  Linux Security HOWTO
  Kevin Fenzi, kevin@scrye.com & Dave Wreski, dave@nic.com
  v1.0.2, 25 April 1999
  The Linux Japanese FAQ Project
  17 May 1999

  ̃hLgł́CLinux VXe̊Ǘ҂ZLeB֘A
  ɂĂ̈ʓIȉs܂D̃hLgł́CZL
  eBɑ΂ʓIȍlƁCLinux VXeN҂Sɂ
  @̗̋Ă܂D܂CZLeB֘ȀvO
  ̃|C^܂܂Ă܂DPCݓIȔᔻCǉC͊}
  DtB[hobN𗼕̒҂ɑĂD̍ۂɂ̓TuWFNg
  ɁuSecurity HOWTOvƂĂD
  ______________________________________________________________________

  ڎ

  1. ͂߂
     1.1 ̃hLg̍ŐVłɂ
     1.2 tB[hobN
     1.3 Ɛӎ
     1.4 쌠\
     1.5 {ɂ

  2. Tv
     2.1 ȂZLeBKvȂ̂
     2.2 ǂ̒xSȂSȂ̂H
     2.3 ̂H
     2.4 ZLeB|V[̍쐬
     2.5 ̃TCgSɂ邱Ƃ̈Ӌ`
        2.5.1 zXg̃ZLeB
        2.5.2 lbg[ÑZLeB
        2.5.3 BɂZLeB
     2.6 {hLg̍\

  3. IȃZLeB
     3.1 Rs[^ւ̎{
     3.2 BIOS ̃ZLeB
     3.3 u[g[_̃ZLeB
     3.4 xlock  vlock
     3.5 IȍU󂯂Ƃ̔

  4. [J̃ZLeB
     4.1 VKAJEg̍쐬
     4.2 root ̃ZLeB

  5. t@Cƃt@CVXẽZLeB
     5.1 umask ̐ݒ
     5.2 t@C̃p[~bV
     5.3 Tripwire ɂCVXeł邩ǂ̃`FbN Tripwire
     5.4 gC̖ؔn
     5.5 pX[h̃ZLeBƈÍ
     5.6 PGP yьJÍ
     5.7 SSL, S-HTTP, HTTPS, S/MIME
     5.8 Linux ɂ IPSEC ̎
     5.9 ssh (Secure Shell)  stelnet
     5.10 PAM - \ȔF؃W[
     5.11 Íɂ IP ̃JvZ (Cryptographic IP Encapsulation, CIPE)
     5.12 Kerberos
     5.13 VhEpX[h
     5.14 "Crack"  "John the Ripper"
     5.15 CFS (Ít@CVXe) TCF(ߓIÍt@CVXe)
     5.16 X11, SVGA, fBXvCɊւZLeB
        5.16.1 X11
        5.16.2 SVGA
        5.16.3 GGI (Generic Graphics Interface project)

  6. J[l̃ZLeB
     6.1 o[W 2.0 ̃J[l̃RpCIvV
     6.2 o[W 2.2 ̃J[l̃RpCIvV
     6.3 J[lfoCX

  7. lbg[ÑZLeB
     7.1 pPbg
     7.2 VXeT[rX tcp_wrappers
     7.3 DNS ̊mF
     7.4 identd
     7.5 SATAN, ISS ̑̃lbg[NTvO
        7.5.1 |[gT󂯂Ƃ̌o
     7.6 sendmail, qmail  MTA
     7.7 T[rXWQU
     7.8 NFS (Network File System) ̃ZLeB
     7.9 NIS (Network Information service) (Ă YP)
     7.10 hΕ(t@CAEH[)
     7.11 IP Chains - Linux J[l 2.2.x ɂhΕǂ̍\z
     7.12 zvCx[glbg[N(VPN, Virtual Private Network)

  8. ZLeB̏ (lbg[NɐڑO)
     8.1 }VŜ̃obNAbv̍쐬
     8.2 K؂ȃobNAbvv̌
     8.3 RPM t@Cf[^x[X Debian ̃t@Cf[^x[X̃obNAbv
     8.4 VXeO̊Ď
     8.5 VXeXVpbP[W̓Kp

  9. VXeɐNꂽꍇ⌻ݐNĂꍇ̑Ή
     9.1 ZLeBjĂŒ
     9.2 ɃZLeBjĂ܂ꍇ
        9.2.1 ZLeB̌ǂ
        9.2.2 Q̌ς
        9.2.3 obNAbvCobNAbvCobNAbvI
        9.2.4 N҂˂~߂

  10. ZLeB֌W̏
     10.1 FTP TCg
     10.2 EFuTCg
     10.3 [OXg
     10.4 

  11. p
  12. 悭鎿
  13. ܂Ƃ
  14. ӎ

  ______________________________________________________________________

  1.  ͂߂

  ̃hLgł́CLinux ̃ZLeBɊւȘb
  ܂DʓIȍlƃlbgŐ܂ꂽ\[Xɂċc_܂D

   HOWTO hLg̑ƃZLeB̘bŏdȂ镔
  Ĉ悤ȃhLg͓KȏꏊŎ܂D

  ̃hLǵCŐV̖̂ł́u܂vDɐV
  QNĂ܂D̃hLg͍ŐV̏ǂŌ
  ǂ̂Ĉ悤ȈpȂ߂̈ʓIȕ@܂D

  1.1.  ̃hLg̍ŐVłɂ

  ̃hLg̍ŐVł͒Icomp.os.linux.answersɓe
  D܂CȉɎ悤ȁChLg֘ȀW߂Ă FTP T
  Cgɂuł傤:

  ftp://metalab.unc.edu/pub/Linux/docs/HOWTO

  ܂CLinux ̃EFuy[Wł{hLg邱Ƃł
  傤D

  http://metalab.unc.edu/mdw/linux.html

  ŌɁC{hLg̍ŐV(e`܂)͈ȉ̃TCgœ
  ł܂D

  http://scrye.com/~kevin/lsh/

  1.2.  tB[hobN

  RgC̕񍐁CǉCᔻȂǂ͈ȉ̃[AhXɑ
  :

  kevin@scrye.com

  

  dave@nic.com

  : tB[hobN͗̒҂ɑĂD܂CKevin g
  XptB^邽߁CTuWFNgɂ "Linux", "security",
  "HOWTO" ̂ꂩKĂD

  : {Ɋւ̎wECtB[hobN͂ǉp
  肾Ƃ JF vWFNg(<JF@linux.or.jp>) ܂łA
  D

  1.3.  Ɛӎ

  No liability for the contents of this document can be accepted.  Use
  the concepts, examples and other content at your own risk.
  Additionally, this is an early version, possibly with many
  inaccuracies or errors.

  A number of the examples and descriptions use the RedHat(tm) package
  layout and system setup. Your mileage may vary.

  As far as we know, only programs that, under certain terms may be used
  or evaluated for personal purposes will be described. Most of the
  programs will be available, complete with source, under GNU
  <http://www.gnu.org/copyleft/gpl.html> terms.

  : {Ă܂C͂܂ŎQlłD

  {hLg̓eɂĂ̐ӔC͈؎܂DȂg̐ӔC
  TOCsC̑̓e𗘗pĂD܂C{hLg͏
  ΂̃o[WȂ̂ŁC炭smȕԈႢƎv
  ܂D

  Ⴈѐ̑ RedHat(tm)pbP[WɊÂĂ܂Dǎ҂̎gp
  ĂpbP[WɂĎ菇ς邱Ƃł傤D

  M҂̒mĂŁClړIŎgp邢͕]łgp̃v
  Oɂĉ܂DقƂǂ̃vO GNU
  <http://www.gnu.org/copyleft/gpl.html> ̏ɏ]CSȃ\[XR[
  htŔzzĂ܂D

  1.4.  쌠\

  This document is copyrighted (c)1998,1999 Kevin Fenzi and Dave Wreski,
  and distributed under the following terms:

  o  Linux HOWTO documents may be reproduced and distributed in whole or
     in part, in any medium, physical or electronic, as long as this
     copyright notice is retained on all copies. Commercial
     redistribution is allowed and encouraged; however, the authors
     would like to be notified of any such distributions.
  o  All translations, derivative works, or aggregate works
     incorporating any Linux HOWTO documents must be covered under this
     copyright notice.  That is, you may not produce a derivative work
     from a HOWTO and impose additional restrictions on its
     distribution. Exceptions to these rules may be granted under
     certain conditions; please contact the Linux HOWTO coordinator at
     the address given below.

  o  If you have questions, please contact Tim Bynum, the Linux HOWTO
     coordinator, at

  tjbynum@metalab.unc.edu

  : {Ă܂C͂܂ŎQlłD

  Copyright (c)1998,1999 Kevin Fenzi and Dave Wreski

  ̃hLg Kevin Fenzi  Dave Wreski ̒앨łCȉ̏
  ɊÂĔzzĂ܂:

  o  Linux HOWTO hLǵC̒쌠\SĂ̕Ɏc
     CŜ邢͈ꕔ𕡐Ezz邱ƁCCӂ̕fB
     AdqfBAŕEzz邱Ƃł܂DƓIȍĔzz͏
     コĂ܂Ĉ悤Ȕzzsꍇɂ͒҂ɘA邱
     ]܂D

  o  |ChCLinux HOWTO hLĝꂩW߂WS
     ͂̒쌠\ɏ]Ȃ΂Ȃ܂D܂CHOWTO hL
     ghhLgCɐǉ邱Ƃ͂ł
     D̏̉ł́C̋Kɂ͗OF߂܂Dȉ
     ɃAhX Linux HOWTO ̐blƑkĂD

  o  ^_΁CLinux HOWTO ̐blł Tim Bynum ܂łA
     DAhX͈ȉɎ܂D

  tjbynum@metalab.unc.edu

  1.5.  {ɂ

  { Linux Japanese FAQ Project s܂ (P
  <fujiwara@linux.or.jp>({)CJ
  <yaz-hase@qb3.so-net.ne.jp>(Z)C֌ˍK
  <sekido@mbox.kyoto-inet.or.jp>(ZC)CH
  <ike@whitedragon.org>(ZC)C鐳
  <j96418@cc.nagano-nct.ac.jp>(Z) )D{Ɋւ錠͌ɏ
  ̂Ƃ܂D

  2.  Tv

  {hLgł́CLinux VXeSɂ邽߂̕@ƁC悭g
  \tgEFAɂĉ܂D̓IȓeɓOɁC{I
  TOɂċc_CZLeB̊bĂƂɂ܂傤D

  2.1.  ȂZLeBKvȂ̂

  ɕωCO[oȃf[^ʐMCȃC^[lbgڑC
  y[X̃\tgEFAJ̐E̒ŁCZLeB͂dvɂȂ
  ܂DO[oRs[eBO͖{IɊ댯Ȃ̂ŁCZL
  eB͍{IȗvłDႦ΃f[^ A n_ B n_܂ŃC^
  [lbgőꍇlƁCf[^͌oH̓rő̒n_ʂ
  ̂ŁClf[^T₂Ă܂\܂DVX
  ẽ[UłCȂ̃f[^ӂĈӐ}Ȃ悤Ȃ
  ɕςĂ܂܂DuNbJ[vƂĒmN҂ɁCV
  XẽANZXsɓĂ܂܂DNbJ[͂
  ȂɂȂ肷܂߂ɍxȒmpCȂf[^𓐂񂾂C
  Ȃg̃f[^ɃANZXłȂ悤ɂĂ܂܂DȂ
  unbJ[vƁuNbJ[v̈ႢĂȂ悤ł΁CEric
  Raymond ̏ꂽunbJ[ɂȂ@(How to Become A Hacker)v
  D(http://sagan.earthspace.net/~esr/faqs/hacker-howto.html
  œł܂D)

