    Ͽ
  ɺ , kevin@scrye.com & ̺ ڽŰ, dave@nic.com
  v0.9.11, 1 May 1998
   :  μ dolman@correl1.snu.ac.kr, 繮
  :   boxcar0001@aol.com, SGML:  
  sreki@bomun.kaist.ac.kr
  1998 11 7

     ý ڰ ϰ Ǵ  ̽  Ϲ
   . Ϲ  ö   ý ħڷκ
  ȣ   Ư ⸦   Ҵ. ȿ 
  ڷ α׷   ִ  Ҵ.  : ̰ Ÿ
   .   , Ǽ , ÷ , ׸  
    ϰڴ.   ǰ   ο ֱ
  ٶ.  "Linux", "security"  "HOWTO"   ߸ 
  ͸   ְ  Ǹ     ̴.
  ______________________________________________________________________

  

  1. Ұ
     1.1    
     1.2  ǰ (Feedback)
     1.3  ؿ  å 
     1.4 ۱ 

  2. 
     2.1   ʿѰ?
     2.2 󸶳    ΰ?
     2.3  ȣ ΰ?
     2.4  Ģ ϼ
     2.5 Ʈ  .
        2.5.1 ȣƮ .
        2.5.2 Ʈũ .
        2.5.3  ȹ (Security through obscurity)
     2.6   .

  3.  .
     3.1 ǻ 
     3.2 ̿ 
     3.3 Boot loader 
     3.4 xlock vlock
     3.5   ļ 

  4.  .
     4.1 ο  
     4.2 Ʈ 

  5. ϰ Ͻý 
     5.1 umask 
     5.2  㰡 (File Permissions)
     5.3 Ʈ̾ (tripwire: ڼ)  ϰἺ ˻.
     5.4 Ʈ 

  6. н Ȱ ȣȭ (encryption)
     6.1 PGP   ȣ (Public Key Cryptography)
     6.2 SSL, S-HTTP, HTTPS ׸ S/MIME
     6.3  X-Ŀ IPSEC 
     6.4 ť  SSH ڳ
     6.5 PAM -    (Pluggable Authentication Modules)
     6.6 ȣ  IP ĸ̼ (Cryptographic IP Encapsulation :CIPE)
     6.7 Ŀν.(Kerberos)
     6.8  н
     6.9 ũ(Crack)    (John the Ripper).
     6.10 CFS TCFS - ȣȭ  ý۰  ȣȭ  ý.
     6.11 X11, SVGA ÷ .
        6.11.1 X11
        6.11.2 SVGA
        6.11.3 GGI (Generic Graphics Interface project)

  7. Ŀ 
     7.1 Ŀ  ɼ.
     7.2 Ŀ ̽

  8. Ʈũ 
     8.1 Ŷ 
     8.2 ý 񽺿 tcp_wrapper.
     8.3 DNS  Ȯ
     8.4 identd
     8.5 SATAN, ISS, ׸ ٸ Ʈũ ĳ α׷.
     8.6 , qmail  MTA
     8.7  źν  (Denial of Service attacks:  DoS)
     8.8 NFS (Ʈũ  ý) 
     8.9 NIS (Ʈũ  ) ( YP).
     8.10 ȭ.

  9. 켱  å ( ϱ ).
     9.1 Ϻ   .
     9.2    .
     9.3 RPM   ͺ̽ .
     9.4 ý   (account data) 
     9.5 ο ý Ʈ ġ.

  10. ħ ̳ Ŀ  ϵ
     10.1    !
     10.2  Ѽ ̹ Ͼ .
        10.2.1  Ƴ.
        10.2.2  
        10.2.3 , , ׸  !
        10.2.4 ħ .

  11.   ڷ.
     11.1 FTP Ʈ
     11.2 Ÿ  Ʈ
     11.3 ϸ Ʈ
     11.4  

  12. 
  13. FAQ
  14. .
  15.  .
  16.  ̴ .
  17.  ߰ 

  ______________________________________________________________________

  1.  Ұ

     ȿ  ִ   ߿  
  ٷ. Ϲ  ͳ   ڷ鿡 ؼ
  ̾߱ϰڴ.

   ̽ ؼ ٸ  Ͽ 鿡 ߺ  ǰ
   ߺ    ڴ.

    ֽ ħŻ (exploit:  1-1)  ȳ   
  ƴϴ. ħŻ     ִ.  ħŻ ֽ 
   ִ  ħŻ   Ϲ  ϰڴ.

  1.1.     

    ο   comp.os.linux.answers ׷쿡
  ÷ ̴.    Ʒ   ͸ FTP
  Ʈ鿡 ÷ ̴.

  ftp://sunsite.unc.edu/pub/Linux/docs/HOWTO

     WWW Ȩ  ã  ִ.

  http://sunsite.unc.edu/mdw/linux.html

  ,   ֽ     Ʒ ã 
  ִ.

  http://scrye.com/~kevin/lsh/

  1.2.   ǰ (Feedback)

     , ߰ װ  Ʒ  ּҷ  ٶ.

  kevin@scrye.com

  

  dave@nic.com

  : ǰ ׽ __  ο ־ Ѵ.  
  "linux" "security", "HOWTO" ݵ ߸ ɺ  ͸
    ִ.

  1.3.   ؿ  å 

  ڵ   뿡 ߻Ǵ  ؿ Ͽ  쿡
  å  ʴ´.   ִ  , ׸ Ϻ Ǵ
    뿡  å ڿ ִ. ٿ,  
  Ÿ ̱  Ȯ      ɼ
  ִ.

   Ƿʿ  (tm) Ű  ý 
  Ƿ,   ٸ  ִ.

  ڵ ƴ ,  Ͽ,    
  ǰų 򰡰 㰡 α׷鸸 Ͽ.  κ
  α׷ ҽ ؼ,  Ӱ GNU  ǿ
  Ӱ    ̴.

  No liability for the contents of this documents can be accepted. Use
  the concepts, examples and other content at your own risk.
  Additionally, this is an early version, with many possibilities for
  inaccuracies and errors.

  A number of the examples and descriptions use the RedHat(tm) package
  layout and system setup. Your mileage may vary.

  As far as we know, only programs that under certain terms may be used
  or evaluated for personal purposes will be described. Most of the
  programs will be available complete with source under GNU-like terms.

  1.4.  ۱ 

    ۱ (c)1998 ɺ  (Kevin Fenzi) ̺ ڽŰ
  (Dave Wreski) , Ʒ Ͽ   ִ.

     ۱  ԵǴ ,  Ͽ  
     ,  ü Ͽ ü Ȥ Ϻθ ϰ 
      ִ.     ǰ ȴ;  
     쿡 ڵ鿡 ˷ֱ ٶ.

     Ͽ 鿡   ̳ Ļ , ü
       ۱ ȳ  Ѵ. ̰  Ͽ
     Ļ   Ŀ    Ͽ ߰ 
     ޾Ƽ  ȴٴ ̴.  ̷ Ģ  ܰ ε 
     ִ; Ʒ ּҸ Ἥ  Ͽ ڸ ϱ ٶ.

    ǹ ִٸ  Ͽ   ̳ (Tim Bynun) Ʒ
     ּҷ ϱ ٶ.

  linux-howto@sunsite.unc.edu

  2.  

     ý  ؼ     
  ̴ Ʈ ϰڴ. ۿ ռ ⺻  ϰ
  ȿ  ⺻ 븦   ߿ ̴..

  2.1.    ʿѰ?

  ׽ ȭϴ ۷ι  Ŀ´̼ 迡, ׸  
  ͳ   翡,   ̴ Ʈ ߿
  ־,   ߿   ִ.  ʱ
  ǻͶ   θ ΰ   ƴϾ⿡, 
  ݿ μ ⺻ ʿ ϰ Ǿ.  ⸦ ڸ,
  ͳ 󿡼  Ͱ A  B  帣 ߰ 
  ٸ , ٸ ڵ ͸ äų   
   ִ ȸ  ȴ.    ýۿ ִ ٸ
  ڵ  ͸ --  ǵ  ٸ 
   -- Ƿμ   ִ ̴.  "ũĿ" Ҹ
  ħڵ鿡 ؼ  ý    , ̵
    ؼ  ô ź ϰų,  ġų,
  Ǵ   ý ϰ  ź  ִ.  
   "Ŀ" "ũĿ"  ΰ 𸥴ٸ
  http://sagan.earthspace.net/~esr/faqs/hacker-howto.html 
  ̸(Eric Raymond)  "Ŀ Ǵ "  ٶ.  (
  2.1-1)

  2.2.  󸶳    ΰ?

  켱  ξ    ý۵ "Ϻϰ "  ٴ
  ̴.    ִ ּ   ýۿ ħϴ
    ư  ͻ̴.    ڷμ
  ũĿ ϱ ؼ ׸   ʿ ʴ.  (,
  ȸ )  ˷  ڵ   ۾ ؾѴ.

  꿡 ξ   ý  ȭϸ Ҽ ý
  ⿡ ϰ ȴٴ ̴. ý ؾϴ  
   ȼ Ǽ   ƾ  ̴.  μ, 
  ýۿ     ο ݹ  
     ̴.  ( 2.2-1: ݹ )     
    ȭ  ְ,  忡 α ϱ⿡
  ϰ    ̴.  Ʈũ̳ ͳݿ  ʰ
   ý   ְ, ̰    ư
    Ǵ  ̴.

   ߰ Ը ̻  Ʈ,    ʿϰ
  ̰ ϱ ؼ   (auditing: ) ʿ ΰ
   " Ģ" غϴ  .  Ģ 
  http://ds.internic.net/rfc/rfc2196.txt.  ϸ  ̴.  
   ֱٿ ŵǾ,  ȸ  Ģ Կ ߿
  븦  ִ.

  2.3.   ȣ ΰ?

   迡 ؾ  ΰ,  δ ϰų 
   ΰ, ׷ٸ  ý 󸶳 ϰ  
  ΰ  ̸     ̴.  ȣϴ°, 
  ȣϴ°,  ȣ  ġ 󸶳 Ǵ°, ׸ Ϳ
  ڻ꿡 ؼ  å  ΰ м.

    ⿡ ̶ (risk) ħڰ ý  ħ
     ǹѴ. ظ   ִ  ħڰ аų ų, Ȥ
     α׷   ִ°?  ߿ ͸   ִ°?
     ̳  ȸ簡 ߿  ϴ   
     ִ°?   ̳ ýۿ   ִ 
      Ī  ִٴ   ƾ Ѵ.

     ٿ,       ü Ʈũ ħ
     ϴ    ִ.  Ʈ ȣƮ (rhost)  
     ֵ   ϳ   , Ȥ tftp  
     ҿ    ħڿ   ڸ ִ
       ̴.  ħڰ  ý̳ ٸ ýۿ
           ٸ ̳ ٸ ýۿ
      µ   ִ.

     (threat)  Ʈũ ǻͿ ҹ 
     (unauthorized access)  ϴ ǿ ִ κ
     ȴ.   ؼ  ýۿ  
     ΰ,      Ҹ  ִ 
     ؾ  Ѵ.

     ħ ݰ   غ  δ ͵ ý ȿ
      ȴ.

    ñ   -   ħڴ ⺻  
     ý۰ ͸  ִ° ˷ ϴ Ϳ ̰ ִ.

    ǰ ִ  -   ħڴ  ý
     ٿŰų    ջŰų,  ٸ δ
     ý  ð  ϵ .

       -   ħڴ α Ǹ  ؼ
      ý  Ѵ.  ˷ ý ħμ
     ڽ ɷ Ϸ ϴ ̴.

     (Competition) -   ħڴ  ýۿ 
     Ͱ ִ° ̸ д.  ɸ   
     ִٰ ϴ    ִ.

    "༺ (Vulnerability)" ִ   ǻͰ ٸ
     Ʈũκ ȣ  ʰų   ǻͿ ҹ
       ɼ ִ 츦 Ѵ.

      ýۿ  ħߴٸ   ϱ? 
     ̳ PPP    ɰ, ͳ̳ ٸ ū
     Ʈũ  ȸ ɻ ٸ ̴.

     ջ  ȸ  󸶳 ð ɸ ΰ?  ʱ ð
     ڴ Ҿ  ȸ ɸ ð ʺ  ۿ ȵ
      ִ.  ٷ   ϰų  ͸ Ȯ 
     ִ?

  2.4.   Ģ ϼ

  ڵ  ϰ   ִ ϰ Ϲ Ģ
  鵵 ؾѴ.  Ģ   ȣϴ ͸ ȣϴ
  ÿ,  ̹õ Ű  Ѵ. ؾ 
  ͵  ýۿ   ΰ (ģ   ᵵ 
  ΰ?),  ýۿ Ʈ ġϵ  ΰ, 
   ͸  ΰ , ؽ  å, ý 
   ̴.

  Ϲ ̿ǰ ִ  Ģ   ۵ȴ:

  "      ".

  ̰ ý     ý 񽺴 Ϲ
  ڰ  ϸ ȵȴٴ ̴.  Ģ  Ϲ 
   ǵ ؾ  ̴.  "ü ̰ 㰡 .  ׳
  Ʈ    " ϴ , ʹ 翬 ˷ ִ
   ̰  ߰   ħŻα  
    ̴.

  2.5.  Ʈ  .

    -- , , , Ʈũ,   
  ,   ϸ鼭  ƿ -- "ڻ" ȣ 
   ؼ Ѵ.    ͸ ħڰ ȴٸ
     ɱ?    Ʈ  ٲ
  ȴٸ?   ȸ  б  Ʈ ħڰ 
  ٸ? Ʈũ ġ ,    ǻ͸ ϱ 
  ̸    ֱ ̴.

   ܿ ϳ ̾˾ PPP   ְų  Ʈ
  ϳ   ִٰ ؼ ħڰ  ýۿ ̸  
   . ũ ̸ ִ Ʈ鸸 ħ ̶ ϸ
  ȵȴ.   ħڵ "ũ⿡    Ʈ
  ħѴ"  ħŻ Ѵ.  ٿ,  Ʈ
    (Security hole)  ؼ  Ǿ ִ ٸ
  Ʈ ȸ    ִ ̴.

