    Ͽ

  ɺ  (Kevin Fenzi), kevin@tummy.com & ̺ ڽŰ (Dave
  Wreski), dave@nic.com
  v1.1.0 2000 3 8
   , bschang@kldp.org
  2000 5 9

     ý ڰ ϰ Ǵ  ̽  Ϲ
   . Ϲ  ö   ý ħڷκ
  ȣ   Ư ⸦    Ҵ. ȿ 
  ڷ Ǯ׸   ִ   Ҵ.  , Ǽ
  , ÷ , ׸     ϰڴ.
   ǰ   ο "Security HOWTO"   Ἥ
   ֱ ٶ.

   :    Ű ؼ Ӹ ش ``
  ̴ ''  ڿ ϴ.      
  о е̳    ޵   ׸ 
  оñ ٶϴ.

  1.  Ұ

     ȿ  ִ   ߿  
  ٷ. Ϲ  ͳ   ڷ鿡 ؼ
  ̾߱ϰڴ.

   ̽ ؼ ٸ  Ͽ 鿡 ߺ  ǰ
   ߺ    ڴ.

     ֽ ħŻ  ȳ    ƴϴ.
  ħŻ     ִ. ħŻ ֽ    ִ
   ħŻ   Ϲ  ϰڴ. ``[1 ħŻ
  (Exploit)]''

  1.1.     

    ο   comp.os.linux.answers   ׷쿡
  ÷  .     Ʒ   ͸ FTP
  Ʈ鿡 ÷ ̴.

  ftp://sunsite.unc.edu/pub/Linux/docs/HOWTO
  <ftp://sunsite.unc.edu/pub/Linux/docs/HOWTO>

     WWW Ȩ  ã  ִ.

  http://metalab.unc.edu/mdw/linux.html
  <http://metalab.unc.edu/mdw/linux.html>

  ,   ֽ     Ʒ ã 
  ִ.

  http://scrye.com/~kevin/lsh/ <http://scrye.com/~kevin/lsh/>

  1.2.   ǰ (Feedback)

     , ߰ װ  Ʒ  ּҷ  ٶ.

  kevin@tummy.com <mailto:kevin@tummy.com>

  

  dave@nic.com <mailto:dave@nic.com>

  : ǰ ׽ __  ο  ־ Ѵ.  
  "linux" "security", "HOWTO" ݵ ߸ ɺ  ͸
    ִ.

  1.3.   ؿ  å 

  ڵ   뿡 ߻Ǵ  ؿ Ͽ  쿡
  å  ʴ´.     ִ  , ׸ Ϻ Ǵ
    뿡  å ڿ  ִ.  ٿ,  
  ̸ ̱  Ȯ      ɼ
  ִ.

   Ƿʿ    (tm:  ǥ) Ű  ý
   Ƿ,   ٸ  ִ.

  ڵ ƴ ,  Ͽ,    
  ǰų 򰡰 㰡 Ǯ׸鸸 Ͽ. κ Ǯ׸
  ҽ ؼ,  Ӱ GNU
  <http://www.gnu.org/copyleft/gpl.html>  Ͽ Ӱ  
   ̴.

  No liability for the contents of this document can be accepted.  Use
  the concepts, examples and other content at your own risk.
  Additionally, this is an early version, possibly with many
  inaccuracies or errors.

  A number of the examples and descriptions use the RedHat(tm) package
  layout and system setup. Your mileage may vary.

  As far as we know, only programs that, under certain terms may be used
  or evaluated for personal purposes will be described. Most of the
  programs will be available, complete with source, under GNU
  <http://www.gnu.org/copyleft/gpl.html> terms.

  1.4.  ۱ 

  o    ۱ (c)1998-1999 ɺ  (Kevin Fenzi) ̺
     ڽŰ (Dave Wreski) , Ʒ Ͽ   ִ.

  o   ۱  ԵǴ ,  Ͽ  
     ,  ü Ͽ ü Ȥ Ϻθ ϰ 
      ִ.    ǰ ȴ;  
     쿡 ڵ鿡 ˷ֱ ٶ.

  o   Ͽ 鿡   ̳ Ļ , ü
       ۱ ȳ  Ѵ. ̰  Ͽ
     Ļ   Ŀ    Ͽ ߰  
     ޾Ƽ  ȴٴ ̴. ̷ Ģ  ܰ ε 
     ִ; Ʒ ּҸ Ἥ  Ͽ ڸ ϱ ٶ.

  o  ǹ ִٸ  Ͽ   ̳ (Tim Bynun) Ʒ
     ּҷ ϱ ٶ.

  tjbynum@metalab.unc.edu <mailto:tjbynum@metalab.unc.edu>

  2.  

     ý  ؼ     
  ̴ Ʈ ϰڴ. ۿ ռ ⺻  ϰ
  ȿ  ⺻ 븦   ߿ ̴.

  2.1.    ʿѰ?

  ׽ ȭϴ ۷ι Ÿ Ŀ´̼ 迡, ׸  
  ͳ   翡,   ̴ Ʈ ߿
  ־,   ߿   ִ.  ǻͶ 
   ʱ  θ ΰ   ƴϾ⿡,  ٷ
  ͼ ⺻ ʿ ϰ Ǿ.  ⸦ ڸ, ͳ
  󿡼  Ÿ A  B  帣 ߰  ٸ
  , ٸ ڵ Ÿ äų    
  ִ ȸ  ȴ.   ýۿ ִ ٸ ڵ
   Ÿ --  ǵ  ٸ   --
  Ƿμ    ̴. "ũĿ" Ҹ ħڵ鿡
  ؼ  ý    , ̵ پ 
  ǿμ  ô ź ϰų,  ġų, Ǵ
    ý ϰ  ź  ִ.  
  "Ŀ" "ũĿ"  ΰ 𸥴ٸ
  http://www.tuxedo.org/~esr/faqs/hacker-howto.html
  <http://www.tuxedo.org/~esr/faqs/hacker-howto.html> 
  ̸(Eric Raymond)  "Ŀ Ǵ "  ٶ. ``[2 Ŀ
  Ͽ ѱ]''

  2.2.  󸶳    ΰ?

  켱   ξ    ý۵ "Ϻϰ " 
  ٴ ̴.     ִ ּ   ýۿ
  ħϴ   ư  ͻ̴.   
  ڷμ ũĿ ϱ ؼ ׸   ʿ ʴ.
   (,  ȸ ) ġ   ˷ ִ 
  ڵ    ۾ ؾ Ѵ.

  꿡 ξ   ý  ȭϸ Ҽ ý
  ⿡ ϰ ȴٴ ̴.  ý ؾ ϴ
    ý μ ȼ Ǽ  
  ƾ  ̴. μ, (  ؼ)  ýۿ
      ο ݹ    
   ̴.``[3 ݹ ]''

        ȭ  ְ, 
  忡 α ϱ⿡ ϰ   ȴ. Ǵ,
  Ʈũ̳ ͳݿ ƿ  ʰ  ý  
  ְ, ̰ 뼺 ϰ Ǵ  ̴.

   ߰ Ը ̻  Ʈ,    ʿϰ
  ̰ ϱ ؼ    (auditing: ) ʿ
  ΰ   Ģ غϴ  .  Ģ 
  www.faqs.org/rfcs/rfc2196.html
  <http://www.faqs.org/rfcs/rfc2196.html> ϸ  ̴.  
   ֱٿ ŵǾ,  ȸ  Ģ Կ ߿
  븦  ִ. ``[4. ʹ ]'' [[[delete this]]]

  2.3.   ȣ ΰ?

   迡 ؾ  ΰ,  δ ϰų 
   ΰ, ׷ٸ  ý 󸶳 ϰ Ǵ ΰ
   ̸     ̴.   ȣϴ°, 
  ȣϴ°,  ȣ  ġ 󸶳 Ǵ°, ׸ Ÿ
  ڻ꿡 ؼ  å  ΰ м.

  o    (risk) ħڰ ý  ħϴ 츦
     ϽѴ. п ߿  ħڰ  аų , 
     Ǯ׸    ִ ? ߿ Ÿ   ִ°?
     ̳  ȸ簡 ߿  ϴ  ѹ 
     ִ°?    ̳ ýۿ   ִ
        Ī  ִٴ   ƾ Ѵ.

     ,       ü Ʈũ ħ ϴ
        ִ.      ڶ ϴ Ʈ
     ȣƮ (rhost   ְų, Ȥ tftp  
     ҿ    ħڿ "  ڸ"
     ִ   ̴. ħڰ  ý̳ ٸ ýۿ
           ٸ ̳ ٸ
     ý  µ   ִ.

  o    (threat)  Ʈũ ǻͿ ҹ 
     (unauthorized access)  ϴ  ִ κ
     ȴ.  ؼ  ýۿ   ΰ,
       δ   ߻Ű°   ؾ
     Ѵ.

     ħڶ   η ,  ۾  
      ׵   Ư ο δ  .

  o  ñ   (The Curious):   ħڴ ⺻
       ý۰ Ÿ  ִ°  ˰ ϴ
     Ϳ ̸ д.

  o  ǰ ִ  (The Malicious):   ħڴ 
     ý ٿŰų    ջŰų, ظ
     ϰ ϴ   ð  ϰ .

  o     (The High-Profile Intruder):  
     ħڴ α Ǹ  ؼ  ý  Ѵ.
      ˷ ý ħμ ڽ ɷ Ϸ ϴ
     ̴.

  o   (The Competition):   ħڴ  ýۿ 
     Ÿ ִ° ̸ д.      
     ִٰ ϴ Ư   ִ.

  o   (The Borrowers):   ħڴ   ؼ
      ý  ϸ鼭  ý ڿ ġ
     ̴.  ̵ Ϲ ê̳ IRC ,  ī̺
     Ʈ   ǻͿ ,  DNS  
      Ѵ.

  o  ǳʶٱ  (The Leapfrogger):   ħڴ ٸ
     ý   μ  ý ̿Ϸ
     Ѵ.    ý   ȣƮ Ǿ ְų
     Ʈ̷ Ǵ , ̷  ħڰ  ý
        ϴ  ̹    ̴.

  o  "༺ (Vulnerability)" ִ   ǻͰ ٸ
     Ʈũκ ȣ  ʰų,   ǻͿ ҹ
       ɼ ִ 츦 Ѵ.

      ýۿ  ħߴٸ   ϱ? 
     ̳ PPP ϴ    ͳ̳ ٸ ū
     Ʈũ  ȸ ɻʹ ٸ ϰ ̴.

     ջ Ÿ Ƚ  󸶳 ð ɸ ΰ? ʱ
     ׸ ð ڴ Ҿ Ÿ ȸϴµ Ǵ ð
     ʺ ϵ ȵ  ִ. ٷ   ϰų 
     Ÿ Ȯ  ִ?
  2.4.   Ģ ϼ

  ڵ  ϰ   ִ ϰ Ϲ Ģ
  鵵 ؾ Ѵ. Ģ   ȣϴ Ÿ ȣϴ
  ÿ,  ̹õ Ű  Ѵ. ؾ 
  ͵  ýۿ   ΰ (ģ   ᵵ 
  ΰ?),  ýۿ Ʈ ġϵ  ΰ, 
   Ÿ  ΰ ,    å, ý 
   ̴.

  Ϲ ̿ǰ ִ  Ģ   ۵ȴ:

       Ǿ       .

  ̰ ý     ý 񽺸 Ϲ
  ڰ  ϸ ȵȴٴ ̴.  Ģ   Ϲ
    ǵ ؾ  ̴.  "ü ̰ 㰡
  . ׳ Ʈ    " ϴ , ʹ
  翬 ˷ ִ ħŻ  ̰  ߰  
  ħŻ        Ͱ ٸ
  ̴.

  rfc1244 <http://www.faqs.org/rfcs/rfc1244.html> Ʈũ  Ģ
      ְ ִ.

  rfc1281 <http://www.faqs.org/rfcs/rfc1281.html>  Ģ  
     ڼ  Բ  ְ ִ.

  , ftp://coast.cs.purdue.edu/pub/doc/policy
  <ftp://coast.cs.purdue.edu/pub/doc/policy> ִ COAST ī̺긦
  ,  ǰ ִ  Ģ   ִ  
  ִ.

  2.5.  Ʈ  

    -- , Ÿ, , Ʈũ,   
  ,   ϸ鼭   -- "ڻ" ȣ  
  ؼ Ѵ. ࿡ Ϲ  Ÿ ħڰ  ȴٸ
     ɱ?   Ʈ  ٲ
  ȴٸ?  ȸ簡 ϰ ִ  б Ʈ ħڰ
   ٸ? Ʈũ ġ ,    ǻ͸  ϱ
   ̸  ξ     ֱ ̴.

   ܿ ϳ ̾˾ PPP   ְų  Ʈ
  ϳ   ִٰ ؼ, ħڰ  ýۿ ̸  
   . ũ ̸ ִ Ʈ鸸 ħ ̶ ϸ
  ȵȴ.  ħڵ "ũ⿡    Ʈ
  ħѴ"  ħŻ Ѵ. ٿ,  Ʈ 
   (Security hole)  ؼ  Ǿ ִ ٸ
  Ʈ ȸ    ִ ̴.

  ħڵ ð Ƶ ̸,   ý 
  ǲ ߾ ´ ص,    õ   
  ȸ ħŻؼ  ýۿ   ִ. ħڰ 
  ýۿ ̸   . ̿ ؼ ڿ   
  ϰڴ.

  2.5.1.  ȣƮ 

     ߿ ڰ     κ Ƹ
  ȣƮ  ƴұ Ѵ.   ý ϵ ö
   ϴ Ͱ Ʈũ ٸ 鵵   ȿ 
  ϱ⸦ ٶ Ϳ  ؾ  ̴.  н带
   ,  ȣƮ  Ʈũ 񽺿  ȭ ۾
  ϴ ,    ؼ  , ׸  
  ִٰ ˷ Ǯ׸  üϴ      (local
  security administrator) ӹ Ϻ̴.  ̷ ͵ öϰ
  ʿ ̱ , Ʈũ ٿ ǻ ڰ Ҿ
  ϸ ̷ ۾   ⼼    
  Ǳ⵵ Ѵ.

  2.5.2.  Ʈũ 

   ȣƮ ó Ʈũ ȵ ߿ϴ.  Ʈũ  
   õ ǻͰ پ ִ Ȳ, ϳ ϳ  ý
   ȭ ۾ Ǿ ִٰ Ͼ   ̴.   ڸ
  Ʈũ  , ȭ ,  ȣ  ,
  Ʈũ       (rogue machine)
    Ǿ ִ 谡  ϴ    Ʈũ
   ӹ ̴.``[5.    ]''

     Ʈ ؼ ȭ ۾ ϴ ũ
   ̸,  ȣϷ ϴ  ħڰ 
  ϵ ϴ   ַ Ѵ.

  2.5.3.     (Security through obscurity)

  "   " ݵ ǵǾ ϴ ȹ ϳ̴. 
   ڸ, " ħŻ ִٰ ˷ ִ  Ʈ
   Ʈ ̵  ڰ 翬    ̹Ƿ
  翬 ħŻ   "̶  ̴.  ̷ Ӿ
  ȹ ڰ ݰ    Ͼ ǽġ .  ̷
  "ȥڸ ˸鼭   ȹ" ȭ   ƴϴ.  
    Ʈ  ִ ؼ, Ȥ  ˷  ʴٰ
  ؼ    ִ Ϳ ħڰ     ̶
   ݹ̴.  ȣϴ ΰ  ׸鿡 ٷڴ.

  2.6.    

    ׸  Ҵ.  ׸    ̽
   ٷ. ù° `` '' ׸ 迡    
    ٷ. ° `` ''  ý 
  ڷκ ȣ ΰ ٷ. ° ``ϰ Ͻý
  ''  Ͻý ϰ  㰡  
  ΰ ٷ.``н Ȱ ȣȭ'' ȣȭ  ؼ
    ǻͿ Ʈũ ȣ ΰ ٷ.``Ŀ
  ''   Ŀ ɼ ġؾ ϰ,  ɼ
  ˾Ƶξ ϴ° ϰڴ.``Ʈũ ''  
  ý Ʈũ κ  ȣ ΰ ٷ.``¶
    غ'' ý  ϱ   غؾ
  ϴ° ٷ.   ý ħ ݵǰ ִ Ȳ̰ų 
  ħ ߰ߵ Ŀ   ΰ ٷ.`` 
  ڷ'' ٺ  ڷ ϰڴ.  δ ``FAQ'',
  ׸ ``'' ڴ.

    д ߿ ο   :

  o   ý ľ  . /var/log/messages  ý 
     (log) Ȯϸ, ýۿ Ǹ ε ϰ,

  o  ° ׻   Ʈ ġϵ ϸ,  
       ̿ °  ġ ϴ  ý ֽ
     · ϵ  ̴. ̷Ը ص ý  
     ȭ Ǵ Ϳ   ̴.

  3.   

  ο ξ   ù   ǻ  ̴. 
  ǻ ü     ִ°? ׷ ʿ䰡 ִ ΰ?
  ýۿ      ִ ? ׷ ʿ䰡 ִ°?

   ýۿ     ʿ Ȳ 꿡
   ſ ٸ.

    ٸ ( ̵̳  ģô ǻ͸
  ǵ帮 ϵ ϱ ؾ߰) Ư  ȿ Ű 
  ʿ  ̴. ǿ ٸ ȿ   Ű  
  ڵ ۾   Ǿ Ѵ.    ׸
    ̴. 繫ǿ   ߰ų ڸ 
   ǻͿ  ϵ ؾ ϰų Ȥ ׷ 
  쵵 ִ.  ȸ翡 ǻ ܼ  ä ġ δ
  ͸ε ذ  ȴ.

   Ŵ ڹ質 罽, ĳ ״ ,   ġ 
  翬    и  ,   
  ̴. :)

  3.1.  ǻ 

    ǻ ̽鿡 ""  ִ.  ġ 밳
  質 ü  踦 ̿ؼ װų Ǯ Ǿ ִ.  ġ
   ٸ   pc  ų, ̽  
  ϵ ϰų   ϵ   ִ.  ٸ 
  ڽŵ ÷ǳ ٸ ϵ Ἥ Ʈ ϵ  
  ִ.

  ̷ ̽  ġ Ӵ  ̽  
  ٸ  Ѵ.   PC ̽ ()  Ѵٸ
  ̽   ϵ  ֱ⵵ ϴ.   PC
  ο Ű峪 콺    Ǿ ִ.  Ӵ
  ̽  ϵ ϶. ̷  ġ 밳 ſ 
   ڹ  Ƿ ִ  տ ̰,
  Ȳ 󼭴   ̴.

   迡 (ַ Ű )  (dongle) ־ ڰ
  ٷ    ִ. ̷   ħڰ ü ο 
    ,  ų ̽ ıؾ  Ѵ.  ۿ
  ڹ踦 ä  ͸ε ǻ͸ ġ 鿡 δ ִ
  ֹ   ִ.

  3.2.  ̿ 

  ̿(BIOS) x86 CPU  ϵ ϴ  ع
  Ʈ. γ    Ʈ α׷ ̿
  ؼ    Ѵ.   ư ٸ
  ϵ ̿  Ʈ ִ. (ư  
  ǻ OpenFirmware, sun boot prom ). ̷ ̿ ɵ
  ħڰ ǻ͸ ϴ  μ ý Ϸ 
       ִ.

   , PC ̿ Ʈ н带   ֵ Ǿ ִ.
  ̷ ɵ   Ѵٰ    (̿
  ½ų  ְ, ̽   ִٸ ƿ    ִ),
    ֹ    ̴.( , ð ɸ ̰,
   Ű ´)   S/Linux (Linux for SPARC (tm)
  μ )  ÿ н带  EEPROM  
  ִ.   ƴ, ħ ӵ    ̴.

   x86 ̿  ۿ پϰ Ǹ   ɵ
  Ѵ.   ִ ̿ Ŵ Ȯϰ   
  ̿  ڼ 캸 ٶ.   ÷ ̺
    ϰ ϰų Ư ̿ ɿ ϱ ؼ
  н带 Էϵ ϴ     ִ.

  : Ȥ  ӽſ Ʈ н带 ߴٸ,  ־߸
   ϴٴ  ؾ Ѵ. ߿  Ǹ ٽ ƿͼ
  н带 Էؾ Ѵ.  ;(

  3.3.  Boot loader 

     Ʈ δε н    ִ. θ
   , н (password) ƮƼ (restricted - Ʈ 
   ִ ɼ ɾ)  ɾ ִ: password ɾ 
    ׻ н带     , restricted
  ɾ  ( Ʈ single  Ư ɼ 
  쿡 ؼ)  н带    ϰ
  ȴ.``[6.  ]''

  lolo.conf  :

            password=password
                 ̹   ɼ 'password=...' (Ʒ )  ̹   .

            restricted
                    ɼ 'restricted' (Ʒ )  ̹   .

                 password=password
                      ̹ н带  .

                 restricted
                      ڸǵ ο Ű   쿡
                      н带 ݵ ؾ߸ ̹   ֵ  .
                      (; single).