  : unbJ[ɂȂ@(How to Become A Hacker)v̓{
  http://www.linux.or.jp/JF/JFdocs/hacker.txt ܂
  http://www.post1.com/home/hiyori13/freeware/hacker.html œł
  D

  2.2.  ǂ̒xSȂSȂ̂H

  ŏɁCuSɈSȁvRs[^VXe݂͑ȂƂoĂ
  ĂDC҂VXep邱Ƃ荢ɂ邱
  ł܂Dʂ Linux ̃z[[UȂ΁CRĂN
  bJ[ĥ͂قǑςł͂܂DLinux dvȎdɎg
  Ăꍇ(sCʐMƎ҂Ȃ)ɂ́CƑ̍ƂKvɂȂł
  D

  lɓׂʂ̗vfƂāCZLeB߂΍߂قǁCZ
  LeBזɂȂ邱Ƃ܂DŁCړIɑ΂ď\g
  ₷SȃVXeƂȂ悤ɁCoXƂĂȂ΂Ȃ
  ܂DႦ΁CȂ̃VXeɓdbŐڑĂSẴ[U
  R[obNfgĂ炢Cނ̉ƂɃR[obN悤ɂ
  Ƃł܂DɂĈSȉ^p邱Ƃł܂C[U
  ƂɂȂ悤ȃP[Xł̓OCɂȂĂ܂܂DLinux VX
  elbg[NC^[lbgɌqȂݒ\łCł
  ֗ȂĂ܂܂D

  K͂邢͒K͂̃TCgȂ΁CTCgǂ̒x̃ZLeBK
  vƂĂāC`FbN邽߂ǂȊčŝƂZL
  eB|V[߂ׂłDLȃZLeB|V[̗
  http://core.ring.gr.jp/pub/doc/rfc/rfc2196.txtłD͍ŋ߉肳
  ĂCЂ̃ZLeB|V[ۂ̗ǂggɂȂ܂D

  : { http://www.ipa.go.jp/SECURITY/rfc/RFC2196-00JA.html
  ɂ܂D

  2.3.  ̂H

  VXeSɂ悤ƂOɁC܂Cǂ̒x̃x̋Ђ玩g
  ̂Cǂ̒x̃XN`ׂȂ̂(邢͖`ׂłȂ
  )CʓIɃVXe͂ǂ̒xƎȂ܂܂ɂ̂߂ȂĂ͂Ȃ
  ܂D̂CȂ̂Cɂǂȉl̂C
  f[^⑼̍Yɑ΂Ă̐ӔC͒N̂m邽߂ɁCVXe
  ׂ͂łD

  o  XNƂ́CN҂VXeւ̃ANZXɐ\łDN
     ҂̓t@C̓ǂݏCQȂvOsł
     傤Hdvȃf[^Ƃłł傤H dvȎd̖W
     Qłł傤H YĂ͂ȂȂ̂́CNȂ̃AJE
     gVXeւ̃ANZXɓĂ܂΁C̐l͂Ȃɂ
     肫邱ƂłĂ܂ƂƂłD

     āCSłȂAJEgVXe1΁CʓIɃlbg
     [NŜp\܂D.rhost t@CgO
     CĂ郆[UCtftp ̂悤ȈSłȂT[rX
     gĂꍇCN҂𗘗pāuhA̒ɑ𓥂ݓ
     v댯wƂɂȂ܂DN҂Ȃ⑼̒N
     VXẽAJEgɓ΁C͑̃VXe⑼̃AJE
     gɃANZX邽߂ɗp邩܂D

  o  Ђ͊TāCNlbg[NRs[^ɋȂɃANZX
     悤Ƃ邱Ƃ琶܂DNMpĂȂ̃VXeɃANZ
     X̂CĂ̐lǂ̂悤ȋЂ炷̂lĂ
     Ȃ΂Ȃ܂D

     N҂ɂ͂̃^Cv܂D̓mĂƁCVX
     eSɂ̂ɖ𗧂ł傤D

  o  DS - ̃^Cv̐N҂͊{IɁCȂǂȃVXef[
     ^Ă̂m邱ƂɋĂ܂D

  o   - ̃^Cv̐N҂́CȂ̃VXe_ECEF
     uy[WɗȂǁCɋ⎞Ԃ邱Ƃ悤Ƃ
     ܂D

  o   - ̃^Cv̐N҂́C∫𓾂邽߂ɃVXeɐN
     悤Ƃ܂D̔\͂`邽߂ɁC̒ʂVXeɐN
     悤Ƃ܂D

  o   - ̃^Cv̐N҂́CȂVXeɂǂȃf[^
     uĂ̂ɋĂ܂D̐N҂́CȂKI
     邢͂ȊO̕@ŗv炷ĂƎvĂ
     ł傤D

  o  ؗp - ̃^Cv̐N҂͂Ȃ̃VXeɍƏC̎
     ̂߂ɎgƂɋĂ܂Dނ͕ʂ̓`bg
     IRC T[oC|mA[JCũT[oC邢 DNS T[o܂Ŏs
     ܂D

  o   - ̃^Cv̐N҂́CȂ̃VXegđ̃VXe
     N邱ƂlĂ܂DȂ̃VXe̐ڑԂǂ
     C̓VXeɌpĂQ[gEFCȂ΁C̃^Cv
     ̐N҂Ȃ̃VXep悤ƂĂ邱Ƃ悭N邩
     ܂D

  o  VXe̐Ǝコ́CȂ̃Rs[^̃lbg[Nǂ
     xĂ邩ƂƂCNsȃANZXݓI
     \܂D

     ҂VXeɐNꍇCƂȂ̂ł傤H R
     Cƒ납 PPP Ń_CAAbvڑĂ郆[U̖ƁC
     ̃}VC^[lbg⑼̑K̓lbg[NɌqłlX
     ͈قȂ܂D

     f[^𕜋邢͍Ăэ쐬̂ɂǂꂭ炢̎ԂKv
     傤H ƏĂ΁CŎf[^č쐬
     ͂߂ɂȂƂɂ鎞Ԃ101ɐߖł܂DobNAbv
     ̌v`FbNCƂŃf[^̌؂Ă܂H

  2.4.  ZLeB|V[̍쐬

  [UeՂɗĎ邱ƂłCȒPňʓIȕj߂܂
  D̕j͑؂ȃf[^⃆[ŨvCoV[Ăł
  DɉčlׂƂ́CNVXeɃANZXł̂(
  ̗FlɎ̃AJEgg킹Ă̂ł傤H)CNVXe
  Ƀ\tgEFACXg[邱Ƃł̂CNǂ̃f[^L
  ̂Cꂩ玖̎̕VXe̓K؂ȎgɂĂłD

  ʂɎ󂯓ĂZLeB|V[͎̌tn܂܂D

                    "ĂȂƂ͋֎~Ă"

  ́CT[rX[Uɑ΂ĔF߂ĂȂꍇCo܂ł
  [U͂̃T[rXgׂł͂ȂƂƂłDK[UAJE
  gɓKp|V[mF܂傤DuƁCp[~bV̖
  킩Ȃ̂ŁCroot Ŏs悤vȂǂƌƂ́C炩ȃZL
  eBz[ɂȂ܂C܂ŕsgpꂽƂ̂ȂZLeBz
  [ɂȂ邩܂D

  rfc1244 ͓Ǝ̃lbg[NZLeB|V[邽߂̎wj
  ꂽhLgłD

  rfc1281 ̓ZLeB|V[̗hLgłCeXeb
  v̏ڍׂȐtĂ܂D

  ŌɁCftp://coast.cs.purdue.edu/pub/doc/policy ɂ COAST |V[
  A[JCu𒲂ׁCł̃ZLeB|V[ǂ̂悤Ȃ̂
  Ɨǂł傤D

  2.5.  ̃TCgSɂ邱Ƃ̈Ӌ`

  {hLgł́CȂĂMdȍY([J}VCf[
  ^C[UClbg[NCȂ̕])邽߂̕@c_܂D
  N҂Ȃ̃[Ũf[^Ă܂CȂ̕]͂ǂ
  ł傤? Ȃ̃EFuy[WɗĂ܂ǂȂ
  傤? ܂CȂ̉Ђ̎̎ľv΂炳Ă܂?
  lbg[ÑCXg[lĂȂ΁C1 ̃}Vlbg[
  NɂȂOɍlׂvf͂񂠂܂D

  Ȃ_CAAbv PPP AJEggĂCK͂ȃTC
  g^cĂꍇłĂCN҂Ȃ̃VXeɋ͎
  Ƃ͌܂DWIɂ̂́CK͂ŗLȃTCgł͂
  D̐N҂͋K͂Ɋ֌WȂł邾̃TCgsgp
  Ƃ܂DāCN҂͂Ȃڑ̃TCgɃANZX邽
  ߁CȂ̃TCg̃ZLeBz[˂܂D

  N҂͎Ԃė]ĂCȂǂȂɃVXeBĂC
  ̂ł͂ȂCPɑSẲ\Ă܂܂DN҂Ȃ
  VXeɋR͑ɂ񂠂܂CɂĂ͌
  c_܂D

  2.5.1.  zXg̃ZLeB

  Ǘ҂łWZLeB́̕CԂzXgɊÂ
  傤D͊{IɁCg̃VXëSmۂC̃lbg
  [N̑̃zXglł邱Ƃ҂邱ƂłDǂpX[h
  IсCLAN ւ̃T[rXSɍsCƃOCZLeB
  ɖ肪邱ƂmĂvÕo[WAbvs
  ́C[J̃lbg[NǗ҂ӔCčsׂƂłD
  ΂ɕKvȂƂȂ̂łClbg[N̋K͂K͂傫Ȃ
  ƎۂɍsƂςɂȂĂ܂܂D

  2.5.2.  lbg[ÑZLeB

  lbg[ÑZLeB[J̃zXg̃ZLeBƓlɕKv
  łDSCC邢͂ȏ̃Rs[^lbg[Nɂ
  ꍇĈꂼꂪSłƐM邱Ƃ͂ł܂Dꂽ
  [Ũlbg[NɃANZXłȂ悤ɂChΕǂ\
  zC͂ȈÍgpCüv}VSłȂ}Vlb
  g[Nɖ悤ɂ邱Ƃ́CSălbg[NǗ҂̔CłD

