Y$+$$A`:n$,$G$-�(B, �$B4JC1$J%]%j%7!<JQ99�(B</LI>
<LI> �$B%U%i%0%a%s%H$NL@<(E*$J%V%m%C%/$d5qH]$J$I�(B</LI>
<LI> �$B2x$7$$%Q%1%C%H$N5-O?�(B</LI>
<LI> ICMP/TCP/UDP �$B0J30$N%W%m%H%3%k$N=hM}�(B</LI>
</UL>
<P>�$B8=:_�(B, �$B%+!<%M%k�(B 2.0 �$B$G�(B <CODE>ipfwadm</CODE> �$B$r$*;H$$$G$"$l$P�(B,
<CODE>ipfwadm</CODE> �$B$N%3%^%s%I7A<0$r�(B
<CODE>ipchains</CODE> �$B$G;H$($k7A<0$KJQ49$9$k%9%/%j%W%H$,$"$j$^$9�(B.
<P>�$B>\$7$/$O�(B IP Chains HOWTO �$B$r$*FI$_$/$@$5$$�(B. �$B$3$l$O�(B
<A HREF="http://www.rustcorp.com/linux/ipchains/HOWTO.html">http://www.rustcorp.com/linux/ipchains/HOWTO.html</A> �$B$K$"$j$^$9�(B.
<P>
<H2><A NAME="ss7.12">7.12 �$B2>A[%W%i%$%Y!<%H%M%C%H%o!<%/�(B(VPN, Virtual Private Network)</A>
</H2>
<P>VPN �$B$O2?$i$+$N4{B8%M%C%H%o!<%/$N>e$K�(B
�$B!V2>A[E*$J!W%M%C%H%o!<%/$r3NN)$9$k<jK!$G$9�(B.
�$B$3$N2>A[%M%C%H%o!<%/$O�(B, �$B0E9f2=$5$l$F$$$?$j�(B,
�$B%M%C%H%o!<%/$K2C$o$C$F$$$k2?$i$+$N4{CN$NB8:_$H$N4V$N%H%i%U%#%C%/$7$+�(B
�$BDL$5$J$$$h$&$K$J$C$F$$$?$j$7$^$9�(B.
VPN �$B$O�(B, �$B2H$G:n6H$7$F$$$k?M$H2q<R$NFbIt%M%C%H%o!<%/$r�(B
�$B%$%s%?!<%M%C%H7PM3$G@\B3$9$k$?$a$K$b$h$/;H$o$l$^$9�(B.
<P>Linux �$B$N�(B IP �$B%^%9%+%l!<%I$r9T$&KI2PJI$r;H$C$F$*$j�(B,
�$B$+$D�(B MS �$B$N�(B PPTP (Microsoft �$B@=$N�(B VPN �$B@\B3$N$?$a$N@=IJ�(B)
�$B%Q%1%C%H$rDL2a$5$;$kI,MW$,$"$k>l9g$K$O�(B,
�$B$3$l$r9T$&$?$a$N%+!<%M%k%Q%C%A$r;H$C$F$/$@$5$$�(B.
<A HREF="ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html">ip-masq-vpn</A> �$B$r$4Mw$/$@$5$$�(B.
<P>Linux �$B$GMxMQ$G$-$k�(B VPN �$B$N%=%j%e!<%7%g%s$O$$$/$D$+$"$j$^$9�(B:
<UL>
<LI> vpnd.
<A HREF="http://sunsite.auc.dk/vpnd/">http://sunsite.auc.dk/vpnd/</A>
�$B$r$4Mw$/$@$5$$�(B. </LI>
<LI> Free S/Wan.
<A HREF="http://www.xs4all.nl/~freeswan/">http://www.xs4all.nl/~freeswan/</A> �$B$r$4Mw$/$@$5$$�(B. </LI>
<LI> ssh �$B$r;H$C$F�(B VPN �$B$r9=C[$9$k$3$H$,$G$-$^$9�(B. �$B>\$7$/$O�(B
VPN mini-howto �$B$r$4Mw$/$@$5$$�(B. </LI>
<LI> vps (virtual private server).
<A HREF="http://www.strongcrypto.com">http://www.strongcrypto.com</A>
�$B$r$4Mw$/$@$5$$�(B. </LI>
</UL>
<P>�$B>pJs%]%$%s%?$d>\$7$$>pJs$K$D$$$F$O�(B, IPSEC �$B$N>O$b$4Mw$/$@$5$$�(B.
<P>
<HR>
<A HREF="Security-HOWTO-8.html">�$B<!$N%Z!<%8�(B</A>
<A HREF="Security-HOWTO-6.html">�$BA0$N%Z!<%8�(B</A>
<A HREF="Security-HOWTO.html#toc7">�$BL\<!$X�(B</A>
</BODY>
</HTML>