  ϴ н ϰ  н   ξ Ѵٴ
   ϶. :) ƿ﷯ н , ħϰڴٰ  
   ħڰ ִ 쿡  ð  ִ ҹۿ Ѵٴ
   ؾ Ѵ.   δ ħڰ ÷Ƿ    Ʈ
  Ƽ Ʈϴ    .  Ʈ δ 
  ̿Ѵٸ, ̿ ÷ Ʈ ɼ   ̿
  н带 ɾ     ϴ   ̴.

  Ȥ ٸ Ʈ δ    ƴ  ִٸ ڿ
  ˷ֱ ٶ (grub, silo, milo, linload ).

  :    ϰ  ְ   Ʈ н带
  ɾ ´ , ڵ õ ǵ ġ ϴ  Ұϴٴ
   ο ξ Ѵ.    Ȳ    ٽ
  Ʈ н带 ־ ־ Ѵ.
  3.4.  xlock vlock

   ǻ   ٸ, ٸ   ۾
  ų  ϵ ܼ ""  ִ  . ̷
   ִ   Ǯ׸ xlock vlock̴.

  xlock X  ȭ ٴ.  Ǯ׸ X ϴ  
    ִ. Ϲ  ϴ ܸ ƹ
  xterm xlock   ų  , ϴ Ǹ ȭ 
  ǰ  н尡 ԷµǾ ȭ Է  · ǵ 
  ְ ȴ.  ڼ ɼ ش man  ãƺ ϶.

  vlock   ܸ Ϻγ θ   ֵ ϴ 
  Ǯ׸̴.    ܸ   ۾  ϳ  
   ִµ, ̷ Ǹ ٸ  ͼ ٸ ܸ  
  ,  ۾ ̴  ܸ  ϱ  
    ȴ.  vlock     , 
  ϴ    ִ.

   ܸ⸦ ݾ δ   ۾  ϴ 
     ְ, ħڰ ǻ͸ ٽ ýŰų ۾
  ߴܽ     .    δ ħڰ
  Ʈũ  ٸ ǻ͸ ̿  ǻͿ  Ű
     .

   ߿ ,   ħڰ X 쿡    
    , ħڰ   ܼ α Ʈ 
  Ǵ Ͱ   ġ ؼ X11 ۵  ֿܼ
   X11  Ű     
  ٴ ̴. ̷ ,     Ѵٸ xdm  Ȳ
  Ʒ   ⸦ Ѵ.

  3.5.    ļ 

   ؾ  ֿ켱   ǻͰ  õǾ°
  ̴.  ߰ϰ  ü̱  ǻͰ
  õǾ߸ ϴ  ü ׷̵峪 ϵ ü 
  ؼ õ ̴.    ʾҴµ ǻͰ
  õǾٸ, ħڰ   ̶ ȣ  ִ. ǻͿ
  ħϴ  ߿ ǻ͸ ýŰų   ϴ 찡
  ʿ  Ƿ.

  ǻ ̽  ֺ    ִ Ȯϵ Ѵ.
  ,  쿡 ħڵ   ڽ  
  , ׷   (Log  File:   ) θ  캸
  ߳ ġ  Ǵ  .``[7  ]''

     --- ȣ ۾   Ʈũ ϴ  
    ---  ҿ ϴ ͵  ̴.  ϴ
  ħڿ ؼ ǻ  ̹ շ Ȳ̶ ħڰ 
   ̹     ִ.

  ýα  (syslog daemon) .  Ÿ   ߾
    ڵ    ִ. ,  쿡 Ÿ
   (Unencrypted text)  ǹ , Ÿ ۽ŵǴ 
  ħڰ ߰ ç  ִ. ̷ Ȳ Ϲ  Ƽ
    Ʈũ  Ǵ ɰ ̴.   ̷ 쿡
  Ÿ ȣȭؼ  ýα  ؼ   ̴.
  ``[8. Cleartext]''

  , ͳ  ̹ Ǿ Ǿ ִ ħŻ Ǯ׸
  ϸ, ħڰ ýα ޽ ¥ ٹ̴  ſ ٴ
   ˾ƾ Ѵ.   ýα״  ó   ä Į
  ȣƮ ƿ ó Ǿ   Ʈũ  
  ޾Ƽ ϱ Ѵ.

   α׿ Ȯؾ  :

  o  ªų ҿ .

  o  ̻ϰų ߸ ð  (timestamp)  .

  o  ߸ 㰡̳   .

  o  ̳  ۿ  .

  o  ų  .

  o  su  ϰ ̻ κ  .

  ý  Ÿ ؼ `` ''   ϰڴ.

  4.   

   ָؾ    (local user) ݿ 
  ̴. ڰ   ڵ̶ ߴٴµ ָϱ ٶ.

      ̾߸ ýۿ ħϰ ϴ
     õϴ   ϳ.  ڵ鿡 
   ϸ, ħڰ --   ׵ ý ϴ
    ̿ؼ -- ׵  Ϲ   
   (root)  "׷̵" س  ִ. ׷Ƿ 
  ڵ鿡   ö ϸ ħڵ پѾ   ϳ
  ֹ 鿡 ְ Ǵ ̴.

   ¥ ڰ ƴ϶ ص (Ư ¥  쿡) 
  ڵ  ý    ִ. а ȸ
  ų   𸣴   ִ  ſ  
  ̴.

  4.1.  ο  

  ڿ    ۾  ּ Ѹ οϵ
  ؾ Ѵ.    Ƶ鿡  شٸ,  μ ׸
  Ǯ׸   ־ ϸ,   ƴ Ÿ  
    ؾ Ѵ.

  ٸ 鿡    Ϸ  , ο θ 
   Ģ ִ.

  o  ڵ鿡 ʿ ϴ ּ Ѹ ش.

  o  ڵ / αϴ Ȥ αؾ ϴ ˾ƾ
     Ѵ.

  o  Ǿų   ʰ ִ  .

  o   ڴ Ʈũ   ǻͿ ؼ 
     ̵ (userid) ϸ鼭 ϵ ϴ  .  
      м       ϱ ̴.

  o  ׷ ̵ (userid)   öϰ Ǿ Ѵ.
        ϰ Ѵٸ   å ΰ
     иϰ , ׷   쿡 å ΰ и
     ϱⰡ Ұϴ.
   ̳   ̻  ʰ ִ    
  ħ  ȴ. ƹ ϰ  ʱ  ̷ 
  ֻ   ȴ. ``[37. ޸ ]''

  4.2.  Ʈ 

  ǻͿ  ߱Ǵ  Ʈ ( Superuser) ̴. 
   ǻ ü   , Ʈũ ִ ٸ
  ǻͿ    ֵ  ֱ⵵ ϴ. Ʈ 
     ª ð ȿ Ư ۾ ϱ  쿡
   ϸ,   ڽŵ ÿ Ϲ ڿ  Ἥ
  ϴ  ٴ  ؾ Ѵ. Ʈ αؼ 
  Ǽ ƹ  ̶     ū  Ű ȴ.
  Ʈ   ð ª ª  ̴.  ׻ Ʈ
  ۾ ϴ  ſ, , ¥  ̴.

  Ʈ ۾ϴٰ ڽ ǻ͸ ׹   ϱ 
     ִ.

  o       켱 ı   ϶.
     ϵ ī带   쿡 Ư ؾ Ѵ.   "rm
     foo*.bak" ϱ   "ls foo*.bak" Ἥ 
      ϴ ϵ鸸  Ǵ Ȯؾ Ѵ. ı
       ڸ  ͵ δ  ̴.

  o  ڵ rm ɾ  ǻͰ   θ Ȯ
     ϵ,  ϸ (alias) ٸ ֵ .``[9.
     Alias]''

  o  Ư ۾ ϱ ؼ Ʈ ǵ ϶.   ϴ
      ˰ ʹٸ, Ʈ ڰ ž߸ ϴ ۾ 
     Ȯŵ  Ϲ ڿ  ư ϶.

  o  Ʈ ڸǵ н (command path:) ſ ߿ϴ. PATH ȯ
      (PATH environment variable)̶ ϴ ڸǵ н 
     Ǯ׸ ãƺ 丮  ִ. Ʈ ڸǵ н
      ª ̵ ϰ,  " 丮" ϴ "." 
     PATH   ʵ ؾ Ѵ.  ٿ,  н
     Ⱑ  丮 (writable directory) ԵǸ ȵȴ.
     ڰ   丮 ̳ʸ    ϰų ο
         ְ     쿡
     ڰ Ʈ  ħŻϰ Ǳ ̴. ``[10. PATH]''

  o  Ʈ   ǻ͸   (r-ƿƼ
     Ҹ) rlogin / rsh / rexec   ϸ ȵȴ.
     ̰͵ ټ "ݰ ħŻ"   ̸, Ʈ ⿡
       ̴.  Ʈ .rhosts  
     ƾ Ѵ.

  o  /etc/security  Ʈ   ִ ͹̳ε  ִ.
     (  )   ܼ (local virtual consoles: vtys)
      ⺻  ִ. ٸ ͵  ʵ ؾ Ѵ.
     ʿϴٸ  ֿܼ Ϲ    Ŀ
     (ϴٸ ``[ssh]'' ٸ ȣȭ ä ؼ) su  
       Ƿ, Ʈ   ʿ  .

  o  Ʈμ ۾    ϰ ϰ ൿ϶.
      Ʈ ڰ  ϴ ൿ ۾  ͵鿡
      ش.   Ŀ  ε!

  ( )   ڰ    ־
    Ȯ 찡    Ǵ   ִ. sudo
  ڰ ڽ н带 Ἥ Ʈ    ѵ 
    ֵ ش.   ý  ڰ sudo
  ̿ؼ -- Ʈμ ٸ Ư  Ͼ -- õ̳
   𸶿Ʈϰų Ʈϴ  ϵ   ִ.
  sudo  --   ,  ϱ  ߴ  
  ִ -- sudo  õ     (`` '')
   ȴ. ׷  Ʈ ٱ   
  ýۿ     Ƿ sudo  ϴ 
  .

   sudo Ư ڿ Ư ۾   ִ ѵ Ư
  ,      ִ. ׷  ̰ -- 
  ŸƮϰų  ڸ ϴ  --  ѵ ۾ ϴ
  Ϳ  ǵ Ǿ Ѵ.   ħڰ  
  ȸ ִ Ǯ׸ ؼ sudo μ Ʈ  ħŻ
   ִ. κ Ͱ ̷  Ǯ׸鿡 Եȴ. ,
  /bin/cat  ߰; Ǯ׸ Ἥ --    
  -- Ʈ ħŻ  ִ.  sudo åӼ   
  ϵ ϰ, Ʈ ڸ ȣϴ ҷδ  ʵ .

  5.  ϰ Ͻý 

  ý ¶ ӽŰ ,   ̳ غ ȹ
  ϴ   ý۰ Ÿ ȣϴ Ϳ ū  ش.

  o  SUID/SGID  Ȩ 丮     .
     Ʈ ƴ ٸ ڵ ڷḦ   ֵ, Ⱑ 
     (writable Ǿ ִ) Ƽǿ /etc/fstab nosuid ɼ 
      Ѵ. ̷    ʿ  ϴ -- Ǯ׸
      ϸ,  ̽  ϵ -- /var
     ؼ,  Ȩ Ƽǿ nodev noexec ɼ 
      Ѵ.

  o   NFS Ἥ Ͻý Ʈũ  (export)ϴ ,
     /etc/exports ִ ѵ ϵ ϵ Ѵ. ̰
     ϵī带  ʴ Ͱ, Ʈ   (root write access)
      ʴ Ͱ, ϸ б  Ͻý۸ ϵ
     ϴ  ǹѴ.

  o     umask  ѵ  Ѵ.``[umask
     ]'' Ѵ.

  o  NFS  Ʈũ Ͻý ƮѴٸ, /etc/exports
     ؼ   ֵ Ѵ.   'nodev' 'nosuid' 
      ٶϰ, 'noexec' ϴ  .

  o  ⺻ " (unlimited)" ƴ  Ͻý ⺻
     Ѵ. ڿ  PAM  /etc/pam.d/limits.comf
     μ   ġ Ѵ.  , users
     ׷      ִ.

                       @users     hard  core    0
                       @users     hard  nproc   50
                       @users     hard  rss     5000

    ھ   ϸ, μ  50 ϸ,
      ޸  5 ް  Ѵ.
  o  /var/log/wtmp /var/rin/utmp ϵ ý   
       ִ. ̵ ڰ (Ȥ  ħڰ) ,
      ýۿ Դ° ϱ  ۾ ǹǷ 
     ϵ Ȱ  ö Ǿ߸ ȴ. Ϲ ý
     ۵  ִ 찡  ԰ ÿ 644 㰡 
     ־ Ѵ.

  o  ȣǾ߸ ϴ ϵ Ǽ ų  찡 
     ϱ ؼ ̹Ÿ Ʈ (immutable bit: Һ Ʈ) Ѵ.
        Ͽ -- /etc/passwd /etc/shadow ϴ
      Ϻΰ Ǵ, -- ɺ ũ   Ѵ. ̹Ÿ
     Ʈ  ߰  chattr(1) man  ϵ  .

  o  SUID SGID    ̱  öϰ
     õǾ  Ѵ.   Ǯ׸   ϴ ڵ鿡
     Ư  ο ֱ , ȿ Ҿ Ҹ ִ ̷
     Ǯ׸ ġǴ    ؾ Ѵ. ũĿ ϴ
     Ʈ   ϳ SUID Ʈ α׷ ħŻϰ  Ŀ -- 
       Ŀ -- SUID Ǯ׸  ޹ 
      ̴.

     ׷Ƿ,  ýۿ ִ  SUDI/SGID ãƳ, װ͵
      μ -- ħڸ ǹ  ִ-- 
     ȭ   ֵ Ѵ.  ɾ ϸ ýۿ ִ
      SUID/SGID Ǯ׸ ãƳ  ִ.

               root#  find / -type f \( -perm -04000 -o -perm -02000 \)

   Ʈ   SUID  ϴ  
  Ȯϴ ۾ (Job)   ְ.     
  񱳸   ִ.  /var/log/suid*   ۾   
  ִ.  Ѵٸ ǽɽ SUID SGID 㰡  Ǯ׸ chmod
  Ἥ ų ٲ   ̴.

  chmod ϸ ǽ½ Ǯ׸ SUID SGID 㰡 
    ְ, ʿ ߿ Ȯϰ ٸ ٽ  ָ
  ȴ.

  o   ũĿ ý   -- Ư ý   --
     -Ÿ(World-writable) ϵ    ְ
     ȴٸ ׾߸   ɰ   ϰ  ̶
       ִ.  ̸ -- ũĿ   ̰ų 
      ְ ǹǷ -- -Ÿ 丮   
     ̴. -Ÿ  θ ã ؼ  ɾ
     Ѵ.

               root# find / -perm -2 -type l -ls

  ׸  ϵ  "  (Ÿ)" Ǿ ִ
  ݵ ľϵ Ѵ.    쿡 ־, /dev Ϻο
  ɺ ũ   ϵ -Ÿ Ǿ ־ 
  ̴. (In the normal course of operation, several files will be
  writable, including some world-writable, including from /dev, and
  symbolic links. some from /dev, and symbolic links, thus the ! -type l
  which excludes these from the previous find command.)

  o    Ҽ ϵ  ħڰ ýۿ Դٴ
     ¡  ִ.   ų ׷쿡 ҼӵǾ   ϵ
      ɾ  ãƳ  ִ.

               root# find / -nouser -o -nogroup -print

  o  Ʈ ȣƮ (.rhosts) ϵ   ȵǴ ̱
     , ̰͵ ã  ý  ӹ Ϻΰ Ǿ߸
     Ѵ.   ũĿ  Ʈũ ħϱ ؼ 
       Ҿ  ʿ ̶ ̴. ý 
     Ʈ ȣƮ ϵ  ɾ ã  ִ.

               root# find /home -name .rhosts -print

  o  , δ ý  㰡 ٲ , 
       ۾ ϵ Ǿ ִ  Ȯ ϵ Ѵ.
     ܼ ۵   㰡 ٲٴ   ؾ
     Ѵ. 㰡 ٲٱ    ̷ 㰡  ִ
     ˵ ؾ Ѵ.

  5.1.  umask 

  umask ɾ ý    㰡 ⺻ ϱ
  ؼ ȴ. umask Ϸ     (Octal
  Complement) Ѵ.   㰡 ⺻   ¿
     ȴٸ, ڰ 𸣴 ̿ 㰡  ȵǴ
   б  㰡 ְ   ִ. Ϲ umask 
  022 027, ׸ ( ) 077  ִ. umask Ϲ
  /etc/profile ǰ, ý  ڿ ȴ. 
   ⺻ (File creation mask) 7.7.7. ϴ   ´.
  ٽ ϸ, 7.7.7. umask   쿡  
     (ڸ )  ڵ鿡  б, , 
   ʰ ȴ.  umask 666̶,    
  111 (㰡) ⺻  ȴ. umask 033   
  ڴ. ``[11.  ]''

               # Set the user's default umask
               umask 033

  Ư Ʈ umask  077 ؼ б, ,  -- Ʈ 
  chmod Ἥ ٲ  ʴ  -- ٸ ڰ ϵ  
  . Ͽ   033 ,   丮 --
  777 033  -- 744 㰡  ̴.  Ʈ mask  077
  ǹǷ, ٸ ڰ --chmod Ἥ ѷ ϸ ٲ  ʴ 
  -- а      ִ ̴  033 umask 
   Ŀ   644 㰡  ȴ.

    ٸ --    ׷ ID   (User Private
  Group rules) ٴ  Ͽ -- umask 002 . ⺻ 
   ׷   ڷ Ǿ ֱ ̴.

  5.2.   㰡 (File Permissions)

  ý   Ǹ  ڳ ׷ ý  Ƿ
  ϴ   ϴ  翬 ߿ ̴.

  н ϰ Ͽ    owner, group, ׸
  other   Ư Ѵ.  Ȯ ϳ 
  (owner) ϸ, ׷    , 
  ڵ other ȴ.

  н 㰡ǿ   :

   (Ownership) -  ڳ ׷    㰡ǿ
      ִ  Ѵ.

  㰡 (permission) - Ư   ϵ  ְų
    ִ Ʈ.  丮  㰡 Ͽ 
  㰡ǰ ٸ ǹ̸   ִ.

  б 㰡 (Read):

  o      ִ  ϴ.

  o  丮 д  ϴ.

   㰡 (Write):

  o  Ͽ ų  ϴ  ϴ.

  o  丮 ִ  ų ̵ϴ  ϴ.

   㰡(Execute):

  o   Ǯ׸ (binary)̳  ũƮ   ִ.

  o  б 㰡 ִٸ 丮 Žϴ  ϴ.

        (Save Text Attribute): (丮 )
        "ƽŰ Ʈ (sticky bit)" 丮  쿡 ٸ
          ȴ. 丮 ƽŰ Ʈ   ڴ
        --  ڰ 丮 Ϲ  㰡 ִ --
         ְų Ȯϰ  㰡     
        ְ ȴ.  ̰ /tmp  -- -Ÿ̸鼭 Ϲ
        ڰ      -- 丮  
        . ƽŰ Ʈ  丮  (ls -l) t
        ǥõȴ.

     SUID  ( )
        ̰  set-user-id 㰡   ȴ. 
        㰡ǿ set-user-id  尡  --׸  
         ̶--   ϴ μ μ
         ڰ   ִ ý ҽ   ִ 
        οȴ. ̰ " ÷ο (buffer overflow:  
        )" ϴ  ħŻ  .

     SGID   ( )
        ׷ 㰡ǿ  쿡  Ʈ "set-group-id" ϰ
        ȴ. ̰ ׷  ޴´ٴ  Ѵٸ SUID 
         ϴ ̴.      ϵ
        ǵǾ Ѵ.

     SGID ƮƮ (丮 )
         SGID 丮 ϸ ("chmod g+s 丮" ), 
        丮  ϵ 丮  ׷  ⺻ ׷
          ȴ.