  {hLgł̓TCgSɂ邽߂ɎgZp̂ɂ
  ċc_ĈׂN҂ɃANZXȂ悤ɂ@
  ܂D

  2.5.3.  BɂZLeB

  c_ׂZLeB̃^Cv 1 ́uBɂZLeBv
  D͗Ⴆ΁CZLeBIȎ_mĂT[rXWł
  |[gɈړCU҂ɑ݂΂Ȃ悤ɂĈp悤Ƃ
  ̂łD̂悤Ȃ̂͐SzȂĂU҂ĈpĂ
  ܂DBɂZLeB́CZLeBIɂ͑SӖłDP
  K͂ȃTCgrIȃTCgł邩ƂāCN҂Ȃ
  Ă̂ɋȂ킯ł͂܂D̏͂ŁCȂ
  ̂ɂċc_܂D

  2.6.  {hLg̍\

  {hLg͂̏͂ɕĂ܂De͂ŃZLeB̂
  ܂Șb܂Dŏ̘b ``IȃZLeB''ŁC}V
  ̂̂𕨗IɂȂ悤ɂ邽߂̕@łD 2 ̘b
   ``[J̃ZLeB''ŁC[J[UVXe₂
  h@łD3 Ԗڂ̘b ``t@Cƃt@CVXẽZL
  eB'' ŁCt@CVXeƃt@C̃p[~bV̐ݒ̕@
  ܂D̘b ``pX[h̃ZLeBƈÍ''ŁC}V
  lbg[NSɂ邽߂̈Í̎gc_܂D ``J[l
  ̃ZLeB''ł́C}VSɂ邽߂ɐݒ肠邢͈ӎ
  ׂJ[lIvVɂċc_܂D ``lbg[ÑZL
  eB''ł́C Linux VXeOlbg[N̍Uɑ΂Ă
  Sɂ@܂D``ZLeB̏''ł́C}Vlbg
  [NɌqȌ̂肩ɂċc_܂D ``VXeɐN
  ꂽ/Ăꍇ̑Ή'' ł́CVXeɐN邱ƂN
  ŋ߂ɋNƂɋCÂꍇɂׂƂc_܂D ``Z
  LeBɊւ''ł́CZLeBɊւ{Iȏ񌹂
  C Q & A ̏͂ł``悭鎿''ł͂悭鎿
  ɑ΂񓚂܂DŌ ``Ō'' ̏͂Ōт̌tq
  ׂ܂D

  {hLgǂŗĂ|Cg͎2܂D

  o  VXeɒӂ𕥂܂傤D/var/log/messages ̃VXeO
     `FbNCVXe܂傤D

  o  ŐVo[W̃\tgEFACXg[CZLeB̌x
     o΃\tgEFAAbvO[h邱ƂŁCVXeɍ
     V̏Ԃɂ܂傤DPɂsŁCVXe͌IɈS
     ɂȂ܂D

  3.  IȃZLeB

  ŏɍlׂZLeB̑ẃCRs[^VXe̕IȃZ
  LeBłDN}V֒ڐG邱Ƃł̂H G邱Ƃł
  ׂȂ̂H ܂Cނ炪}VȂ悤̂H 邢
  ׂȂ̂H

  IȃZLeBǂ̒xKvɂȂ邩́C̏ꍇC󋵂\Z
  Č܂܂D

  Ȃ}V̉ƂŎgĂ̂Ȃ΁CԂ񒍈ӂׂ
  ͂܂Ȃł傤(q₤邳eʂ}VKv͂邩
  ܂)DȂ΁CȂ蒍ӂȂ΂ȂȂł傤C
  [U͂̃}VŎdłKv܂D̂߂ɂ͈ȉ̊e
  QlɂȂł傤DȂItBXɂȂ΁CIƌ₠Ȃ
  𗣂ĂƂɃ}VSɂĂKv邩܂񂵁C
  ̕Kv͖܂DЂɂẮCR\[u邱Ƃ
  Nrɂ̋KᔽłD

  hA̎{P[uCt̃LrlbgCrfIĎû킩
  IȖh@͑SėǂlȂ̂łC̃hLg̎
  ͂ł͂܂ :-)

  3.1.  Rs[^ւ̎{

  ŋ߂ PC P[X̑ɂ́uvtĂ܂Dʂ̓P[X̑OʂɌ
  C{̈ʒuɃZbgł悤ɂȂĂ܂DP[X
  ̌ɂāC҂ PC 𓐂񂾂CP[XJĒڃn[hEFA
  蓐񂾂肷邱ƂhƂł܂DP[XɂẮCt
  bs[fBXN⑼̋@ɂ}V̍ċNhƂł܂D

  }U[{[h̃T|[gP[X̍ɂẮCP[X̌ŐFXȂ
  ł܂D PC ł̓P[XJ邽߂ɂ͂󂳂ȂĂ͂Ȃ
  ܂D܂CVL[{[h}EX}Ȃ̂܂Dڂ
  ̓}U[{[hP[X̐ǂłDʏC̎͂ƂĂ
  CU҂͋UɂĊȒPɔj邱Ƃł̂łCł͂
  Ă֗ȋ@\ɂȂ蓾܂D

  P[X( Sun SPARC  Macintosh)ɂẮCwʂɃhO(dongle)
  tĂāCʂăP[uq΁CP[u؂邩P[X
  Ȃ΍U҂̓P[uqƂł܂DɒPɓ싞
  At邱ƂŁC}V𓐂ƂĂlւ̑傫ȗ}~ʂ
  ܂D

  3.2.  BIOS ̃ZLeB

  BIOS ͂Ƃn[hEFAɋ߂x̃\tgEFAŁCx86x[X̃n
  [hEFA̐ݒyёs܂DLILO ̃u[g[_́CBIOS ɃA
  NZX Linux }Vǂău[g邩w܂DLinux 
  ̃vbgtH[łl̃\tgEFA܂(Mac  V Sun
   OpenFirmware, Sun  boot PROM )DBIOS ̐ݒŁCU҂}V
  ċN Linux VXe𑀍삷̂hƂł܂D

   PC BIOS ł͋NpX[h̐ݒ邱Ƃł܂D͂
  ȂɈSł͂܂(BIOS ̓Zbg邱Ƃł܂CP[X
  J邱ƂłȂOƂłł傤)C}~ʂ͑傫
  ł傤(ԂɂȂ܂CVXeՂc邩
  ł)Dl S/Linux (SPARC(tm)vZbT̃}Vp Linux)ł́C
  EEPROM ݒ肵ċNpX[h邱Ƃł܂DŐN҂
  ~߂ł邩܂D

   x86 }V BIOS ł́C̑ɂ𗧂ZLeBݒFX
  wł܂DBIOS ̃}jA𒲂ׂ邩C̃}VNɃ`Fb
  NĂ݂܂傤DႦ΁Ctbs[fBXNł̋N֎~ł BIOS
  ܂Cꕔ̐ݒɃpX[h邱Ƃł BIOS 
  D

  : T[o}VǗĂāCNpX[hݒ肵ĂꍇCl
  Ȃƃ}V͋N܂DdȂǂ̎́C}V̏ɍsăpX
  [hłłKv邱ƂoĂ܂傤D ;-(

  3.3.  u[g[_̃ZLeB

  FXȃu[g[_ɂNpX[hݒ肷邱Ƃł܂DႦ
  LILO gĂꍇɂ́Cpassword  restricted ̐ݒ𒲂ׂĂ݂
  傤Dpassword ͋NɕKpX[hv悤ɂ
  Drestricted ̏ꍇ́CLILO  vvgɑ΂ăIvV
  (single)w肵ꍇNpX[hv悤ɂȂ܂D

  pX[hݒ肵CYĂ͂ȂȂ_ɒӂĂ
  D:-) ܂CC̓U҂ɑ΂ẮĈ悤ȃpX[h͒P
  Ȃ鑫~ߒxɂȂȂƂYĂ͂܂D̕@ł͒N
  tbs[fBXNNă[gp[eBV}Eg邱
  hƂ͂ł܂Du[g[_Ƒgݍ킹ZLeB@g
  ꍇɂ́CRs[^ BIOS Ńtbs[fBXN̋N𖳌
  邱Ƃł܂CBIOS pX[hی삷邱Ƃł܂D

  LILO ȊÕu[g[_(grub, silo, milo, linload )̃ZLeB
  AmȂ΁CЂm点D

  : T[o}VɃpX[hݒ肵ꍇClȂƃ}V͋N
  ȂȂ܂DdȂǂ̏ꍇłC}V̂ƂɍsăpX[h
  ł܂Ȃ΂ȂȂƂ͊oĂ܂傤D ;-(

  3.4.  xlock  vlock

  pɂɃ}V痣ďoȂ΁CR\[Ɂuv|CN}V
  CƂ̗lq`Ȃ悤ɂĂƗǂł傤D
  悤ȃvOƂāCxlock  vlock  2 Љ܂D

  xlock  X ̃fBXvCbN܂DX T|[gĂ Linux 
  fBXgr[VȂ΁C xlock ̓CXg[Ă
  傤DIvVɂĂ̓IC}jAQƂĂق̂ł
  C܂ɐƁCbNR\[ xterm  xlock 
  NƁCfBXvCbNCpX[h͂ȂƂ
  łȂȂ܂D

  vlock  Linux ̉zR\[̈ꕔ邢͑SĂbN邽߂̊
  PȃvOłDݍƒ̃R\[ 1 bN邱Ƃ
  ł܂CSĂbN邱Ƃł܂DzR\[ 1 b
  NĂꍇC̐l̓R\[gƂł܂DłCbN
  Ă鉼z[̓bN܂ł͎gƂł܂D
  vlock  RedHat Linux ɂ͓Ă܂CĂȂfBXgr[
  V邩܂D

  RȂCR\[bNΉ҂ɂȂ̍Ƃ
  hƂ͂ł܂C}VċNꂽ肵Ă肩̍Ƃ
  邱Ƃ͖h܂D܂Clbg[N̑̃}VR\[
  bN}VɃANZXĖNƂhƂł܂D

  ɏdvȓ_ƂẮCN X EBhEVXe犮SɔĒ
  ̉zR\[̃OCvvgɍsƂCX11 Nz
  R\[ɍs X TXyhC[ǓDĂ܂Ƃ
  hȂ_܂DłCS xdm ̐䉺ɂĎg
  Ƃl̂悢ł傤D

  3.5.  IȍU󂯂Ƃ̔

  ܂́C}VċN̂KL^悤ɂ܂傤DLinux
  ͊挒ň OS łCȂ}VċN̂ OS ̃Abv
  O[hn[hEFǍ̎ł傤DȂmȂ
  }VċNĂC͐N҂ɈpꂽƂ̈󂩂
  DN҂}VɕIȍUȋ́C}VċN
  Cd؂肵Ȃ΂ȂȂłD

  P[XRs[^ӂꂽ󂪖ǂ`FbN܂
  DN҂͕ʃO獭Ղ܂CSă`FbNC
  ׂ̂ǂł傤D

  Õf[^Sȏꏊ(Ǝꂽlbg[N̐p̃O
  T[o)ɒûǂlłD}Vpꂽꍇɂ́CO
  f[^͂قƂǖɗȂȂ邩łDƂ̂CN҂͑O
  Ă܂łD

  syslog f[ݒ肵āCOIɒ̃OT[oɑ悤
  邱Ƃł܂C͒ʏ͕̃f[^ő܂D
  āCN҂͓]Ăf[^邱Ƃł܂DɂC
  ̂Ȃlbg[N֌W̏񂪉kĂ܂܂Df
  [^𑗂ۂɈÍ邱Ƃł syslog f[܂D

  syslog ̃bZ[W̋U͗eՂł_ɂӂĂD
  p邽߂̃vOoĂ܂Dsyslog ̓[JzXgo
  ꂽƌĂlbg[NoR̃OGgłĂC{̑M
  ƂȂ󂯕tĂ܂܂D