  ħڵ ð Ƶ ̸,   ý 
  ǲ ߾ ´ ص,    õϴ  ȸؼ
    ִ.  ħڰ  ýۿ ̸   .
  ̿ ؼ ڿ    ϰڴ.

  2.5.1.  ȣƮ .

  Ƹ ȿ    Ǿ ִ κ ȣƮ 
  ƴѰ Ѵ. ڽ ý ϵ ö غ ϴ Ͱ
  Ʈũ ٸ 鵵   ȿ  ϱ⸦ ٶ
  κ  ؾ  ̴.  н带  , 
  ȣƮ  Ʈũ  ȭ ۾ ϴ ,   
   ؼ  , ׸   ִٰ ˷ α׷
   üϴ     (local security administrator)
  ӹ Ϻ̴.  ̷ ͵ öϰ ʿ , Ʈũ
  ٴ   ϸ   ⼼   
   Ǳ⵵ Ѵ.

  2.5.2.  Ʈũ .

   ȣƮ ó Ʈũ ȵ ߿ϴ.    ý ,
  л ǻ Ʈũ , ƴϸ ͳ, ƴϸ   õ
  ǻͰ ִ Ʈũ ų -- ϳ ϳ  ý
  ϴٰ    ̴.   ڸ Ʈũ 
  , ȭ ,  ȣ , Ʈũ  
      (rogue),   Ǿ ִ 谡 
  ϴ    Ʈũ  ӹ ̴. ( 2.5.2-1)

     Ʈ ؼ ȭ ۾ ϴ ũ
   ̸,  ȣϷ ϴ  ħڰ 
  ϵ ϴ   ַ Ѵ.

  2.5.3.   ȹ (Security through obscurity)

  "   " ݵ ǵǾ ϴ ȹ ϳ̴.
    -- Ʈ α ̸ "root"  "toor"   --
  "ȥڸ ˸鼭   ȹ"     ʷ 
  ִ. ̷ Ӿ ȹ ڰ    Ͼ ǽġ
  .    Ʈ  ִؼ, Ȥ  ˷ 
  ʴٰ ؼ   ִ Ϳ ħڰ ̸  
  ̶  ݹ̴.   ȣϴ ΰ  ׸鿡
  ٷڴ.

  2.6.    .

    ׸  Ҵ.   ׸    
  ̽  ٷ. ù° " " ׸ 迡   
     ٷ.  °  ý  ڷκ
  ȣ ΰ ٷ. ° "ϰ Ͻý "
  Ͻý ϰ  㰡   ΰ ٷ.
  "н Ȱ ȣȭ" ȣȭ  ؼ  
  ǻͿ Ʈũ ȣ ΰ ٷ. "Ŀ "  Ŀ
  ɼ ġؾϰ,  ɼ ˾Ƶξ ϴ ڴ. "Ʈũ
  "   ý Ʈũ κ  ȣ
  ΰ ٷ. "¶   غ"  ý ϱ 
   غؾ ϴ° ٷ.   ý ħ ݵǰ ִ
  Ȳ̰ų  ħ ߰ߵ Ŀ   ΰ ٷ.
  ׸  ٸ  ڷ  ̰, δ FAQ,
  ׸ ı⸦ ڴ.

    д ߿ ο   :

     ý ľ  . /var/log/messages  ý 
     (log) Ȯϸ, ýۿ Ǹ ε ϰ

    ° ׻   Ʈ ġϵ ϸ,  
       ̿ °  ġ ϴ  ý ֽ
     · ϵ  ̴.  ̷Ը ص ý  
     ȭ Ǵ Ϳ   ̴.

  3.   .

  ο ξ  ù "" ǻ  ̴.  ǻ
  ü     ִ°? ׷ ʿ䰡 ִ ΰ? ýۿ
       ִ ?  ׷ ʿ䰡 ִ°?

   ýۿ     ʿ Ȳ 꿡
   ſ ٸ.

    ٸ ( ̵̳  ģô ǻ͸
  ǵ帮 ϵ ϱ ؾ߰) Ư  ȿ Ű 
  ʿ  ̴. ǿ ٸ ȿ   Ű  
  ڵ ۾   Ǿ Ѵ.    
  ׸   ̴.  繫ǿ   ߰ų ڸ
    ǻͿ  ϵ ؾ ϰų Ȥ ׷ 
  쵵 ִ.   ȸ翡 ǻ ܼ  ä ġ δ
  ͸ε ذ  ȴ.

   Ŵ ڹ質 罽, ĳ ״ ,  ġ 
  翬    и  ,   
  ̴. :)

  3.1.  ǻ 

    ǻ ̽鿡 ""  ִ.   ġ 밳
  質 ü  踦 ̿ؼ װų Ǯ Ǿ ִ.   ġ
  ׸ ٸ   pc İų, ̽  
  ϵ ϰų İ ϵ   ִ.   ٸ 
  ڽŵ ÷ǳ ٸ ϵ Ʈ ϵ   ִ.

  ̷ ̽  ġ Ӵ  ̽  
  ٸ  Ѵ.  PC ̽ ()  Ѵٸ
  ̽   ϵ  ֱ⵵ ϴ.   PC
  ο Ű峪 콺    Ǿִ.  Ӵ
  ̽  ϵ ϶. ̷  ġ 밳 ſ 
   ڹ  Ƿ ִ ڿԴ , Ȳ
  󼭴    ̴.

   ̽ (ַ Ű )  (dongle) ־ ڰ
  ٷ    ִ. ̷   ħڰ ü ο 
    ,  ų ̽ ıؾ  Ѵ.  ۿ
  ڹ踦 ä ͸ε ǻ͸ ġ 鿡Դ 
  ֹ   ִ.

  3.2.  ̿ 

  ̿(BIOS) x86 CPU  ϴ ϵ ϴ  
   Ʈ.  γ    Ʈ α׷ 
   Ű  ̿ ؼ Ѵ.   ư
  ٸ ϵ ̿  Ʈ ִ. (ư  
  ǻ OpenFirmware, sun boot prom )  ̷ ̿ 
  ħڰ ϴ  Ἥ  ý ϴ  
  ؼ   ִ.

   , PC ̿ Ʈ н带   ֵ Ǿ ִ.
  ̷ ɵ   Ѵٰ    (̿
  ½ų  ְ, ̽   ִٸ ƿ    ִ),
   ֹ    ̴.( , ð ɸ ̰,
   Ű ´)

   x86 ̿ ̹ۿ پϰ Ǹ   ɵ
  Ѵ.    ִ ̿ Ŵ Ȯϰų  
   ̿  ڼ  ٶ.    ÷ ̺
    ϰ ϰų Ư ̿ ɿ ϱ ؼ
  н带 Էϵ ϴ     ִ.

  ſ ư ,  ÿ н带  EEPROM
    ִ. ħ ӵ    ̴.

  : Ȥ  ӽſ Ʈ н带 ߴٸ,  ־߸
   ϴٴ  ؾ Ѵ. ߿  Ǹ ٽ ƿͼ
  н带 Էؾ Ѵ. ;(

  3.3.  Boot loader 

     Ʈ δ  н带   ִ.  θ
  ٸ "restricted" "password"  κ 캸 ϶.
  "password"   н带 ϴ ̰, "restricted"
  'lilo:' Ʈ (single ) Ư ɼ ԷµǴ 쿡 
   ʵ ϴ ̴.

  ϴ н ϰ  н  ؾ Ѵٴ 
  ϶. :) ƿ﷯ н , ħϰڴٰ   
  ħ 쿡, ð ִ ҹۿ Ѵٴ  ؾ
  Ѵ.   δ ÷Ƿ  ؼ  Ʈ Ƽ Ʈϴ
     .   Ʈ δ  ̿Ѵٸ, ̿
  ÷ Ʈ ɼ  ̿ н带 ɾ  
   ϴ   ̴.

  Ȥ ٸ Ʈ δ    ƴ  ִٸ ڿ
  ˷ֱ ٶ (grub, silo, milo, linload ).

  3.4.  xlock vlock

   ǻ   ٸ, ٸ   ۾
  ų  ϵ ܼ ""  ִ  . ̷
   ִ   α׷ xlock vlock̴.

  xlock X  ȭ Ѵ.  α׷ X ϴ 
    ִ.  Ϲ  ϴ ܸ ƹ
  xterm xlock ų  , ϴ Ǹ ȭ
  Ǹ鼭  н尡 ԷµǾ  ȭ Է  ·
  ǵ  ְ ȴ.   ڼ ɼ ش man  ãƺ
  ϶.

  vlock   ܸ Ϻγ θ   ֵ ϴ 
  α׷̴.    ܸ   ۾  ϳ  
   ִµ, ̷ Ǹ ٸ  ͼ ٸ ܸ  
  ,  ۾ ̴  ܸ  ϱ  
    ȴ.   vlock   , 
  ϴ    ִ.

   ܸ⸦ ν  ۾  ϴ  
   ְ ǻ͸ ٽ  Űų ۾ ߴܽѹ 
    .     Ʈũ  ٸ ǻ͸ ؼ
   ǻͿ  Ű    .

  3.5.    ļ 

   ؾ  ֿ켱   ǻͰ  õǾ°
  ̴.   ߰ϰ  ü̱  ǻͰ 
  Ǿ߸ ϴ  ü ׷̵峪 ϵ ü  ؼ
  õ ̴.     ʾҴµ ǻͰ
  õǾٸ, 溸   ϶.  ǻͿ ħϴ 
  ߿ ǻ͸ ýŰų   ϴ  ʿ 
  Ƿ.

  ǻ ̽  ֺ    ִ Ȯϵ Ѵ.
   쿡 ħڵ α Ͽ (log file:  ) ڽ
   , ׷ α  θ  캸 ߳
  ġ  Ǵ  .  α Ͽ Ȯؾ   
  .

    ªų ҿ .

    ̻ ð (timestamp)  .

    ߸ 㰡̳   .

    ̳  ۿ  .

     .

    su ϰ ̻ κ  .

  ý  Ϳ ؼ ڿ ϰڴ.

  4.   .

   ָؾ    (local user) ݿ 
  ̴.  ڰ  __ ڵ̶ ߴٴµ ָϱ
  ٶ.

      ̾߸ ýۿ ħϰ ϴ
     õϴ   ϳ.   ڵ鿡 
   ϸ, ħڰ   ׵ ý ϴ 
   ̿ؼ, ׵  ִ Ϲ    (root)
   "׷̵"   ִ.   ڵ鿡  
  öϸ پѾ   ϳ ֹ ħڵ鿡  ְ Ǵ
  ̴.

   ¥ ڰ ƴ϶ ص (Ư ¥ 쿡)  ڵ
   ý    ִ.  𸣰ų  
  𸣴   ִ  ſ   ̴.

  4.1.  ο  

  ڿ    ۾  ּ Ѹ οϵ
  ؾ Ѵ.     Ƶ鿡  شٸ,  μ ׸
  α׷   ־ ϸ,   ƴ ͸  
    ؾ Ѵ.

  ٸ 鿡    Ϸ  , ο θ 
   Ģ ִ.

    ڵ鿡 ʿ ϴ ּ Ѹ ش.

    ڵ / α ϴ Ȥ α ؾ ϴ ˾ƾ
     Ѵ.

     ʿ䰡 ٸ   ϰ  
     Ȯ϶.

  ħԿ Ǵ       Ȥ   ̻
   ʰ ִ ͵̴. ƹ ϰ  ʱ  ̷
   ֻ   ȴ.

  4.2.  Ʈ 

  迡  ߱Ǵ   (root)̴.   
  ü   , Ʈũ ִ ٸ 迡   
  ֱ⵵ ϴ.  Ʈ  ſ ª Ư ۾  ϸ,
   ڽŵ ÿ Ϲ ڿ  Ἥ ϴ 
  ٴ  ؾ Ѵ.  ׻ Ʈ ۾ ϴ  ſ, ,
  ¥  ̴.

  Ʈ ۾ϴٰ ڽ ǻ͸ ׹   ϱ 
     ִ.

        켱 ı   ϶.
     ϵ ī带   쿡 Ư ؾѴ.    "rm
     foo*.bak" ϱ   "ls foo*.bak" ؼ 
      ϴ ϵ鸸  Ǵ Ȯؾ Ѵ. ı
       ڸ  ͵ δ  ̴.

      "touch /-i"    ȴٰ Ѵ.  
      "rm -rf /"    ,   ϵ 
      ǹ ϴ ̴.

    Ư ۾ ϱ ؼ Ʈ ǵ ϶.    ϴ
      ˰ ʹٸ, Ʈ ڰ ž߸ ϴ ۾ 
     Ȯŵ  Ϲ ڿ  ư ϶.

    Ʈ ڸǵ н (command path) ſ ߿ϴ.  PATH ȯ
      (PATH environment variable) ϴ ڸǵ н 
     α׷ ã Ҹ ش. Ʈ ڸǵ н  ̸
      ̵ ϰ, " 丮" ϴ "." PATH
      Ե ʵ ؾ Ѵ.  ( 4.2-1)  ٿ, 
     н Ⱑ  丮 (writable directory) ԵǸ
     ȵȴ  ڰ  丮  ϰų ο
        ְ,     쿡
     ڰ Ʈ  ϰ Ǳ ̴.

    Ʈ    (r-ƿƼ Ҹ)
     rlogin/rsh/rexec   ϸ ȵȴ. ̰͵ 
     ""  ̸, Ʈ ⿡   ͵̴.
      Ʈ .rhosts   ƾ Ѵ.

    /etc/security Ͽ Ʈ   ִ ͹̳ε ִ.
     ( )   ܼ (local virtual consoles: vtys)
      ⺻   ִ. ٸ ͵  ʵ ؾ
     Ѵ. ʿϴٸ  ֿܼ Ϲ    Ŀ
     (ϴٸ ssh ٸ ȣȭ ä ؼ) "su"  
     Ƿ, Ʈ   ʿ  .

    Ʈμ ۾    ϰ ϰ ൿ϶.
      ϴ ൿ  ͵鿡    ִ.  
     Ŀ  ε!