   -   (owner)

  ׷ -  ԵǾ ִ ׷ (group)

     -  ڳ   ׷쿡  
    (other)

   :

           -rw-r--r--  1 kevin  users         114 Aug 28  1997 .zlogin
               1 Ʈ  (-) 丮ΰ?     (ƴϴ)
               2 Ʈ  (r) ڿ б?  (ִ.  ɺ   ִ)
               3 Ʈ  (w) ڰ ? (ִ.  ɺ   ִ)
               4 Ʈ  (-) ڿ ?  ()
               5 Ʈ  (r) ׷쿡 б?    (ִ.  users ׷)
               6 Ʈ  (-)  ׷쿡 ?   ()
               7 Ʈ  (-) ׷쿡 ?    ()
               8 Ʈ  (r)  ̿ б? (ִ.  ̰   ִ)
               9 Ʈ  (-)   ?   ()
               10 Ʈ (-)  ̿ ? ()

  Ʒ ʿ ŭ ּ 㰡 ο ⸦  Ҵ.
   ū 㰡 ִ  ,  ۾ 뵵 ˸ ּ
  ѵ      д.

               -r--------   б 㰡 Ͽ ִ.
               --w-------  ڰ  ϰų   ִ.
               ---x------  ڰ  (Ǯ׸)   , бǵ ־
                           Ǵ  ũƮ  Ѵ.
               ---s------  Ǽ  ID  ̶   ִ.
                           (setuid )
               -------s--  Ǽ  ID  ׷̶   ִ.
                           (setgid )
               -rw------T  "ֱ ٲ ð (last modified time)"  ŵ ʴ´.
                              ȴ.
               ---t------   ( ƽŰ Ʈ)

  丮 :

          drwxr-xr-x  3 kevin  users         512 Sep 19 13:47 .public_html/
          1 Ʈ  (d) 丮ΰ?   (׷.     ִ)
          2 Ʈ  (r)  б?  (ִ. ɺ)
          3 Ʈ  (w)  ? (ִ. ɺ)
          4 Ʈ  (x)  ? (ִ. ɺ)
          5 Ʈ  (r) ׷ б?  (ִ. users ׷)
          6 Ʈ  (-) ׷ ?  ()
          7 Ʈ  (x) ׷ ?  (ִ. users ׷)
          8 Ʈ  (r) ٸ  б? (ִ. ƹ   ִ)
          9 Ʈ  (-) ٸ  ? ()
          10 Ʈ (x) ٸ  ? (ִ. ƹ   ִ)

  Ʒ ּ 㰡   ̴. ⿡ Ǿ ִ  
  㰡  ִ  , Ʒ ϴ  ּ ѵ
  ʿϴ.

               dr--------     ,  ƮƮ    ȴ.
               d--x------  丮  н (path) ־   ִ.
               dr-x------   ƮƮ  ڿ ؼ   ִ.
               d-wx------  丮  ġ  ʾƵ  
                             ִ.
               d------x-t     ٸ ڵ  Ժη  
                           ´. /tmp 丮 ȴ.
               d---s--s--  ƹ ۿ  ʴ´.  (SUID SGID )

  ( /etc ȿ ִ) ý   (system configuration
  files) 640 (-rw-r-----) ̸鼭 ÿ Ʈ  Ǿ
  ִ.``[12]'' ̰  Ʈ  ʿ信  ٲٸ ȴ.
  ý   ٸ  ׷̳    ֵ ϸ
  ȵȴ. /etc/shadow  ý  Ϻδ Ʈ б
  㰡  ϰ, /etc  丮 ٸ ̵  ϵ
  ؾ Ѵ.

     SUID  ũƮ:
        SUID  ũƮ ɰ   ̸, ׷  
        Ŀ ޾Ƶ ʵ Ǿ ִ.  󸶳 
        ũƮ ϴٰ  ϴ ,  ̰ ũĿ  Ʈ
         ִ ħŻ    ִ.

  5.3.  ϰἺ ˻

  Ʈ̾ (Tripwire), ̵ Aide, ̸ (Osiris)  ϰἺ
  (Integrity)  ˻  ϴ   ڰ ġ
  (׸ Ʈũ ؼ )  Ž  ſ 
  ̴. Ʈ̾, ̵, ̸  ߿  ϵ
   ϵ ý (checksum)  ؼ   
  Ÿ̽ Ѵ. Ͽ ȭ  ǥð  ̴. ̷
  Ǯ׸  쿡 ÷ǿ ġϰ    ؼ 
   . ̷   ħڴ ̷ ˻ Ǯ׸  ų
  Ÿ̽ ٲ ϰ ȴ. ϴ   ġ, ϻ
    ӹ Ϻκμ , ֱ ϴ  .

  Ʈ̾  ˻ Ǯ׸   ÷ǿ  ħ Ϸ
   ޵   ũ   ִ.

          # set mailto
          MAILTO=kevin
          # run Tripwire
          15 05 * * * root /usr/local/adm/tcheck/tripwire

  ̿  ϸ  ħ 5:15am Ʈ   ̴.

  ̷ ˻   ħڸ ġä ξ  ̸
  ڵ ˷ִ  簡   ִ.  Ϲ ý
  ȿ   ׽ ٲǷ     ΰ,
  ƴϸ ũĿ ൿΰ ľϴ Ϳ  ϵ Ѵ.

   ҽ   Ʈ̾ (Tripwire)
  http://www.tripwire.org <http://www.tripwire.org>   
  ִ.  Ŵ    ؾ Ѵ.

  ̵(Aide) http://www.cs.tut.fi/~rammer/aide.html
  <http://www.cs.tut.fi/~rammer/aide.html>  .

  ̸ (Osiris) http://www.shmoo.com/osiris/
  <http://www.shmoo.com/osiris/>  . 1086:

  5.4.  Ʈ 

  Ʈ 񸶴 ȣ ϸ忡   å Ե
  ̸̴. ׷ ̴  Ǯ׸̳   ε ,
  ٸ  װ ٿ ޾Ƽ Ʈμ  Ѵ. ׷ ڿ
  ڰ Ű  ʴ ƴ Ÿ ýۿ   ̴.
      ڰ ʿ ߴ   Ѵٰ
  ϴ ̿ -- ׷ ô ϱ⵵ Ѵ-- δ  
   ̴.

   ǻͿ  Ǯ׸ ġϿ  ǵ ؾ Ѵ.
    RPM  MD5 ý PGP ñ״縦 ϹǷ, ġϰ
  ִ Ǯ׸ ¥ Ȯ  ִ. ٸ   
  . ҽ ְų  ˷  ƴ , Ʈ   
  ϵ Ǿ  ȴ! Ϲ   縦   ֵ
  ҽ  ũĿ ٽ ϹǷ.

    , Ǯ׸ ҽ ǰ  ҿ Դ
  Ȯϵ ϶. Ǯ׸ Ʈ  Ȳ̶ ̳ 
    ҽ Ⱦ Ȯϵ ؾ Ѵ.

  6.  н Ȱ ȣȭ (Encryption)

  ȣ ó ̰ ִ  ߿    ϳ. źźϰ
     н带   пԳ  ڵ鿡
  ߿  ̴.       ִ
  н    ϴ passwd Ǯ׸ ϰ ִ.
   passwd Ǯ׸ ̷ Ư  ִ ֽ Ȯϵ
  ϶.

  ȣȭ         , Ұ
   ؾ߰ڴٴ  . ȣȭ ſ ϸ,  
  ô뿡 ʼ̱ ϴ. ڷḦ ȣȭϴ   
  ,   Ư ִ.
  κ ( ,) н 迭 ̿. (DES Data
  Encryption Standard Ÿ ȣȭ ǥ) ϴ ܹ ȣȭ 
  (One-way Encryption Algorithm) ؼ н带 ȣȭѴ.
  ̷ ȣȭ н () /etc/passwd, ( н带 
  쿡) /etc/shadow  ȴ.  α  Է Է
  н  ȣ ó  Ŀ,  ó  ٽ passwd 
  Ǿ ִ н ó 񱳰 ǰԲ Ǿ ִ.  ġϸ
   н иϹǷ  㰡ȴ.  ̿ (´
  Ű Ǿٴ  Ͽ --  Ű ȣȭߴٰ ٽ ȣȭ
  ϹǷ)    ȣȭ  (Two-way Encryption
  Algorithm)̱ , κ н 迭   ̿
  ܹ ̴.  ̰ etc/passwd (Ȥ /etc/shadow) ȣȭ 
  (ߩ)ؼ  н    ϸ ȵȴٴ
  ̴.  ``[38. ܹ ]''

   н  Ұ  ʴٸ ũ (crack)̳  
   (John the ripper)  ηƮ  ݿ (brute force attack)
   н带  ϴ 찡   ִ. (Ʒ ũ ).
   (PAM)   н忡 (MD5 ) ٸ ȣȭ ĵ  
  ְ ȴ (Ʒ ).   п ũ  ǵ  
  ִ.  е  ִ н Ÿ̽   
  ִ н带 ãƳ ؼ ũ Ἥ ׽Ʈ   
  ̴.  ̷  н尡 ߰ߵǸ, н ο 
   ˷ܰ ÿ н带      
  ˷ֵ .

   н带   ؼ
  http://consult.cern.ch/writeup/security/security_3.html
  <http://consult.cern.ch/writeup/security/security_3.html> 
    ִ.

  6.1.  6.1 ǿ   ȣ  (Public Key Cryptography)

   (PGP Pretty Good Privacy)  ǰ ִ,   ȣ
   ϳ  ȣȭϰ  ٸ  ȣȭϴ ( 
  踦 ) ȣ  .  ȣ   ϳ
   ȣȭ ȣȭ   ó Դ.  ( ) "
  " (ȣȭϴ ʰ ȣȭϴ )    ־
  ߰,  ε  ϸ鼭  ʿ ٸ 
  ޵Ǿ ߴ.

  ̷  ϸ鼭 踦  ־߸ Ǵ  
   ֱ ؼ,   ȣ   Ű Ѵ.  
     ȣȭ   ֵ ǰ ̿ ϴ --
  ȣȭ  --     Ѵ.

    ȣ    ȣ    ְ, 
   ׸  κп   RSA FAQ
  <http://www.rsasecurity.com/rsalabs/faq/> о ٶ.

   Ǹ   ش.  2.6.2 5.0  ۵ȴٰ
  ˷ ִ. ǿ  ⺻ ȳ  ˰  PGP
  FAQ б ٶ.   PGPi:  http://www.pgpi.org/doc/faq/
  <http://www.pgpi.org/doc/faq/>.``[13.  PGP FAQ]''

  ̱ δ  ȣ    ϰ ְ, ̿ 
  PGP   ȣ   ü ؼ ϴ  "
   ġ" ϰ Ƿ,   ´  ϵ
  ϶.``[14.  PGP]''.

  http://mercury.chem.pitt.edu/~tiho/LinuxFocus/English/November1997/article7.html
  <http://mercury.chem.pitt.edu/~tiho/LinuxFocus/English/November1997/article7.html>
    Ǹ ġϴ ڼ  ִ. ο 
   ġ ؼ ٿ Ǵµ,
  ftp://metalab.unc.edu/pub/Linux/apps/crypto
  <ftp://metalab.unc.edu/pub/Linux/apps/crypto>   ִ.

   Ǹ  ҽ   籸ϴ ȹ ǰ
  ִ.   (GnuPG)   ϼ̴.   
  IDEA RSA  ʱ  (  ġ ɸ ʰ) 
     ִ.   OpenPGP
  <http://www.faqs.org/rfcs/rfc2440.html> ԰ݿ  ° ۵Ǿ
  ִ.  GNU ̹     ڼ   
  ִ. http://www.gnupg.org <http://www.gnupg.org>

  http://www.rsa.com/rsalabs/newfaq/
  <http://www.rsa.com/rsalabs/newfaq/> ִ RSA FAQ   
    ִ. ⿡ "-﷥ (Diffie-Hellamn)", "  ȣ
   (public-key cryptography)", "  (Digital Certificates)"
         ̴.

  6.2.  SSL, S-HTTP, HTTPS ׸ S/MIME

  o  SSL:- SSL, Ȥ ť  ̾ (Secure Sockets Layer) ͳ
     󿡼  ؼ ݽ 翡  ̸
     Ŭ̾Ʈ/  δ. SSL ƮƮ ̾
     ۵Ǹ --   Ÿ ڰ  ϴ 
      ۾ ȣȭϴ -- ϸ ȣȭ ŷ(:
     channel)  ش. SSL  ݽ Ŀ´ (Ȥ
     ) ť Ʈ        
     -- ݽ  Ÿ ũ  -- Ŀ´͸
     ̿   (secure communication) ʷ δ.
     http://www.consensus.com/faqs/ssl-talk-faq.html
     <http://www.consensus.com/faqs/ssl-talk-faq.html> ߰ 
       ִ.  ݽ ȸ ٸ   
     http://home.netscape.com/security/index.html
     <http://home.netscape.com/security/index.html>  ִ. ``[39.
     ݽ ]''

  o  S-HTTP:- S-HTTP ͳ 󿡼  ϴ  ٸ 
     ̴.     (multiple key management
     mechanisms) ϸ, Ÿ ְ޴   ϴ ȣ
       (cryptographic algorithm) ġ ɼ  ؼ
     ϴ ÿ, м (confidentiality),  (authentication),
      (integrity: Ÿ Ἲ), ۽    (non-
     repudiability)   ش. S-HTTP  㰡 Ư
     Ʈ   ǵ ѵǾ , ȣȭ 
     Ÿ κ κ ߶ () ȣȭ ش.``[36]''

  o  SMIME/:- S/MIME (Secure Multipurpose Internet Mail Extension)
       ͳ  ޽ ȣȭϱ  ũ ̴.
     RSA   ̴ ŭ,    
     ־ Ѵ. S/MIME  ߰ 
     http://www.rsasecurity.com/standards/smime/
     <http://www.rsasecurity.com/standards/smime/>  
     ִ.``[15. ο URL]''

  6.3.   IPSEC 

  CIPE    Ÿ ũ ؼ,  IPSEC
      ִ. IPSEC IETF IP Ʈũ 
  󿡼 ȣ     ϱ   ,
   (authentication),  (integrity),  , м 
   ִ ǰ̴. IPSEC   ͳ 巡Ʈ 
  http://www.ietf.org/html.charters/ipsec-charter.html
  <http://www.ietf.org/html.charters/ipsec-charter.html>  
  ִ. ⿡     ٸ ݿ  ũ
  IPSEC ϸ Ʈ, ׸ ϸ Ʈ ī̺  ã 
  ִ.   ⼭   (Key Management)   ݿ
   ũ IPSEC ϸ Ʈ ī̺긦   ִ.

  ָ п ϰ ִ "x-Ŀ  " (x-kernel
  Linux implementation) x-Ŀ̶ Ʈũ  
  Ʈ-̽ ӿṵ̃,
  http://www.cs.arizona.edu/xkernel/hpcc-blue/linux.html
  <http://www.cs.arizona.edu/xkernel/hpcc-blue/linux.html>  
  ִ.   ϰ  ڸ, x-Ŀ Ŀ  ޽
  Ű ̴.

  "Linux FreeS/WAN IPSEC"̶ IPSEC   ǵ ִ.
     

       "̷ 񽺴 ŷ   Ʈũ (untrusted net
       works) 󿡼, ŷ  ִ ͳ (secure tunnel)
       鵵 ش.  ŷ   Ʈũ  Ǵ 
        IPSEC Ʈ ӽ (gateway machine) ؼ
       ȣȭǾ ۽ŵǰ,  κ     ٽ
       ȣȭǰ ȴ.       ̺Ʈ Ʈũ
       (Virtual Private Network: VPN - 缳) 
       ̴.    Ʈũ  ͳ  
       Ʈ Ѵ ص, δ   Ǵ
       Ʈũ Ǵ ̴."

    ִ.

   Ǯ׸ http://www.xs4all.nl/~freeswan/
  <http://www.xs4all.nl/~freeswan/> ٿε   ְ,  
    ÿ ̹ 1.0    ִ.

  ٸ  ȣȭ  --   ġ  -- ⺻
   Ե ʴ´.

  6.4.  ť  ssh ڳ (Stelnet)

  ssh ڳ (Stelnet)  ý  ϰ, ȣȭ
  Ŀؼ ϱ  Ǯ׸ ġ.

  openssh rlogin, rsh, ׸ rcp ü,     
  Ǯ׸ ġ.  SSH  ȣƮ  ȣȭ  
  ؼ   ȣ  Ѵ.   ŷ(Session
  Hijacking) DNS Ǫ  ָ鼭,  ȣƮ αϰų,
  ȣƮ Ÿ ϱ    ִ.``[17. ߰ ]''
  ۼ  Ÿ  ϸ, ȣƮ X11  
    ش.

   ssh     ִ.   ο콺 
     http://www.datafellows.com
  <http://www.datafellows.com>   ִ.

   پ openssh  ο콺 ʱ  ʸ
  ξ Ư̳  ȸ  ҽ   ʵ 
  籸Ǿ ִ.  ̸ BSD  (BSD License) ʸ ΰ 
  ȴ.   http://www.openssh.com <http://www.openssh.com>
    ִ.
  ssh ʺ ٽ  ҽ  "psst..." ִ.  ڼ
   http://www.net.lut.ac.uk/psst/
  <http://www.net.lut.ac.uk/psst/>   ִ.  ``[18. psst]''

  콺 ũ̼ SSH  SSH   ִ. 콺
  Ŭ̾Ʈ   ǰ ,
  http://guardian.htu.tuwien.ac.at/therapy/ssh/
  <http://guardian.htu.tuwien.ac.at/therapy/ssh/> ̰, Ÿο콺
  ()   ǰ http://www.datafellows.com/
  <http://www.datafellows.com/> ִ.

  SSLeay ݽ SSL    ť ڳ,
  ġ ,   Ÿ̽, DES IDEA ׸ ҷοǽ
  (Blowfish)    ˰ Ѵ.

  SSLeasy   (Eric Young)  , ݽ ť
   ̾  (Secure Sockets Layer Protocol) ۵ 
    ̴.   Ϳ ť ڳ, ġ , 
  Ÿ̽, ̿ IDEA ҷοǽ   ˰ 
  ԵǾ ִ.

  ڳ  ÿ ȣȭ   ִ ť ڳ üǰ 
  ̺귯 Ἥ  ִ.  ڳ(Stelnet) SSHʹ ޸
  ݽ  SSL (Secure Sockets Layer) Ѵ.
  http://www.psy.uq.oz.au/~ftp/Crypto/
  <http://www.psy.uq.oz.au/~ftp/Crypto/> ִ SSLeay FAQ о
  ť ڳݰ ť FTP   ã  ִ.

  SRP (Secure Remote Password Protocol)  ٸ ڳ/ftp  ȿ
   ϳ̴.         ϰ
  ִ.

       "SRP Ʈ    ͳ Ǯ׸ 
       迡 ϴ   ߵǰ ִ.   
        Ǵ ڳݰ  FTP Ʈ   ,
       ()  Ʈũ   ý ڰ ϰ
         ִ   üϰ Ѵ.   
       Ǿ ȵǸ, 翬 ⺻ Ǿ߸ ϴ
       ̴."

  ڼ  http://srp.stanford.edu/srp
  <http://srp.stanford.edu/srp>   ִ.

  6.5.  PAM () -     (Pluggable Authentication Mod
  ules)

  ο   ޿ "PAM"̶ ϵ    ִ.
  PAM --     ٽ  ʿ䰡  --
  ,  ,    ĸ̼  ش. PAM
  ĸ̼ ó      , PAM 
  Ʈ   ⸦ Ѵ.
  http://www.kernel.org/pub/linux/libs/pam/index.html
  <http://www.kernel.org/pub/linux/libs/pam/index.html>

  PAM   ִ       Ʒ .

  o  н忡  (ު) DES ȣȭ  . (н带 ηƮ 
      Ἥ Ǯ  ư ȴ)

  o  ڵ   ִ (μ , ޸  ) ڿ
     ϴ  Ἥ  źν  (Denial of Service: 
     DoS) ϵ Ѵ.

  o  н带  н ߴ     ֵ
     Ѵ.``(:  н''

  o  Ư ڰ Ư ð Ư ҿ α  ֵ
      ϴ  ϴ.

  ý ġϰ ϱ    ð ,  õ
     ִ.  , .rhosts  ý ü
   Ȩ 丮 ϴ   ؼ 
  /etc/pam.d/rlogin PAM ؼ   ִ.

       #
       # Disable rsh/rlogin/rexec for users
       #
       login auth required pam_rhosts_auth.so no_rhosts

  6.6.  ȣ   IP ĸ̼ (Cryptographic IP Encapsula
  tion :CIPE)

   Ʈ   -- ͳ  --   Ʈũ
    Ʈũ (¥ ޽ , Ʈ м 
  κ) ȣϱ   ϴ ̴.