  O𒲂ׂۂɂ͈ȉ̓_ɒӂ܂D

  o  OZCsSł͂Ȃ

  o  OɋL^Ă鎞Ԃ͂Ȃ

  o  Õp[~bV⏊L҂͂Ȃ

  o  VXê̂CT[rX̍ċN͋L^ĂȂ

  o  ȂĂ郍O͂Ȃ

  o  ȏꏊ su  login sĂȂ

  VXeOf[^ɂẮC HOWTO  ``̏''Ő܂D

  4.  [J̃ZLeB

  Ƀ[J[U̍Uɑ΂VXẽZLeBɂčl
  DłC[J̃[Uɑ΂ĂłD

  [J[ŨAJEg̊ĺCU҂ root ̃AJEgj낤
  Ƃۂɍŏɍl邱Ƃ̈łD[Jɑ΂ZLeB
  ΁ClXȃoO⃍[J̃T[rX̂܂ݒ𗘗pāC
  [Ǔ root [ǓցuAbvO[hv邱Ƃł
  ̂łD[Jɑ΂ZLeBłł΁CN҂zȂ
  ΂ȂȂn[h͂܂c邱ƂɂȂ܂D

  [J[ÚCƂĝĂȂĂCVXeɔQ^
  邱Ƃł܂DmȂlR^Ng邽߂̏񂪖lɃAJ
  Eg^̂́CɊ댯ȂƂłD

  4.1.  VKAJEg̍쐬

  AJEg𔭍sۂɂ́C̃[UsKvƂɑ΂ĕKv
  ŏ̃AJEg^悤ɂׂłDq(10)ɃAJEg^
  ̂Ȃ΁C[v₨G`vOɂ̓ANZXł邯ǁC
  ̂̂łȂt@C폜łȂ[Uɂׂł傤D

  l Linux }Vɑ΂Ă̍IɃANZXĂ炤߂́C֗
  Ȍo܂D

  o  Kvŏ̌^Ȃ悤ɂ

  o  Cǂ烍OCC邢͂ǂ烍OCׂɒ
     ӂ𕥂

  o  gĂȂAJEg͕K폜

  o  SẴRs[^ƃlbg[Nœ[U ID gƂ悢ł
     DɂCAJEg̊ǗyɂȂ܂COf[^̉
     eՂɂȂ܂D

  o  O[v[U ID ̍쐬͐΂ɋ֎~ׂłD[UAJEg
     ͐ӔC݂̏炩łCO[vAJEgł͂ł͂Ȃ
     łD

  ZLeBjƂɎg郍[J[ŨAJEg̑́C
  邢͉NgĂȂ̂łDNgĂȂ߂ɁCz
  IȍU̓ɂȂĂ܂̂łD

  4.2.  root ̃ZLeB

  Ȃ̃}Vōł~AJEǵCroot([p[[U)̃A
  JEgłD̃AJEg̓}VŜɑ΂錠Clbg[
  N̑̃}Vɑ΂錠Ƃ܂Droot ̃AJEg
  ł邾ZԂ́C̍ƂŎgpCȊO͈̎ʃ[U
  ă}VgpׂłDroot [UŃOCĂƂƂ
  ~XłN˂܂Droot Ă鎞Ԃ͒Z
  ZقǈSłD

  root Ń}V󂵂Ă܂Ȃ߂̎d|܂D

  o  GȃR}hsƂC globbing g(*  ? Ȃǂ̃
     ChJ[hgp)ꍇɂ́Cŏ͎sĂߎSȌʂɂȂ
     @Ƃ܂傤DႦ "rmoo*.bak" sꍇɂ́C܂
     "ls foo*.bak" sClĂt@C悤ɂȂ
     Ă邩mF̂łD댯ȃR}h̑ echo g邱
     ܂D

  o  [Uɑ΂ rm R}h̃GCAXݒ肵ĂCt@C̍
     ̍ۂɊmFs悤ɂ܂D

  o  ̍ 1 s߂ root ɂȂ܂傤DCǂ
     čƂ悤lĂ悤ȏԂƂCroot łȂ
     ΂ȂȂƂ͂肷܂ł́Cʃ[Uɖ߂܂傤D

  o  root [ŨR}hpX͂ƂĂdvłDR}hpX(܂ PATH
     ϐ)̓VFvOTfBNgw肵܂Droot
     [Up̃R}hpX͂ł萧ׂłC '.' (
     uJgfBNgvӖ܂) PATH ̎wɓĂ͐΂
     ܂DɁC݉\ȃfBNgpXɓĂ
     ܂DƂ̂CȂĂƍU҂pX̃t@C
     ułCȂ̃R}hɎg
     Ƃ root œ삳邱Ƃł邩łD

  o  root  rlogin/rsh/rexec R}hQ( r-[eBeB)
     gĂ͂܂D̃R}h͐FXȍȖΏۂƂȂ
     ŁCroot Ŏŝ͎Ɋ댯łDroot [Up .rhosts t@C
     ͌čĂ͂܂D

  o  /etc/securetty ɂ root OCł[̃XgĂ
     D(RedHat Linux )ftHgł́Cɂ̓[J̉z[
     (vty)ݒ肳Ă܂D̃t@CɂȊO̒[ǉ
     Ƃɂ́CאS̒ӂ𕥂ĂDKv鎞łʃ[U
      (ł ``ssh'' ̈Í`loR) [gOC
     Cꂩ su 邱Ƃł͂Ȃ̂ŁC root ƂăOC
     łKv͂܂D

  o  root ł̍Ƃ́CKCTdɍs܂傤DƂ̌ʂ͑傫
     ȉe炷܂DR}hłޑOɁC܂l
     傤I

  ǂĂN(łΔɐMĂl) root ^Kv
  ꍇɂC⏕c[܂Dsudo g΁C[U
  pX[hgāCꂽR}hQ root ̌Ŏgp邱
  ł܂DɂCႦ Linux }Ṽ[oufBA
  [UɃCWFNg}Eg邯ǁCȊO root ͗^
  悤ɂ邱Ƃł܂Dsudo ͐Es܂߂đSĂ sudo ̎
  ݂OɎ邱Ƃł̂ŁCN̂߂ɂǂ̃R}hg
  邱Ƃł܂D̂߁Csudo ͑̃[U root 
  悤Ȋł܂p邱Ƃł܂DȂȂVXeɑ΂čs
  ꂽύX𒲂ׂ₷Ă邩łD

  sudo gē̃[UɓړÎ߂̓̌^邱Ƃ
  ܂Csudo ɂ͌_܂Dsudo ́CT[o̍ċN⃆
  [U̐VKǉȂǁCꂽƂ̑gɑ΂ĂgׂłDVFG
  XP[vłCӂ̃vÓC sudo ʂĎg[U
  root ^Ă܂܂DႦ΁C啔̃GfB^ɊY
  D܂C/bin/cat ̂悤ɖQȃvOłĂt@C̏㏑
  ɎgƂł̂ŁCg root j邱Ƃ蓾
  Dsudo ͌g킹邽߂̎iƍlׂłCroot [U
  Sɂ邽߂ɒûƊ҂Ă͂܂D

  5.  t@Cƃt@CVXẽZLeB

  VXelbg[NɌqOɏƌvsŁCVXe
  ̒̃f[^̂ɖ𗧂ł傤D

  o  [Ũz[fBNg SUID/SGID vOuāC
     s闝R͑S܂Droot ȊÕ[U݉\
     p[eBVɑ΂Ă /etc/fstab  nosuid IvVg
     傤D܂C[Ũz[p[eBV /var ł nodev 
     noexec gƍl邩܂D̃IvV̓vO
     ̎sCLN^foCXEubNfoCX̍쐬֎~
     D͂ɂKv͂łD

  o  NFS păt@CVXeGNX|[gĂꍇ͕KCAN
     ZXł茵ݒ肵ĂD܂ /etc/exports łł
     茵ANZXsĂD̓ChJ[hg
     ȂƁCroot ł̏݃ANZXȂƁCł
     ݎpŃGNX|[gƂƂłD

  o  t@C쐬 umask ł茵ݒ肵ĂD ``umask
     ̐ݒ'' D

  o  NFS ̃lbg[Nt@CVXepăt@CVXe}E
     gĂȂ΁CK /etc/exports œK؂Ȑtݒɂ
     ĂDʂ `nodev', `nosuid', ꂩ瑽 `noexec' ]
     ł傤D

  o  ftHg unlimited F߂̂ł͂ȂCt@CVXeɐl
     ݒ肵܂傤D\[Xs PAM W[
     /etc/pam.d/limits.conf gāC[Uʂɐ䂷邱Ƃł܂D
     Ⴆ΁CO[v  users ͈̐ȉ̂悤ɂȂ܂:

                       @users     hard  core    0
                       @users     hard  nproc   50
                       @users     hard  rss     5000

  ̐ݒ́CRAt@C̍쐬֎~CvZX̐ 50 ɐC
  ̎gpʂ[U 1 l 5MB ɐ̂łD

  o  /var/log/wtmp, /var/run/utmp t@Cɂ́CVXȇSẴ[U
     OCL^L^Ă܂D̃t@C͐΂Ȃ悤
     ɂȂĂ͂Ȃ܂DƂ̂C̃t@Cgă[U(
     ͐N҂ł\l)CǂVXeɓ̂
     m邱Ƃł邩łD̃t@C̃p[~bV 644 ɂ
     ׂłD̐ݒ͒ʏ̃VXeɉe^܂D

  o  immutable rbggƁCȂĂ͂ȂȂt@Ĉŏ
     ㏑邱ƂhƂł܂D̃rbggāCN
     ̃t@Cɑ΂V{bNN쐬邱ƂhƂ
     ܂(V{bNN͍܂ /etc/passwd 
     /etc/shadow ̍폜܂ލU̎iƂȂĂ܂)D immutable
     rbg̏ɂẮCIC}jA chattr(1) QƂ
     D

  o  SUID, SGID ꂽt@CVXeɂƃZLeBɂƂĂ͐
     ݓIɊ댯Ȃ̂ŁC̃t@C͂悭ĎĂȂ΂Ȃ܂
     D̂悤ȃvO͎s[UɓʂȌ^̂ŁC
     SłȂvO΂ɃCXg[Ȃ悤ɂKv
     ܂DNbJ[DŎggbNƂāCroot  SUID ꂽv
     OC̃ZLeBz[ǂĂɎg闠
     ƂāCSUID ꂽvOcĂ@܂D

     VXe SUID/SGID ꂽvOSČC炪ǂ
     ȂĂ邩Ď܂DN҂̉\̃t@C̕
     ɒӂĂDVXe SUID/SGID ꂽvOS
     ɂ͈ȉ̃R}hg܂:

                       root#  find / -type f \( -perm -04000 -o -perm -02000 \)