  ( )   ڰ   ؾ 
   Ȯ ʿ䰡      ִ    ִ.
  sudo ڰ ڽ н带 Ἥ Ʈ    ѵ
     ֵ ش.   ý ڰ
  sudo ̿ؼ -- Ʈμ ٸ Ư  Ͼ -- õ̳
   𸶿Ʈϰų Ʈϴ  ϵ   ִ.  sudo
   --   ,  ϱ  ߴ   ִ
  -- sudo  õ     (α Ϸ) ۼȴ.
  ׷  Ʈ ٱ      
    ֵ sudo  ϴ  .

   sudo Ư ڿ Ư ۾  ѵ Ư , 
      ִ.  ̰ --  ŸƮϰų  ڸ
  ϴ  -- ѵ ۾ ϴ Ϳ  Ǿ Ѵ. sudo
  ڰ   ȸ ִ α׷ Ἥ Ʈ  
   ִ.  κ Ͱ ̷ α׷鿡 Եȴ.  ,
  /bin/cat  ߰; α׷ Ἥ --   
   -- Ʈ ħŻ  ִ. sudo åӼ   
  ϵ ϰ, Ʈ ڸ ȣϴ ҷδ  ʵ .

  5.  ϰ Ͻý 

  ý ¶  ,    غ ȹ  ý۰
  ͸ ȣϴ Ϳ ū    ִ.

    SUID/SGID  Ȩ 丮     .
     Ʈ ƴ ٸ ڵ   ִ (writable) Ƽǿ
     /etc/fstab "nosuid" ɼ  Ѵ.  ʿ  ϴ
     --  α׷  ϸ,  ̽  ϵ --
     /var ؼ,  Ȩ Ƽǿ "nodev" "noexec" 
     Ѵ.

     NFS Ἥ  Ͻý Ʈũ Ѵٸ,
     /etc/exports ִѵ ϵ ϵ Ѵ. ̰
     ϵī带  ϴ Ͱ, Ʈ   (root write
     access)  ʴ Ͱ, ϸ б 븸 Ʈϴ 
     ǹѴ.

       umask  ѵ  Ѵ. 
     ̴  022, 033 ׸   077̸ /etc/profile
     ´.

    ⺻  "" ƴ ٸ  Ͻý  Ѵ.
     ڿ  PAM  /etc/pam.d/limits.comf μ 
      ġ   ִ.  , "users" ׷ 
         ִ.

       @users     hard  core    0
       @users     hard  nproc   50
       @users     hard  rss     5000

    ھ   ϸ, μ  50 ϸ,
      ޸  5 ް  Ѵ.

    /var/log/wtmp /var/rin/utmp ϵ ý   
       ִ. ̰ ڰ (Ȥ  ħڰ) ,
      ýۿ Դ° ϴµ   ֱ  
     ϵ  ö Ǿ߸ ȴ.   ý ۵
      ִ 찡   644 㰡  ־ Ѵ.

    ȣǾ߸ ϴ ϵ  ų  찡 
     ϱ ؼ ̹Ÿ Ʈ(immutable bit: Һ Ʈ:  )
       ִ.     Ͽ -- /etc/passwd
     /etc/shadow     ᰡ Ǵ, -- ɺ
     ũ   Ѵ.  ̹Ÿ Ʈ  ߰ 
     chattr(1) man  ϵ  .

    SUID SGID    ̸ öϰ õǾ 
     Ѵ.   α׷    ڿ Ư  ֱ
     , ȿ Ҿ Ҹ ִ α׷ ġǴ  
     ؾ Ѵ. ũĿ ϴ Ʈ ϳ SUID "Ʈ"
     α׷ ħŻϰ  Ŀ --    Ŀ --
     SUID α׷  ޹ ؼ  ̴.

      ýۿ ִ  SUDI/SGID ãƳ, װ͵ 
     μ -- ħڸ ǹ  ִ--   ȭ
       ֵ Ѵ.   ɾ ϸ ýۿ ִ 
     SUID/SGID α׷ ãƳ  ִ.

       root#  find / -type f \( -perm -04000 -o -perm -02000 \)

  chmod(1) ϸ ǽ½ α׷ SUID SGID 㰡
     ְ, ߿ Ȯϰ ʿ  ٽ ٲ
    ִ.

     ũĿ  ýۿ  Եǰ -- Ư ý
     ̳ --  Ÿ(World-writable) ϵ   ְ
     Ǹ ɰ   ϰ ȴ. ٿ -- ũĿ
       ̰ų   ְ ǹǷ -- -Ÿ
     丮  ̴.   Ÿ  θ ã ؼ
      ɾ Ѵ.

       root# find / -perm -2 -print

  ׸  ϵ  "  (Ÿ)" Ǿ ִ
  ݵ ˵ Ѵ.   ־, /dev Ϻο ɺ
  ũ   ϵ Ÿ Ǿ  ̴.

    Ҽ ϵ  ħڰ ýۿ Դٴ ¡  ִ.
      ų ׷쿡 ҼӵǾ   ϵ  ɾ
      ãƳ  ִ.

       root# find / -nouser -o -nogroup -print

    Ʈ ȣƮ (.rhosts) ϵ   ȵǴ ̱
     , ̰͵ ã  ý  ӹ Ϻΰ Ǿ߸
     Ѵ.   ũĿ  Ʈũ ħϱ ؼ 
       Ҿ  ʿ ̶ ̴.  ý 
     Ʈ ȣƮ ϵ  ɾ ã  ִ.

       root# find /home -name .rhosts -print

     ý  㰡 ٲٱ ,  ϰ ִ
      Ȯ ϵ Ѵ. ܼ ۵  
     㰡 ٲٴ   ؾ Ѵ. 㰡 ٲٱ  
      ̷ 㰡  ִ ˵ ؾ Ѵ.

  5.1.  umask 

  umask ɾ ý    㰡 ⺻  ϱ
  ؼ ȴ. umask Ϸ     (Octal
  Complement) Ѵ.  ( 5.1-1)  㰡 ⺻   
  ¿    ȴٸ, ڰ 𸣴 ̿ 㰡
   ȵǴ  б  㰡 ְ   ִ.
  Ϲ umask  022. 027, ׸   077  ִ.
  umask Ϲ /etc/profile ǰ, ý  ڿ
  ȴ.  μ      ִ.

       # Set the user's default umask
       umask 033

  Ʈ umask  077 ؼ ٸ ڰ --chmod(1) Ἥ ѷ
  ϸ ٲ ʴ  -- а     

   ٸ --  ڿ ׷ ID   (User Private
  Groups) ٴ  Ͽ -- umask 002 . ⺻  
  ׷   ڷ Ǿֱ ̴.

  5.2.   㰡 (File Permissions)

  ý   Ǹ  ڳ ׷ ý  Ƿ
  ϴ   ϴ  ߿ϴ.

  н ϰ Ͽ    owner, group, ׸
  other   Ư Ѵ.  Ȯ ϳ 
  (owner) ϸ, ׷    , 
  ڵ other ȴ.

  н 㰡ǿ  ª .

   (Ownership) -  ڳ ׷    㰡ǿ
      ִ  Ѵ.

  㰡 (permission) - Ư   ϵ ְų
    ִ Ʈ. 丮  㰡 Ͽ  㰡ǰ
  ٸ ǹ̸   ִ.

  б 㰡 (read):

        ִ  ϴ.

    丮 д  ϴ.

   㰡 (write):

    Ͽ ų  ϴ  ϴ.

    丮 ִ  ų ̴  ϴ.

   㰡(Execute):

     α׷ (binary)̳  ũƮ   ִ.

    б 㰡  , 丮 Žϴ  ϴ.

     SAVE ؽƮ ƮƮ: (丮)
        ƽŰ Ʈ (sticky bit) 丮 ؼ   ٸ
          ȴ. 丮 ƽŰ Ʈ   ڴ
        --  ڰ 丮 Ϲ  㰡 ִ --
         ְų Ȯϰ  㰡     
        ְ ȴ. ̰ /tmp  --  Ÿ̸鼭 Ϲ
        ڰ      --  丮 
        .  ƽŰ Ʈ  丮  (ls -l) "t"
        ǥõȴ.

     SUID ƮƮ (Ͽ)
        ̰  set-user-id 㰡   ȴ. 
        㰡ǿ set-user-id  尡  --׸  
         ̶--   ϴ μ μ
         ڰ   ִ ý ҽ   ִ 
        οȴ. ̰ " ÷ο (buffer overflow:  
        )" ϴ  ħŻ  .

     SGID ƮƮ (Ͽ)
        ׷ 㰡ǿ  쿡  Ʈ "set-group-id" ϰ
        ȴ. ̰ ׷  ޴´ٴ  Ѵٸ SUID 
         ϴ ̴.      ϵ
        ǵǾ Ѵ.

     SGID ƮƮ (丮)
         SGID 丮 ϸ ("chmod g+s 丮" ), 
        丮  ϵ 丮  ׷  ⺻ ׷
          ȴ.

        -   (owner)

  ׷        -  ԵǾ ִ ׷ (group)

     -  ڳ   ׷쿡  
    (other)

   

       -rw-r--r--  1 kevin  users         114 Aug 28  1997 .zlogin
       1 Ʈ  (-) 丮ΰ?     (ƴϴ)
       2 Ʈ  (r) ڿ б?  (ִ.  ɺ   ִ)
       3 Ʈ  (w) ڰ ? (.  ɺ   ִ)
       4 Ʈ  (-) ڿ ?  ()
       5 Ʈ  (r) ׷쿡 б?    (ִ.  users ׷)
       6 Ʈ  (-)  ׷쿡 ?   ()
       7 Ʈ  (-) ׷쿡 ?    ()
       8 Ʈ  (r)  ̿ б?  (ִ.  ̰   ִ)
       9 Ʈ  (-)   ?  ()
       10 Ʈ (-)  ̿ ?  ()

  ʿ ŭ ּ 㰡 ο ⸦ Ҵ.   ū
  㰡 ִ  ,  ۾ ּѵ 
   д.

       -r--------   б 㰡 Ͽ ִ.
       --w-------  ڰ  ϰų   ִ.
       ---x------  ڰ  (α׷)   , бǵ ־
       Ǵ  ũƮ  Ѵ.
       ---s------  Ǽ  ID ڶ   ִ. (setuid )
       -------s--  Ǽ  ID ׷̶   ִ. (setgid )
       -rw------T  "ֱ ٲ ð (last modified time)"  ŵ ʴ´.
          ȴ.
       ---t------   ( ƽŰ Ʈ)

  丮 

  drwxr-xr-x  3 kevin  users         512 Sep 19 13:47 .public_html/
  1 Ʈ  (d) 丮ΰ?   (׷.     ִ)
  2 Ʈ  (r)  б?  (ִ. ɺ)
  3 Ʈ  (w)  ? (ִ. ɺ)
  4 Ʈ  (x)  ? (ִ. ɺ)
  5 Ʈ  (r) ׷ б?  (ִ. users ׷)
  6 Ʈ  (-) ׷ ?  ()
  7 Ʈ  (x) ׷ ?  (ִ. users ׷)
  8 Ʈ  (r) ٸ  б? (ִ. ƹ   ִ)
  9 Ʈ  (-) ٸ  ? ()
  10 Ʈ (x) ٸ  ? (ִ. ƹ   ִ)

  ּ 㰡   ̴.  ⿡ Ǿ ִ  
  㰡  ִ  , Ʒ ϴ  ּѵ
  ʿϴ.

       dr--------     ,  ƮƮ   Եȴ.
       d--x------  丮  н (path) ־   ִ.
       dr-x------   ƮƮ  ڿ ؼ   ִ.
       d-wx------  丮  ġ  ʾƵ     ִ.
       d------x-t     ٸ ڵ  Ժη  
                   ´. /tmp 丮 ȴ.
       d---s--s--  ƹ ۿ  ʴ´.  (SUID SGID )

  ( /etc ȿ ִ) ý   (system configuration
  files) 640 ̸鼭 ÿ Ʈ  Ǿ ִ. ( 5.2-2)
   Ʈ  ʿ信  ٲٸ ȴ. ý  
  ٸ  ׷̳    ֵ ϸ ȵȴ.  /etc/shadow
   ý  Ϻδ Ʈ б 㰡  ϰ, /etc
   丮 ٸ ̵  ϵ ؾ Ѵ.

     SUID  ũƮ.
        SUID  ũƮ ɰ  ̸, ׷  
        Ŀ ޾Ƶ ʵ Ǿִ.   󸶳 
        ũƮ ϴٰ  ϴ , ̰ ũĿ Ʈ
         ִ ħŻ    ִ.

  5.3.  Ʈ̾ (tripwire: ڼ)  ϰἺ ˻.

  Ʈ̾  ϰἺ (Integrity)  ˻  ϴ 
   ڿ  (׸ Ʈũ )  Žس ſ
   ̴.  Ʈ̾ ߿  ϵ  ϵ ý
  (checksum)  ؼ    ͺ̽ Ѵ.
  Ͽ ȭ  ǥð  ̴. Ʈ̾ ,
  ÷ǷƮ̾ ġϰ,    ؼ   .
  ̷   ħڴ Ʈ̾  ų ͺ̽
  ٲ ϰ ȴ.  ϴ Ʈ̾   ġ, ϻ 
   ӹ Ϻκ ϴ  .

  Ʈ̾   ÷ǿ  ħ Ϸ  ޵
    ũ   ִ.

  # set mailto
  MAILTO=kevin
  # run tripwire
  15 05 * * * root /usr/local/adm/tcheck/tripwire

  ̿  ϸ  ħ 5:15am Ʈ   ̴.

  Ʈ̾ ħڸ  ġä ξ  ˷ִ 
  簡   ִ.  Ϲ ý ȿ   ׽
  ٲǷ     ΰ, ƴϸ ũĿ ൿΰ
  ľϴ Ϳ  ϵ Ѵ.

  5.4.  Ʈ 

  Ʈ 񸶴 ȣ  ǰ   å Ե
  ̸̴.  ׷ ̴  α׷̳   ε
  , ٸ  װ ٿ ޾Ƽ Ʈμ  Ѵ. ׷
  Ŀ ڰ Ű  ʴ ƴ Ÿ ý  
  ̴.  ޾ƿ   ڰ ʿ ߴ  
  Ѵٰ ϴ ̿ -- ׷ ô ϱ⵵ Ѵ-- δ
     ̴.