  CIPE Ÿ Ʈũ ؿ ȣȭѴ. Ʈũ ȣƮ
  ̿ ƴٴϴ  ȣȭȴ. ȣȭ  ϵ ְ޴
  ̹ ó ġѴ.

  ̰ -- ؿ Ÿ  ȣȭ ϴ-- SSHʹ
  ٸ ̴.  CIPE --缳 ϱ ؼ-- ͳθ  
  ִ. Ʒ  (Low-level) ȣȭ -- ø̼
  Ʈ  ʿ䰡  -- VPN Ǿ ִ  Ʈũ
  ̿ ϰ ۵ǵ    ִ  ִ.

  CIPE Ͽ  :

       IPSEC  (ٸ ϵ ) ȣȭ VPN  ؼ
         ִ   Ѵ. ݴ, 
       ɼ  ִ IPSEC δ ̸鼭
       ϸ, ־  θ ϴ  
       幰鼭, (  )    Ϻ ذǾ
        ʴ. CIPE     ϴµ, ʱ 
       ÿ Ű   ( ϰ  ϴ ũ
        ϴ )   ǿ     
       ִ. ̰ ź  ϱ , 
       (׸,  ,  ׸   ִ )
       ɷ  ϰ  ش.

    ϸ   .
  http://www.inka.de/~bigred/devel/cipe.html
  <http://www.inka.de/~bigred/devel/cipe.html>

  ٸ ũ׶   ̰͵,   ġ ,
  Ŀΰ Բ  ʴ´.``[19. CIPE ϱ]''

  6.7.  Ŀν (Kerberos)

  Ŀν MIT ׳ Ʈ Ʒ ߵ  ̴.
  ڰ  , Ŀν (н带 ؼ) ڸ
  ϰ, Ʈũ   ϴ  ȣƮ鿡 
   ź  ִ  Ѵ.

    Ʈ α (rhost) Ǯ׸  ؼ н 
  ڰ ٸ ȣƮ (.rhost  ؼ)    ֵ 
  ش.   ,   (߼) ¥ ƴ 
  ϴ ÿ,  Ȯ  ()  ǵ
  ϱ ؼ,  ýۿ    ִ.

  Ŀν  ִ  Ǯ׸ ϴ ñ ȿ, ڰ
  ý ӿ ٸ  ô "Ǫ"   ִ ɷ  
    ִ.

  Ŀν  ߰   http://www.cis.ohio-
  state.edu/hypertext/faq/usenet/kerberos-faq/general/faq.html
  <http://www.cis.ohio-state.edu/hypertext/faq/usenet/kerberos-
  faq/general/faq.html> ã  ְ, ڵ
  http://nii.isi.edu/info/kerberos/
  <http://nii.isi.edu/info/kerberos/> ִ.

  [ο:   Ÿ, Ŭ ,    ,
  "Ŀν:  Ʈũ ýۿ  ",  1998 ܿ  ̱
  ػ罺  ޶󽺿   н ǥȸ  ȸ, (Stein, Jennifer G.,
  Clifford Neuman,  and Jeffrey  L. Schiller, "Kerberos:  An
  Authentication Service for Open Network Systems." USENIX Conference
  Proceedings, Dallas, Texas, Winter 1998)]

  Ŀν ȣƮ   ̰  ù  
  ƾ Ѵ.    ſ ϱ , SSHó ϰ
   ʰ ִ.

  6.8.   н

   н ȣȭǾ ִ н  Ϲ ڵκ
  з ϱ    ̴.  ֱٿ   
  н带 ⺻ ϵ Ǿ , ٸ  
  ȣȭ н带 /etc/passwd Ͽ      ֵ
  Ѵ.    н带   Ǯ׸ 
  н带 ˾Ƴ   ִ. ݸ鿡  н Ư 
  ִ ڵ鸸   ֵ н忡   /etc/shadow
  Ͽ Ѵ.  н带 Ϸ, н  о
  ϴ  ƿƼ  н带 ϵ 
  ϵǾ Ȯؾ Ѵ. ݸ鿡 ( ) PAM 
  Ǯ׸  ʿ     Ŵν
   н带   ֵ ش. ʿϴٸ Shadow-Password-
  HOWTO   ȴ. ̰
  http://metalab.unc.edu/LDP/HOWTO/Shadow-Password-HOWTO.html
  <http://metalab.unc.edu/LDP/HOWTO/Shadow-Password-HOWTO.html>ε,
   ణ Ұ, PAM ϴ  ʿ䰡 .

  6.9.  ũ(Crack)    (John the Ripper)

  Passwd Ǯ׸  , "    " н
  Ģ   ־  ϰ  Ȳ̶, 
  ΰ н  Ǯ׸ Ѽ  ڵ 
  н带  ִ Ȯϴ ͵  ̴.

  н  Ǯ׸   ۵Ѵ:  ִ 
  ܾ  ȭ н õ ϰ, ܾ ϳ ϳ
  ȣȭϸ鼭 ̹ ȣȭ н ϴ ̴. ࿡ ġϴ
  ܾ ã Ǹ, ȣ ˾Ƴ ̴.

  Ѵٸ  н ũ Ǯ׸    ̴.  ߿
  ˾Ƶθ    ٷ "ũ" "  ",
  http://www.openwall.com/john <http://www.openwall.com/john/>.  CPU
  ڿ û Һ ,  Ǯ׸   
  μ Ȥó ڰ ̷ Ǯ׸ ؼ  ýۿ
  ħ ɼ ִ ˾ƺ ÿ,  н带 
  ڵ ãƳ ̸ ˷   ̴. ڰ 
  passwd (н /etc/passwd)   켱 ٸ 
  ̿   ־ ϰ, ̷   
  ϴ ͺ ξ ϴٴ  (, passwd   
    ʴٴ ) ؾ Ѵ.

   Ʈũ ȿ  ξ ϴ ŭ,  Ʈũ
  ũμƮ 콺  ǻͰ ִٸ, 콺 ۵
  ũ Ǯ׸ Ʈũ (L0phtCrack)    .  ̰
  http://www.l0pht.com/ <http://www.l0pht.com/>   ִ.

  6.10.  CFS TCFS - ȣȭ  ý۰  ȣȭ  ý

  CSF 丮 ü ȣȭϰ, ڵ  ȣȭؼ 
   ֵ ϴ  ϳ̴. ̰ NFS   ǻͿ
  ۵ϴ  Ѵ. RPM http://www.zedz.net/redhat/
  <http://www.zedz.net/redhat/>   ְ, ۵ Ŀ 
   ftp://ftp.research.att.com/dist/mab/
  <ftp://ftp.research.att.com/dist/mab/>  ִ.

  TCSF CFS   ϼ  (ȣȭ/ȣȭ ۾
  ׶忡 ϰ μ) ȣȭ Ͻý  ִ
   忡 ȣȭ/ȣȭ ۾   ʵ  ̴.
  http://edu-gw.dia.unisa.it/tcfs/ <http://edu-
  gw.dia.unisa.it/tcfs/>    ִ.

  Ͻý ü    ִ.  κ 丮 Ʈ
  ȣȭϴ Ϳ   ִ ̴.``[20. ũμƮ OS
  ÿ  ]''

  6.11.  X11, SVGA ÷ 

  6.11.1.  X11

  ÷  ߿ϴ. ԷµǴ н带 ڰ äų,
   ͷ а ִ   ų,  
       ̿ϱ ϴ ϵ  ؼ.
  û(sniffer) а  ý  ȣۿ   
  ֵ ϴ ̶   ִ, Ʈũ 󿡼  X 
  Ǯ׸ ൵  õ ̴.

  X    ġ  ִ.    ȣƮ
  ʸ δ ̴.   ÷̾   ִ ȣƮ
  xhost ؼ   ִ.    ƴϴ. 
   ǻͿ ̹   ִٸ, ״ xhost +׵ ǻͶ
  ɾ ؼ     ִ. ƿ﷯ ӵ  
  (untrusted machine)  ϸ,   
  ÷̸ ħŻ  ִ.

  α ؼ xdm (xdm: X ÷ Ŵ, x display manager)
  ϰ ִٸ,     MIT-MAGIC-COOKIE-1 ؼ
  ϴ    ϶. 128 Ʈ ¥ "Ű (cookie)"
   .Xauthority  ȴ.  ǻͿ 
  ÷̿ ϴ   ʿ䰡 ִٸ,  ǻͷκ
  ٸ ϱ  xauth ɰ  .Xauthority Ͽ 
  ִ    ִ.
  http://metalab.unc.edu/LDP/HOWTO/mini/Remote-X-Apps.html
  <http://metalab.unc.edu/LDP/HOWTO/mini/Remote-X-Apps.html> ִ
  Remote-X-Apps mini-howto  ϶.

   Ǵ X   ؼ ssh   ִ (
  ``[ssh]''  ).  ص   ϰ ۵Ǹ鼭,
  ȣȭ  ڷᰡ Ʈũ  ٴ ʵ ϴ  Ǵ
   ִ.

  X ȿ     ʿϸ Xsecurity   (man)
   ٶ.     xdm Ἥ ֿܼ α ϵ ϰ,
  ssh Ἥ X Ǯ׸  Ϸ  Ʈ  ̴.

  6.11.2.  SVGA

  SVGAlib Ǯ׸  ǻͿ ִ   ϵ 
   ֵ ̰ SUID root  ִ. ̰ ſ  ̴.
    Ǯ׸ ,   ִ ܼ 츮 ؼ ٽ 
  Ѿ Ѵ.  Ű ִ SVGA Ǯ׸ ǰ, ׸
  ּ ̳   ִ ͵ Ȯ϶.    SVGA
  Ǯ׸ ƿ Ű ʴ ̴.

  6.11.3.  GGI (Generic Graphics Interface project)

   GGI ȹ     ̽ 
  ذϰ ϰ ִ..  GGI  ڵ Ϻκ  Ŀ
   Ű ϴ   ýۿ   
  ̴. ̰ GGI --   ȣ · --  
  ܼ    ִٴ  ǹѴ.   ֿܼ Ʈ
  񸶽 α Ǯ׸  ʵ ϱ ؼ,  
  ()  ̴.  http://synergy.caltech.edu/~ggi/
  <http://synergy.caltech.edu/~ggi/>

  7.  Ŀ 

  ̰ ȿ õ Ŀ  ɼǵ  ͵  ϴ 
     ϴ   ̴.

  Ŀ  ǻ Ʈũ  ϹǷ, Ŀ ſ
  ϵ ϴ Ͱ Ŀ ü   ʵ ϴ 
  ߿ ̴. ֽ Ʈŷ ݹ Ϻθ ϱ ؼ Ŀ
   ֽ  ؾ Ѵ. ο Ŀ
  ftp://ftp.kernel.org/ <ftp://ftp.kernel.org/>̳ Ʈ
   Ʈ ã  ִ.

   ַ ̴  Ŀο   ֵ ϵ ȣȭ ġ
  ϴ  ׷쵵 ִ.   ġ (̱)   ġ 
   Ŀο       ȣȭ ý 
  ش.   http://www.kerneli.org <http://www.kerneli.org> 
   ִ.

  7.1.  "2.0 Ŀ"  ɼ

  2.0.x Ŀο  ɼǵ   ְ, Ŀ  ܰ (Kernel
  Configuration Process)    ̴.  Ʒ Ǿ ִ
  κ ./linux/Documentation/Configure.help   ְ, 
   Ŀ  ɼ   make config ܰ迡 򸻷
  ǰ ִ.

  o  Ʈũ ȭ (CONFIG_FIREWALL)

     ȭ̳ Ŀ̵   ɼ  ־ Ѵ.  
     ܼ Ŭ̾Ʈ ǻ͸ ϴ   ɼ  
      ̴.

  o  IP: /Ʈ (CONFIG_IP_FORWARD)

      IP  Ѵٸ,   ڽ ǻ
       ϰ Ǵ ̴.   ϴ ǻͰ
     Ʈũ Ǿ ְ Ÿ  Ʈũ ٸ Ʈũ
      (Forwarding )ϴ , ֽἭ  ȭ 
         ִ.   ̾˾ ڴ  
        ,  ٸ ڵ   Ȳ  
      ߻ Ǹ  ʿ䰡  ȴ.  ݸ鿡 ȭ
     ǻ ü   Ѽ ϱ⸦ ٶ ̰, ַ ϰ
     ִ ȭ Ǯ׸  ǰ ȴ.``[21. KLDP ]''

       Ἥ ̳ IP    ְ,

                 root#  echo 1 > /proc/sys/net/ipv4/ip_forward

      ִ.

                 root#  echo 0 > /proc/sys/net/ipv4/ip_forward

  ο   /procȿ ִ    ̱ ,
    ũⰡ  Ű   ִ.

  o  IP: syn Ű (CONFIG_SYN_COOKIES)

     SYN     ڿ Һϰ Ѵٴ  ,
       ϰ ,  ź ݹ (DoS, Denial of
     Service) ϳ̴.       ɼ̴.  2.1 Ŀ
     ø  ɼ Ѹ ܼ  Ű 縦  ,
       ʰ ȴ.  ɼ ѱ ؼ  ɾ
     .

                 root# echo 1 > /proc/sys/net/ipv4/tcp_syncookies

  o  IP: ȭ ó (CONFIG_IP_FIREWALL)

       踦 ȭ ϴ , Ŀ̵
     ϴ , ƴϸ  ̾- ũ̼ǿ 
     PPP ̾- ̽ ؼ     쿡
     ʿ ɼ̴.

  o  IP: ȭ    (CONFIG_IP_FIREWALL_VERBOSE)

      ɼ --߽, , Ʈ ȣ -- ȭ  
      ش.

  o  IP: ҽ Ʈ   (CONFIG_IP_NOSR)

      ɼ  Ѵ. ҽ Ʈż  ӵ (Source
     routed frames)   ȿ  µ ʿ  (Path)
       ְ, ̷   Ͱ ް Ǹ
     ʹ  ˻ ʰ   ó Ѵ.  ̷
     Ȳ  ħŻ  Ǵ Ÿ  ýۿ
         ִ.

  o  IP: Ŀ̵ (CONFIG_IP_MASQUERADE)

      ǻͰ ȭ ǰ ְ  ȭ ȣϰ
     ִ Ʈũ   ǻͰ Ʈũ ٱ ȣƮ Ÿ
      ,  ȭ ǻʹ  ȣƮ ó "Ŀ̵
     (Masquerade, )"ϵ   ִ.  ⸦ , Ŀ̵
     ϴ ǻͰ Ÿ   ְ 鼭 ġ
     ̷ Ÿ ȭ ǻͿ ߼۵Ǵ  ô ٹ̰ Ǵ
     ̴.  ̿   http://www.indyramp.com/masq
     <http://www.indyramp.com/masq>   ִ.``[22. KLDP ]''

  o  IP: ICMP Ŀ̵ (CONFIG_IP_MASQUERADE_ICMP)

      Ŀ̵ ɼ TCP UDP  츸 Ŀ̵
     ش. ICMP Ŀ̵ ɼ Ѹ ICMP Ŀ̵ ٿ
     ϰ ȴ.

  o  IP:   ۵ (CONFIG_IP_TRANSPARENT_PROXY)

      ɼ   ȭ  ȣƮ ߻Ǵ
     Ʈũ ƮȰ,  ȣƮ ܺ  ȣƮ 
     Ʈũ Ʈ  "ƮƮ  "  
     (ϰ)  ְ Ѵ.   ɼ   ǻ͵ ,
     ǻδ  ÷  Ǵ , ġ ܺ
     Ʈ ǻͷ  Ǵ ó ϰ .
     IP-Ŀ̵ Ͽ http://www.indyramp.com/masq
     <http://www.indyramp.com/masq>   ڼ   
     ִ.

  o  IP: Ÿ ׻ ġ  (CONFIG_IP_ALWAYS_DEFRAG)

      ɼ   ִ.  ,   ȭ̳
     Ŀ̵ ȣƮ ٸ  ɼ    .
     Ÿ  ȣƮ ٸ ȣƮ ۵ , Ÿ ׻ 
     ġ    ƴ϶, 밳   ɰ
      ȴ.  ɰ    Ʈ ȣ
      ó    ٴ ̴.    
      Ÿ  ؼ װ ϴ   
     ִٴ  ȴ.    ɼ ,  Ƽ ݿ 
     ġ ٿ    ȣƮ    Ƽ  Ǵ
        ְ ȴ.

  o     (CONFIG_NCPFS_PACKET_SIGNING)

       2.2.x Ŀο   ִ ɼ,   
     ؼ NCP   (sign)  ȴ.    ɼ 
     ,  ʿϴٸ   ִٴ  ο νñ ٶ.

  o  IP: ȭ  ݸũ ̽ (CONFIG_IP_FIREWALL_NETLINK)

       Ǯ׸ (User-space program)  ù 128 Ʈ
     мؼ -- ̰ չ мϴ  --  ްų Ȥ
     źؾ ϴ  ϰ ִ  ɼ̴.

  7.1.1.  "2.2 Ŀ"  ɼ

  2.2.x Ŀε ɼ κ Ȱ, ο ɼ   
  ߵǾ ִ.  Ʒ Ǿ ִ κ Ŀ ϴ 
  make config ܰ迡  (Help facility) Ǵ
  /linux/Documentation/Configure.help   .``[23]''  
  ߰ ɼǵ  Ʒ  Ҵ.  ٸ ʿ ɼ ˰ 
  2.0   ٶ.  Ƹ 2.2 Ŀο  ǹ ִ ȭ IP
  ȭ ڵ ̴.  IP ȭ ġϱ ؼ 2.0 Ŀο
  ipfwadm Ǯ׸ Ǿ, 2.2 Ŀο ipchains Ǯ׸
  ǰ ִ.

  o   ͸ (CONFIG_FILTER)

     κ ڵ鿡Դ  ɼ  ϴ   ̴.
      ɼ   ͸ Ͽ ϴ  ϰ  ְ,
       ǰų źεǴ  ϴµ Ѵ.  ,
       Ư ͸  ʿ䰡 ְ ͸  α׷
       ִ ɷ ִ  ƴ϶  ɼ    .
        ο     ۼ  TCP
        ȴٴ ̴.

  o  Ʈ  (Forwording  ó )

     Ʈ  IP Ŀ̵   ٱ ȭ  Ʈ
      ϵ  (Forword)Ѵ.   , ȭ
     ڿ Ŀ̵ ϴ    ϸ鼭   
     ٱ  ϰ ϴ   ϴ.  ܺ
     Ŭ̾Ʈ ȭ 80 Ʈ  û , ȭ 
     û    ϰ, ׷    û 
     ó Ŀ  ȭ ؼ  Ŭ̾ƮԷ ٽ
      ȴ.  ܺ Ŭ̾ƮԴ ġ ȭ ü  
     ϰ ִ  ̰ Ǵ ̴.   ȭ ڿ 
           ִٸ   (Load
     Balanceing) ϴ    ִ.   ɿ  
     http://www.monmouth.demon.co.uk/ipsubs/portforwarding.html
     <http://www.monmouth.demon.co.uk/ipsubs/portforwarding.html>
       ִ.  뷫 
     ftp://ftp.compsoc.net/users/steve/ipportfw/linux21/
     <ftp://ftp.compsoc.net/users/steve/ipportfw/linux21/> 
     ٶ.

  o    (CONFIG_FILTER)

      ɼ Ἥ   (user-space) Ǯ׸ ƹ Ͽٰ
     ͸ ų  ְ ǰ,  Ŀ  
     Ÿ    㰡ϰų ϰ   ְ ȴ.
        (Linux Socket Filtering)  TCP  
      Ͽ ۵  ִ.
     ./linux/Documentation/networking/filter.txt о
     ٶ.``[24.  ]''

  o  IP: Ŀ̵ 2.2 Ŀ Ŀ̵  Ư 
      Ŀ̵带 ϴ  Ǿ ִ.   
      Ѵٸ IPCHINS Ͽ  о ٶ.

  7.2.  Ŀ ̽

   ȿ  Ǵ    ̽  ̽
  ִ.

  /dev/random /dev/urandom  ̽  Ÿ 
     ֵ Ŀο ȴ.

  /dev/random /dev/urandom  Ȼ  (secure)  ߻
   ʼ PGP  , ssh   (challenge), ׸
  Ÿ Ǯ׸     ŭ  ؾ Ѵ. ڰ
  --   ɿ ߻ ڵ  ̸ ˰ ִٰ ؼ -- 
    ڸ ˾Ƴ  ؼ ȵȴ.  ѷκ
  Ǵ ڵ  ǹ̷μ  ǵ ϴ 
  µ  ξ ִ.