  Debian fBXgr[V́CSUID ꂽt@C݂邩ǂ
  𒲂ׂWu𖈔ӎs܂DāCӂ̎sʂƔr
  D̃O /var/log/suid* ŎQƂł܂D

  vO chmod g SUID  SGID ̃p[~bV
  Ƃł܂DǂĂKvƎvɂ̓p[~bV߂
  Ƃł܂D

  o  SẴ[U[݉\ȃt@C(ɃVXet@C)́CN
     bJ[Ȃ̃VXeɃANZXāCC邱ƂɂZL
     eBz[ƂȂ肦܂DɁCE珑߂fBNg
     CNbJ[RɃt@C̒ǉE폜ł邽ߊ댯łDV
     Xeɂ邱̂悤ȃt@C̈ʒu肷ɂ́Cȉ̃R}
     hg܂:

                       root# find / -perm -2 ! -type l -ls

  ꂩCǂẴt@C݉\ɂȂ̂m߂
  Dʂɑ삵ĂꍇłC/dev ̂̃t@CV
  {bNN܂߂āCE珑߂t@C
  DāC! -type l pāC find R}ȟʂ炱
  菜ĂD

  o

     L҂̂Ȃt@CN҂VXeɃANZX\
     ܂DL҂Ȃt@CCǂ̃O[vɂĂȂt@C
     ́Cȉ̃R}hŌ邱Ƃł܂:

                       root# find / -nouser -o -nogroup -print

  o  .rhosts t@C邱ƂCVXeǗ҂̓Ɩ̈ꕔ
     DƂ̂C̃t@CVXeɒuƂׂ
     ł͂ȂłDlbg[NŜɃANZX\𓾂邽߂
     ́CNbJ[͈SłȂAJEg 1 ΗǂƂ
     YȂłDVXȇSĂ .rhosts t@C͈ȉ̃R
     }hŌ邱Ƃł܂:

                      root# find /home -name .rhosts -print

  o

     ŌɂȂ܂CVXet@C̃p[~bV̕ύX́C悤
     ƂĂ邱ƂKĂɂĂD𓮂߂
     yȕ@ƂāCt@C̃p[~bVςĂ͂܂
     Dp[~bVςOɂ́Ct@C̃p[~bV
     ȂĂ闝RKĂD

  5.1.  umask ̐ݒ

  umask R}hgāCVXẽftHg̃t@C[h
  邱Ƃł܂Dumask l͐ݒ肵t@C[h 8 ił̕␔
  ɂȂ܂Dp[~bVɊւws킸Ƀt@C𐶐
  ƁCp[~bV^ׂłȂ҂ɑ΂ēǂݏ̃p[~b
  VӐ}ɗ^Ă܂܂Dʏ umask l̐ݒ
  022, 027, 077 łD077 ͍łݒłDʏ umask l
  /etc/profile Őݒ肳CVXȇS[UɓKp܂Dt@C
  }XŃC777 ]̒lZ邱ƂɂČvZ邱Ƃł
  ܂DƁCumask l 777 ł΁CVt@C
  ͒Nɑ΂ĂǂݏƎs̃p[~bV܂D}XN 666
  Ȃ΁CVt@C̃[h 111 ƂȂ܂DႦ΁C
  ̂悤ȍsݒ肷邱Ƃł܂:

                       # Set the user's default umask
                       umask 033

  root [U umask l͕K 077 ɂĂDĂƁCchmod
  gĖIɕςȂC̃[U̓ǂݏƎs͖ɂȂ
  D̏ꍇCVfBNg̓p[~bV 744 
  ܂D̒l 777  033 ēꂽ̂łD umask l 033 
  pĐVt@C̓p[~bV 644 ܂D

  RedHat gĂCRedHat ̃[U ID, O[v ID ̍쐬@(User
  Private Groups)ɏ]ꍇCumask ɂ 002  ݒ肵ĂΏ\
  D̗ŔCftHg̐ݒ 1 O[v 1 [UȂ
  łD

  5.2.  t@C̃p[~bV

  VXet@CCVXeǗsׂłȂ[UO[v̌
  ɂĕύXłȂ悤ɂĂ̂͏dvȂƂłD

  UNIX  t@CƃfBNg̃ANZX 3 ̓(LҁCO
  [vCS)ɕĂ܂DK 1 l̏LҁCo[Cӂ
  O[vCȊȎSłD

  ȉ UNIX ̃p[~bVȒPɐ܂:

  L(ownership) - m[h₻̐em[h̃p[~bVݒǂ
  [UCO[vsƂł̂܂

  p[~bV(permissions) - t@Cɑ΂čsƂłANZX
  ̎ނ߂rbgDgłCfBNg̃p[~bV
  ̓t@C̃p[~bVƂ͈ӖقȂ邱Ƃ܂D

  ǂݏo(read):

  o  t@C̓e邱Ƃł

  o  fBNg̓e邱Ƃł

  (write):

  o  t@C̓e̒ǉCCł

  o  fBNg̃t@C̏t@Cړł

  s(execute):

  o  oCĩvOVFXNvgsł

  o  ǂݏõp[~bVƑgݍ킹āCfBNg𒲂ׂ邱
     ł

     eLXgۑ: (fBNgp)
        fBNgɓKpꍇCusticky rbgv̈Ӗ̓t@C
        KpꍇƈقȂ܂Dsticky rbgfBNgɐݒ肳
        Ăꍇɍ폜łt@ĆC̃fBNgւ̏݌
        ƂĂCLĂt@CIɏ
        ^Ăt@CłD̃rbg /tmp ̂悤
        fBNĝ߂ɗpӂꂽ̂łD̂悤ȃfBNg
        ́CE珑݂ł܂Cǂ̃[UɂRɃt@C
        ƂF߂邱Ƃ͖]܂܂DfBNgڍו\
        ƁCsticky rbg t ŕ\܂D

     SUID : (t@Cp)
        ̓t@Cւ SUID p[~bV܂D[U ID ݒ
        ANZX[hL҂̃p[~bVŐݒ肳ĂC
        t@Cs\ł΁CsvZX́CvZX
        N[Uł͂Ȃt@CLĂ郆[UɊÂăVX
        ẽ\[XɃANZXł܂D͊e 'buffer overflow'
        ǓƂȂ܂D
     SGID : (t@Cp)
        O[ṽp[~bVŐݒ肳Ă΁C̃rbg̓t@C
        ́uO[v ID ݒvԂ𐧌䂵܂D SUID Ɠ悤
        삵܂C[Uł͂ȂO[ve󂯂_قȂ
        D̃rbgɌʂ邽߂ɂ́C͂t@C͎s\
        łȂ΂܂D

     SGID : (fBNgp)
        (chmod g+s directory s)fBNg SGID rbgݒ肵
        ꍇC̃fBNgɍꂽt@C̓fBNg̃O[
        vɐݒ肳ꂽO[v܂D

  Ȃ       - t@C̏L

  O[v     - ȂO[v

  S         - L҂łO[ṽołȂCVXȇS

  t@C̗:

               -rw-r--r--  1 kevin  users         114 Aug 28  1997 .zlogin
               1Ԗڂ̃rbg - fBNg?        (no)
                2Ԗڂ̃rbg - L҂ǂݏo邩?  (yes, [U kevin \)
                 3Ԗڂ̃rbg - L҂߂邩?  (yes, [U kevin \)
                  4Ԗڂ̃rbg - L҂sł邩?  (no)
                   5Ԗڂ̃rbg - O[v͓ǂݏo邩 (yes, users O[v\)
                    6Ԗڂ̃rbg - O[v͏߂邩? (no)
                     7Ԗڂ̃rbg - O[v͎sł邩? (no)
                      8Ԗڂ̃rbg - Nłǂݏo邩?     (yes, Nł\)
                       9Ԗڂ̃rbg - Nł߂邩?     (no)
                        10Ԗڂ̃rbg- Nłsł邩?     (no)

  ȉ̍śCANZX̐ɕKvȍŏ̃p[~bVW߂
  Dۂɂ́CɎȏ̃p[~bV^邱ƂKv
  ܂񂪁C̃t@CɊւŏ̃p[~bVӖ
  ͎̂悤Ȃ̂ł:

       -r--------  L҂ɓǂݍ݃ANZX܂
       --w-------  L҂Ƀt@C̏Cƍ폜܂
                   (̃t@CĂfBNg̏݃p[~bV
                    [ÚCt@C̏㏑폜sƂł܂)
       ---x------  ̃vO̎s܂DVFXNvg̏ꍇ
                   ꂾł͑肸Cɓǂݍ݃p[~bVKvłD
       ---s------  u[U ID = LҁvƂĎss܂
       -------s--  uO[v ID = O[vvƂĎss܂
       -rw------T  uŏIXVvXV܂Dʏ̓Xbvt@C
                   Ɏg܂D
       ---t------  Ӗł(ȑO sticky rbĝł)D

  fBNg̗:

          drwxr-xr-x  3 kevin  users         512 Sep 19 13:47 .public_html/
          1Ԗڂ̃rbg - fBNg?        (yes, ̃t@C)
           2Ԗڂ̃rbg - L҂͓ǂݏo邩?  (yes, [U kevin \)
            3Ԗڂ̃rbg - L҂͏߂邩?  (yes, [U kevin \)
             4Ԗڂ̃rbg - L҂͎sł邩?  (yes, [U kevin \)
              5Ԗڂ̃rbg - O[v͓ǂݏo邩?(yes, users O[v\)
               6Ԗڂ̃rbg - O[v͏߂邩?(no)
                7Ԗڂ̃rbg - O[v͎sł邩?(yes, users O[v\)
                 8Ԗڂ̃rbg - Nłǂݏoł邩?(yes, Nł\)
                  9Ԗڂ̃rbg - Nł߂邩?    (no)
                   10Ԗڂ̃rbg- Nłsł邩?    (yes, Nł\)

  ȉ̍śCANZX̐ɕKvȍŏ̃p[~bVW߂
  D̈ȊOɂ̃p[~bVKvƎv܂
  C͂̃t@Cɑ΂ŏ̃p[~bVŋLqł
  ł:

       dr--------  e͕\ł܂Ct@C͓̑ǂݏo܂
       d--x------  fBNgɓCsɐ΃pẌꕔƂĎgƂ
                   ł܂D
       dr-x------  L҂t@CǂݏoƂł܂
       d-wx------  JgfBNgłȂĂCt@C̐/폜s
                   ܂
       d------x-t  ݋Ăl̓t@CƂ֎~܂D
                   /tmp Ŏg܂D
       d---s--s--  ӖłD

  VXeݒt@C(ʂ /etc ɂ܂)͒ʏC[h 640(-rw-
  r-----)ŁCroot L҂łDTCgɂZLeB̗vɂ
  āC𒲐邱Ƃł܂DVXet@CO[vN
  ł߂悤ɂĂĂ͂܂Dꕔ̃t@C
  (/etc/shadow ) root ɂǂ߂ȂԂłȂ΂Ȃ܂񂵁C
  Ƃ /etc ɂfBNg͂̑̃[UANZXłĂ͂
  ܂D