   ǻͿ  α׷ ġϿ  ǵ ؾ
  Ѵ.   RPM Ͽ ؼ MD5 ý PGP ñ״縦
  ϹǷ, ġϰ ִ α׷ ¥ Ȯ  ִ. ٸ
     . ҽ ְų  ˷  ƴ ,
    ϵ Ʈμ Ǿ  ȴ!  Ϲ  
  縦   ֵ ҽ  ũĿ ٽ ϹǷ.

    , α׷ ҽ ǰ  ҿ Դ
  Ȯϵ ϶. α׷ Ʈ  Ȳ̶  ̳
     ҽ Ⱦ Ȯϵ ؾ Ѵ.

  6.  н Ȱ ȣȭ (encryption)

  ȣ ó ̰ ִ  ߿    ϳ. ܴϰ
     н带   пԳ 
  ڵ鿡Գ ߿ ̴.       
  ִ н    ִ 'passwd' α׷ ϰ
  ִ.  passwd α׷ ̷ Ư  ִ ֽ
  Ȯϵ ϶.

  ȣȭ         , Ұ
   ؾ߰ڴ. ȣȭ ſ ϸ,   ô뿡
  ʼ̱ ϴ.  ڷḦ ȣȭϴ    ,
    Ư ִ.

  κ н 迭 ( ܰ ƴϴ) DES (Data Encryption
  Standard) ϴ ܹ ȣȭ  (one-way encryption
  algorithm) ؼ н带 ȣȭѴ. ̷ ȣȭ
  н () /etc/passwd (ƴϸ  ϰԴ) /etc/shadow 
  ȴ.   α Ϸ õ   Է 
  ȣó ǰ  ó  passwd    񱳰 ǰ ȴ.
   ġϸ  н иϹǷ  㰡ȴ. 
  DES (´ Ű Ǿٴ  Ͽ --  Ű ȣȭߴٰ
  ٽ ȣȭ ϹǷ)  ȣȭ  (two-way encryption
  algorithm)̱  κ н 迭   DES
  ܹ ̴. ̰ etc/passwd (Ȥ /etc/shadow) ȣȭ 
  (ߩ)ؼ  н    ϸ ȵȴٴ
  ̴.

   н忡  Ұ  ʴٸ crack̳ John the
  ripper (Ʒ )  θƮ  ݿ (brute force attack) 
  н带  ϴ 찡   ִ. PAM   н忡
  (MD5 ) ٸ ȣȭ    ְ  ش (Ʒ ). 
  н带   ؼ
  http://consult.cern.ch/writeup/security/security_3.html  
    ִ.

  6.1.  PGP   ȣ (Public Key Cryptography)

  PGP  ǰ ִ   ȣ ϳ  ȣȭϰ
   ٸ  ȣȭ ϴ (  踦 ) ȣ .
   ȣ  ϳ  ȣȭ ȣȭ  
  óؿԴ.  ( ) " " (ȣȭϴ ʰ ȣȭϴ
  )    ־ ߰,  ε  ϸ鼭 
  ʿ ٸ  ޵Ǿ ߴ.

    ȣ --      ٸ 踦
  ν -- 踦  ϸ鼭 ؾ  ߴ ʿ伺
  ٿ־.       ȣȭ   ֵ
  ǰ ̿ ϴ -- ȣȭ  --    
  Ѵ.

    ȣ   ȣ   ְ, 
   ׸  κп  RSA FAQ о ٶ.

   PGP (Pretty Good Privacy)  ش.  2.6.2 5.0 
  δٰ ˷ ִ. PGP  ⺻ ȳ  ˰ 
  PGP FAQ б ٶ.
  (http://www.pgp.com/service/export/faq/55faq.cgi) ̱ δ 
  ȣ    ϰ ְ, ̰  ü ؼ
  ϴ  "  ġ" ϰ Ƿ,   ´
   ϵ ϶.{{}} ( 6.1-1)

  http://mercury.chem.pitt.edu/~angel/LinuxFocus/English/November1997/article7.html
   PGP ġϴ ڼ  ִ.  ο 
   ġ ؼ ٿ Ǵµ,
  ftp://sunsite.unc.edu/pub/Linux/apps/crypto   ִ.

  http://www.rsa.com/rsalabs/newfaq/ ִ RSA FAQ   
    ִ. ⿡ "-﷥ (Diffie-Hellamn)", " 
  ȣ (public-key cryptography)", "  (Digital
  Certificates)"        ̴. ( 6.1-2)

  6.2.  SSL, S-HTTP, HTTPS ׸ S/MIME

  ڵ     (secure protocol) ȣȭ
   (encryption protocol) ؼ  ٸ ΰ, ׸
     ؼ  ´.     ȣ 
    ƴ,  ̰, 𿡼    
  ִ ؼ  ϴ    .

    SSL: - SSL, Ȥ ť  ̾ (Secure Sockets Layer) ͳ
     󿡼  ؼ ݽ 翡  ̸
     Ŭ̾Ʈ/  δ. SSL ƮƮ ̾
     ۵Ǹ --   ͵    ʵ 
     ۾󿡼 ȣȭϴ -- ϸ ȣȭ ŷ(:
     channel)  ش. SSL  ݽ Ŀ´ (Ȥ
     ) ť Ʈ        
     -- ݽ   ũ  -- Ŀ´͸
     ̿   (secure communication) ʷ δ.
     http://www.consensus.com/security/ssl-talk-faq.html  ߰
        ִ. ( 6.2-1) ݽ ȸ ٸ  
      http://home.netscape.com/info/security-doc.html  ִ.

    S-HTTP: - S-HTTP ͳ 󿡼  ϴ  ٸ 
     ̴.      (multiple key management
     mechanisms) ϸ, ͸ ְ޴    ȣ
       (cryptographic algorithm) ġ ɼ  ؼ
     ϴ ÿ, м (confidentiality),  (authenticity),
      (integrity:  Ἲ), ۽    (non-
     repudiability)   ش.  S-HTTP  㰡 Ư
     Ʈ   ǵ ѵǾ , ȣȭ 
     ͸κ κ ߶ () ȣȭ ش.  [RSA
     cryptography FAQ, page 133]  ( 6.2-2)

    S/MIME: - S/MIME (Secure Multipurpose Internet Mail Extension)
     ڿ̳ ͳ  ޽ ȣȭϱ  ũ
     ̴.  RSA   ̴ ŭ,  
       ־ Ѵ.  S/MIME  ߰ 
     http://home.netscape.com/assist/security/smime/overview.html
       ִ.

  6.3.   X-Ŀ IPSEC 

  CIPE  ٸ   ũ ؼ,  IPSEC
    ִ.  IPSEC IETF , ȣ  
    ִ ſ ,  (integrity),  ,
  м   ִ ǰ̴.  IPSEC   ͳ 巡Ʈ
   http://www.ietf.org/html.charters/ipsec-charter.html 
   ִ.  ⿡     ٸ ݿ  ũ
  IPSEC ϸ Ʈ, ׸ ϸ Ʈ ī̺  ã 
  ִ.

  ָ п ϰ ִ "x-Ŀ"̶   
  Ʈũ  ϴ Ʈ-̽ ӿũ̴.
  http://www.cs.arizona.edu/xkernel/hpcc-blue/linux.html  
  ִ. x-Ŀ ޽ Ŀ  Ŵμ   
  ǵ  ش.

  ٸ  ȣȭ  --   ġ  -- ⺻
   Ե ʴ´.

  6.4.  ť  SSH ڳ

  SSH ڳ  ý  ϸ鼭 ȣȭ Ŀؼ 
   α׷̴.

  SSH rlogin, rsh, ׸ rcp    ִ  ü ִ
  α׷ ġ.   ȣƮ  ȣȭ   ؼ
    ȣ  Ѵ.  ̰ ߰ν (man-in-the-
  middle attack: session hijacking) DNS Ǫε ϸ鼭, 
  ȣƮ αϰų ȣƮ ͸ ϴ 쿡  
  ִ. ( 6.4-1)  ÿ   ϸ, ȣƮ X11
   ȭ ش.  SSH Ȩ  http://www.cs.hut.fi/ssh/
    ִ.

   콺 ũ̼ǿ   SSH SSH  
    ִ. 콺 Ŭ̾Ʈ  ǰ ,
  http://guardian.htu.tuwien.ac.at/therapy/ssh/ ̰, ο콺
  ( )   ǰ http://www.datafellows.com ִ.

  SSLeay -- ť ڳ, ġ ,   ͺ̽, DES
  IDEA ׸ ҷοǽ (Blowfish)   ˰  --
  ݽ SSL ̴. ( 6.4-2)
  ڳݽ Ż󿡼 ȣȭ  ִ ڳ üǰ  ̺귯
  ؼ  ִ. ڳ SSHʹ ޸ ݽ  SSL
  (Secure Sockets Layer) Ѵ.
  http://www.psy.uq.oz.au/~ftp/Crypto/ ִ SSLeay FAQ о
  ť ڳݰ ť FTP   ã  ִ.

  6.5.  PAM -    (Pluggable Authentication Modules)

  ο  ޿ "PAM"̶ ϵ   ִ.
  PAM --    ٽ  ʿ䰡  --
  ,  ,   ĸ ó (encapsulate)  
   ٲٰ  ش.  PAM ĸȭ     
  , PAM  Ʈ   ⸦ Ѵ.
  http://www.kernel.org/pub/linux/libs/pam/index.html

  PAM   ִ       Ʒ .

    н忡  (ު) DES ȣȭ  .  (н带 θƮ 
      Ἥ Ǯ  ư ȴ)

    ڵ   ִ (μ , ޸  ) ڿ
     ϴ  Ἥ  źν  (Denial of Service: 
     DoS) ϵ Ѵ.

    н带  н ߴ     ֵ Ѵ.
     (Ʒ )

    Ư ڰ Ư ð Ư ҿ α  ֵ
      ϴ  ϴ.

  ý ġϰ ϱ    ð ,  õ
     ִ.  , ħǥ  rhosts  ý
  ü  Ȩ 丮 ϴ   ؼ 
  /etc/pam.d/login PAM ؼ   ִ.

       #
       # Disable rsh/rlogin/rexec for users
       #
       login auth required pam_rhosts_auth.so no_rhosts

  6.6.  ȣ  IP ĸ̼ (Cryptographic IP Encapsula
  tion :CIPE)

   Ʈ   -- ͳ  --  Ŷ Ʈũ
    Ʈũ (¥ ޽ , Ʈ м 
  κ) ȣϱ   ϴ ̴.

  CIPE ͸ Ʈũ ؿ ȣȭѴ.  Ʈũ ȣƮ
  ̿ ƴٴϴ Ŷ ȣȭȴ.  ȣȭ  Ŷ
  ְ޴ ̹ ó ġѴ.

  ̰ -- ؿ ͸  ȣȭ ϴ-- SSHʹ
  ٸ ̴.

  CIPE --  Ʈũ ϱ ؼ-- ͳθ  
  ִ.  Ʒ  (Low-level) ȣȭ -- ø̼
  Ʈ  ʿ䰡  -- VPN Ǿ ִ  Ʈũ
  ̿ ϰ ۵ǵ    ִ  ִ.

  CIPE Ͽ  :

  IPSEC  (ٸ ϵ ) ȣȭ VPN  ؼ  
  ִ   Ѵ. ݴ,  ɼ  ִ
  IPSEC δ  ̸鼭 ϸ, ־  θ
  ϴ   幰鼭, (  )   
  Ϻ ذǾ  ʴ.  CIPE     ϴµ,
  ʱ  ÿ Ķ  ( ϰ ϴ ũ
   ϴ )  ǿ      ִ.  ̰
  ź  ϱ ,  (׸,  , 
  ׸   ִ ) ɷ  ϰ  ش.

    ϸ   .
  http://www.inka.de/~bigred/devel/cipe.html

  ٸ ũ׶   ̰͵,   ġ ,
  Ŀڰ Բ  ʴ´.

  6.7.  Ŀν.(Kerberos)

  Ŀν MIT ׳ Ʈ Ʒ ߵ  ̴.
  ڰ  , Ŀν (н带 ؼ) ڸ
  ϰ, Ʈũ   ϴ  ȣƮ鿡 
   ź ִ  Ѵ.

    Ʈ α (rhost) α׷  ؼ н 
  ڰ ٸ ȣƮ (.rhost  ؼ)    ֵ 
  ش.    ,   (߼) ¥ ƴ 
  ϴ ÿ,  Ȯ  ()  ǵ
  ϱ ؼ,  ýۿ    ִ.

  Ŀν  ִ  α׷ ϴ ñ ȿ,
  ڰ ý ӿ ٸ  ô "Ǫ"   ִ ɷ
   ֹ  ִ.

  Ŀν  ߰ 
  http://www.veritas.com/common/f/97042301.htm ã  ְ, ڵ
  http://nii.isi.edu/info/kerberos/ ִ.

  [ο:   Ÿ, Ŭ ,    ,
  "Ŀν:  Ʈũ ýۿ  ", 1998 ܿ ػ罺
  ޶󽺿  н ǥȸ ȸ, (Stein, Jennifer G., Clifford
  Neuman, and Jeffrey L. Schiller, "Kerberos: An Authentication Service
  for Open Network Systems."  USENIX Conference Proceedings, Dallas,
  Texas, Winter 1998).]

  6.8.   н

   н ȣȭ н  Ϲ ڵκ з
  ϱ    ̴.  밳 ȣȭ н /etc/passwd
  Ͽ      ֵ Ǿ ִ.   
  н带 س α׷  н带 ˾Ƴ  
  ִ.   н н忡   Ư  ִ
  ڵ鸸   ִ /etc/shadow Ͽ Ѵ.  
  н带 Ϸ, н   ʿ䰡 ִ 
  ƿƼ  н带 ϵ ϵǾ Ȯؾ
  Ѵ.  () PAM  α׷   ʿ  
    Ŵν  н带   ֵ ش.
  ʿϴٸ Shadow-Password-HOWTO   ȴ.  ̰
  http://sunsite.unc.edu/LDP/HOWTO/Shadow-Password-HOWTO.htmlε,
   ణ Ұ, PAM ϴ  ʿ䰡 .