   ̽ ̶ /dev/random  Ʈ
  ,  Ʈ  ̴   °
  ȴٴ  ̴. Ϻ ýۿ ο   Է (user-
  generated entry) ýۿ ϵǴ ð  ɸ  ְ, 
   ()    ִٴ  ϰ ʹ.  /dev/random
    ɻϱ⸦ ٶ. (Ƹ    
  ǰ ִ ̿ -- "OK մϴ" ϴ ޽   --
  ڵ Ű带 ε  ϴ  ̴)

  /dev/random -- ͷƮ  ð 缭   --  
  Ʈ̴. ̰͵  Ÿ     ְ
  ȴ.

  /dev/urandom , -- Ʈǰ    -- ȣ 
   ϴٰ   ִ 콬   ش.  ̰
  (/dev/random   ϸ) δ  ,
  κ Ǯ׸δ ϴ.

      ̽κ о   ִ.

                 root#  head -c 6 /dev/urandom | mimencode

  ̰ -- н带 꿡  -- 8  ַܼ 
  ̴.  mimencode Ÿ  Ű    ̴.

     /usr/src/linux/drivers/char/random.c ִ. 
  (̺)   µ    ,  ̽ ׸
   Ŀ  п 帰.

  8.  Ʈũ 

     ð ǻ ӿ  Ǹ鼭, Ʈũ 
    ߿  ִ.  Ʈũ  ̳  
   ͺ ξ .

  Ʈũ    ,   ͵ 
   Ƿ ǰ ִ.

  8.1.   

  ħڰ Ʈũ   ý ħϱ ؼ  ϰ
     ϳ ̹  ȣƮ  ۸ ϴ
  ̴.  "" ̶ Ʈ ûϸ鼭   帧
  Password, Login, su   鸮     д. 
   , ڴ ħϷ õ ʾҴ ýα
   н带  ȴ. (ȣȭ ȵ ä)  ۵Ǵ
  н  ݿ ſ  ̴.

  : ȣƮ A  . ڴ (⿡) ۸ ġѴ.
  ( ,)   ȣƮ C ȣƮ B  
  α ۰ Ѵ. (   ǰ ִ) ڰ
  B α ϴ ,    н  ȴ. 
   ڰ --   ذϱ  -- su Ѵ.  ȣƮ
  B Ʈ н  Ǿ.  Ŀ, ڰ  ڱ
   ٸ Ʈ ִ ȣƮ Z ڳ ϵ  θ ڴ
   ȣƮ Z α н  ȴ.

  򿡴 ڰ  ۸   ý   ħ
  ʿ  ȴ. ڴ ž̳ PC ǹ  
  ͼ Ʈũ ûϸ ׸ ̴.

  ssh ٸ ȣȭ н  ϸ     ִ.
  POP  ATOP    Ѵ. (Ʈũ  
  н带 ϴ   ׷,  POP α ۿ
   ϴ.)

  8.2.  ý 񽺿 tcp_wrapper

   񽺸  ʿ䰡 ִ° ϴ  Ʈũ 
  ý ÷  ؾ  ̴.  ʿ䰡  񽺸
  ƿ ü  Ÿ ϳ ٰ, ڰ  ã 
  ϳ ٿ   Ǵ ̹Ƿ.

   ýۿ 񽺸     ִ. /etc/inetd.conf
    inetd   񽺸 ϰ ִ ˾ƺ  ִ.
  ʿ  񽺴  ּ (remark) ó ؼ   ((#
    տ ), inetd μ SIGHUP ȣ 
  ϶.``[25.  SIGHUP]''

  ƿ﷯ /etc/services Ͽ 񽺸 ּ ó ϰų 
   ִ.  ̰  ڵ鵵  񽺸  ȴٴ ̴
  (μ,   ftp   ,  迡 
  Ʈ ftp Ϸ ϸ "unknown service" ޽ 鼭 
  ޾  ̴) ȼ þ  ƴϹǷ  񽺸
  /etc/services   ġ .   ڰ --
   ּ ó ؼ   -- ftp  ;Ѵٸ, ״
   ڽ Ŭ̾Ʈ ϸ鼭  ftp Ʈ Ἥ  
     ̴.

      񽺵:

  o  ftp

  o  telnet (Ȥ ssh)

  o  pop-3 ̳ imap  

  o  identd

   ִ.

   Ű     ˰ ִٸ,  Ű 
    ִ.     rpm -e   Ű
  ü   ִ. ȿ dpkg  ۾   
  ̴.

  ٿ, (rlogin ) login (rcp ) shell ׸ (rsh
  ) exec /etc/inetd.conf ۵Ǵ    ؼ,
  /rsh/r;pgin/rcp      ʿϴ. ̵ 
  ش  ϸ (insecure),  ħŻ (exploit)
  ٿ Ǿ Դ.

    /etc/rc.d/rc[0-9].d ,  쿡 /etc/rc[0-9].d
    丮 Ǵ   ʿ ͵ ִ°
  Ȯ϶. ̵ ϵ  /etc/rc.d/init.d (忡 ;
   /etc/init.d) 丮 ɺ ũ Ǿ ִ. init.d ִ
  ϵ ̸ ٲ  ɺ  ũ   ȿ ´.
    Ư   ߾  񽺸  ְ , ̿
  ϴ ɺ ũ 빮 (Upper-case) ҹ (Lower-case)
  ̸ ٲ ָ ȴ.    빮 S ҹ s ٲ
  ̴.

                 root#  cd /etc/rc6.d
                 root#  mv S45dhcpd s45dhcpd

  BSD  rc ϵ  ִٸ /etc/rc* ˻ؼ ʿ 
  Ǯ׸   ִ.

  κ    TCP 񽺵 "ȣ ִ(wrapping)"
  Ƽ  (tcp wrapper)  ִ. tcp_wrapper (tcpd) 
       ִ  ƴ ,  inetd ҷ 
  ȴ. ׷ tcpd 񽺸 ûϴ ȣƮ ˻ؼ, 
  Űų  ȣƮκ  źѴ. tcpd ̿ؼ tcp
  񽺷    ִ ̴. /etc/hosts.allow 
  ,  ǻ 񽺿  ʿ䰡 ִ ȣƮ鸸
  ߰ϵ Ѵ.

      ̾- ڶ, ڴ ""
  񽺿   źϵ ϱ⸦ Ѵ. tcpd 񽺿
  Ϸٰ  õ ϹǷ,  ް ִٴ 
     ִ. TCP  ϴ ο 񽺸 ߰
  ġϰ Ǹ, ݵ tcp wrapper  񽺸 ߰ ϵ ٽ
  ϴ  .  ,    (dial-up) ܺ
  ڽ 迡 ϴ  鼭,  ޵ ͳݿ
  Ʈũ    ִ. ̷  /etc/hosts.allow
   ߰Ѵ.

  ALL: 127.

   /etc/hosts.deny

  ALL: ALL

  ̷   ܺο   鼭, ο
  ͳ     ְ ȴ.

  ο   tcp_wrapper inetd,  Ҽ ٸ ͵鿡
  Ǵ 񽺵鸸 ȣѴٴ ̴.    迡 ٸ
  񽺵鵵 ư ִ   ִٴ   .  
  迡 ư  񽺸  netstat -ta  ȴ.

  8.3.  DNS  Ȯ

   Ʈũ  ȣƮ  DNS  ֽ ϴ
  ε  ȭ  ִ.  ҹ ȣƮ  Ʈũ
  Ǵ Ȳ , DNS Ʈ  ̹Ƿ, ħ ˾ç
   ְ ȴ.  񽺵 -- ȿ DNS Ʈ  ȣƮ
   źϴ  --   ְ Ǿ ִ.

  8.4.  identd

  identd ַ inetd  Ǵ  Ǯ׸̴.  ڰ
   TCP 񽺸 Ű ϰ, 䱸ϴ Ե 
   Ѵ.

    identd 뼺 ϰ, ̰  ų ܺ
  Ʈκ  û źϵ  д. identd  
  Ʈ  ֱ ؼ ִ  ƴϴ.   identd
   ڷᰡ    Ƿ.  identd û ƹ 
    ̴.

  ׷ٸ  identd Ѿ ұ? identd  ֱ
  ̰,  ÿ  ˹  ϱ ̴. 
  identd  ʾҴٸ TCP 񽺸  ִ  
  ̸̳ uid identd  Ʈ    ִ   ̴.
   ϳ,  Ʈ ڰ п ͼ  ǻ 
  ڰ ڱ Ʈ ħϷ ߴٰ Ѵٸ,  ս
   ڿ ؼ ൿ   ִ. identd Ű 
  ʾҴٸ,    ־ ˾Ƴ ؼ  ϵ
  캸ƾ ϰ, ̷  Ϲ  ڸ ϱ ؼ ξ
   ð ɸ ȴ.

  κ ǿ  ִ identd κ  ϴ ͺ
   پ  ϴ. Ư ڿ identd ۵
  ʵ   ְ ( ڵ .noident   ȴ), 
  identd û ϵ    (ڴ ̷ ϱ⸦ Ѵ)
   ̸  uid NO-USER ǥϵ   ִ.

  8.5.  SATAN, ISS, ׸ ٸ Ʈũ ĳ Ǯ׸

  Ʈ 񽺸  ǻ͵ Ʈũ  ˻ (scan)
  ϴ  Ʈ Ű ִ. SATAN ISS  
    ˷ Ǯ׸̴.  Ʈ ǥ ǻ (Ȥ 
  Ʈũ   ǥ ǻ͵)   Ʈ Ϸ
  õϸ,  񽺰   ǰ ִ ãƳ Ѵ. 
    ǥ ǻͰ  ħŻ  ã  ִ.

  SATAN(Security Administrator's Tool for Analyzing Networks) 
  ̽  Ʈ ĳ Ǯ׸̴. ǻ  볪 ϳ
  Ʈũ  ˻  , ,      ִ.
  SATAN ؼ  ǻͳ Ʈũ ؼ ߰ߵǴ 
  ġ  . SATAN Ÿ
  <http://metalab.unc.edu/pub/packages/security/Satan-for-Linux/> 
    FTP, Ǵ  Ʈ ϵ ؾ Ѵ. SATAN
   Ʈ 񸶰 ͳݿ  ֱ ̴.
  http://www.fish.com/satan/ <http://www.fish.com/satan/> ϳ ˾Ƶθ
   , SATAN ٷ Ʈ ʾҰ, Ʒ   ٸ
   ˻ ۾    ִٴ ̴.

  ISS (Internet Security Scanner)  ٸ Ʈ ˻ Ǯ׸̴.
  SATAN  ,  Ը Ʈũ ˻ϱ⿡   
  ִ.  SATAN    ϴ  ִ.

  ƹĿ ȣƮ Ȱ ħ    ִ 
  ġ.  ̰ Ȩ        ִ.
  http://www.psionic.com/abacus <http://www.psionic.com/abacus>

  Ʈ (SAINT) ź (SATAN) Ʈ   ̴.
   󿡼 ư SATAN    ׽Ʈ   ִ.
  ̰Ϳ   http://wwdsilx.wwdsi.com/saint/
  <http://wwdsilx.wwdsi.com/saint/>   ִ.

  ׼ (Nessus)   Ǯ׸̴.     ֵ GTK ׷
  ̽ Ѵ.``[26. GTK]''  ο Ʈ ĵ ׽Ʈ 
    κи Ʈ   ֵ ׽Ʈ ÷
    ޾   ְ  ִ.   Ѵٸ
  http://www.nessus.org <http://www.nessus.org>   ִ.

  8.5.1.  Ʈ ĵ  Ž

  SATAN ̳ ISS, Ǵ ٸ ĳ Ǯ׸  ǻ͸ Ž
  (Probe)   溸  ִ   ֱ ϴ.
  , tcp_wrapper    鼭   
    纸 ͵ Ž ˾ä  ̴.  
   ߾ ص SATAN    ý  븦
   ǹǷ.

  "ڵ (Stealth)" Ʈ ĳʵ ο .  (  ¿
  ) TCP ACK Ʈ  ִ   ͸ ȭ
   찡 ִ.      Ʈ  
  ִ RST  -- ڿԴ --  Ʈ Ѵٴ ŷ  
   ̴.    tcp_wrapper ̷  ȸ  
   Ѵٰ Ѵ. ``[27. ׼ ÷]''

  8.6.  , ťϰ MTA

     ִ  ߿ 񽺵  ϳ 
  ̴.    ݿ    
  ϳε,   ̰ ؾ ϴ ۾ ڿ ʿ ϴ
    ̴.

  sendmail  ִٸ, ֽ  ϴ  ſ ߿ϴ.
  sendmail   ħŻ 簡 ִ.  ֱ  ׻
  ϵ ϶.  http://www.sendmail.org
  <http://www.sendmail.org>

  ο     ؼ    ʿ䰡 ٴ
  ̴.     ȥ  Ȩ ,  ƿ
   ܼ  Ŭ̾Ʈ Ǯ׸ Ἥ    ִ.
  ,  ʱ   (Startup File) "-bd" ÷
  μ   û (Incoming Request) ƿ  ͵ 
  ̴.  ٸ  ϸ,  ʱ  ũƮ 
  ɾ ؼ     ̴:

            # /usr/lib/sendmail -q15m

   ɾ ù õ  ȵǾ  ť (Queue) 
  ޽ 15  ٽ   õ Ѵ.``[28]''

   ڴ ƿ   ʰ ٸ   Ʈ
  ϱ⵵ Ѵ.  Ѵٸ qmail ü ϴ  ϴ ͵
   ̴.  qmail ó  ο ΰ Ǿ. 
  Ǯ׸   ̸ Ȼ ϴ. http://www.qmail.org
  <http://www.qmail.org>   ִ.``[29. ϰ ť]''

  qmail  ϰ ִ "postfix" ִ.  ̰ tcp_wrapper
        ̴ϸ (Wietse Venena) 
  ̴.    vmailer ҷȴ ̰,  IBM Ŀ ϰ
  ,  ʹݿ  ο ΰ  ִ.  ̿ 
   http://postfix.org <http://postfix.org>   ִ.
  ``[30. postfix]''

  8.7.   ź   

  8.7.1.  (Denial of Service attacks:  DoS)

  ý  źθ ϰ    (Denial of Service:
  DoS) ڰ ý ڿ Ϻθ ſ ٻڰ  Ű
   Ἥ ý  û  ϰ ų 
   ý  źϰ  ̴.

  ̷   ٳ⿡  ũ  Դ. ֱ   
   ˷ ͵ Ʒ . ο   ׻ Ÿ
  Ƿ  Ұ ͵    ʿ Ұϴٴ 
  ؾ Ѵ.  ο     Ʈ Ʈ
  (bugtraq) Ʈ ī̺긦 е ϶.``[34. Ʈ ּ]''

  o  SYN ȫ(SYN Flooding): SYN ȫ Ʈũ   ź
     ̴.   TCP   ߿ ִ "" ̿Ѵ.
     (2.0.30 ) ο  Ŀε SYN   ϱ 
      ɼǵ  ִ. Ŀ ȣ ɼ  ``[Ŀ
     ]''  ϶.

  o  Ƽ "FOOF" :  ǰ Ƽ μ Ϸ 
     ڵ带   ǻͰ  Ʈϰ ȴٴ  ֱٿ
     ߰ߵǾ. ̰  üΰ  (Ƽ Ŭа
     Ƽ , Ƽ2 ) Ƽ μ ϴ 
     ǻͿ  ģ. 2.0.32 ̻  Ŀο  ׷
      ǻͰ  ۵ϴ   ȸ ԵǾ ִ.
     2.0.33 Ŀ    Ŀ   ְ, 2.0.32
       νĵǰ ִ. Ƽ ϰ ִٸ, 
     ׷̵带 ؾ Ѵ.

  o  Ping ȫ (Ping Flooding): Ping ȫ  ηƮ  DoS 
     ̴.  ڴ ICMP  "ȫó"  ǻͿ
     . ڰ    ǻ   ӵ 
     (better bandwidth) ǻͿ õѴٸ,  ǻʹ
     Ʈũ ƹ ͵     ̴.  ݹ  
     ϳ " (Smurfing)" --  ãƳ   Ƶ --
     ICMP ϵ ߽  ǻ ּ ó ؼ ٸ
     ȣƮ ( û) . "" ݿ ؼ
     http://users.quadrunner.com/chuegen/smurf.txt
     <http://users.quadrunner.com/chuegen/smurf.txt>   
      ִ.

     Ping   ް ִٸ, 𿡼   (Ȥ 
     ó ̴) ˾Ƴ ؼ tcpdump    ϰ,
      ISP   ϵ ϶. Ping  
     ؿ ϰų ȭ    .

  o    (Ping o' death   ):    Ŀ
     Ÿ    ִ ͺ ũⰡ ū IMCP ڸ ûϴ
     (IMCP ECHO REQUEST)  ̴. (65510 Ʈ) Ŀٶ ""
     ýۿ  ý  ų ׾  , "
     "̶ Ҹ Ǿ.     ̹ ذå 
      ũ  ʿ .

  o  Ƽ (Teardrop  ) /  Ƽ  (New tear): ֱ ħŻ
     ϳ   콺 IP ׸̼ ڵ忡 ϴ
     ׸ . 2.0.33  Ŀο  ߰, ĥ 
     Ŀ -Ÿ ɼ  ʿ .   " Ƽ"
     ħŻ   ʴ´.

     κ ħŻ ڵ  ͵  ̴   
      ʿϸ http://rootshell.com <http://rootshell.com>
     ׵ ġ  Ἥ   ִ.

  8.8.  NFS (Ʈũ  ý) 

  NFS ſ θ ̴   ̴. NFS ̿ϸ --
  Ŀο nfs Ͻý  ִ (  ƴ 쿡
  ٸ Ŭ̾Ʈ  ִ) ٸ ǻ͵ -- nfsd mountd
  ϴ  Ͻý ""   ְ  ش. Mountd
  /etc/mtab Ʈ Ͻý ϸ, showmount  NFS
     ִ.

  ڵ鿡 Ȩ 丮 ϱ ؼ NFS  Ʈ
  ϰ , ̷ ν ڵ  ǻͿ
  αϿ  ڵ Ȩ ϵ   ְ ȴ.

  Ͻý     ִ  ȵǴ ""  ִ.
    ǻ Ʈ (uid=0) nobody ڷ
  Ѽ,  Ͻý ü     źϵ
  nsfd ؾ Ѵ. ׷  ڴ  (Ȥ ּ 
  uid) Ͽ  ٱ ֱ ,  Ʈ  ڱ
   α̳ su  ϸ, ڱ ϵ鿡 ؼ 
  ٱ   ִ. ̷ ϴ   Ͻý Ʈ
    ڿԴ  ֹۿ  Ѵ.

  NFS   Ѵٸ, Ͻý  Ǿ  ϴ
  ǻͿԷθ  ǵ ϶. Ʈ 丮 θ ϵ
  ؼ  ȵǸ,  ʿ 丮  (Export)ϵ
  ؾ Ѵ.

  NFS   ڼ  ʿϸ NFS Ͽ  ϶.  
    http://metalab.unc.edu/mdw/HOWTO/NFS-HOWTO.html
  <http://metalab.unc.edu/mdw/HOWTO/NFS-HOWTO.html>̴.

  8.9.  NIS (Ʈũ  ) ( YP)

  Ʈũ  (Network Information service,  YP) ׷
  ǻ͵鿡  ϴ   ̴. NIS   ǥ
  ϸ װ͵ NIS  (map) ϵ ȯѴ.   ϵ
  Ʈũ  ν NIS Ŭ̾Ʈ ǻ͵ αΰ
  н, Ȩ 丮    (  /etc/passwd Ͽ
   ִ  )   ְ ȴ. NIS ̿ϸ ڵ
  н带   ٲٸ  NIS   ִ  ǻͿ
  ( ŵǵ)   ִ.

  NIS   ƴϴ.   ο ΰ  
  ƴϾ.  ϰ  ִ ۾  ؼ  ͻ̴.
  (Ʈũ   ְ)  NIS  ̸ ˾Ƹ 
  ִ   passwd  纻   ְ, 
   н带   "ũ (Crack)" "   (John the
  ripper)"   ְ ȴ. NIS ӿ (spoof) °  
  ϰ   ִ.  NIS  ٸ, ̷  ؾ Ѵ.

  NIC+ Ҹ NIC  üǰ ִ. NIC Ͽ о
  ٶ.  http://metalab.unc.edu/mdw/HOWTO/NIS-HOWTO.html
  <http://metalab.unc.edu/mdw/HOWTO/NIS-HOWTO.html>

  8.10.  ȭ

  ȭ(firewall)   Ʈũ    
  ΰ ϴ   ̴.  ȭ ȣƮ
  ͳݰ   ؼ,  ͳ  ȭ
  ؼ ϵ ϴ ̴. ̷ ϸ ȭ Ἥ ͳݰ
   (Į ȣƮ) ̸     ִ.