     SUID ꂽVFXNvg
        SUID ꂽVFXNvg̓ZLeBɏdȊ댯yڂ
        ŁCJ[l͂𖳎܂D̃VFXNvgǂꂾ
        SƎvĂĂC̓NbJ[ root ̃VFDĂ
        ܂\Ă܂D

  5.3.  Tripwire ɂCVXeł邩ǂ̃`FbN Tripwire

  [J(ălbg[N)VXeɑ΂U𔭌
  ʂ̗ǂ@́C Tripwire ̂悤ȁCVXeĂȂǂ
  `FbNvOs邱ƂłD Tripwire ͏dvȃoCi
  ݒt@CSẴ`FbNTCQƒlƂĐƂ
  ĂȑO̒l̃f[^x[XƔr܂DāC̃t@C
  ̕ύX͑SĒm邱Ƃł܂D

  Tripwire ̓tbs[fBXNɃCXg[C̃tbs[𕨗I
  ɏ݋֎~ɂƂ悢ł傤DĂ΁CN҂ Tripwire
  ̂̂f[^x[X₂邱Ƃ͕s\łD Tripwire ݒ肵
  Cʏ̃ZLeBǗƂ̈ꕔƂĎsCύXȂ
  ĂȂ`FbNƂ悢ł傤D
   tbs[fBXN Tripwire sCɂ̌ʂ[
  悤 crontab ݒ肷邱Ƃł܂Dݒ͈ȉ̂悤ɂȂ
  D

                       # set mailto
                       MAILTO=kevin
                       # run Tripwire
                       15 05 * * * root /usr/local/adm/tcheck/tripwire

  sʂ͌ߑO 5  15 Ƀ[ő܂D

  Tripwire ́C̕@ŋCÂOɐN҂𔭌V̔z܂ɂȂ
  ܂DʓIȃVXeł͑̃t@CύX܂C
  Tripwire gꍇɂ̓NbJ[̓CgsƂɒ
  ĂȂĂ͂Ȃ܂D

  Tripwire  http://www.tripwiresecurity.comɂ܂DłD}
  jAƃT|[g͗Lœ肷邱Ƃł܂D

  5.4.  gC̖ؔn

  ugC̖ؔn(Trojan Horse)v̓z[X̃C[AXɏĂL
  ȌvɗR閼OłD{IȍĺC֗ȃvOo
  CipӂĂC𑼐lɃ_E[h root [UƂ
  sƂ̂łDɂāC肪CÂȂɃVXe
  p邱Ƃł܂DɓꂽoCidĂ(ƂĂ
  Ă邩܂)ƎvĂԂɁC̃oCiɃZL
  eBjĂ܂̂łD

  āC}VɃvOCXg[鎞ɂ͒ӂKvłD
  RedHat  MD5 `FbNT PGP { RPM t@C񋟂C
  [U{̃pbP[W肵Ă̂ǂ`FbNł悤ɂ
  Ă܂D̃fBXgr[Vɂl̎dg݂܂Df
  mꂸC\[X񋟂ĂȂoCi root ŎsĂ͂
  I Nł悤ȃ\[XR[hJU҂͂قƂǂ
  ܂D

  Ԃ͂邩܂񂪁CvÕ\[XR[h͂̐̌J
  TCg肷ׂłDvO root ŎsȂ΁C
  ȂȂMĂl\[XR[hāCׂłD

  5.5.  pX[h̃ZLeBƈÍ

  ݗpĂZLeB@\̂łdvȂ̂1pX[
  hłDȂƂȂ̃}Ṽ[U̗pX[hSŐ
  ɂ̂ɂĂƂdvłDŋ߂ Linux fBXgr[V
  ̂قƂǂɂ́CȒPɐłpX[h͐ݒłȂ悤ɂȂ
   passwd vOĂ܂Dpasswd vOŐV̂
  ŁĈ悤ȋ@\Ă邩ǂm߂Ă܂傤D

  ÍɂĂ̓˂񂾋c_͖{͈̔͂zĂ܂܂C
  xȂΗǂł傤DÍ͑ϕ֗łCԂ񍡓ł͕K{Ƃ
  ł傤Dɑ̎ނ̃f[^Í̕@܂C
  ꂪĂ܂D

  قƂǂ UNIX(Linux Oł͂܂)́CDES (Data Encryption
  Standard)ƌĂ΂ЁÍASYɎgăpX[h
  ÍĂ܂DÍꂽpX[h() /etc/passwd (
  ʓIłȂł)/etc/shadow ɕۑ܂D[UOC悤
  ƁC͂pX[h͍ĂшÍCpX[hi[Ă
  t@C̊YڂƔr܂D炪v΃pX[h͓
  Ȃ̂ŁCOC܂D DES ͑öÍASY(
  L[^΁CÍł)Ȃ̂łCقƂǂ UNIX
  gĂ̂ DES ̈ŕЕ̃ASYłD
  C/etc/passwd(܂ /etc/shadow) ̓epX[h𓾂邽߂Ɉ
  ǂ邱Ƃ͕s\Ȃ͂łD

  pX[h\_łȂꍇC"Crack"  "John the Ripper" (``''
  ͂Q)̂悤ȗ͔C̍UłpX[h𐄑ł܂DPAM W
  [(q)𗘗p΁Cʂ̈Í[`(MD5 Ȃ) gpł
  DCrack ɂǂg܂DpX[hf[^x[Xɑ΂Ē
  I Crack sCSłȂpX[h̂łDĖ
  ̂郆[UƘbāCpX[hς悤Ɏw܂D

  ǂpX[ȟߕɊւɂĂ
  http://consult.cern.ch/writeup/security/security_3.html QƂĂ
  D

  5.6.  PGP yьJÍ

  PGP ɎgĂJÍ́C錮ÍɎgCʂ̌𕜍
  ɎgÍłD]̈Í́CÍƕɓgĂ܂D
  ̌͒ʐM̗mĂȂ΂Ȃ炸C炩̈Sȕ@ő
  Ȃ΂Ȃ܂łD

  ÍɎgSɓ]Kv𖳂߁CJÍł 2 
  ̕ʁX̌(JƔ閧)p܂DeĂJ͒Nłg
  ƂłCÍ͂gčs܂DCe͎̔閧
  ĂCJgĈÍꂽbZ[W͂gĕ
  ܂D

  JgÍɂ閧gÍɂ_͂܂D̈Ⴂ
  ẮC̃ZNV̍ŌɎ the RSA Cryptography FAQ
  <http://www.rsa.com/rsalabs/newfaq/> ɐ܂D

  PGP (Pretty Good Privacy)  Linux łƃT|[gĂ܂Do
  [W 2.62  5.0 ̓삪mFĂ܂DPGP ւ̓g
  ẮCPGP FAQ Ɨǂł傤D
  http://www.pgp.com/service/export/faq/55faq.cgi

  KCȂ̍ŗpło[WgĂD̓AJ
  O{ɂAô߂łC͂ȈÍdqIɍO֓]
  邱Ƃ֎~Ă邩łD

  ݂͗Ao̊Ǘ EAR(Export Administration Regulations)sĂ
  D͂ ITAR(: International Traffic in Arms Regulations ̗
  ) ł͊ǗĂ܂D

  Linux ł PGP ̐ݒɊւXebvoCXebṽKCh
  http://mercury.chem.pitt.edu/~angel/LinuxFocus/English/November1997/article7.html
  ɂ܂D PGP ̍ۃo[Wpɏꂽ̂łCA
  JOo[WɂȒPɓKpł܂DŐVo[W Linux ̈
  ł̓pb`KvɂȂ邱Ƃ܂D̃pb`
  ftp://metalab.unc.edu/pub/Linux/apps/crypto œł܂D

  PGP I[v\[XŃt[ɎƂĂvWFNg
  ܂DGnuPG  PGP ɒu邱ƂłCɊĂt[
  vOłDGnuPG  IDEA  RSA gĂȂ̂ŁCɎg
  p邱Ƃł܂DGnuPG  RFC2440 (OpenPGP) ɂقڏĂ
  Dڂ GNU Privacy Guard  WWW y[W( http://www.gpg.org/)
  D

  (̈Ӗ):

  o  IDEA: International Data Encryption Algorithm ̗D128rbg̔閧
     pÍASYŁCXCX Ascom-Tech Ђ
     Ă܂D

  o  RSA: JpÍCdqɎgĂASYŁC
     ̂ 3 l̊J(RivestCShamirCAdleman)̓ƂĂ
     Dčł 83 Nɓ̔F󂯂Ă܂D

  ÍɊւڂ RSA cryptography FAQ ɏĂ܂D
  http://www.rsa.com/rsalabs/newfaq/ ł܂D̃hLg
  ɂ "Diffie-Hellman @", "JÍ", "dqF" ƂpɊւ
  񂪍ڂĂ܂D

  : { http://www.rsa-japan.co.jp/faq/index.html ɂ
  D

  5.7.  SSL, S-HTTP, HTTPS, S/MIME

  [U͊eZLeBƈÍvgR̈ႢC̎gɂ
  Ă悭₵Ă܂D̃hLg͈ÍɂĂ̂̂ł͂Ȃ
  ̂łCevgR̓eȒPɐĈ肩ЉĂ
  ̂ȂƎv܂D

  o  SSL: - SSL (邢 Secure Sockets Layer)́CNetscape J
     @ŁCC^[lbgŃZLeB񋟂܂DSSL ͂
     ̈قȂÍvgRƃNCAgƃT[o̔F؎@
     ܂DSSL ̓gX|[gw𑀍삵Cf[^̈SȈÍ`l
     𐶐̂ŁCef[^V[XɈÍ邱Ƃł
     DSSL  Communicator ňSȃTCgɍsCSȃICh
     LgɌ܂D̂ Netscape
     Communicator ̃f[^ÍƓlɁC Communicator g
     SȒʐM̊{ƂėpӂĂ܂Dڂ
     http://www.consensus.com/security/ssl-talk-faq.html ɂ܂D
     Netscape ̑̃ZLeB@\̎ƁC̃vgR̎
     ɂẮChttp://home.netscape.com/info/security-doc.html œ
     ł܂D

  o  S-HTTP: - S-HTTP ̓C^[lbgł̈SȃT[rX񋟂ʂ
     vgRłD̃vgŔC@ (confidentiality)CF
     (authentication), S(integrity), ۔Fh~ [ ̒NƊԈ
     Ƃ蓾Ȃ] ^邽߂ɐ݌vĂC܂Ceg
     UNVɂʐMƂ̃IvṼlSVG[Vʂ
     āČǗ@\ƈÍASYT|[g܂D S-HTTP
     ́CẴ\tgEFAłg܂D܂C
     ꂼ̃bZ[WƗɈÍ܂D [ RSA Cryptography FAQ 
     138 y[W]

  o  S/MIME: - S/MIME (Ȃ킿 Secure Multipurpose Internet Mail
     Extension)́CÍdq[₻̑̎ނ̃C^[lbg
     bZ[WŎgÍ̕WłD RSA JI[v
     ȕWȂ̂ŁCLinux p̂̂Ԃ߂ɓoꂷł傤D
     S/MIME Ɋւڂ
     http://home.netscape.com/assist/security/smime/overview.html ɂ
     ܂D