  6.9.  ũ(Crack)    (John the Ripper).

    ־ Passwd α׷     " 
    " н Ģ  Ѵٸ,  ΰ
  н  α׷ Ѽ  ڵ 
  н带  ִ Ȯϴ ͵  ̴.

  н  α׷   ۵Ѵ.   ִ 
  ܾ  ȭ н õѴ.  ܾ ϳ ϳ ȣȭϸ鼭
  ȣȭ н ϴ ̴. ࿡ ġϴ ܾ ãԵǸ,
  ȣ ˾Ƴ ̴.

   н ũ α׷ ִ.  ߿ ˰ Ѿ ϴ 
   ٷ "ũ" "  ",
  (http://www.false.com/security/john/index.html). CPU ð û
  Һ ,  α׷    μ Ȥó
  ڰ ̷ α׷ ؼ ýۿ ħ ɼ ִ
  ˾Ƴ ÿ,  н带  ڵ ãƳ   
    ̴.  ڰ  passwd (н /etc/passwd)
    켱 ٸ  ̿   ־
  ϰ, ̷    ϴ ͺ ξ ϴٴ
   (, passwd  ϴ   ʴٴ ) ؾ Ѵ.

  6.10.  CFS TCFS - ȣȭ  ý۰  ȣȭ  ý.

  CSF ü Ͻý ȣȭϰ ڵ ȣȭ  
  ȣȭ Ͻýۿ   ֵ ִ ̴.  ̰ 
  ǻͿ ۵  NFS  Ѵ. rpm 
  http://www.replay.com/redhat/   ְ,  ۵Ŀ 
   ftp://ftp.research.att.com/dist/mab/  ִ.

  TCSF CFS   ϼ  (ȣȭ/ȣȭ ۾
  ׶忡 ϰ μ) ȣȭ Ͻý  ִ
   忡 ȣȭ/ȣȭ ۾   ʵ  ̴.
  http://edu-gw.dia.unisa.it/tcfs/       ִ.

  6.11.  X11, SVGA ÷ .

  6.11.1.  X11

  ÷  ߿ϴ. ڰ  𸣰 ԷµǴ
  н带 äų,  ũ 󿡼 а ִ ̳
   аų,       ̿ϱ
  ϴ ϵ  ؼ.  û(sniffer) а  ý
   ȣۿ    ֵ ϴ ̶   ִ,
  Ʈũ 󿡼  X  α׷ ൵  õ ̴.

  X    ġ  ִ.    ȣƮ
   ̴.  ÷̾   ִ ȣƮ xhost
  ؼ   ִ.    ƴϴ.  
  ǻͿ   ִٸ, "xhost +׵ ǻ" ɾ
  ؼ    ִ.  ƿ﷯ ӵ   (untrusted
  machine)  ϸ,    ÷̸
  ħŻ  ִ.

  α ؼ xdm(x display manager) ٸ,    
  MIT-MAGIC-COOKIE-1   ִ. 128 Ʈ Ű (cookie)
   .Xauthority Ͽ ȴ.   ǻͿ 
  ÷̿ ϴ   ʿ䰡 ִٸ,  ǻͷκ
  ٸ ϱ  xauth ɰ  .Xauthority Ͽ
  ִ    ִ.
  http://sunsite.unc.edu/LDP/HOWTO/mini/Remote-X-Apps.html ִ
  Remote-X-Apps mini-howto  ϶. ( 6.11.1-1)
   Ǵ X   ؼ ssh( ssh )  
  ִ. ص   ϰ ۵Ǹ鼭, ȣȭ 
  ڷᰡ  Ʈũ  ٴ ʵ ϴ  Ǵ 
  Ƿ.

  X ȿ     ʿϸ Xsecurity Ŵ 
  (man)  ٶ.    xdm Ἥ ֿܼ α
  ϵ ϰ, ssh Ἥ X α׷  Ϸ  Ʈ
   ̴.

  6.11.2.  SVGA

  SVGAlib α׷  ǻͿ ִ   ϵ
    ֵ SUID root  ִ.  ̰ ſ 
  ̴.    α׷ ,   ִ ܼ 츮 ؼ
  ٽ  Ѿ Ѵ.   Ű ִ SVGA α׷
  ǰ, ׸ ּ ̳   ִ ͵ Ȯ϶.  
    SVGA α׷ ƿ Ű ʴ ̴.

  6.11.3.  GGI (Generic Graphics Interface project)

   GGI ȹ     ̽ 
  ذϰ ϰ ִ..  GGI  ڵ Ϻκ  Ŀ
   Ű ϴ   ýۿ   
  ̴.  ̰ GGI -- س ȣ · --  
  ܼ    ִٴ  ǹѴ.    ֿܼ Ʈ
  񸶽 α α׷  ʵ ϱ ؼ,  
  ()  ̴.  http://synergy.caltech.edu/~ggi/

  7.  Ŀ 

  ̰ ȿ õ Ŀ  ɼǰ,    ϴ  
  ,  ϴ   ̴.

  Ŀ  ǻ Ʈũ  ϹǷ, Ŀ ſ
  ϵ ϴ Ͱ Ŀ ü   ʵ ϴ 
  ߿ ̴.  ֽ Ʈŷ ݹ Ϻθ ϱ ؼ Ŀ
   ֽ  ؾ Ѵ.  ο Ŀ
  ftp://ftp.kernel.org ã  ִ.

  7.1.  Ŀ  ɼ.

    IP: ҽ ƮǴ    :
     CONFIG_IP_NOSR.

      ɼ  Ѵ.  ҽ Ƽ ӵ (Source routed
     frames)  Ŷ ȿ Ϻ  н (Path)   ִ.
     ̰ Ŷ óϴ Ͱ Ŷ --  ˻ ʿ 
     -- ״  óѴٴ  ǹѴ. ᱹ  ħŻ
        ִ Ͱ ýۿ     ִ.

    IP: ȭ ó: CONFIG_IP_FIREWALL.

      踦 ȭ ϰų, Ŀ̵ ų,
     ƴϸ  ̾- ũ̼ǿ PPP ̾- ̽
     ؼ    ؼ ʿ ɼ̴.

    IP: /Ʈȭ: CONFIG_IP_FORWARD.

     IP  ѳ  ڴ  Ͱ Ǵ ̴.
       谡 Ʈũ  ,   ͸  ϳ
     Ʈũ  ٸ ϳ Ʈũ ߸μ ۴ ִ
     ۾  ̰,  쿡 ڰ ̷ 츦 
     ġ  ȭ վ  θ  ִ.

     ͸  Ʈũ ٸ    ְ, ׸
     ¼ ̰  ؼ װ  ȭ վ 
     ִ.  ̾- ڴ  ɼ  ϴ  ,
     ٸ ڵ  ɼ μ ߻Ǵ   
     캸鼭 ؾ  ̴. ȭ  쿡 ȭ
     Ʈ ɰ    ɼ ϴ  .

      ɾ ϸ IP  ̳ϰ Ѱ   ְ,

       root#  echo 1 > /proc/sys/net/ipv4/ip_forward

    .

       root#  echo 0 > /proc/sys/net/ipv4/ip_forward

  (/proc ִ  ٸ ϵ ؼ)   ̰ 0
   , δ  ׷.  Ӱ Ұ Ŀ ̹Ƿ,
  Ŀ  2.0.33 ̻  ϵ ϶.

    IP: ȭ Ŷ  (CONFIG_IP_FIREWALL_VERBOSE)

      ɼ --߽, , Ʈȣ -- ȭ  Ŷ
      ش.

    IP: ׻ ׸Ʈ  (CONFIG_IP_ALWAYS_DEFRAG)

       ɼ , ȭ̳ Ŀ̵ ȣƮ
     ٸ, Ѵ   ̴.  Ͱ,  ȣƮ ٸ
     ȣƮ  , ׽  ġ Ŷ   ƴ϶
        .  ⿡  Ʈ ȣ
      1     ִٴ ̴.  ̰  
      ߿  ȵǴ    ִٴ ̴.

    IP: syn Ű (CONFIG_SYN_COOKIES)

     SYN ,  Ʈ ϰԲ,    ڿ
     Һϰ Ѵٴ   ź ݹ (DoS) ϳ̴.  ѳ
       ɼ̴.

    IP: ȭ Ŷ ݸũ ̽ (CONFIG_IP_FIREWALL_NETLINK)

     ڰ α׷ Ŷ ù 128 Ʈ мؼ -- ̰ ȿ
     չ  -- Ŷ ްų Ȥ źؾ ϴ  ϰ
     ִ   ɼ̴.

  7.2.  Ŀ ̽

   ȿ  Ǵ    ̽  ̽
  ִ.

  /dev/random /dev/urandom  ̽  ͸ 
    ֵ Ŀڿ ȴ.

  /dev/random /dev/urandom  (secure)  ߻ 
  ʼ PGP  , SSH   (challenge), ׸ Ÿ
  α׷     ŭ  ؾ Ѵ.  ڰ --
    ɿ ߻ ڵ  ̸ ˰ ִٰ ؼ -- 
    ڸ ˾Ƴ  ؼ ȵȴ.   ѷκ
  Ǵ ڵ  ǹ̷μ  ǵ ϴ 
  µ  ξ ִ.

   /dev/random  Ʈ ,  Ʈ
   ̴   ° ȴٴ ̴. Ϻ ýۿ
  ο   Է (user-generated entry) ýۿ ϵǴ
  ð  ɸ  ְ,   ()    ִٴ 
  ϰ ʹ. /dev/random   ɻϱ⸦ ٶ.  (Ƹ
      ǰ ִ ̿ -- "OK մϴ" ϴ
  ޽   -- ڵ Ű带 ε  ϴ 
  ̴)

  /dev/random -- ͷƮ  ð 缭   --  
  Ʈ̴. ̰͵  Ͱ    ְ ȴ.

  /dev/urandom , -- Ʈǰ    -- ȣ
   ϴٰ   ִ 콬   ش.   ̰
  (/dev/random   ϸ) δ  ,
  κ α׷δ ϴ.

      ̽κ о  ִ.

       root#  head -c 6 /dev/urandom | uuencode -

  ̰ -- н带 꿡  -- 6  ַܼ 
  ̴.

     /usr/src/linux/drivers/char/random.c ִ.
   (̺)   µ    ,  ̽ ׸
   Ŀ  п 帰.

  8.  Ʈũ 

     ð ǻ ӿ 鼭, Ʈũ  
   ߿ ִ.

  Ʈũ    ,   ͵ 
   Ƿ ǰ ִ.

  8.1.  Ŷ 

  ħڰ Ʈũ   ý ħϱ ؼ  ϰ
     ϳ ̹  ȣƮ Ŷ ۸ ϴ
  ̴.   "" ͳ Ʈ ûϸ鼭  Ŷ 帧
  "Password", "Login", "su"   鸮    
  д.   , ڴ ħϷ õ ʾҴ
  ýα  н带  ȴ. (ȣȭ ȵ ä)
   ۵Ǵ н  ݿ ſ  ̴.

  : ȣƮ A  .  ڴ (⿡) ۸ ġѴ.
  ( ,)  ڰ ȣƮ C ȣƮ B  
  α ۰ Ѵ. ( Ŷ  ǰ ִ) ڰ
  B α ϴ     н  ȴ.  
   ڰ --   ذϱ  -- 'su' Ѵ.  
  ȣƮ B Ʈ н  Ǿ.   Ŀ, ڰ
   ڱ  ٸ Ʈ ִ ȣƮ Z ڳ ϵ 
  θ ڴ  ȣƮ Z α н  ȴ.

  ó ڰ Ŷ ۸   ý  
  ħ ʿ  ȴ.  ڴ ž̳ PC ǹ 
   ͼ Ʈũ ûϸ ׸ ̴.

  ssh ٸ ȣȭ н  ϸ     ִ.
  pop  ATOP    Ѵ. (  
  н带 ϴ   ׷,  pop α ۿ
   ϴ.)

  8.2.  ý 񽺿 tcp_wrapper.

   񽺸  ʿ䰡 ִ° ϴ  Ʈũ 
  ý ÷  ؾ  ̴.   ʿ䰡 
  񽺸 ƿ üع Ÿ ϳ ٰ, ڰ 
  ã  ϳ ٿ   Ǵ ̹Ƿ.

   ýۿ 񽺸    ִ. /etc/inetd.conf
    inetd   񽺸 ϰ ִ ˾ƺ  ִ.
  ʿ  񽺴  ּ (remark) ó ؼ ƹ ((#
    տ ), inetd μ SIGHUP ȣ  ϶.

  ƿ﷯ /etc/services Ͽ 񽺸 ּ ó ϰų 
   ִ.  ̰  ڵ鵵  񽺸  ȴٴ ̴
  (μ,   ftp   ,  迡 
  Ʈ ftp Ϸ ϸ " : unknown service" ޽
  鼭  ޾ ̴) ȼ þ  ƴϹǷ  񽺸
    ġ .  ڰ --  ּ ó
  ؼ  -- ftp  ;Ѵٸ, ״  ڽ Ŭ̾Ʈ
  ϸ鼭  ftp Ʈ Ἥ      ̴.

  ѳ   񽺵:

    ftp

    telnet

    mail, such as pop-3 or imap

    identd

    time

      ִ.

   Ű     ˰ ִٸ,  Ű 
    ִ.   rpm -e   Ű ü
    ִ.  ȿ dpkg  ۾    ̴.

  ٿ, (rlogin ) login (rcp ) shell ׸ (rsh
  ) exec /etc/inetd.conf ۵Ǵ    ؼ,
  /rsh/r;pgin/rcp     ʿϴ.  ̵ 
  ش ϸ (insecure),  ħŻ (exploit)  ٿ
  ǾԴ.
  /etc/rc.d/rcN.d  -- ⼭ N  ý  ̸ --
  丮 Ǵ   ʿ ͵ ִ° Ȯ϶.
  /etc/rc.d/rcN.dȿ ִ ϵ  /etc/rc.d/init.d 丮
  ɺ ũ Ǿ ִ.  init.d ִ ϵ ̸ ٲ,
  /etc/rc.d/rcN.d   ɺ ũ  ȿ ´.
   Ư   ߾ 񽺸 ְ , ̿ ϴ
   ҹ (lower-case) ̸ ٲָ ȴ.