  ȭ     ִ.  ǻʹ Ǹ
  ȭ   ִ.  2.0 ̻ Ŀο   Ἥ ȭ ڵ带
  ٷ Ե  ִ.    2.0 Ŀο ipfwadm, 2.2 Ŀο
  ipchains ,   Ʈũ Ʈ  ΰ ս
  ٲ  ִ.    Ʈũ Ʈ   (log)
    ִ.

  ȭ Ʈũ  ۾ ־ ſ ߿ϰ 
  ̴.  ȭ ϱ ȭ ȣϰ ִ Ʈũ
  ǻ͵ ü  ʿ ٰ ؼ   ȴ. ̷
     ġ Ǽ ̴. ȭ 
       Ʈ  ֱٿ  ȭ
  Ͽ о ϶. http://metalab.unc.edu/mdw/HOWTO/Firewall-
  HOWTO.html <http://metalab.unc.edu/mdw/HOWTO/Firewall-HOWTO.html>

  ߰  IP-Ŀ̵ ̴ Ͽ Ͽ ִ
  http://metalab.unc.edu/mdw/HOWTO/mini/IP-Masquerade.html
  <http://metalab.unc.edu/mdw/HOWTO/mini/IP-Masquerade.html>

  ipfwadm (ȭ  ٲٴ )  ߰    Ȩ
     ִ. http://www.xos.nl/linux/ipfwadm/
  <http://www.xos.nl/linux/ipfwadm/>

    ȭ    鼭, ܼ ȿ Ѵ
  Ȳ ȭ  ؼ ȭ  Ȳ̶, ϸ
  ص ҽÿ  ȭ  ̳ ¶ 󿡼 
   ִ ȭ  ãƼ о  ϴ  ʿ  ̴.
  http://www.ora.com <http://www.ora.com>   
  ִ.``[å1]''  ̱  ǥ   (National Institure of
  Standards and Technology: NIST)  ȭ   
  ִ.   1995⿡  ̱ ص    .
    http://csrc.nist.gov/nistpubs/800-10/main.html
  <http://csrc.nist.gov/nistpubs/800-10/main.html>   ִ.  
  ٸ   :

  o  ȭ̾ Ʈ --    ִ ȭ  
     .  http://sites.inka.de/sites/lina/freefire-l/index_en.html
     <http://sites.inka.de/sites/lina/freefire-l/index_en.html> 
      ִ.

  o   ȭ  -- ϸ  å ڵ 
     .    ٸ  ȭ  밭 Ұ Ѵ.
       http://www.sunworld.com/swol-01-1996/swol-01-firewall.html
     <http://www.sunworld.com/swol-01-1996/swol-01-firewall.html>
       ִ.

  o  ̽ (Mason) -   ڵȭ ȭ  Ǯ׸.  Ʈũ
     ȭ ϴ  ڵ 鼭   ִ
     ̴!   http://www.pobox.com/~wstearns/mason/
     <http://www.pobox.com/~wstearns/mason/>   ִ.

  8.11.  IP 罽 -  Ŀ 2.2.x ȭ ۾``[31]''

   IP ȭ 罽 (IP Firewalling Chains) 2.0  ȭ
  ۾ ڵ带 2.2 Ŀο Ʈ ̴   Ʈ ڵ
   ġ ڵ忡 ϸ ſ   Ѵ.   μ

  o   뼺 ִ  .

  o   ڼ /å .

  o  ̸   å (policy)  .

  o  ()  ö  , ź  .

  o     .

  o  ICMP/TCP/UDP ̿ ݵ  .

     2.0 Ŀο ipfwadm ϰ ִٸ, ipfwadm
    ipchains ϴ  ٲ ִ ũƮ ִ.

      ؼ IP 罽 Ͽ (IP Chains Howto) ݵ
  о ٶ.   
  http://www.rustcorp.com/linux/ipchains/HOWTO.html
  <http://www.rustcorp.com/linux/ipchains/HOWTO.html>   ִ.

  8.12.  VPN - 缳

  VPN (Virtual Private Network: 缳 Ȥ  缳 Ʈũ)
  ̹ ϴ Ʈũ ̿ؼ " " Ʈũ ϴ
    ϳ̴.    Ʈũ Ϲ ȣȭ Ǿ
  ֵ  ְ, Ʈũ ԵǾ  ΰ ˰ ִ
  ü (Entities)   ۼ ϵ Ǿ ִ.  VPN
  ñٹϴ  ȣȭ 缳  ---  ͳ
  ؼ --- ȸ  Ʈũ ϴ   ǰ ִ.

     Ŀ̵带  ȭ  ִµ MS PPTP
  (ũμƮ VPN Ʈ  Ʈ  ǰ)  ؾ
  ϴ 쿡 óѴٸ,  쿡   ִ  Ŀ ġ ִ.
  IP-masq-VPN  ٶ.``[32. VPN  ѱ ]''

    VPN ַ ִ.

  o

  o  vpnd.  http://sunsite.auc.dk/vpnd/ <http://sunsite.auc.dk/vpnd/>.

  o  Free S/Wan.  http://www.xs4all.nl/~freeswan/
     <http://www.xs4all.nl/~freeswan/>

  o  () ssh VPN    ִ.  VPN ̴-Ͽ 
     ٶ.

  o  vps (Virtual Private Server:  缳 ).
     http://www.strongcrypto.com <http://www.strongcrypto.com>

       ִ ``IPSEC ׸'' ϱ ٶ.

  9.  ¶   غ (ӿ ռ)

  . ýۿ   ˻簡    ý ϰ
  ٴ Ǵ Ǿ,    . , ħ
     ħڸ ɷȭ Ű,   Ϸ غ
  ؾ      ִ.

  9.1.  Ϻ   

           ȿ
  Ͽ    ڴ. ࿡ ϳ Ƽǿ 650 MB 
  Ÿ  ִٸ CD-R    . ( ϱⰡ 
  ʰ, Ÿ Ⱓ  ϱ ̴)   ϴ
  찡 ,  ٸ   ͵   
    ϵ ϰ, ̿  Ȯ ϴ  . 
    2 ҿ ϵ ϶.     ý ٽ
  ϴ ù  ̹Ƿ.

  9.2.     

  μ, 6  1 ֱ     ϱ⿡
  ϴ. 4   ϳ ߿ ϰ,   ַ
  ¦ ݿϿ,    ַ Ȧ ݿϿ ϴ 
  ̴.   κ  (incremental backup) , ü 
   (ַ Ǵ) ݿ   .  Ư ߿
   ߰ų,  ߿ Ÿ ߰ 쿡 Ư 
     ̴. ``[33.  ]''

  9.3.  RPM   Ÿ̽ 

  ħ 쿡 RPM Ÿ̽ Ʈ̾ó   ְ,
   쿡 Ÿ̽  ʵ Ȯ ϰ  
  ̴. RPM Ÿ̽ ÷ǿ īϰ,   ׻  2
  ҿ Ѵ.      ִ.

  /var/lib/rpm/fileindex.rpm /var/lib/rpm/packages.rpm  
  忡    ִ.  ϸ   徿 
  ̴.
   ý ħ ϸ  ɾ   ִ.

                 root#  rpm -Va

  ̰ ؼ ý   ȮѴ.  ɾ ټ 
   ̴ (ª  ǵ ϴ) ɼǵ  ؼ, rpm man
    .  RPM  ϵ  ħ  ʵ Ȯ
   ε .

     ο RPM   RPM Ÿ̽ ٽ 
  ξ Ѵ.    ؼ   ̴.

  9.4.  ý   (account data) 

  ýα (ý: syslog)  ħظ  ʵ ϴ 
  ߿ ̴.  /var/log   ѵ ڵ鸸 а  
  ֵ ϴ   ̴.

  auth׿ Ư Ǹ θ鼭,   ͵  ִ 
  ϴ  .  ,   (ӵ)  д ħ
  õ ǹϴ   ִ.

  α  (log file:  )  ġϴ   
    ٸ.   ް  " Ͻý ԰ (Linux
  Filesystem Standard)  ̶, /var/log 鼭 ޽
  Ȯϰ, mail.log ٸ ͵   .

  /etc/syslog.conf      ҿ  
   (log)     ִ.   syslogd (ý
  )     ҿ  ƾ Ѵٴ 
  ˷ִ ̴. ð   ˻ ֵ --   
  ũƮ  ؼ --   ϵ ϴ ͵ .
  ֱ    logrotate Ű   . ٸ 
     ɼ ִ.

      ̹  ó ̸,  
  ۵Ǿ,   Ǿ    .
    ð   ִ°? ( ִٸ)   
      ͵  ̴.

   ħڰ ħ  ֱ ؼ ٲ , ׷ ̻
  ϵ ˻ϱ ؼ  Ȯϴ  . ¼ ħڰ
  ħ õϴ ̳, Ʈ   Ǯ׸ ħŻ (exploit
  a program) õϴ  ˾ç  ִ. ħڰ ä ٲٱ ,
     ִ ̴.

  su Ἥ ڸ ٲٷ õ,  õ, ٸ   
   ٸ  Ÿ  auth  ϴ  .

  ϴٸ,  ߿ Ÿ  ö ý 纻
   syslog ϶.   /login/sy/ftp/etc õ
  μ   ħڸ  ̴. syslog.conf man
   , @ ɼ ϵ.

  syslogd Ǿ ִ Ǯ׸鵵 ִ.  http://www.core-
  sdi.com/english/freesoft.html <http://www.core-
  sdi.com/english/freesoft.html> ť ýα (Secure Syslog)
  Ǯ׸    ٶ.  ť ýα״  ýα 
  ȣȭμ ̰  Ƿ ϴ   ش.
      ٸ syslogd
  http://www.balabit.hu/products/syslog-ng.html
  <http://www.balabit.hu/products/syslog-ng.html>   ִ
  syslog-ng ִ.          뼺
   ָ,  ýα Ʈ Ͽ ħ ´.

  , ƹ  ʴ ٸ, (: Logs) 
  ̴. ð   е ϰ,   ۾
    ° ϴ  .  ̰ ˾Ƶδ 
  ̻  ˾ä   ȴ.

  9.5.  ο ý Ʈ ġ

  κ  ڴ CD-ROM ġ Ѵ.    ۾
   ֱⰡ Ƿ,  () Ǯ׸ ׻  ִ.
  Ʈũ 踦 ϱ⿡ ռ,  (ftp.redhat.com )
  ftp  Ʈ Ű ޾Ƽ  ġ  ϴ  .
  ̷ Ű ߿  å   Ƿ, ġ ݵ
  ϴ   ̴.

  10.  ħ ̳ Ŀ  ϵ

   ⿡  ִ (Ȥ ٸ )    ħ
   ٸ? ù °   ħ ϴ ̴. 
  ൿ ڰ   ִ ͺ  ū ظ ĥ  ִ.

  10.1.     !

      ˾  Ǵ   ִ. 
   ϴ°  ߿    ִ.

    ̶,   ̳ 繫, ǿ
  ħ    ̴.  ˷ Ѵ.  ȯ濡
   ̽  ϰų ǻ͸  Ϸ ϴ 
     ִ.  Ѱ  ,  ׵鿡
  ϵ 䱸ϰų   åڿ   ִ.

   ڰ  Ѽϰ ϴ   ,  
  ؾ    ڰ   Ȯϴ ̴.  ڰ
  𿡼 αϷ ϰ ִ Ȯ  ϶.   ÿ
  αؼ  ΰ? ׷ ?  (  
  ) ǻ͸  ,     ϶. 
   ȭ ɰų    Ȥ 繫Ƿ  ãư ̾߱⸦
    ִ.   ڰ ڱ  Ѵٸ,  
  ؼ ϵ 䱸  ְ ׷  ϶  
  ִ. װ ϰų,  ϴ ǿ ؼ 𸥴ٸ  
  縦 ؾ Ѵ.  ǵ ˾ƺ ̳  ϱ 
    Ȯϵ ϶.

  Ʈũ  ħ ߴٸ, ó   (  ִٸ)
  Ʈũ   ̴.  ħڰ  ߴٸ  
  ̾  ϰ, ̶   ´ٸ ̶ 
  ̾ƶ. ̷ ϸ ħڰ  ū ظ     ְ,
  ħڴ Ƹ ڽ 복ٰ ϱ⺸ٴ Ʈũ  
  ̶  ̴.

   Ʈũ    ٸ (  Ʈ̰ų,
  ǻͿ     ٸ), å ħ
  Ʈκ      tcp_wrapper ipfwadm 
  Ǯ׸ ϴ ̴.
  ħ Ʈ     ź  
  ̶, ڵ  Ͽ Ѵ. ϳ  ϴ
     ƴ϶  ϶.  .rhosts ϰ ftp 
  , ſ  ޹ (backdoor) ɼ ο ξ Ѵ.

   ġ (Ʈũ ,  Ʈκ   õ ź,
  ׸/Ȥ ׵  )    ϰ , 
    μ ̰ ׵ α׿ Ѿ Ѵ.

  ڴ ٽ  õ ̹Ƿ,     
  Ʈ ڼ ؾ Ѵ. ڴ Ƹ ٸ   ̰,
  ٸ Ʈũ ּҸ   ִ.

  10.2.   Ѽ ̹ Ͼ 

  ̹ Ͼ  ڴʰ ܿ ˾Ȱų, (ٶδ) 
  ڸ  ýۿ ᰡ ѾƳ ȴ..   ؾ
  ұ?

  10.2.1.   Ƴ

  ڰ  ýۿ       
  ִٸ,    ؾ Ѵ.  , ¼ ħڰ
   ٷ  FTP    ̴  Ҵٰ .
  ̷ 쿡 FTP 񽺸 ϰ  ̳ ˷  
   ִ ãƺ Ѵ.

    Ȯ ,   Ʈ  Ʈ
  , ľ ϴ Ӱų  ˷ ִ ħŻ ÷ ִ
   캸 ϶. Į  
  http://www.calderasystems.com/support/security/
  <http://www.calderasystems.com/support/security/>   ִ.
         ȿ  ʰ
  ,   
  http://www.redhat.com/corp/support/errata/
  <http://www.redhat.com/corp/support/errata/>   ִ.

      ϸ Ʈ  Ҵ.
  http://www.debian.org/security/ <http://www.debian.org/security/>

    ڰ   , ٸ κ   
     ִ.

     Ʈ ( : Linux Security Auditing
  Project) ִ.  ׵   鿡  ħŻ
  ÷ο ã ؼ ϳ ö ˻ϰ ִ ۾ ϰ
  մ.  ׵  :

       " OpenBSD    ǵ  ؼ 
       ҽ ü Ϸ õ ϰ ֽϴ.  ̹
          ߰߰ (׸  ) ȲԴϴٸ,
         ʿմϴ.   ϸ Ʈ ڰ ,
       Ϲ   п ־  ִ  ǰ
       ֽϴ.  Ʈ ּҴ security-
       audit@freet.lm.h.ox.ac.ukԴϴ.  Ͻð ø secu
       rity-audit-subscribe@ferret.lm.h.ox.ac.uk  ֽñ
       ٶϴ".

  ڸ   , ״ 밳 ٽ ƿ´. 
  ǻͻ ƴ϶,  Ʈũ    ̴. ڰ
   ۸ ۵Ű ־ٸ, ״   ٸ ǻͷ 
   ִ.

  10.2.2.   

  ù °   ظ ϴ ̴.  ѼյǾ°?
  Ʈ̾   ˻ Ǯ׸ ϰ ִٸ, Ʈ̾
  Ѽ Ἲ ˻縦 ǽ  ִ. ̷ Ǯ׸ ٸ, 
  ߿ ڷ  캸ƾ Ѵ.

   ý  ġϱ  Ƿ, ߿ 
  ϵ   ΰ ũ ƿ    
  ó ٽ ġ , κ  ϰ  ϵ
  ϴ     ִ. ̷ ϸ  ý 
   ȴ.    ǻ  ٸ -- ħڰ ɾ
   Ʈ   Ƿ --   ̶ ؼ
  ƾ  ̴.

  ħڰ Ʈ   ȴٸ, 缳ġ ۾ ݵ Ǿ 
  ۾  ϳ Ǿ Ѵ.  ٿ,  Ÿ ȮϷ
  Ѵٸ  ũ ݰ ϴ ͵   ƴ ̴.

   Ϸδ  ħŻ Ǿ ؾ  ̰, ׿ 
     ջ Ÿ ϰ ִ°   ̴.
   ؼ ڿ  ϰڴ.

  10.2.3.  , , ׸  !

     δ     ־  ߿ϴ.
  ý    , ʿ ڷḦ κ   ֱ
  ̴. ڿ ġ ְ ϴ ڷ, ļ ڱ 纻
      ıϷ ϰ, ּ  ڷḦ 
    Ҿ  ʰ Ǵ ̴.

      ϱ ,   
  Ȯ ƾ Ѵ.  ħڰ     Ҵٸ, ̹
   ϵ鸸 ܶ    ֱ ̴.

   鿡 ؼ   ִ.   ҿ
  ξ ȮϿ ϰ,  ű   ִ ˰ ־ Ѵ.
  (ڰ    ִٸ,  𸣴 ̿ 
   ڷῡ   ְ Ǵ ̴.)

  10.2.4.  ħ 

  ħڸ Ƴ, ý ߴٰ ؼ    
  ƴϴ. 밳 ħڵ  , ׷   ؾ
  Ѵ.

  ڰ  ý ϴ Ʈ ڿ  
  ˷־ Ѵ. ó whois ʹ Ÿ̽ ̿ؼ
  ãƺ  ִ.     ¥  ð ÷ؼ 
  ڿ   ͵ . ħڿ ؼ  Ư 
  ߰ߴٸ װ͵ Բ ˷ֵ ϶.   ڿ (ϰ ʹٸ)
  ȭ Ἥ  ϵ ϶.  ڰ  ڸ
  ãƳ´ٸ,  ڰ ٽ ڰ  Ʈ ڿ
  ϰ  ׷.

  پ ũĿ 밳  ǳʶٱ ߰ ý۵ Ѵ. 
  ý۵   (Ȥ ) ҿ ħ ߴٴ 
    ִ. ũĿ  ý۱ Ѿư   ̴.
   ̾߱ϰ Ǵ ڵ鿡 ϰ ϴ  ׵κ
   µ .
   Ǵ (CERT <http://www.cert.org/>, ̿ ) 
   鿡 ˷־ Ѵ.

  11.    ڷ

  н  Ϲݿ  Ȥ Ư  ȿ  Ǹ
  Ʈ   ִ.  ϳ ̻   ϸ Ʈ
  ؼ ֽ   ׵ 󰡴  ſ ߿ϴ. ̷
  Ʈ 밳 ſ з 鼭 ϴ.

  11.1.  FTP Ʈ

  CERT ǻ   (Computer Emergency Response Team) ڴ.
  ̵ ֱ  ǰ  ׵鿡  溸  ߼Ѵ.
  ftp://ftp.cert.org/ <ftp://ftp.cert.org/>

  http://www.zedz.net/ <http://www.zedz.net/>   Ǯ׸
  ϰ ִ. ÷̴ ̱ ȿ  ʱ  ̱  
    ʴ´.