  5.8.  Linux ɂ IPSEC ̎

  CIPE ⑼̌`̃f[^ÍƂƂɁCLinux p IPSEC ̎
  ܂DIPSEC  IETF KiŁCÍꂽSȒʐMoH
  IP lbg[NxōC܂F؁CSCANZXC@
  񋟂܂DIPSEC ̏ƃC^[lbghtg
  http://www.ietf.org/html.charters/ipsec-charter.html ɂ܂D
  ܂߂đ̃vgRւ̃NCIPSEC ̃[OXgA[JC
  u邱Ƃł܂D

  University of Arizona ŊJꂽ x-kernel Linux Ƃ́CIu
  WFNgx[X̃t[[Ng x-kernel ƌĂ΂lbg[N
  vgRĂ܂D
  http://www.cs.arizona.edu/xkernel/hpcc-blue/linux.html ɂ܂D
  GcɌƁCx-kernel ̓J[lxł̃bZ[WpbVO̎@
  łCɂeՂɂȂĂ܂D

  Ƃ͕ʂ̃t[ɗpł IPSEC ̎ Linux FreeS/WAN IPSEC 
  D WWW y[Wp

       ũT[rXpƁCMłȂlbg[NɈ
       Sȃgl\z邱Ƃł܂DMłȂlbg[
       Nʂf[^͑SāC IPSEC Q[gEFC}VɂÍ
       C̔΂̒[̃Q[gEFCɂĕ܂D
       ɂ艼zvCx[glbg[N(Virtual Private Network,
       VPN)ł܂D́CSłȂC^[lbgŐڑꂽ
       قȂ镡̃TCg܂łĂCIɃvCx[gȃlb
       g[Nłv

  Ƃ̂ƂłD

   http://www.xs4all.nl/~freeswan/ œ肷邱Ƃł܂D
  hLg̎Mɂ傤ǃo[W 1.0 ɂȂ܂Ď`
  ÍƓlɗAoĂ邽߁CftHgł̓J[lƋɔzz
  Ă܂D

  5.9.  ssh  (Secure Shell)  stelnet

  ssh  stelnet ̓[g̃VXeɃOCĈÍꂽڑs
  ߂̃vOłD

  ssh  rlogin, rsh, rcp ̈SȑpiƂĎgvOQ
  Dssh  2 ̃zXgԂ̒ʐMƃ[UF؂JÍgĈÍ
  ܂Dssh gƈSɃ[gzXgɃOCCf[^zX
  gԂŃRs[肷邱ƂłC荞ݍU(ZbṼnCWb
  N) DNS ̂hƂł܂Dssh ͐ڑŃf[^ksCz
  XgԂł̈S X11 ̒ʐMs܂Dssh ̃z[y[W
  http://www.cs.hut.fi/ssh/ ɂ܂D

  ssh  Windows PC  Linux  ssh T[oɑ΂ĎgƂł
  DWindows p̃NCAg̎͂܂D 1 
  http://guardian.htu.tuwien.ac.at/therapy/ssh/ łC DataFellows 
  鏤p̎ http://www.datafellows.com ɂ܂D"psst..." ƌ
  ΂Cssh I[v\[XŎƂvWFNg
  Dڂ http://www.net.lut.ac.uk/psst/ D

  SSLeay  Netscape  Secure Sockets Layer vgR̃t[̎
  Dɂ Secure telnet, Apache p̃W[C̃f[^x
  [X̃AvP[V܂܂ĂCDES, IDEA, Blowfish 
  ̃ASY܂܂Ă܂D

  ̃CugāCtelnet ڑ̃f[^Í telnet ̈
  SȑփvO܂DSSH ƈقȂCstelnet  Netscape 
  J SSL (Secure Sockets Layer) vgRg܂DSecure
  telnet  Secure FTP  SSLeay FAQ 炽ǂČ邱Ƃł
  D FAQ  http://www.psy.uq.oz.au/~ftp/Crypto/ ɂ܂D

  : {
  http://www.infoscience.co.jp/technical/crypto/ssleay_jp.html ɂ
  D

  SRP ͕ʂ̈S telnet/ftp ̎łD WWW y[Wp

       uSRP vWFNg͐EŃt[ɗpłSȃC^[
       lbg\tgEFAJĂ܂DSɈS telnet 
       ftp ̔zzn߂ƂāCX͎アlbg[NF؂CZL
       eB̂߂Ƀ[UC^tF[X]ɂȂ͂Ȃ̂
       uƍlĂ܂DZLeBIvVȂĂ
       łȂ! ZLeB̓ftHgłȂ΂Ȃ܂v

  Ƃ̂ƂłD

  ڂɂĂ http://srp.stanford.edu/srp ĂD

  5.10.  PAM - \ȔF؃W[

  ŋ߂̃o[W RedHat Linux fBXgr[Vł́C "PAM" 
  Ă΂铝ꂳꂽFؕ@gĂ܂DPAM gƁCVXe
  삳܂܂ŔF؂̕@vύX邱Ƃƃ[J̔Fؕ@Jv
  Z邱Ƃ\ɂȂ܂DoCi͈؍ăRpCKv
  ܂DPAM ̐ݒ͖{͈̔͂z܂CK PAM ̃EFuTCg
  āCڂĂĂD
  http://www.kernel.org/pub/linux/libs/pam/index.html

  PAM ŉ\ɂȂ邱Ƃق̏񋓂܂D

  o  pX[h DES ȊÖÍpD(͔C̉ǂȂ
     D)

  o  T[rXWQUsłȂ邽߁CSẴ[Uɑ΂ă\[
     X (vZXC̑傫)̐D

  o  VXe𓮍삳܂܁CVhEpX[h(q)𗘗p\ɂ
     D

  o  ̃[UɂāC̉񐔂̂݁C̏ꏊ烍OC
     D

  VXẽCXg[ƐݒsԂ̊ԂɁCۂɍU󂯂O
  ̍U\hĂƂł܂DႦ PAM gƁCz[
  fBNg .rhosts t@C̎gpVXeŜŖɂ邱Ƃ
  ł܂Dݒ /etc/pam.d/rlogin Ɉȉ̂悤ȍsǉ܂:

                       #
                       # Disable rsh/rlogin/rexec for users
                       #
                       login auth required pam_rhosts_auth.so no_rhosts

  5.11.  Íɂ IP ̃JvZ (Cryptographic IP Encapsulation,
  CIPE)

  ̃\tgEFÅ{IȖړÍCC^[lbĝ悤ȈSłȂp
  Pbglbg[NʂS(gtBbŃCUbZ[W
  ޓɑ΂)Tulbg[NԐڑ񋟂邱ƂłD

  CIPE ̓f[^lbg[NxňÍ܂D܂Clbg[N
  ̃zXgԂ]pPbgÍ܂DÍGW̓p
  Pbg𑗎MhCő߂ɔzu܂D
  CIPE ́CڑƂɃ\PbgxŃf[^Í SSH Ƃ͈قȂ
  DقȂzXgŎsĂvOԂ̘_IȐڑÍ
  ܂D

  CIPE ͉zvCx[glbg[N(Virtual Private Network)\z
  ߂ɁCglOŎgƂł܂D჌ẍÍɂ́CAv
  P[V\tgEFAύXȂĂCVPN ɐڑĂ 2 ̃lb
  g[NԂœߓIɓ삳邱ƂłƂ_܂D

  CIPE ̃hLg̗vł:

       IPSEC ẂCÍꂽ VPN \z邽(ɂ܂
       )ɎgƂłvgRQ`Ă܂D
       CIPSEC ̓IvV񂠂rIdĕGȃvg
       RQŁCvgRQ̊SȎ͂܂قƂǎgĂ
       Cꕔ̖(ǗȂ)͂܂Sɂ͉Ă܂
       DCIPE ͔rIȒPȃAv[`ĂC CIPE ɂ
       ăp[^ł邱Ƃ̑(ۂɎgÍASY
       ̑IȂ)́CCXg[ɑÎɌŒ肳܂D
       ͏_𐧌܂CȒP(āCI
       ŃfobO₷) Ȃ܂D

  ڂ http://www.inka.de/~bigred/devel/cipe.html ɂ܂D

  ̈ÍƓl̗Aô߁CCIPE ̓J[lƈꏏɂ͔zz
  ܂D

  5.12.  Kerberos

  Kerberos  MIT  Athena Project ŊJꂽF؃VXełD[U
  OCCKerberos (pX[hp)[UF؂Clb
  g[NɕUĂ鑼̃T[ozXgɑ΂ă[U̐gؖ
  邽߂̕@񋟂܂D

  ꂩC̔F؏ rlogin ̂悤ȃvOgC[UpX
  [hő̃zXgɃOC邱Ƃ邽߂Ɏg܂
  (.rhosts t@C̑)D̔Fؕ@[VXeŎgāC[
  ɔzBꂽƂ̕ۏ؂CM҂Ăʂ
  ̃[Uł邱Ƃ̕ۏ؂s܂D

  Kerberos тɕtĂvÓC[U𑼂̃[
  UłƃVXeɎv킹úvIɂłȂ܂DcOȂ
   Kerberos ̃CXg[̓VXeɐ[̂ɂȂC{I
  ȃvOCꊷ肷邱ƂKvɂȂ܂D

  Kerberos Ɋւڂ the kerberos FAQ ɂCR[h
  http://nii.isi.edu/info/kerberos/ ɂ܂D

  [Ql: Stein, Jennifer G., Clifford Neuman, and Jeffrey L. Schiller.
  "Kerberos: An Authentication Service for Open Network Systems." USENIX
  Conference Proceedings, Dallas, Texas, Winter 1998.]