  BSD  rc ϵ  ִٸ /etc/rc* ˻ؼ ʿ 
  α׷   ִ..

  κ    tcp 񽺵 "ȣִ(wrapping)"
  tcp wrapper ִ. tcp_wrapper (tcpd)     
  ִ  ƴϰ,  inetd ҷ  ȴ. ׷
  tcpd 񽺸 ûϴ ȣƮ ˻ؼ,  Űų 
  ȣƮκ  źѴ.  tcpd ̿ؼ tcp 񽺷 
    ִ ̴.  /etc/hosts.allow  , 
  ǻ 񽺿  ʿ䰡 ִ ȣƮ鸸 ߰ϵ Ѵ.

      ̾- ڶ, ڴ  񽺿
    źϵ Ѵ. tcpd 񽺿 Ϸٰ 
  õ ϹǷ,  ް ִٴ  ˷  ִ. ο
  񽺸 ߰ ġϰ Ǹ, ݵ tcp wrapper TCP  
  񽺸 ߰ ϴ  .   ,   
  (dial-up) ܺ ڽ 迡 ϴ  鼭, 
  ޵ ͳݿ Ʈũ    ִ.  ̷ 
  /etc/hosts.allow  ߰Ѵ.

  ALL: 127.

   /etc/hosts.deny

  ALL: ALL

  ̷   ܺο   鼭, ο
  ͳ     ְ ȴ.

  8.3.  DNS  Ȯ

   Ʈũ  ȣƮ  DNS  ֽ ϴ
  ε  ȭ  ִ.   ҹ ȣƮ  Ʈũ
  Ǵ Ȳ , DNS Ʈ  ̹Ƿ, ħ ˾ç
   ְ ȴ.   񽺵 -- ȿ DNS Ʈ  ȣƮ
   źϴ  --   ְ Ǿִ.

  8.4.  identd

  identd ַ inetd Ǵ  α׷̴.  ڰ 
  tcp 񽺸 Ű ϰ, 䱸ϴ Ե  
  Ѵ.

    identd 뼺 ϰ, ̰ ų ܺ
  Ʈκ  û źϵ Ƶд. identd  Ʈ
   ֱ ؼ ִ  ƴϴ.   identd 
  ڷᰡ    .  identd û ƹ  
  Ƿ.

  ׷ٸ  identd Ѿ ұ?  identd __ ֱ
  ̰,  ÿ ˹  ϱ ̴.  identd
   ʾҴٸ tcp 񽺸  ִ   ̸̳
  uid identd  Ʈ ְ ִ   ̴.   ϳ
   Ʈ ڰ п ͼ  ǻ  ڰ
  ڱ Ʈ ħϷ ߴٰ Ѵٸ,  ս 
  ڿ ؼ ൿ   ִ.  identd Ű 
  ʾҴٸ,    ־ ˾Ƴ ؼ  ϵ
  캸ƾ ϰ, ̷  Ϲ  ڸ ϱ ؼ ξ
   ð ɸ ȴ.

  κ ǿ ִ identd   ϴ ͺ 
  پ  ϴ.  Ư ڿ identd ۵ ʵ
    ְ ( ڵ .noident   ȴ),  identd
  û ϵ    (ڴ ̷ ϱ⸦ Ѵ) 
  ̸  uid NO-USER ǥϵ   ִ.

  8.5.  SATAN, ISS, ׸ ٸ Ʈũ ĳ α׷.

  Ʈ 񽺸  ǻ͵ Ʈũ  ˻ (scan)
  ϴ  Ʈ Ű ִ.  SATAN ISS  
    ˷ α׷̴.  Ʈ ǥ ǻ (Ȥ
   Ʈũ   ǥ ǻ͵)   Ʈ Ϸ
  õϸ,  񽺰   ǰ ִ ãƳ Ѵ.  
    ǥ ǻͰ  ħŻ  ã  ִ.

  SATAN(Security Administrators Tool for Analyzing Networks) 
  ̽  Ʈ ˻ α׷̴. ǻ  볪 ϳ
  Ʈũ  ˻  , ,    ִ.  SATAN
  ؼ  ǻͳ Ʈũ ؼ ߰ߵǴ  ġ
   .  SATAN Ʈ  FTP,  Ʈ ϵ
  ؾ Ѵ. ͳݿ SATAN  Ʈ 񸶰 ־ ̴.
  http://www.trouble.org/~zen/satan/satan.html

  ISS (Internet Security Scanner)  ٸ Ʈ ˻ α׷̴.
  SATAN  ,  Ը Ʈũ ˻ϱ⿡   
  ִ.  SATAN    ϴ  ִ.

  ƹĿ- (Abacus-Sentry) www.psionic.com   ִ
   Ʈ ĳʴ. Ȩ      ִ.

  SATAN̳ ISS  Ʈ  ǻ͸ Žϰ ִٴ 
  溸ֵ     ִ.   tcp_wrapper 
  Ȱϰ  ϵ  캸⸸ ص, ׷ Ž
  ˾  ִ.      δ SATAN 
   ý α Ͽ ڱ .

  8.6.  , qmail  MTA

     ִ  ߿ 񽺵  ϳ 
  ̴.  ϰԵ   ݿ    
  ϳε,   ؾ ϴ ۾ ڿ ʿ ϴ 
   ̴.

  sendmail  ִٸ, ֽ  ϴ  ſ ߿ϴ.
  sendmail   ħŻ 簡 ִ.  ֱ  ׻
  ϵ ϶.  http://www.sendmail.org

   sendmail  ׷̵ϱ⿡ ƴٸ, qmail ٲ㺸 ͵
  غ  ϴ. qmail ó  ο ΰ Ǿ. 
  α׷  ̰ ϴ. http://www.qmail.org

  8.7.   źν  (Denial of Service attacks:  DoS)

  DoS  ý ڿ Ϻθ ſ ٻڰ μ, չ
  û  ϰ ų,   ý  źϰ
   ̴.

  ̷  ٳ⿡  ũ ؿԴ.  ֱ ݹ   ˷
  ͵ Ʒ .  ο ݹ ׻ Ÿ Ƿ 
  Ұ ͵    ʿ Ұϴٴ  ؾ Ѵ.  
  ο     Ʈ Ʈ (bugtraq) Ʈ
  ī̺긦 е ϶.

    SYN (flooding) - SYN  Ʈũ   ź
     ̴.   TCP   ߿ ִ "" ̿Ѵ.
     (2.0.30 ) ο  Ŀڵ SYN   ϱ 
      ɼǵ  ִ.  Ŀ ȣ ɼ  Ŀ 
     ׸  ϶.

    Ƽ "FOOF"  -  ǰ Ƽ μ Ϸ 
     ڵ带   ǻͰ õ Ѵٴ  ֱٿ ߰ߵǾ.
     ̰  üΰ  (ǰ Ƽ ,
     Ƽ2 ) Ƽ μ ϴ  ǻͿ 
     ģ. 2.0.32 ̻  Ŀڿ  ׷  ǻͰ 
       ȸ ԵǾ ִ.  2.0.33 Ŀ    Ŀ
       ְ, 2.0.32   νĵǰ ִ.
     Ƽ ϰ ִٸ,  ׷̵带 ؾ Ѵ.

    Ping  - Ping   θƮ  DoS  ̴.
     ڴ ICMP Ŷ ϳ "ȫó"  ǻͿ .
     ڰ    ǻ   ӵ  (better
     bandwidth) ǻͿ Ѵٸ,  ǻʹ Ʈũ ƹ
     ͵     ̴.   ݹ   ϳ
     "" --  ãƳ   Ƶ -- ICMP Ŷ
     ߽  ǻ ּҷ ؼ ٸ ȣƮ .
     "" ݿ ؼ
     http://www.quadrunner.com/~chuegen/smurf.txt    
     ִ.

     Ping   ް ִٸ, 𿡼 Ŷ  (Ȥ 
     ó ̴) ˾Ƴ ؼ tcpdump    ϰ,
      ISP   ϵ ϶. Ping  
     ؿ ϰų ȭ    .

      (Ping o' death:   ) -    Ŀ
         ִ ͺ ũ  IMCP ڸ
     ûϴ (IMCP ECHO REQUEST) Ŷ ̴. (65510 Ʈ)
     Ŀٶ "" ýۿ  ý ų ׾
     , " "̶ Ҹ Ǿ.      ̹
     ذå  ũ  ʿ .

    Ƽ () /  Ƽ - ֱ ħŻ ϳε 
     콺 IP ׸̼ ڵ忡 ϴ ׸ .  2.0.33
      Ŀڿ  ߰, ĥ  Ŀ -Ÿ
     ɼ  ʿ .   " Ƽ" ħŻ 
      ʴ´.

     κ ħŻ ڵ  ͵  ̴   
      ʿϸ http://www.rootshell.com ġ  Ἥ 
      ִ.

  8.8.  NFS (Ʈũ  ý) 

  NFS ſ θ ̴   ̴. NFS ̿ϸ --
  Ŀڿ nfs Ͻý  ִ (  ƴ 쿡
  ٸ Ŭ̾Ʈ  ִ) ٸ ǻ͵ -- nfsd mountd
  ϴ  Ͻý ""   ְ  ش. Mountd
  /etc/mtab Ʈ Ͻý ϸ鼭    ִ.

  ڵ鿡 Ȩ 丮 ϱ ؼ NFS  Ʈ
  ϰ , ̷ ν ڵ  ǻͿ α
  Ͽ  ڵ Ȩ ϵ   ְ ȴ.

  Ͻý     ִ  ȵǴ ""  
   ִ.    ǻ Ʈ (uid=0) nobody
  ڷ Ѽ,  Ͻý ü    
  źϵ nsfd ؾ Ѵ. ׷  ڴ  (Ȥ
  ּ  uid) Ͽ  ٱ ֱ , 
   ڱ  α̳ su  ϸ, ڱ
  ϵ鿡 ؼ  ٱ   ִ.  ̷ ϴ  
  Ͻý Ʈ   ڿԴ  ֹۿ 
  Ѵ.

  NFS  Ѵٸ,  ؾ߸ ϴ ǻ͵θ  ǵ
  ϶.  Ʈ 丮 θ ؼ  ȵǸ, ʿ
  丮 ؾ Ѵ.

  NFS   ڼ  ʿϸ NFS Ͽ  ϶.  NFS
  HOWTO

  8.9.  NIS (Ʈũ  ) ( YP).

  Ʈũ  (Network Information service,  YP) ׷
  ǻ͵鿡  ϴ   ̴.  NIS   ǥ
  ϸ װ͵ NIS  (map) ϵ ȯѴ.    ϵ
  Ʈũ  ν NIS Ŭ̾Ʈ ǻ͵ αΰ
  н, Ȩ 丮    (  /etc/passwd Ͽ
  ִ  )   ְ ȴ.  NIS ̿ϸ ڵ
  н带   ٲٸ  NIS  ִ  ǻͿ (
  ŵǵ)   ִ.

  NIS   ƴϴ.   ο ΰ  
  ƴϾ.   ϰ  ִ ۾ ҷ  ͻ̴.
  (Ʈũ   ְ)  NIS  ̸ ˾Ƹ 
  ִ   passwd  纻   ְ, 
   н带   Crack John the ripper   ְ ȴ.
  NIS ӿ (spoof) °   ϰ   ִ.   NIS
   ٸ, ̷  ؾ Ѵ.

  NIC+ Ҹ NIC  üǰ ִ.  NIC HOWTO о
  ٶ.  http://sunsite.unc.edu/mdw/HOWTO/NIS-HOWTO.html

  8.10.  ȭ.

  ȭ(firewall)   Ʈũ    
  ΰ 㰡 ϴ   ̴.   ȭ ȣƮ
  ͳݰ   Ű,  ͳ  ȭ
  ؼ ϵ ϴ ̴.  ̷ ϸ ȭ ͳݰ
   ̸     ִ.

  ȭ ϴ    ִ.   ǻʹ 
  ϸ鼭 Ǹ ȭ   ִ. ȭ ڵ  
  2.0 ̻ Ŀڿ ٷ Ե  ִ.     ipfwadm
  ,   Ʈũ Ʈ  ΰ ս ٲ 
  ִ.    Ʈũ Ʈ   (log) 
   ִ.

  ȭ Ʈũ ȭ ־ ſ ߿ϰ  ̴.
   ȭ ϱ   Ʈũ ִ ǻ͵ 
  ʿ ٰ ؼ   ȴ. ̷ ϴ  ġ
  Ǽ.  ȭ       Ʈ 
  ֱٿ  ȭ Ͽ о ϶. Firewall HOWTO

  ߰  IP-Ŀ̵ ̴ Ͽ Ͽ ִ  IP Masquerade
  ( 8.10-1)

  ipfwadm (ȭ  ٲٴ )  ߰    Ȩ
     ִ.  http://www.xos.nl/linux/ipfwadm/

  9.  켱  å ( ϱ ).

  . ýۿ   ˻縦 ϰ,   ϰ
  ٰ Ǵ ,    .  ħ  
   ħڸ ɷȭ Ű, 󺹱 Ϸ غ ؾ  
    ִ.

  9.1.  Ϻ   .

           ȿ
  Ͽ   ڴ. ࿡ ϳ Ƽǿ 650 mb 
  ͸  ִٸ CD-R   .  (  ϴ
   ,  ð     ֱ ̴)  
  ϴ 찡 ,  ٸ   ͵ 
      ϰ Ȯ ϴ  .    
  2 ҿ ϵ ϶.    ý ٽ ϴ
  ù  ̹Ƿ.

  9.2.     .

  6  1 ֱ     ϱ⿡ ϴ. 4
   ߿ ϰ,   ַ ¦ ݿϿ,   
  ַ Ȧ ݿϿ ϴ  ̴.  κ 
  (incremental backup) , ü   (ַ Ǵ)
  ݿ   .  Ư ߿  ߰ų, 
  ߿ ͸ ߰ 쿡 Ư    
  ̴.