  Matt Blaze CFS ̸ Ź  ̴.  Ʈ 
  ī̺ ftp://ftp.research.att.com/pub/mab
  <ftp://ftp.research.att.com/pub/mab>   ִ.

  tue.nl ״忡 ִ Ǹ   ftp Ʈ̴.
  ftp://ftp.win.tue.nl/pub/security/
  <ftp://ftp.win.tue.nl/pub/security/>

  11.2.  Ÿ  Ʈ

  o  Ŀ FAQ Ŀ鿡  FAQ̴.  Ŀ FAQ:
     http://www.tuxedo.org/~esr/faqs/ <http://www.tuxedo.org/~esr/faqs/>

  o  COAST ī̺  н  Ǯ׸   ִ.
     ڽƮ: http://www.cs.purdue.edu/coast/
     <http://www.cs.purdue.edu/coast/>

  o  Suse  : http://www.suse.de/de/support/security/
     <http://www.suse.de/de/support/security/>

  o  Rootshell.com ũĿ   ħ   ˾ƺ⿡
      Ʈ̴.  http://rootshell.com/ <http://rootshell.com/>

  o  BUGTRAQ     Ȳ  ǥѴ.  BUGTRAQ
     archive: http://www.securityfocus.com/
     <http://www.securityfocus.com/>

  o  ǻ   , CERT н ýۿ   
      Ѵ.  http://www.cert.org/ <http://www.cert.org/>

  o   ĸ (Dan Farmer) SATAN  ٸ   ̸,
      Ȩ Ʈ    ƴ϶ ȿ  ̸
     ̷ο ۵ ִ.  http://www.fish.com <http://www.fish.com>

  o    WWW  ý ȿ   ڷ̴.
     http://www.aoy.com/Linux/Security/
     <http://www.aoy.com/Linux/Security/>

  o  Infilsec   Ư ÷  ִ ˷ִ
      (vulnerability engine) ִ.
     http://www.infilsec.com/vulnerabilities/
     <http://www.infilsec.com/vulnerabilities/>

  o  CIAC  ħ ǵ鿡      ش.
     http://ciac.llnl.gov/cgi-bin/index/bulletins
     <http://ciac.llnl.gov/cgi-bin/index/bulletins>

  o   PAM (  : Pluggable Authentication Modules)
     http://www.kernel.org/pub/linux/libs/pam/
     <http://www.kernel.org/pub/linux/libs/pam/>

  o   Ʈ ȿ  Ȱ   ִ.
     http://www.debian.org/security/ <http://www.debian.org/security/>

  o   Ÿ (Lincoln Stein)  WWW  FAQ   
     ̴.  http://www.w3.org/Security/Faq/www-security-faq.htm
     <http://www.w3.org/Security/Faq/www-security-faq.htm>

  11.3.  ϸ Ʈ

  o  Ʈ (Bugtraq): Ʈ Ϸ,  subscribe
     bugtraq̶ Ἥ listserv@netspace.org
     <mailto:listserv@netspace.org>   ȴ.  (ī̺)

  o  CIAC:  ( ) subscribe ciac-bulletin Ἥ
     majordomo@tholia.llnl.gov <mailto:majordomo@tholia.llnl.gov>
      .

  o   ޵  ϸ Ʈ ְ,    ߿  
     - Ʈ ̴.    ؼ Ȱ (ٸ ͵鵵
     ؼ)  ִ   ٷ ǥȴ.  redhat-
     announce-list-request@redhat.com <redhat-announce-list-
     request@redhat.com> subscribe redhat-announce Ἥ  
     ִ. http://www.redhat.com/mailing-lists/redhat-announce-list/
     <http://www.redhat.com/mailing-lists/redhat-announce-list/>
     ī̺    ִ.

  o   Ʈ  ϸ Ʈ  ִ.
     http://www.debian.org/security/ <http://www.debian.org/security/>

  11.4.   

       ִ.  ׿ ̷ å  ݸ
  ϰ Ѵ.    ٷ å  ƴ϶, ý 
    å ȿ ؼ ٷ ִ.

  o  Building Internet Firewalls By D. Brent Chapman and Elizabeth D.
     Zwicky 1st Edition September 1995 ISBN: 1-56592-124-0

  o  Practical UNIX and Internet Security, 2nd Edition By Simson
     Garfinkel and Gene Spafford 2nd Edition April 1996 ISBN:
     1-56592-148-8

  o  Computer Security Basics By Deborah Russell and G.T. Gangemi, Sr.
     1st Edition July 1991 ISBN: 0-937175-71-4

  o  Linux Network Administrator's Guide By Olaf Kirch 1st Edition
     January 1995 ISBN: 1-56592-087-2

  o  PGP: Pretty Good Privacy By Simson Garfinkel 1st Edition December
     1994 ISBN: 1-56592-098-8

  o  Computer Crime A Crimefighter's Handbook By David Icove, Karl Seger
     and William VonStorch (Consulting Editor Eugene H. Spafford) 1st
     Edition August 1995 ISBN: 1-56592-086-4

  o  Linux Security By John S. Flowers New Riders; March 1999 ISBN:
     0735700354

  o  Maximum Linux Security : A Hacker's Guide to Protecting Your Linux
     Server and Network Anonymous; Paperback - 829 pages Sams; July 1999
     ISBN: 0672313413

  o  Intrusion Detection By Terry Escamilla Paperback - 416 pages
     (September 1998); John Wiley and Sons; ISBN: 0471290009

  o  Fighting Computer Crime Donn Parker; Paperback - 526 pages
     (September 1998); John Wiley and Sons ISBN: 0471163783

  12.  

  o   (Authentication):  Ÿ   Ÿ̸,
     ڶ ϴ    Ȯϴ 

  o   ȣƮ (Bastion Host): ͳ  ӵǾ ִ  
      Ʈũ    Ǵ   -- ׸ ݿ
     Ǿ ֱ  --  Ư ϰ  ϴ ǻ.
      (bastion) ä ܰ    (  
     ž )   κ Ѵ.  ߿ 
     ٺ鼭, ϰ β   ڿ,    
     ִ ,    ⸧  غϰ ־.

  o    (Buffer Overflow): Ǯ׸ ڵ  ۰ "
     ũ"  ʰ, ̷  ۰ ġ ͵ Ȯ
     ʰ δ  ִ. ̷  ۰  ϰ Ǹ
     (̳ set-uid ) ǰ ִ Ǯ׸ ٸ  ϰԲ
     ǰ ȴ.   Լ  ּҸ ٸ ҷ   ϴ
       ۵ȴ.

  o   ź (Denial of Service):  źδ ڰ -- 
     ǵ ߳  ϴ  ǻͰ ڿ Ҹϵ
     ؼ -- Ϲ ڰ չ Ʈũ ڿ  ϰ
     ´.

  o  -Ȩ ȣƮ (Dual-homed Host): ּ   Ʈũ
     ̽  ִ Ϲ  ǻ ý.

  o  ȭ (Firewall): ȣ (Ȥ ȣϴ) Ʈũ ͳ ,
     Ȥ ٸ  Ʈũ   ϴ  .

  o  ȣƮ (Host): Ʈũ  ǻ.

  o  IP Ǫ (IP Spoofing): IP Ǫ  Ҹ ؼ ,
     ϸ鼭  ݹ̴. ̰ ȣ ſ  (trust-
     relationship) ִ ǻ͵ ̴ ħŻ̴.  Ű
     (Phrack Magazine) <http://www.phrack.com>  7ȣ 48  9,
     Ʈ, ׸ ǴƼ ̸  Ŀ  ڼ 
     ִ.

  o  -ǻ̼ (Non-repudiation): Ÿ  ڰ -- ߿
     Ÿ ߴٴ  ϴ   ؼ -- Ÿ
     ڰ      ֵ ִ .

  o   (Packet):ͳ  ּ ⺻ .

  o   ͸ (Packet Filtering):Ʈũ 󿡼  Ÿ
     帧  ϴ   .  ʹ 
     帣 ϰų µ,   Ʈũ ٸ Ʈũ 
     ϴ  (ַ ͳݰ  Ʈũ ) ۾ ǽѴ.
     (Ư IP ּҳ Ʈ  )    
     ǰ  ٸ   ϴ  Ģ  
     ȴ.

  o  ܰ  Ʈũ (Perimeter Network): ȣϰ ִ (ȣ)
     Ʈũ ܺ Ʈũ ̿ --   β ϱ
     ؼ ٿ  Ʈũ.  ܰ  Ʈũ DMZ
     ̶ Ҹ.

  o    (Proxy Server):  ڸ ؼ ܺ 
     ϴ Ǯ׸.  Ŭ̾Ʈ    ϰ
     ǰ,   㰡  Ŭ̾Ʈ ( Ȥ )
       ߰ ش.

  o   (Super User): root Ϲ θ .

  13.  FAQ

  1. ̹     Ŀο  ϵ ϴ 
       Ѱ?

       -- ħڰ Ʈ  ̳ ýۿ 
     ĥ  ִ  ε  ִٰ ؼ --  Ἥ ̽
     ̹ εϵ ϴ     ٰ ϱ⵵
     մϴ.

       εϱ ؼ ڴ ݵ Ʈ Ǿ
     մϴ.  Ʈ   Ʈ   ֵ Ǿ
     ֽϴ.  ħڰ Ʈ  ̹ ٸ, װ 
     ε ΰ ϴ   ߿ ٸ Ÿ .

        ʱ⵵ ϴ Ư ̽ ϱ ؼ
     εǰ ˴ϴ.  迡 -- ȭ  -- 
     Ͼ ʴ Դϴ. ̷  --  ϰ ִ
     迡 -- Ŀο    ִ  Ÿմϴ. 
       Ŀο ϵ  ϴ.

  2.   迡 Ʈ ϴ  ׽ ȵ˴ϱ?

     ``[Ʈ ]''  ׸ ʽÿ.  ڰ ڳ Ἥ
     Ʈ ϴ  Ʈ ȣ  ۵Ǵ  ɰ
       ̱⿡ ̷ 츦  Ϻη ̷  ϴ.
      ħڿԴ ð ϰ,  н带 ãƳ
      ڵ Ǯ׸   ִٴ    ʽÿ.

  3.   ִ   4.2 5.0 ǻͿ  
     н带 ϱ?

      н带 , 켱 Ʈ   pwconv 
     ʽÿ, ׷ /etc/shadow  ˴ϴ.      4.2
     ̻  쿡 PAM  /etc/passwd  н
     ȯǴ  ڵ ؼ ϰ   Դϴ.

      н Ϲ Ǵ /etc/passwd  ƴ ٸ
     ҿ н带   Դϴ.   ִµ, 켱
     /etc/shadow    -- ƹ   ֵ Ǿ ִ
     /etc/passwdʹ ޸ -- Ʈ   ֵ Ǿ ִٴ
     Դϴ. ٸ  ڷμ -- ڵ ٸ  ¸
     ƴ Ͼ --  ְų    ϴٴ Դϴ.

      쿡 /etc/passwd  -- /bin/ls  Ǯ׸  丮
       ó  ID  ̸ (username) ؼ
       ֵ -- ڿ ׷ ̸ ϴ Ϳ 
     ˴ϴ.

     ׸ /etc/shadow   ̸ (username) н --
     ׸ ¼     --   
     ˴ϴ.

      н带  η Ʈ  pwocnv Ͻø
     /etc/shadow 鼭 ٸ Ǯ׸鿡 ǰ ˴ϴ.  
     4.2 ̻ ϽŴ Ƿ,  쿡 Ư  ٲ
     ʾƵ PAM   /etc/passwd  н ȯ
     Ǵ  ڵ ν Դϴ.

     ϴ н带 ϰ  Ϳ  μ, ƿ ó
      н带  Ϳ  δ ͵  Դϴ.  
     ؼ PAM Ϻκ pam_cracklib   ֽϴ. ̰
      н带 ũ ̺귯 Ἥ μ 
     н尡 н ũ Ǯ׸ ؼ    ִ 
     ˵ ݴϴ.

  4.  ġ SSL ͽټ   ?

     a. 켱 ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL
        <ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL> SSLeasy 08.0 ̻
         մϴ.

     b. ϰ,   Ŀ ġ մϴ.

     c. ġ 1.2.5 ҽ մϴ.

     d. ġ SSLeay ͽټ մϴ.
        ftp://ftp.ox.ac.uk/pub/crypto/SSL/apache_1.2.5+ssl_1.13.tar.gz
        <ftp://ftp.ox.ac.uk/pub/crypto/SSL/apache_1.2.5+ssl_1.13.tar.gz>
        ``[35]''

     e. ġ 1.2.5 ҽ 丮   Ǯ README
        ϴ   ݴϴ. (README  а  ǽϼ)

     f.  ϰ ϸ .

        ̱ ۿ ϰ ִ  ÷  ҽÿ (Replay
        Associates): http://www.zedz.net/ <http://www.zedz.net/>
        ̸  Ű   ֽϴ.<<

        >>

     g.   ϸ鼭    ٲ?

        Ư RH 5.0 ,      Ư ٲٴµ
          ִ    ֽϴ.

     o  pwconv unpwconv Ǯ׸ Ͻø  н (ު)
         н ϴ  ٲٸ鼭   ֽϴ.

     o  pwck grpck passwd ׷ ϰ   Ȯϴ
        Ϳ   ֽϴ.

     o  useradd, usermod, ׸ userdel   ϰ ٲٰ,
          ˴ϴ. groupadd, groupmod, ׸ groupdel
        ׷쿡 Ǵ ɾԴϴ.

     o  ׷ н gpasswd ɾ Ἥ   ֽϴ.

          ִ  Ǯ׸ "  ()" մϴ.
         츦  , /etc/shadow н  
        ؼ  ̰ ƴ϶, ܼ  ʴ´ٴ 
        մϴ.   Ͻø Ǵ Ŵ  man
        ʽÿ.

     h. Ư HTML   ġ Ἥ ȣմϱ?

        http://www.apacheweek.com/ <http://www.apacheweek.com/>̶
         ƽô?

          ؼ
        http://www.apacheweek.com/features/userauth
        <http://www.apacheweek.com/features/userauth> , ٸ 
          
        http://www.apache.org/docs/misc/security_tips.html
        <http://www.apache.org/docs/misc/security_tips.html> ʽÿ.

  14.  

   溸 ϸ Ʈ ϰ ֽ ⿡ ν 
   ǻ͸ ϰ ϱ      ִ. 
  ϵ鿡 Ǹ ̰, Ʈ̾  Ǯ׸ 
  ϸ   ϵ   ִ.

   ǻͿ   ǻ  ϱⰡ 
  ʴ.  ǻͿ    ʿ,  Ƿ
   ÷   ִ.   Ư,  ü
       ׵ ´.   ʿϴٸ
  ߸ ̻ ÷̴.

  15.   

   ۿ Ұ   ڷκ  ̴. 
  Ȥ    Ʒ 鿡 Ѵ.

  Information here is collected from many sources. Thanks to the
  following that either indirectly or directly have contributed:
  following who either indirectly or directly have contributed:

       Rob Riggs rob@DevilsThumb.com <mailto:rob@DevilsThumb.com>

       S. Coffin scoffin@netcom.com <mailto:scoffin@netcom.com>

  Viktor Przebinda viktor@CRYSTAL.MATH.ou.edu
  <mailto:viktor@CRYSTAL.MATH.ou.edu>

  Roelof Osinga roelof@eboa.com <mailto:roelof@eboa.com>

  Kyle Hasselbacher kyle@carefree.quux.soltc.net
  <mailto:kyle@carefree.quux.soltec.net>

  David S. Jackson dsj@dsj.net <mailto:dsj@dsj.net>

  Todd G. Ruskell ruskell@boulder.nist.gov
  <mailto:ruskell@boulder.nist.gov>

  Rogier Wolff R.E.Wolff@BitWizard.nl <mailto:R.E.Wolff@BitWizard.nl>

  Antonomasia ant@notatla.demon.co.uk <mailto:ant@notatla.demon.co.uk>

  Nic Bellamy sky@wibble.net <mailto:sky@wibble.net>

  Eric Hanchrow offby1@blarg.net <mailto:offby1@blarg.net>

  Robert J. Bergerrberger@ibd.com <mailto:rberger@ibd.com>

  Ulrich Alpers lurchi@cdrom.uni-stuttgart.de <mailto:lurchi@cdrom.uni-
  stuttgart.de>

  David Noha dave@c-c-s.com <mailto:dave@c-c-s.com>

  Pavel Epifanov. epv@ibm.net <mailto:epv@ibm.net>

  Joe Germuska. joe@germuska.com <mailto:joe@germuska.com>

  Franklin S. Werren fswerren@bagpipes.net
  <mailto:fswerren@bagpipes.net>

  Paul Rusty Russell <Paul.Russell@rustcorp.com.au>
  <mailto:Paul.Russell@rustcorp.com.au>

  Christine Gaunt <cgaunt@umich.edu> <mailto:cgaunt@umich.edu>

  lin bhewitt@refmntutl01.afsc.noaa.gov
  <mailto:bhewitt@refmntutl01.afsc.noaa.gov>

  A. Steinmetz astmail@yahoo.com <mailto:astmail@yahoo.com>

  Jun Morimoto morimoto@xantia.citroen.org
  <mailto:morimoto@xantia.citroen.org>

  Xiaotian Sun sunx@newton.me.berkeley.edu
  <mailto:sunx@newton.me.berkeley.edu>

  Eric Hanchrow offby1@blarg.net <mailto:offby1@blarg.net>

  Ʒ   Ͽ   ٸ    ־!
      в Ư 縦 帰.

  The following have translated this HOWTO into various other languages!
  A special thank you to all of them for help spreading the linux
  word...

       Polish: Ziemek Borowski ziembor@FAQ-bot.ZiemBor.Waw.PL
       <mailto:ziembor@FAQ-bot.ZiemBor.Waw.PL>

       Japanese: FUJIWARA Teruyoshi fjwr@mtj.biglobe.ne.jp
       <mailto:fjwr@mtj.biglobe.ne.jp>

       Indonesian: Tedi Heriyanto 22941219@students.ukdw.ac.id
       <mailto:22941219@students.ukdw.ac.id>

       Korean: Bume Chang bschang@kldp.org <mailto:bschang@kldp.org>

       Spanish: Juan Carlos Fernandez piwiman@visionnetware.com
       <mailto:piwiman@visionnetware.com>

       Dutch: R. Ekkebus reggy@zeelandnet.nl <mailto:reggy@zeelandnet.nl>

  16.   ̴ 

  16.1.    

    Ͽ v1.1.0  ۳⿡  ÷ȴ v1.0.8 
   ٸ ʽϴ.     Ų ġ, öڿ 
   , URL  κ    ϸ Դϴ.

  16.2.   

   ϶  ִ    Ǿ ְ, ּҵ
  ٲ 쵵 ϴ.   ϸ鼭   ִ ּҸ ״
  ߱ ,  URL  ִ    Ǿ
  ֽϴ.  ѱ۷ Ǿ ִ  ̹   Ͻø ѱ ˻
   ؼ ãƺʽÿ.   ۿ  ִ κ Ͽ
  ̴-Ͽ  KLDP ѱ۷   Ͻ  ֽϴ.
  http://kldp.org <http://kldp.org>

  ߿ϰų ǹ̰  ܾ    Ʒ 
  ҽϴ.

  16.3.  ϸ Ʈ

  o    ϸ Ʈ: ѱ  ȣ 
     http://www/certcc.or.kr <http://www.certcc.or.kr>  Ʈ "
     ǰ (Korean Advisory)" ׸񿡼 츮  KISA  ȣ CERT
     ̱        (Security Advisory)
     ī̺긦 о  ֽϴ.  ο    
     ǰ   Ϸ ޾   ֵ
     http://www.certcc.or.kr/certcc/index.html#mail
     <http://www.certcc.or.kr/certcc/index.html#mail>  
     ּҸ  ϸ    Ϸ ޾   
     Դϴ.

  o  KISA:  ǰ ̿      Ѵٸ ѱ
      ȣ   ٸ  http://www.kisa.or.kr
     <http://www.kisa.or.kr> Ͻñ ٶϴ.

  o  NIST   ѱ: Ư, KISA  Ʈ  ø
     htttp://www.kisa.or.kr/edu/nist/nist-.htm
     <http://www.kisa.or.kr/edu/nist/nist-.htm> ̱ NIST Ư
        ϳ "ǻ   NIST ڵ (800-12)"
     ѱ    ֽϴ.      а ִ
      "()  Ͽ "    ߺǾ ֱ
     , ڿ  ΰ е  Ǿ  ÿ
      ſ ߿ϴ    ̵ ۵ 
     ŭ, о ġ ſ ϴ.   ȭ ׸񿡼 ޵Ǿ
     NIST ȭ   Ÿ NIST 
     http://csrc.nist.gov/publications/welcome.html
     <http://csrc.nist.gov/publications/welcome.html> Special
     Publication ׸񿡼   ֽϴ.

  o  UGU ϸ Ʈ:  ϸ Ʈ  Ͻø н 뿡
       Ϸ翡 ϳ Ϸ ޾   ֽϴ.  ̰
     ȿ õ ϸ Ʈ ٴ н 뿡  ϸ
     Ʈ, ȿ õ   ϱ⵵ ϰ,  ϳ
      ޾   ִٴ ̰ ֽϴ.     Ʈ
     Ϲ  ̽  ٸ  н   
     Ͻ  ֽϴ.  http://www.ugu.com/sui/ugu/show?ugu
     <http://www.ugu.com/sui/ugu/show?ugu> "Help Me" ǿ "Daily
     Unix Tip" Ͻð,  ûϽø ˴ϴ.

