Otu esi echekwa ọrụ netwọkụ site na iji TCP Wrappers na Linux
N'isiokwu a, anyị ga-akọwa ihe TCP wrappers bụ na otú e si ahazi ha ka ahazi firewall.
N'akụkụ a, ị nwere ike iche na ngwá ọrụ a dị ka ihe nchebe kachasị maka usoro gị. Site na iji firewall na TCP wrappers, kama ịkwado otu karịa nke ọzọ, ị ga-ahụ na ihe nkesa gị agaghị ahapụ ya na otu ebe ọdịda.
Ịghọta ndị ọbịa.kwe na ndị ọbịa.agọnahụ
Mgbe arịrịọ netwọk ruru ihe nkesa gị, TCP wrappers na-eji hosts.allow na hosts.deny (na nke ahụ) iji chọpụta ma ekwesịrị ịhapụ onye ahịa ka o jiri ọrụ enyere. .
Site na ndabara, faịlụ ndị a abaghị uru, ekwupụtara ha niile ma ọ bụ na ha adịghị. Ya mere, a na-ahapụ ihe niile site na oyi akwa TCP na-ahapụ gị ka ọ dabere na firewall maka nchebe zuru oke. Ebe ọ bụ na nke a achọghị, n'ihi ihe mere anyị ji kwuo na mmalite, jide n'aka na faịlụ abụọ ahụ dị:
# ls -l /etc/hosts.allow /etc/hosts.deny
Okwu syntax nke faịlụ abụọ ahụ bụ otu:
<services> : <clients> [: <option1> : <option2> : ...]
ebee,
- ọrụ bụ ndepụta ọrụ rịkọm ekewa nke a ga-etinyerịrị na ya ugbu a.
- ndị ahịa na-anọchi anya ndepụta aha nnabata rịkọm ma ọ bụ adreesị IP nke iwu ahụ metụtara. A na-anabata kaadị egwu ndị a:
- Ihe niile dabara na ihe niile. Na-emetụta ma ndị ahịa na ọrụ.
- LoCAL dakọtara ndị ọbịa na-enweghị oge na FQDN ha, dị ka localhost.
- MAARA na-egosi ọnọdụ ebe amara aha nnabata, adreesị nnabata, ma ọ bụ onye ọrụ.
- ỊMAGHỊ bụ ihe dị iche nke MAARA.
- PARANOID na-eme ka a kwụsị njikọ ma ọ bụrụ na nlegharị anya DNS (nke mbụ na adreesị IP iji chọpụta aha nnabata, wee na aha nnabata iji nweta adreesị IP) weghachi adreesị dị iche na nke ọ bụla.
Ị nwere ike iburu n'uche na iwu na-enye ohere ịnweta ọrụ enyere na
/etc/hosts.allowna-ebute ụzọ karịa iwu na/etc/hosts.denymachibidoro iwu. ya. Na mgbakwunye, ọ bụrụ na iwu abụọ metụtara otu ọrụ, naanị nke mbụ ka a ga-eburu n'uche.N'ụzọ dị mwute, ọ bụghị ọrụ netwọk niile na-akwado iji ihe mkpuchi TCP. Iji chọpụta ma ọrụ enyere ha na-akwado ha, mee:
# ldd /path/to/binary | grep libwrap
Ọ bụrụ na iwu ahụ dị n'elu weghachiri mmepụta, enwere ike kechie ya TCP. Ihe atụ nke a bụ sshd na vsftpd, dị ka egosiri ebe a:
Otu esi eji TCP Wrappers machibido ịnweta ọrụ
Ka ị na-edezi
/etc/hosts.allowna/etc/hosts.deny, jide n'aka na ị gbakwunye akara ọhụrụ site na ịpị Tinye mgbe ahịrị ikpeazụ na-adịghị efu.Iji kwe ka SSH na FTP nweta naanị 192.168.0.102 na localhost ma jụ ndị ọzọ niile, tinye ahịrị abụọ a na
/etc/hosts.deny:sshd,vsftpd : ALL ALL : ALL
na ahịrị ndị a na
/etc/hosts.allow:sshd,vsftpd : 192.168.0.102,LOCAL
# # hosts.deny This file contains access rules which are used to # deny connections to network services that either use # the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # The rules in this file can also be set up in # /etc/hosts.allow with a 'deny' option instead. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # sshd,vsftpd : ALL ALL : ALL
# # hosts.allow This file contains access rules which are used to # allow or deny connections to network services that # either use the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # sshd,vsftpd : 192.168.0.102,LOCAL
Mgbanwe ndị a na-ewere ọnọdụ ozugbo na-enweghị mkpa ịmalitegharịa.
Na onyonyo na-eso, ị nwere ike ịhụ nsonaazụ iwepu okwu
LOCALna ahịrị ikpeazụ: sava FTP agaghị adị maka localhost. Ka anyị tinyechara kaadị ahụ azụ, ọrụ ahụ ga-adịkwa ọzọ.
Iji kwe ka ọrụ niile nwee nnabata ebe aha ahụ nwere
example.com, tinye ahịrị a nahosts.allow:ALL : .example.com
na ịgọnarị ịnweta vsftpd na igwe na 10.0.1.0/24, tinye ahịrị a na
hosts.deny:vsftpd : 10.0.1.
Na atụ abụọ ikpeazụ, rịba ama ntụpọ na mmalite na njedebe nke ndepụta ndị ahịa. A na-eji egosi \Ndị ọbịa niile na/ma ọ bụ ndị ahịa ebe aha ma ọ bụ IP nwere eriri ahụ.
Akụkọ a ọ nyere gị aka? Ị nwere ajụjụ ma ọ bụ kwuo? Enwere onwe gị ịhapụ ndetu anyị site na iji ụdị nkọwa n'okpuru.