  9.3.  RPM   ͺ̽ .

  ħ 쿡 RPM ͺ̽ Ʈ̾ó   ְ,
   쿡 ͺ̽  ʵ Ȯ ϰ  
  ̴.  RPM ͺ̽ ÷ǿ īϰ,   ׻  2
  ҿ Ѵ.       ִ.

  Ư , /var/lib/rpm/fileindex.rpm /var/lib/rpm/packages.rpm
    忡    ִ.  Ǹ   徿 
  ̴.

   ý ħ ϸ  ɾ   ִ.

       root#  rpm -Va

  ̰ ؼ ý   ȮѴ.   ɾ ټ 
   ̴ (ª  ǵ ϴ) ɼǵ  ؼ, RPM man
    .

     ο RPM   RPM ͺ̽ ٽ 
  ξ Ѵ.      ̴.

  9.4.  ý   (account data) 

  ýα (ý : syslog)  ħظ  ʵ ϴ 
  ߿ ̴. /var/log  ѵ ڵ鸸 а   ֵ
  ϴ   ̴.

  "auth"׿ Ư Ǹ θ鼭,   ͵  ִ 
  ϴ  .  ,    д ħ õ
  ǹϴ   ִ.

  α  (log file)  ִ     
  ٸ.  ް  " Ͻý ԰ (Linux Filesystem
  Standard)  ̶, /var/log 鼭 ޽ Ȯϰ,
  mail.log ٸ ͵   .

  /etc/syslog.conf        
  (log)    ִ.     syslogd (ý 
  )     ҿ  ƾ Ѵٴ 
  ˷ִ ̴.  ð   ˻ ֵ --   
  ũƮ  ؼ --   ϵ ϴ ͵ .
  ֱ   "logrotate" Ű   .  ٸ 
     ɼ ִ.

    α   ó ̸,  
  ۵Ǿ,   Ǿ    .
    ð   ִ°?  ( ִٸ)   
      ͵  ̴.

   ħڰ ħ  ֱ ؼ ٲ , ׷ ̻
  ϵ ˻ϱ ؼ  Ȯϴ  .  ¼ ħڰ
  ħ õϴ ̳, Ʈ   α׷ ħŻ
  (exploit a program) õϴ  ˾ç  ִ. ħڰ ä ٲٱ
  ,    ִ ̴.

  "su" Ἥ ڸ ٲٷ õ,  õ, ٸ  
    ٸ    "auth"  ϴ  .

  ϴٸ,  ߿ ʹ  ö ý 纻
   syslog ϶.   /login/sy/ftp/etc õ
  μ   ħڸ  ̴.  syslog.conf man
   , "@" ɼ ϵ.

  , ƹ  ʴ ٸ, ()  ̴.
   ð   е ϰ,   ۾ 
   ̴° ˾Ƶδ  . ̰ ˾Ƶδ  ̻ 
  ˾ä   ȴ.

  9.5.  ο ý Ʈ ġ.

  κ  ڴ CD-ROM  ġ Ѵ.    
  ۾  ֱⰡ Ƿ,  () α׷ ׻ 
  ִ.  Ʈũ 踦 ϱ⿡ ռ,  (ftp.redhat.com
  ) ftp  Ʈ Ű ޾Ƽ  ġ  ϴ 
  .  ̷ Ű ߿  å   Ƿ, ġ
  ݵ ϴ   ̴.

  10.  ħ ̳ Ŀ  ϵ

   ⿡  ִ (Ȥ ٸ )    ħ
   ٸ?   ù °    ϴ ̴. 
  ൿ ڰ   ִ ͺ  ū ظ ĥ  ִ.

  10.1.     !

      ˾  Ǵ   ִ.  
   ϴ°  ߿    ִ.

    ̶, ̻   ̳ 繫,
  ǿ ħ    ̴.   ˷ Ѵ.  
  ȯ̶  ̽  ϰų ǻ͸ Ϸ ϴ
     ִ.   Ѱ  ,  ׵鿡
  ϵ 䱸ϰų   åڿ   ִ.

   ڰ  Ѽϰ ϴ   ,  
  ؾ    ڰ   Ȯϴ ̴.   ڰ
  𿡼 α Ϸ ϰ ִ Ȯ  ϶.   
  ÿ αؼ  ΰ?  ׷ ?  
  ǻ͸     غ ϶.   
  ȭ ɰų    Ȥ 繫Ƿ   ̾߱⸦  
  ִ.    ڰ ڱ  Ѵٸ,   ؼ
  ϵ 䱸  ְ ׷  ϶   ִ.  װ
  ϰų,  ϴ ǿ ؼ 𸥴ٸ   縦 ؾ
  Ѵ.  ǵ ˾ƺ ̳  ϱ   
  Ȯϵ ϶.

  Ʈũ  ħ ߴٸ, ó   (  ִٸ)
  Ʈũ   ̴. ħڰ  ߴٸ  
  ̾ƹ ϰ, ͳ  ߴٸ ͳ  ̾ƶ. ̷
  ϸ ħڰ  ū ظ     ְ, ħڴ Ƹ
  ڽ 복ٰ ϱ⺸ٴ Ʈũ   ̶
   ̴.

   Ʈũ    ٸ (  Ʈ̰ų,
  ǻͿ    ٸ), å ħ
  Ʈκ      tcp_wrapper ipfwadm 
  α׷ ϴ ̴.

  ħ Ʈ     ź  
  ̶, ڵ  Ͽ Ѵ. ϳ  ϴ
     ƴ϶  ϶. .rhosts ϰ FTP  ,
  ſ  ޹ (backdoor) ο ξ Ѵ.

   ġ (Ʈũ ,  Ʈκ   õ ź,
  ׸/Ȥ ׵  )    ϰ , 
    μ ̰ ׵ α׿ Ѿ Ѵ.

  ڴ ٽ  õ ̹Ƿ,     
  Ʈ ڼ ؾ Ѵ. ڴ Ƹ ٸ   ̰,
  ٸ Ʈũ ּҸ   ִ.

  10.2.   Ѽ ̹ Ͼ .

  ̹ Ͼ  ڴʰ ܿ ˾Ȱų, (ٶδ) 
  ڸ  ýۿ ᰡ ѾƳ ȴ..   
  ؾ ұ?

  10.2.1.   Ƴ.

  ڰ  ýۿ       
  ִٸ,    ؾ Ѵ.   , ¼ ħڰ
   ٷ  FTP    ̴  Ҵٰ .
  ̷ 쿡 FTP 񽺸 ϰ  ̳ ˷  
   ִ ãƺ Ѵ.

  α ϵ Ȯ ,   Ʈ  Ʈ
  , ľ ϴ Ӱų  ˷ ִ ħŻ ÷ ִ
   캸 ϶.  Į  
  http://www.caldera.com/tech-ref/security/   ִ.  
       ȿ  ʰ , 
    http://www.redhat.com/errata   ִ.  
  ڰ   , ٸ κ     ִ.

  ڸ   , ״ 밳 ٽ ƿ´.  
  ǻͻ ƴ϶,  Ʈũ    ̴. ڰ
  Ŷ ۸ ۵Ű ־ٸ, ״   ٸ ǻͷ 
   ִ.

  10.2.2.   

  ù °   ظ ϴ ̴.   ѼյǾ°? Tripwire
    ˻ α׷ ϰ ִٸ, tripwire Ѽ
  ˾ƺ  ִ.  ̷ α׷ ٸ,  ߿ ڷ 
  캸ƾ Ѵ.

   ý  ġϱ  Ƿ, ߿ 
  ϵ   ΰ ũ ƿ   
  ó ٽ ġ , κ  ϰ  ϵ
  ϴ     ִ.  ̷ ϸ  ý 
   ȴ.     ǻ  ٸ -- ħڰ
  ɾ Ʈ   Ƿ --   ̶ ؼ
  ƾ  ̴.

  10.2.3.  , , ׸  !

    صδ    ־  ߿ϴ.
  ý   , ʿ ڷḦ κ   ִ.
   ڿԵ ġ ִ ڷ, ļ ڱ 纻  
   ıϰ, ּ ڷḦ    ʴ ̴.

      ϱ ,   
  Ȯ ƾ Ѵ. ħڰ    ĳҴٸ, ̹
   ϵ鸸 ܶ    ֱ ̴.

   鿡 ؼ   ִ.    ҿ
  ξ ȮϿ ϰ,  ű   ִ ˰ ־ Ѵ.
  (ڰ    ִٸ,  𸣴 ̿ 
   ڷῡ   ְ Ǵ ̴.)

  10.2.4.  ħ .

  ħڸ Ƴ, ý ߴٰ ؼ    
  ƴϴ.  밳 ħڵ  , ׷   ؾ
  Ѵ.

  ڰ  ý ϴ Ʈ ڿ  
  ˷־ Ѵ. ó "whois" internic ͺ̽ ̿ؼ
  ãƺ  ִ.      ¥  ð ÷ؼ 
  ڿ email  ͵ .  ħڿ ؼ  Ư 
  ߰ߴٸ װ͵ Բ ˷ֵ ϶.  email  ڿ (ϰ
  ʹٸ) ȭ Ἥ  ϵ ϶.   ڰ  
  ڸ ãƳ´ٸ,  ڰ ٽ ڰ  Ʈ
  ڿ ϰ  ׷.

  پ Ŀ 밳  ǳʶٱ ߰ ý۵ Ѵ. 
  ý۵   (Ȥ ) ҿ ħ ߴٴ 
    ִ.  ũĿ  ý۱ Ѿư   ̴.
   ̾߱ϰ Ǵ ڵ鿡 ϰ ϴ  ׵κ
   µ .

   Ǵ (CERT ̿ )   鿡 ˷־
  Ѵ.

  11.    ڷ.

  н  Ϲݿ  Ȥ Ư  ȿ  Ǹ
  Ʈ   ִ. ϳ ̻   ϸ Ʈ
  ؼ ֽ   ׵ 󰡴  ſ ߿ϴ.  ̷
  Ʈ 밳 ſ з 鼭 ϴ.

  11.1.  FTP Ʈ

  CERT ǻ   (Computer Emergency Response Team) ڴ.
  ̵ ֱ  ǰ ׵鿡  溸  ߼Ѵ.
  cert.org

  Replay   α׷ ϰ ִ.  Replay ̱ ȿ
   ʱ  ̱     ʿ䰡 .  replay.com

  Matt Blaze CFS ̸ Ź  ̴.  Matt Blaze's
  stuff

  tue.nl ״忡 ִ Ǹ   ftp Ʈ̴.
  ftp.win.tue.nl

  11.2.  Ÿ  Ʈ

  Ŀ FAQ Ŀ鿡  FAQ̴.  The Hacker FAQ

  COAST ī̺  н  α׷   ִ. COAST

  Rootshell.com ũĿ   ħ  ˾ƺ⿡ 
  Ʈ̴.  rootshell.com exploits

  BUGTRAQ     Ȳ ǥѴ.  BUGTRAQ archives

  ǻ   , CERT н ýۿ    
  Ѵ.  CERT home

   ĸ (Dan Farmer) SATAN  ٸ   ̸, 
  Ȩ Ʈ    ƴ϶ ȿ  ̷ο  ۵鵵
  ִ.   ĸ trouble.org

    WWW  ý ȿ   ڷ̴.  Linux
  Security WWW

  Ÿ (Reptile)  Ʈ  ȿ   
   ִ.  Reptiles Linux Security Page

  Infilsec   Ư ÷  ִ ˷ִ
   (vulnerability engine) ִ.  Infilsec vunerability
  engine

  CIAC  ħ ǵ鿡     ش.
  CIAC bulitins

   PAM (  : Pluggable Authentication Modules)
  http://www.kernel.org/pub/linux/libs/pam/.

  11.3.  ϸ Ʈ

  Ʈ (Bugtraq):  Ʈ Ϸ,  subscribe bugtraq̶
  Ἥ listserv@netspace.org   ȴ. (  
   ũ ).

  CIAC:  ( ) subscribe ciac-bulletin Ἥ
  majordomo@tholia.llnl.gov e-mail .

  11.4.   

       ִ.   ׿ ̷ å 
  ݸ ϰ Ѵ.   ٷ å  ƴ϶, ý
     å ȿ ؼ ٷ ִ.

  Building Internet Firewalls By D. Brent Chapman & Elizabeth D. Zwicky

  1st Edition September 1995

  ISBN: 1-56592-124-0

  Practical UNIX & Internet Security, 2nd Edition By Simson Garfinkel &
  Gene Spafford

  2nd Edition April 1996

  ISBN: 1-56592-148-8

  Computer Security Basics By Deborah Russell & G.T. Gangemi, Sr.

  1st Edition July 1991

  ISBN: 0-937175-71-4

  Linux Network Administrator's Guide By Olaf Kirch

  1st Edition January 1995

  ISBN: 1-56592-087-2

  PGP: Pretty Good Privacy By Simson Garfinkel

  1st Edition December 1994

  ISBN: 1-56592-098-8

  Computer Crime A Crimefighter's Handbook By David Icove, Karl Seger &
  William VonStorch (Consulting Editor Eugene H. Spafford)

  1st Edition August 1995

  ISBN: 1-56592-086-4

  12.  

    ȣƮ: Ʈũ  ǻ.

    ȭ: ȣ (Ȥ ȣϴ) Ʈũ ͳ , Ȥ ٸ
      Ʈũ   ϴ  .

     ȣƮ (bastion host): ͳ  ӵǾ ִ  
      Ʈũ    Ǵ   -- ׸ ݿ
     Ǿ ֱ  --  Ư ϰ  ϴ ǻ.
      (bastion) ä ܰ    (  
     ž )   κ Ѵ.   ߿ 
     ٺ鼭, ϰ β   ڿ,    
     ִ ,    ⸧  غϰ ־.

    -Ȩ ȣƮ (dual-homed host): ּ   Ʈũ
     ̽  ִ Ϲ  ǻ ý.

    Ŷ (Packet): ͳ  ּ ⺻ .