  16.4.   ܾ

  o  File:  ǹ̿  ũ    ־ϴ.  ϳ 
      (̳ʸ)  ǻ ""̶ ̾, ٸ ϳ
       а   ִ (Ͽ  ) ""
     ߽ϴ.  Ϲ   "" ߰ 
      "" ߽ϴ.  , lilo.conf  ý
     ̸鼭 ͷ д 츦 ϴ  ǻ ""
     ""  鼭 ߽ϴ.

  o  Implementation: 6.3 IPSEC "Implementation" ""̶
     ,  Ǯ׸ ""̶ ߽ϴ.

  o  Cleartext: ȣȭǱ  ̳  ϴ Cleartext "
     "̶  ̶ ߽ϴ.  ݴ븻δ "ȣ"
     ϴ.

  o  Encryption: Ϲ ũ (Encryption) ۾ ȣȭ
     ϴٸ, 쿡 󼭴 "н带  " "ȣȭ"
     ϴ.

  o  Decryption:  ũǵ  Ǫ ũ (Decryption) ۾
     "ȣȭ" ߽ϴ.

  o  Secure: "", " ", ""  ƿ 
     ߽ϴ.

  16.5.   

  o  1  Exploit: "ħŻ" ̶ ߴ

  o  2  Ŀ Ͽ: http://kldp.org/~kabin/doc/hacker-howto.htm
     <http://kldp.org/~kabin/doc/hacker-howto.htm> â  
     ѱ .

  o  3  ݹ :   ÿ ϴ   ȹ ϳ.

  o   : ڴ ڽ ϰ ִ  ȭȣ α
      Բ   ְ ϴ   ..  
     ȭȣ    ִ ȭȣ   Ŀ,
     ġϸ  ȭȣ (ϸ ߽  𵩰 ߽ 뼱 
     ؼ) ȭ  ɾ (= ݹ ؼ)   Ѵ.
      ó ݹ    ȭȣ Ѽ ó
      ְ, ڰ ƹ ҿ   ֵ Ӱ ݹ
      ȣ Ǯ  ִ ɼ  ؼ ǿ ︮
       ִ.

  o  : ڰ ȭ ԰ ÿ   
     κ   ִ.

  o  :   ȭ  δѴ. ׸ ݹ  
     ̳ ħŻ Ѵ.

  o   ũ:  ݹ ¾:
     http://www.icce.rug.nl/docs/programs/callback/callback.html
     <http://www.icce.rug.nl/docs/programs/callback/callback.html>

  o   ũ:  Ͽ v.0.10 http://ftp.dei.uc.pt/LDP/HOWTO/Modem-
     HOWTO.html <http://ftp.dei.uc.pt/LDP/HOWTO/Modem-HOWTO.html>

  o  4  www.internic.net:  ̷      
     ʹ. Ʈũ ַǽ  ȭ   ĺ  ̻
     RFC, ID, FYI   ٷ  ʱ ߴ.  http://www.isi.edu/in-
     notes/rfc2196.txt <http://www.isi.edu/in-notes/rfc2196.txt>
       ִ.

  o  5     (rogue machine): ڰ ƿ ų  
     ȵǾ 鼭 Ʈũ Ǿ ִ . (Ȧ ?)

  o  6  linux single:     Ʈ Ʈ "lilo:
     single"  ϸ 1ο ̱  ȯ  ȴ.  
     Ȳ Ȼ   ǻͰ н带   鼭
      ȴٴ ̴.    ̱  ȯ濡 Ͻý۵
     "б " Ʈ, ϴ ħڰ  
     б  Ͻý۵ " OK" ļ ٽ Ʈϴ 
     ܼ Ƿ  ̴.  ̷ Ȳ   
      .

  o  Password: μ, /etc/lilo.conf  password=newpass 
     Ŀ θ ٽ ġϸ, Ʈ   ׽ ο
     newpass ȣ ־ ־  ȴ.    н
      ϴ  ϵ Ѵ.

  o   Ʈ  н带 ־ ϴ  ȴٸ,  
     ſ   ϴ Ʈ ɼ  (Label) տ
     restricted   ȴ.

  o  ٿ, н尡  ְ Ǵ lilo.conf   "
       ֵ (world readable)" ϸ ȵȴٴ  ̴.  
        ֵ Ѵٸ ֽ   н带 ƹ  
      ̹Ƿ.

  o  7  α : log file:  .

  o  8  cleartext: : ȣȭǱ   .  x

  o  9  ı ɾ ϸ :  쿡 rm 
     ϸ "alias rm='rm -i'  Ҵ.   ڰ
     Ϻη "rm -f"  츦    ̴.

  o  ڵ ı̸鼭  ɾ  , ı (non-
     destructive) ɾ    ֵ ǻ͸   
     ̴.  ̰ Ư ǥ Ἥ  ɾ   Ǽ
     ϱ     ִ.   , "rm foo*.bak: ⿡
     ռ "ls foo*.bak" 丮  Ʈ ϵ μ
     ڰ  ϴ   Ǵ ΰ Ȯϵ
       ̴.  echo ɾ ı ɾ պκп Ἥ
     Ȯ ϴ ͵  ȴ.

  o  10  Ʈ :    丮 "." "su"
     "ls" ̸  Ʈ 񸶸 ɾ ´ٸ?

  o  11  umask   (Octal complement): н Ͽ
     "(user), ׷(group),  (other)"   ڰ
     ׽ Ѵ.    ٽ "б 㰡,  㰡,
      㰡"    㰡 ׽ ǵǾ ִ. (`` 㰡
     '').       㰡  ǥǾ
     ִµ, ּ   000 (б, ,  ) ִ
       111 (   ).  (ְ   111
      7̹Ƿ  Ͽ  㰡 "111.111.111" ̶
     ̰ Ϲ  "777" θ).

     umask   ϰ 丮 Ʈ   
      Ѵ. umask       
       ( ) Ѵ. μ   umask 
     022 077 ٲ ָ,     ڰ 
     ϰ 丮 111.000.000   㰡 ڵ
      ȴ.

       umask   :

                            
       -.uuu.ggg.ooo         u.g.o        u.g.o          umask
       -.rwx.rwx.rwx
       0.111.111.111         7.7.7        0.0.0          umask 0
       0.111.111.100         7.7.4        0.0.3          umask 3
       0.111.101.101         7.5.5        0.2.2          umask 22
       0.111.000.000         7.0.0        0.7.7          umask 77

  o  12   㰡  :  ,  "110.100.000"
      "640" ǥõȴ.  (̰ "rw-.r--.---"̴). 
      㰡 "640"   θ  ʺڷμ 򰥸
     ̰, "110.100.000"  θ ͺ "640" θ
      ξ  .

  o  13   PGP:  URL ׾ ־.   ̱  
     ġ   ̱ PGP   ϹǷ,   PGPi FAQ
       Ҵ.  http://www.pgpi.org/doc/faq/
     <http://www.pgpi.org/doc/faq/>.  ̱ PGP http://www.pgp.com/
     <http://www.pgp.com/>    ִ,

  o  14  PGP : ̱ ۿ  Ϸ ͳų  
     ȴ. ֽ  http://www.pgpi.com <http://www.pgpi.com>̳
     http://www.pgpi.org/ <http://www.pgpi.org/>   ִ.

  o  15  Dead URL:  URL
     http://home.netscape.com/assist/security/smime/overview.html ׾
     ־,  http://www.rsasecurity.com/standards/smime/ ־.

  o  16  ֽ: 1999/10/15Ͽ 1.1  ־.
     ftp://ftp.xs4all.nl/pub/crypto/freeswan/freeswan-1.1.tar.gz
     <ftp://ftp.xs4all.nl/pub/crypto/freeswan/freeswan-1.1.tar.gz>

  o  17  Session Hijacking : ߰  (man-in-the middle attach):
     A B   M   ʰ ߰  ؼ
      ä . A B  ٰ ϰ, B A
      ٰ , δ M ߰ AԴ Bô
      ϰ, BԴ A ô  ϴ  ͸ æ.

  o  18  psst:  psst Ǯ׸ 츮  ϶    "!"
     شϴ Ǽ "Psst!" ̸  ϴ.  翡 lsh
     ٽ ̸   ߵǰ ִ.

  o  19             URL:
     (http://www.consensus.com/faqs/tls_ssl_faq.txt
     <http://www.consensus.com/faqs/tls_ssl_faq.txt>)  ˰,
      ؼ    ִ.

  o  20   ۵ ϴ Ǯ׸ :

  o  NT :  Ʈũ ý ̸ NT 赵 
     ϰ ִٸ, ο 콺 2000 EFS (Encrypting File
     System) ϱ ٶ.  EFS  ۵  CFS TCFS
      ſ ϴ.    EFS   
     http://www.ntmag.com/Articles/ <http://www.ntmag.com/Articles/>
     EFS Ű ˻ ϰų, EFS  ֺ Ƹ޵
     (Ahmed) ũ óġ (Russinovich)  Author 
     ˻ ϸ   ִ.     (콺 2000) EFS
           ̸, NT 3.51 NT 4.0 (sp3
     ̻)  쿡  3 ҿ ϰ 丮 ȣȭ
     Ǯ׸  ؼ (ְ...  -_-;)  Ѵ.  (
     www.winfiles.com     ִ NT ȣȭ Ǯ׸
       ְ,   XOR   Ȳ  
     å    ̴).

  o  콺 95/98 : ϵ ̺ Ϻθ Ƽ Ϸ
      ȣȭ ִ ũũ (Scramdisk) ϰ ʹ.
     RSA IDEA     Ǿ , 
      쿡    ִ.  ҷοǽ  ϰ 
     ȣ ȣȭ   ȣ   ִ 
     ҽ    ִ. http://www.scramdisk.clara.net
     <http://www.scramdisk.clara.net>

  o  21  KLDP:  Ŀ̵ Ͽ   .

  o  22KLDP: Ŀ̵ Ͽ  .

  o  23 丮:   6.0 Ʈ ν緹̼ 쿡
     /usr/src/linux-2.2.5/Documentation/Configure.help
     </usr/src/linux-2.2.5/Documentation/Configure.help>  ȴ.
     http://kldp.org/HOWTO/html/Kernel/Kernel-HOWTO.html
     <http://kldp.org/HOWTO/html/Kernel/Kernel-HOWTO.html> ϱ
     ٶ.  http://math-www.uni-paderborn.de/~axel/config_help.html
     <http://math-www.uni-paderborn.de/~axel/config_help.html> 2.2
     Configuration.help ֽ ִ

  o  24  丮:   6.0
     /usr/src/linux-2.2.5/Documentation/Configure.help/Networking/filter.txt̴.

  o  25  SIGHUP: SIGHUP   ɵ ְ    FSF
     ϴ 转 ۷ Ŵ
     http://www.fsf.org/manual/bash-2.02/bashref.html
     <http://www.fsf.org/manual/bash-2.02/bashref.html> .

  o  26  GTK: Gimp ToolKit.  http://www.gtk.org <http://www.gtk.org>

  o  27  ׼: ׼ ÷ ߿ , ̷ ڵ Ʈ ĵ
     ִ ũƮ ̹ Ǿ ִ.   ö...  TCP FIN
      񽺸 Žϴ  ϴ.

  o  28   FreeBSD :  FreeBSD  ڴ
     http://www.telepath.com/support/unix/security.html
     <http://www.telepath.com/support/unix/security.html> ()
     о ٶ.

     29  ϰ ť :  1999/2/4 8.9.3 
      ְ, ۵ Ҿϴٴ   ޸,  
       ۵ ϰ ִ.  1999/10/30 翡
     8.10.0.beta6 ׽Ʈϰ ־.

  o   Ư¡  Ը ũٴ  ̴.   ܰ 
         ִ   , Ը ũ 
     ġ  ſ ϴ.  ׷ , 簡 ƴ϶ ҽ
     ġϴ   Ұϴٰ Ѵ.   ġ Ŀ, 
     ɼ  ˾Ƽ ٴ ͵ Ұ ̶ ϱ⵵ Ѵ.  ū
     Ը ſ ɼ ϴ "ùٸ "̶  ˱Ⱑ ,
        ߰ߵǴ  ֵ   ū Ը "ĩ
     ߸ ϱ "  ɼ 翡 ִٰ  Ѵ.
     (̷  ,     å Ἥ  
     )

  o  ݸ鿡 qmail  ߿ 쿡    ִ "Ȼ
     " Ǯ׸, MTA ߿   ϳ  Ʈ
     Ϻ .  (   ּҸ  
     ϴ  ġ   , Ű   ϴ 
        ϰ ִ)  ݸ鿡, qmail Ǯ׸
     ũⰡ ۰,  ǻ (486/16mb ) ū Ը  
       ޾ ش.

  o     ():
     http://ist.uwaterloo.ca/~reggers/sendmail/
     <http://ist.uwaterloo.ca/~reggers/sendmail/>

  o    ():
     http://www.qmail.org/man/misc/REMOVE.sendmail.txt
     <http://www.qmail.org/man/misc/REMOVE.sendmail.txt>

  o   : http://trade.chonbuk.ac.kr/~leesl/mail/
     <http://trade.chonbuk.ac.kr/~leesl/mail/>

  o  KLDP  : http://kldp.org/KoreanDoc/html/Sendmail-
     KLDP/Sendmail-KLDP.html <http://kldp.org/KoreanDoc/html/Sendmail-
     KLDP/Sendmail-KLDP.html>

  o  ť Ͽ: http://kldp.org/Translations/Qmail-KLDP
     <http://kldp.org/Translations/Qmail-KLDP>
  o  30   ̴ϸ Ȩ : http://www.porcupine.org/wietse/
     <http://www.porcupine.org/wietse/>  ƮȽ  MTA  
     (): http://www.sunworld.com/swol-03-1999/swol-03-mailtools.html
     <http://www.sunworld.com/swol-03-1999/swol-03-mailtools.html>

  o  31  IP Firewalling Chians: "IP Firewalling Chians"  
      ־ ұ ϴٰ "ȭ 罽"̶    
     IPchains-HOWTO (KLDP_URL) Դ.

  o  ߴ     翬 KLDP_URL   
     ־, Ѱ ƽ    98 3  v0.6
     , 2.2.x Ŀ ٷ  ʴٴ ̾.  
       ο  Ѵٸ 1999 3 V1.0.7 
     ǥ ο   
     http://www.rustcorp.com/linux/ipchains
     <http://www.rustcorp.com/linux/ipchains>   ְ, 
       Ǿ (?)  2.2.x ٷ  ʴ.

  o   ߿ 2.2.x ȭ 罽   Ư 
     ƽô    ֽñ⸦ ٶ.

  o  32  VPN: ѱ۷  VPN   ׸  ʾҴ.  
     , 켱 ѱ ͳ  Ϳ    
     ٶ.  http://www.nic.or.kr/data/report/Inds/inds-1.2.4.html
     <http://www.nic.or.kr/data/report/Inds/inds-1.2.4.html>

  o  ѱ ŸŸ ѱ   Ἥ VPN   
     ,  ҵ .   Ź  ˻   ξ
     ̾.  http://www.etnews.co.kr <http://www.etnews.co.kr>

  o    ũ:
     ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html
     <ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html>
      http://www.wolfenet.com/~jhardin/ip_masq_vpn.html
     <http://www.wolfenet.com/~jhardin/ip_masq_vpn.html>

  o  33    :  Ͽ 5 ٹϴ ̱
     쿡 °  Ǿ ִ.  6 ٹϴ ȸ簡  츮
      쿡 7      ˸ ̴.  
     Ǿ ִ  ( ¥) ª Ⱓ  ϰ
     ִ.   쿡 Ⱓ  ٿ ־  
     .    ũп       ִ.

  o     :
     http://electron.lbl.gov/ychen/tapeback.html
     <http://electron.lbl.gov/ychen/tapeback.html>  쿡 ̱
     Ŭ  η   о߿  ǻ  
     ش.  ý ڰ   ǥϰ ̿ ö
           1,  ,  ,   
      ϰ ִ    ִ.

  o   ռ   : http://kldp.org/KoreanDoc/html/Basic-
     KLDP/Basic-KLDP-2.html <http://kldp.org/KoreanDoc/html/Basic-
     KLDP/Basic-KLDP-2.html>

  o  34  Ʈ: Ʈ http://www.securityfocus.com/
     <http://www.securityfocus.com/> ڸ Ű.   
     Forum  Ʈ  ̰,  Ʒ ī̺긦
     ã  ִ.

  o  35   : ftp://ftp.ox.ac.uk/pub/crypto/SSL
     <ftp://ftp.ox.ac.uk/pub/crypto/SSL>  ̹ Ʈ  ־,
     Ʈ 丮   ٲ ־.

  o  36  SSL : SSL      Ʈ
     "https://..." URL ۵ȴ. , SSL   ȿ
     ǰ s-http ޽ ȿ ȴ. "s-http" "https://"
     ؼ ñ ٶ.

  o  37  ޸ :  Ģ  Ģ   ʴ
       ൿ ġ  ξ  Ѵ.  ޸ 
      ʵ ̸ ġ ϴ  .    
     ð  н尡 ڵ ǵ  ٹ̰, ʿ
     ̻  ð   ȵ  ϴ   .
     ڰ ̷  ٽ Ϸ Ѵٸ ݵ ڸ
     ϵ ؼ н带 ٽ ޵    ̴.

  o  38 ܹ ȣ: ܹ ȣ (One-way password) Ϲ
     ó  ϸ ȴ.  (н   н
      ó ) ó    н带 
     ų  н ó     
     ϴٸ ȵ ̴.  н DES ̶ܹ Ͽµ,
     "ܹ" ̶    ó  ó ٽ н
      ó    ⺻  ʴ 츦
     Ѵ.

  o  39  ݽ ȣ   : 99 10  ϸ鼭
       ִ URL  URL ׾ ־.  ݽ簡
          Ʈ ϸ鼭 ּҰ ٲ   
     ߴµ, ˰    ƴ϶ κ ȣ   ƿ 
     Ʈ    ̾.  ݽ ȣ 
      Ϸ ٸ  3 ҿ ϰų, ݽ 
     ڰ Ǵ  ҽ 缭  ۿ   .
      --  ݽ  ҽ  Ǿ
     ֱ  -- ȣ    ù  
         ϰ Ǿ Ϥ Ȥ  ߿ ȣ
     ڵ   ڼ ڷḦ   ִ Ժη 
     ø ʵ Ͻñ⸦ ٶ.  (   ǻ͸
     м ϰų,  Դ  ȸ ȣ翡Լ  
      ޴    ^_^;  ).

  o  å1  ѱ : "ͳ ȭ ϱ, D. Brent Chapman 
     Elizabeth D. Zwicky , Ѻ ̵ , ISBN 89-79140-22-3".
     ˶򿡼 2 3õ ǸѴٴ    ־.  
        Ʈ   ־.
     http://www.oreilly.com/catalog/fire/index.html
     <http://www.oreilly.com/catalog/fire/index.html>.

  o  Ÿ:  ϴ  ٸ    ־,  
     ߿ " Ǿ ־ٸ  "̶    
      ־ϴ.   ߿ KLDP  ۾  ִ
      ø         ϴٰ
     մϴ.  Ϻ  Ͽ  ƴϹǷ,  ռ
      㰡  õ.

  o   н带  :
     http://consult.cern.ch/writeup/security/security_3.html
     <http://consult.cern.ch/writeup/security/security_3.html>

  o  VPN: http://www.wolfenet.com/~jhardin/ip_masq_vpn.html
     <http://www.wolfenet.com/~jhardin/ip_masq_vpn.html>

  o  IP-masq-vpn HOWTO

  o  VPN:
     ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html
     <ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html>

  16.6.    (Acknowledgements)

  o   μ (dolman@correl1.snu.ac.kr): 1.1.0 1.0.2  ٸ
     ʽϴ.  ׸ 1.0.2 ߰  ׸ " ߰  "
     Ѵٸ, 1.0.2 0.9.11 ٸ   ϴ.  0.9.11
      ũ  Ǿ   Ͻ  μ ձ
     1.1.0 ū ȭ   ֽϴ.  μԿ   
      ϰ ͽϴ.  ٹ

  o   ´(sreki@bomun.kaist.ac.kr):   ø鼭 
     ´Բ SGML  ּ̽ϴ.  SGML , 
     ߴµ Դϴ.    ϰ ͽϴ.  ٹ

  o   :       鿡Դ  Դϴ.
       kldp.org  츮     Ͽ
     о ϴ Դϴ. 츮    ׳ 
     о   ڴԵ  kldp.org  ½ 
     ̶     .   Խǿ Դϴ.  ٿ

  o  Ȳ : 1.1.0 ø鼭 1.0.8 ѷ Ʋ κ 
     .  URL Ÿ , κ  Ʋ ͵ , 
     ̰ Դϴ.  ׷ ϶  ֽ    
     ϰ  ...  (  ƹ  Ͽ  о ֳδ...
     !)  Ȳ  մϴ.

  o  :    ̳ оּż մϴ.  ׸,
      ģٰ ƴµ ƹ 𿣰  Ǽ  
     ϴ.  ֽø ϰڽϴ.