    Ŷ ͸ (Packet Filtering): Ʈũ󿡼  
     帧  ϴ   . Ŷ ʹ Ŷ
     帣 ϰų µ,   Ʈũ ٸ Ʈũ 
     ϴ  (ַ ͳݰ  Ʈũ ) ۾ ǽѴ.
     (Ư IP ּҳ Ʈ  ) س  Ŷ
     ǰ  ٸ  Ŷ ϴ  Ģ  
     ȴ.

    ܰ  Ʈũ (Perimeter network): ȣϰ ִ (ȣ)
     Ʈũ ܺ Ʈũ ̿ --   β ϱ
     ؼ ٿ  Ʈũ.  ܰ  Ʈũ DMZ
     ̶ Ҹ.

      (Proxy server):  ڸ ؼ ܺ 
     ϴ α׷.  Ŭ̾Ʈ   
     ϰԵǰ,   㰡  Ŭ̾Ʈ ( Ȥ )
       ߰ ش.

     ź (Denial of Service):  źδ ڰ -- ǵ
      ʴ   -- ǻ ڿ Ҹϰ ؼ 
     ڰ չ  Ʈũ ڿ  ϰ ´.

      (Buffer Overflow) α׷ ڵ  ۰ "
     ũ"  ʰ, ̷  ۰ ġ ͵ Ȯ
     ʰ δ  ִ. ̷  ۰  ϰԵǸ
     (̳ set-uid ) ǰ ִ α׷ ٸ  ϰԲ
     ǰ ȴ.   Լ  ּҸ ٸ ҷ   ϴ
       ۵ȴ.

    IP Ǫ (IP spoofing): IP Ǫ  Ҹ ؼ ,
     ϸ鼭  ݹ̴. ̰ ȣ ſ  (trust-
     relationship) ִ ǻ͵ ӿ  ħŻ̴.   Ű
     (Phrack Magazine)  7ȣ 48  9, Ʈ, ׸
     ǴƼ ̸  Ŀ  ڼ  ִ.

     (authentication):  Ͱ   ̸,
     ڶ ϴ    Ȯϴ 

     ǻ̼: ͸  ڰ -- ߿ ͸
     ߴٴ  ϴ   ؼ --  ڰ
          ֵ ִ .

  13.  FAQ

  1. ̹     Ŀڿ  ϵ ϴ 
      Ѱ?

       -- ħڰ Ʈ   εϰų Ȥ
     ý ȿ    ڽ  ε  ִٰ ؼ --
      Ἥ ̽ ̹ εϵ ϴ   
     ٰ ϱ⵵ մϴ.

       εϱ ؼ ڴ ݵ Ʈ Ǿ
     մϴ.   Ʈ   Ʈ   ֵ Ǿ
     ֽϴ.   ħڰ Ʈ  ̹ ٸ, װ 
     ε ΰ ϴ   ߿ ٸ Ÿ .

        ʱ⵵ ϴ Ư ̽ ϱ ؼ
     εǰ ˴ϴ.   迡 -- ȭ  -- 
     Ͼ ʴ Դϴ.  ̷  --  ϰ ִ
     迡 -- Ŀڿ     ִ  Ÿմϴ.
        Ŀڿ ϵ  ϴ.

  2.  迡 Ʈ ϴ  ׽ ȵ˴ϴ.

     Ʈ ȿ  ׸ ʽÿ.   ڰ ڳ Ἥ Ʈ
     ϴ  ɰ   ̱⿡ ̷ 츦  Ϻη
     ̷  ϴ.   ħڿԴ ð ϰ, 
     н带 ãƳ  ڵ α׷   ִٴ  
      ʽÿ.

  3.   ִ  4.2 5.0 ǻͿ   н带
     ϱ?

      н Ϲ Ǵ /etc/passwd  ƴ ٸ
     ҿ н带  Դϴ.   ִµ, 켱
     /etc/shadow    -- ƹ   ֵ Ǿִ
     /etc/passwdʹ ޸ -- Ʈ   ֵ Ǿ ִٴ
     Դϴ. ٸ  ڷμ -- ڵ ٸ  ¸
     ƴ Ͼ --  ְų   ϴٴ Դϴ.

      쿡 /etc/passwd  -- "/bin/ls"  α׷ 
     丮   ó  ID  ̸
     (username) ؼ   ֵ -- ڿ ׷ ̸
     ϴ Ϳ  ˴ϴ.

     ׸ /etc/shadow   ̸ (username) н --
     ׸ ¼     --   
     ˴ϴ.

      н带 ѵη Ʈ  "pwocnv" Ͻø
     /etc/shadow 鼭 ٸ α׷鿡 ǰ ˴ϴ.
      4.2 ̻ ϽŴ Ƿ,  쿡 Ư 
     ٲ ʾƵ PAM   /etc/passwd  н
     ȯ Ǵ  ڵ ν Դϴ.
     ϴ н带 ϰ  Ϳ  μ, ƿ ó
      н带  Ϳ  δ ͵  Դϴ.  
      ؼ PAM Ϻκ "pam_cracklib"   ֽϴ.
     ̰  н带 ũ ̺귯 Ἥ μ
      н尡 н ũ α׷ ؼ   
     ִ  ˵ ݴϴ.

  4.  ġ ͽټ   ?

     1. 켱 ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL SSLeasy 08.0
     ̻  մϴ.

     2. ϰ,   Ŀ ġ մϴ.

     3. ġ 1.2.5 ҽ մϴ.

     4. ġ SSLeay ͽټ մϴ.

     5. ġ 1.2.5 ҽ 丮   Ǯ  README
     ϴ   ݴϴ. (README  а  ǽϼ)

     6.  ϰ ϸ .

     ̱ ۿ ϰ ִ_ ÷ ҽÿ (Replay
     Associates) ̸  Ű   ֽϴ.

  5.   ϸ鼭    ٲ?

     Ư RH 5.0 ,     Ư ٲٴµ
       ִ    ֽϴ.

    pwconv unpwconv α׷ Ͻø  н (ު)
      н ϴ  ٲٸ鼭   ֽϴ.

    pwck grpck passwd ׷ ϰ   Ȯϴ Ϳ
       ֽϴ.

    useradd, usermod, ׸ userdel   ϰ ٲٰ,
       ˴ϴ. groupadd, groupmod, ׸ groupdel
     ׷쿡 Ǵ ɾԴϴ.

    ׷ н gpasswd ɾ Ἥ   ֽϴ.

      ִ  α׷ "  ()" մϴ.
      츦 ѳ, /etc/shadow н   ؼ
      ̰ ƴ϶, ܼ  ʴ´ٴ  մϴ. 
      Ͻø Ǵ manpage ʽÿ.

  6. Ư HTML   ġ Ἥ ȣմϱ?

     http://www.apacheweek.org̶  ƽô?

       ؼ
     http://www.apacheweek.com/features/userauth , ٸ  
       http://www.apache.org/docs/misc/security_tips.html
     ʽÿ.

  14.  .

   溸 ϸ Ʈ ϰ ֽ ⿡ ν 
   ǻ͸ ϰ ϱ      ִ. 
  ϵ鿡 Ǹ ̰, tripwire  α׷ 
  ϸ   ϵ   ִ.

   ǻͿ   ǻ  ϱⰡ 
  ʴ.   ǻͿ    ʿ,  Ƿ
   ÷   ִ.   Ư,  ü
    Ȱ ׵ ´.    ʿϴٸ
  ߸ ̻ ÷̴.

  15.   .

   ۿ Ұ   ڷκ  ̴.  
  Ȥ    Ʒ 鿡 Ѵ.

       Rob Riggs <rob@DevilsThumb.com>  S. Coffin <scoffin@netcom.com>  Viktor Przebinda
       <viktor@CRYSTAL.MATH.ou.edu>  Roelof Osinga <roelof@eboa.com>  Kyle Hasselbacher
       <kyle@carefree.quux.soltec.net>  "David S. Jackson" <dsj@dsj.net>  "Todd G. Ruskell"
       <ruskell@boulder.nist.gov>  Rogier Wolff <R.E.Wolff@BitWizard.nl>

  16.   ̴ .

    ɺ (kevin Fenzi) 98 1  security-HOWTO 0.9.2
       ڹμ  (dolman@correl1.snu.ac.kr)
     ߾ϴ.

    0.9.11 ϸ鼭 ڹμ  0.9.2   ߽ϴ.
     0.9.11 κ ڹμ   ״ ϱ.
     ڹμ   ϰ ͽϴ.

    98 5  ɺ  ̺ ڽŰ (Dave Wreski) 
     0.9.11    ٽ .  0.9.2 9 50 ׸
      ־, 0.9.11 15 80 ׸ Ǿ ֽϴ.

    Ÿ  ؼ,  ° ڴ ö ˻ ϰ
     ߴ Դϴ.   ϽŴٸ ߸ öڿ Ͻñ
     ٶϴ.

     ִ  Ʈ  Ǿ ְ, ּҰ ٲ 쵵
     ϴ.

    ѱ۷ Ǿִ  Ʈ Ͻø ش  ѱ ˻ 
     ؼ ãƺʽÿ.

    ִ HOWTO  ߿ ѱ۷  ͵ ϴ.
     http://kldp.linux-kr.org Ͻ  ֽϴ.

  17.   ߰ 

     2.1-1: Ŀ Ǵ  (hacker-howto):
     http://genesis.yonsei.ac.kr/~kabin/doc/hacker-howto.htm â
       ѱ ֽϴ.

     2.2-1: ݹ :   ÿ ϴ   ȹ
     ϳ.

     : ڴ ڽ ϰ ִ  ȭȣ α 
     Բ  ְ ϴ   ..   ȭȣ
        ִ ȭȣ   Ŀ, ġϸ 
     ȭȣ (ϸ ߽    ؼ) ȭ ǰɾ
     (= ݹ ؼ)   Ѵ.

     : ڰ ȭ ԰ ÿ ڸ  ϴ 
     ϳ   ִ.

     :   ȭ δѴ.  ׸ ݹ  
     ̳ ħŻ Ѵ.

     2.5.2-1:    (rogue machine):  () :
     ڰ ƿ ų   ȵǾ 鼭 Ʈũ
     Ǿ ִ .  (Ȧ ?)

     4.2-1:  丮 ".":  Ǵ 丮 ȿ "ls"
     ̸  Ʈ 񸶰 ִٸ?

     5.1-1: umask   (Octal complement): н Ͽ
     "(user), ׷(group),  (other)"   ڰ
     ׽ Ѵ.    ٽ "б 㰡,  㰡,
      㰡"    㰡 ׽ ǵǾ ִ.  (5.2 )
          㰡  ǥǾ ִµ, ּ
       000 (б, ,  ) ִ  
     111 (   ).  (ְ   111 
     7̹Ƿ  Ͽ  㰡 "111.111.111" ̶ ̰
      "7.7.7" ǥ  ִ).

     umask   ϰ 丮 Ʈ   
      Ѵ.  umask       
       ( ) Ѵ. μ   umask 
     22 77 ٲָ,     ڰ  ϰ
     丮 111.000.000   㰡 ڵ 
     ȴ.

     umask   :

                     
       -.uuu.ggg.ooo     u.g.o     u.g.o     umask
       -.rwx.rwx.rwx
       0.111.111.111     7.7.7     0.0.0     umask 0
       0.111.111.100     7.7.4     0.0.3     umask 3
       0.111.101.101     7.5.5     0.2.2     umask 22
       0.111.000.000     7.0.0     0.7.7     umask 77

     5.2-1:  :  ,  "640" 
     "110.100.000" ǥõȴ.  ٽ  "rw-.r--.---".  
      㰡 "640"   ϴ  ʺڷμ
     򰥸 , "110.100.000"  θ ͺ "640"
     θ  ξ  .   ̴ ȣ ܿ 
     .

     6.1-1: PGP : ̱ ۿ  Ϸ ͳų 
      ȴ.  ֽ  www.pgpi.com   ִ.

     6.1-2: RSA Cryptography FAQ: http://www.rsa.com/rsalabs/faq/
     ()

     http://www.netusers.org/FAQen/crypto/ (ѱ: 3.0 ,  112-145)
      6.2-2 

     6.2: SSL : SSL      Ʈ
     "https://..." URL ۵˴ϴ.  , SSL  
     ȿ ǰ s-http ޽ ȿ ˴ϴ. "s-http"
     "https://" ؼ ñ ٶϴ.

     6.2-1: ݽ ȣȭ : ݽ  ѱ 
     Ʈ ̿Ͻø ѱ۷ Ǿ ִ  Ͻ  ֽϴ.
     http://home.netscape.com/ko/eng/mozilla/2.02/handbook/docs/atoz.html

     ѱ۷ Ǿ ִ SSL   ݿ    URL
        ֽϴ.  http://intranet.www-
     kr.org/workshop/ws4/C23/
     http://www.standard.nca.or.kr/kis/nca98/n001/N001S98.HTM

     6.2-2: RSA FAQ s-http: RSA FAQ 3.0  133  ׿
     s-http    Ǿ ־µ,   ǥ RSA
     FAQ s-http    ̻  ʽϴ. s-http
       Ͻø E. Rescorla A. Schiffman  "The
     Secure HyperText Transfer Protocol. Internet-Draft" (1995 7)
     Ͻʽÿ. ѱ۷     URL ֽϴ.
     http://www.netusers.org/FAQen/crypto/faq133.html (ѱ:  3.0
     )
     http://www.dpc.or.kr/db_education/general_manager/intra_appendix.html
     (ѱ: ) http://intranet.www-kr.org/workshop/ws4/C23/ (ѱ:
      )

     6.4-1: ߰  (man-in-the middle attach): A B 
      M   ʴ ߰  ؼ  ä
     .  A B  ٰ ϰ, B A  ٰ
     , δ M ߰ AԴ Bô  ϰ,
     BԴ A ô  ϴ  ͸ æ.

     6.4-2: οǽ (: Blowfish): www.counterpane.com ø
        Ÿ ڷḦ Ͻ  ֽϴ.

     6.11.1-1: x- ѱ http://kldp.linux-kr.org/x-window.html

     8.10-1 IP-Ŀ̵-Ͽ ѱ http://kldp.linux-
     kr.org/HOWTO/mini/html/IP-Masquerade/IP-Masquerade.html