  Kerberos ̓zXg̃ZLeB̂߂̍ŏ̃Xebvł͂܂
  DKerberos ͔ɕGłCႦ SSH قǎgĂ킯ł
  ܂D

  5.13.  VhEpX[h

  VhEpX[h́CÍꂽpX[hʃ[UB
  @łDÍꂽpX[h͕ʁCNłǂ߂ /etc/passwd Ɋi[
  Ă܂DāCNłpX[hvOsăpX
  [h悤Ǝ݂邱Ƃł܂DVhEpX[hł́C
  ͓̏[Uǂ߂Ȃ /etc/shadow t@CɊi[܂D
  VhEpX[h𗘗p邽߂ɂ́CpX[hփANZXKv
  郆[eBeBSăVhEpX[hΉɍăRpCKv
  ܂D(q)PAM gĂ΁CVhEW[gp邾
  ł悭Cst@CăRpCKv͂܂DKvȂ
  Shadow-Password HOWTO QƂďڂ𒲂ׂĂD̃hL
  g http://metalab.unc.edu/LDP/HOWTO/Shadow-Password-HOWTO.html
  ɂ܂D̃hLg݂͌͑ÂȂĂ܂CPAM T|
  [gĂfBXgr[Vł͂Ԃsvł傤D

  5.14.  "Crack"  "John the Ripper"

  ɂpX[h passwd vOŋ邱ƂłȂꍇ
  ɂ́CpX[hNbLOvOsC[ŨpX[
  hSǂmFƂ悢ł傤D

  pX[hNbÑvÓCPȍlɊÂē삵܂D
  CɍڂĂPƂ̒P̕ω`Ɏ̂łDꂼ
  ÍCÍꂽpX[hƔׂ܂D炪v
  ΁CpX[h킩܂D

  ̂悤ȃvO͂񂠂܂C̒ł "Crack"  "John
  the Ripper"(http://www.false.com/security/john/index.html) 2 L
  łD CPU p[ʂɏ܂C\߂sĂ
  ƂŁCU҂̃c[gĐN邱Ƃł邩ǂm
  邱ƂłCƎȃpX[hgĂ郆[Uɒӂ邱Ƃł
  DU҂̓pX[ht@C(UNIX ł /etc/passwd)肷邽
  ɁC܂̃ZLeBz[˂Ȃ΂Ȃ܂񂪁C͓ǎ҂
  F񂪂lĂӂĂ̂ł邱Ƃ͒mĂĂ
  D

  ZLeB͍̋łアzXg̋ɂȂĂ܂܂DłC
  lbg[N Windows }Vꍇɂ́CL0phtCrack 𒲂ׂׂ
  ƂƂ͌Ălł傤D Crack  Windows p
  ̎łD http://www.l0pht.com œł܂D

  5.15.  CFS (Ít@CVXe) TCF(ߓIÍt@CVXe
  )

  CFS ̓fBNgc[ŜÍ@ŁC̃c[ɈÍ
  t@CuƂł܂D̓[J}V NFS T[o
  삳܂DRPM  http://www.replay.com/redhat/ œ\łC
  Ɋւ ftp://ftp.research.att.com/dist/mab/ œ܂D

  TCFS  CFS ǂ̂ŁCt@CVXeƂ̓i߂
  łDāC[U͓ߓIɈÍt@CVXe𗘗p邱
  ł܂Dڂ http://edu-gw.dia.unisa.it/tcfs/ œ
  D

  TCFS ͕Kt@CVXeŜŎgKv͂܂DfB
  Ngc[Ŏgp邱Ƃł܂D

  5.16.  X11, SVGA, fBXvCɊւZLeB

  5.16.1.  X11

  OtBbNfBXvCSɂĂCU҂͂pX[h
  DCʂŌĂhLgǂ񂾂CZLeBz[
  ˂ root DłȂ悤ɂĂƂ͏dvłD X
  AvP[Vlbg[NzɃ[gœ삳邱ƂC[
  g̃VXeƂ̂ƂSĂ܂댯𔺂Ƃ
  D

  X ɂ̓ANZX@\܂D̒ōłȒPȂ̂̓zX
  gɊÂ̂łDxhost R}hpƃfBXvCւ̃ANZX
  zXgwł܂DC̋@\͔Ɋ댯łD}V
  ɃANZXłĺCxhost + sCeՂɐN邱Ƃł
  DCMłȂzXg̃ANZXȂ΂ȂȂꍇ
  ɂ́C̃zXgɃOCĂ郆[U͒NłfBXvCɕsAN
  ZX邱Ƃł܂D

  OĈ߂ xdm(X fBXvC}l[W)gĂꍇC
  ǂANZX@ł MIT-MAGIC-COOKIE-1 g܂傤D̋@\
  128rbǵuNbL[v𐶐āC[Ũz[fBNg
  .Xauthority t@CɊi[܂D[g̃}VɃfBXvCւ̃A
  NZXɂ́Cxauth R}h .Xauthority t@C̏
  gāC̐ڑ悤ɂ܂DRemote-X-Apps mini-howto
  D http://metalab.unc.edu/LDP/HOWTO/mini/Remote-X-
  Apps.html œł܂D

  X ̐ڑSɍs߂ ssh (Oq ``'' ̍QƂ̂)g
  Ƃł܂Dssh ɂ̓[UߓIɈƂł_уlbg
  [NɈÍĂȂf[^Ȃ_Ƃ 2 ̗_
  D

  X ̃ZLeBɂĂ̏ڂɂẮCIC}jA
  Xsecurity QƂĂDSȍƂẮCR\[ɃOC
  Ƃɂ xdm gC[g̃TCg X ̃vOsƂ
  ɂ ssh gƂłD

  5.16.2.  SVGA

  SVGAlib gvO̓rfI֌W̃n[hEFA𑀍삷邽߁C
   root  setuid ܂D͔Ɋ댯łDvONb
  VꍇCʂ̓R\[ɖ߂߃}VċNȂĂ͂
  ȂȂĂ܂܂D̂悤ȃvOɂẮCmɐMł
  邱ƁC邢͏ȂƂ͐Mpł邱Ƃm߂ĂDł
  ΁CgȂ̂ǂł傤D

  5.16.3.  GGI (Generic Graphics Interface project)

  Linux GGI vWFNg Linux ̃rfIC^tF[X̖ɂāC1
  ̉Ă悤Ƃ鎎݂łDGGI ł Linux ̃J[lɏr
  fI֌W̃R[hCꂩrfIփANZX܂D܂ GGI 
  g΂łR\[𐳏ȏԂɖ߂Ƃł܂D܂C
  secure attention key gƂłCR\[ŃgC̖ؔn
   login vOĝh܂D
  http://synergy.caltech.edu/~ggi/

  6.  J[l̃ZLeB

  ł̓ZLeBɊ֘AJ[lݒIvV̐ƁC
  gɊւs܂D

  J[l̓Rs[^̃lbg[N𐧌䂷̂ŁCJ[l̏
  SɂĂƂƁCJ[l̂̂jȂ悤ɂ邱Ƃ͏d
  vłDŋߏolbg[NÛh߂ɁCJ[l
  o[W͍ŐVɕۂ悤ɂׂłDVJ[l
  <ftp://ftp.kernel.org> ܂͂g̃fBXgr[Ṽx_
  ł܂D

  {Ƃ Linux J[lp 1 ɓꂽÍpb`񋟂Ă鍑
  ۓIȃO[v܂D̃pb`́CeÍTuVXeAo
  ̂߂ɖ{Ƃ̃J[lɊ܂܂ĂȂ@\񋟂܂Dڂɂ
  Ă̓O[v WWW y[W http://www.kerneli.org D

  6.1.  o[W 2.0 ̃J[l̃RpCIvV

  2.0.x J[lł͈ȉ̃IvVY܂DJ[lݒ肷ۂ
  ̃IvVmF邱ƂɂȂł傤DɋRg
   ./linux/Documentation/Configure.help Ă܂D̃R
  ǵCJ[l̃RpCmake config  Help @\ŎQƂłh
  LgƓ̂łD

  o  Network Firewalls (CONFIG_FIREWALL)

     ̃IvV Linux }VŃt@CAEH[\zۂ IP }
     XJ[hsۂɗLɂׂłDPɕʂ̃NCAg}V
     ɂȂ no Ɛݒ肷̂Sł傤D

  o  IP: forwarding/gatewaying (CONFIG_IP_FORWARD)

     IP forwarding LɂƁCLinux }V͖{IɃ[^ɂȂ
     D̃}Vlbg[NɌqĂƁClbg[N
     ʂ̃lbg[NɃf[^]Ă邩ꂸCNȂ
     ߂ɐݒuĂhΕǂԂ󂵂Ă܂Dʏ̃_CAAbv
     [U͂𖳌ɂƎvł傤C̃[U͂s
     Ƃ̃ZLeBIȈӖǂlׂłDhΕǂ̃}V͂
     LɂChΕǂ̃\tgEFAƑgݍ킹Ďgƍl
     傤D

     IP forwarding ͈ȉ̃R}hœIɗLɂ邱Ƃł܂:

               root#  echo 1 > /proc/sys/net/ipv4/ip_forward

  ܂̃R}hŖɂ邱Ƃł܂:

               root#  echo 0 > /proc/sys/net/ipv4/ip_forward

  ̃t@CƂ̑傫(0 ܂񂵁CłȂ܂
  )͎ۂ̃TCY𔽉fĂȂƂ͊oĂĂD

  o  IP: syn cookies (CONFIG_SYN_COOKIES)

     uSYN Uv̓T[rXWQ(DoS)U 1 łC}Ṽ\[X
     Sċ򂢒ׂĂ܂Cu[g͂߂ɒǂ݂܂Dʏ͂
     IvVLɂȂR͍l܂D2.1 ñJ[l
     ́C̐ݒIvV͒P sync cookie 邾ŁCLɂ
     ܂DLɂɂ͈ȉ̃R}hsKv
     :

                       root# echo 1 > /proc/sys/net/ipv4/tcp_syncookies <P>

  o  IP: Firewalling (CONFIG_IP_FIREWALL)

     ̃IvVKvɂȂ̂́C}VhΕǂƂĐݒ肷鎞
     CIP }XJ[hs PPP ̃_CAAbvC^tF[Xo
     Rŉ҂_CAAbv}VɓĂ̂hłD

  o  IP: firewall packet logging (CONFIG_IP_FIREWALL_VERBOSE)

     ̃IvVgƁCMҁCMҁC|[g̖hΕǂ󂯎
     pPbgɊւ񂪋L^܂D

  o  IP: Drop source routed frames (CONFIG_IP_NOSR)

     ̃IvV͗LɂׂłDn_ŌoHݒ肳ꂽt[
     (source routed frames)́CI_܂ł̑Ŝ̃pXpPbgɎ
     Ă܂D܂CpPbgʂ郋[^̓pPbgKv
     CPɓ]΂悢ƂƂłD͊댯ł邩Ȃ
     f[^VXeɓ\܂D

  o  IP: masquerading (CONFIG_IP_MASQUERADE)

     Linux }VhΕǂƂē삵ĂꍇC̃[Jlbg[
     ÑRs[^ 1 Oɐڑ悤ƂƁCLinux }V͂
     ̃zXǵuʂvƂł܂D܂CLinux }V̓[
     Jlbg[Ñ}Vz肵ĂI_AhXփgtBbN
     ]܂C̃gtBbNhΕǂ̃}V痈悤Ɍ
     ܂DڂɂĂ http://www.indyramp.com/masq 
     D

  o  IP: ICMP masquerading (CONFIG_IP_MASQUERADE_ICMP)

     ÕIvV TCP gtBbN UDP gtBbÑ}XJ[
     fBOs܂񂪁C̃IvV ICMP ̃}XJ[fB
     Os悤ɂ܂D

  o  IP: transparent proxy support (CONFIG_IP_TRANSPARENT_PROXY)

     ̃IvV́CLinux }V̖hΕǂ̓ߓI_CNg@\L
     ɂ܂D܂C[Jlbg[Nn_łCI_
     [gzXgł悤ȔCӂ̃lbg[NgtBbN[J
     T[o(uߓIvLVT[ov)Ƀ_CNg܂D
     ɂC[J̃Rs[^Ƀ[gƒʐMĂƎv킹
     ȂCۂɂ̓[J̃vLVƐڑԂɂ܂Dڂ
     IP-Masquerading HOWTO  http://www.indyramp.com/masq 
     D

  o  IP: always defragment (CONFIG_IP_ALWAYS_DEFRAG)

     ʂ͂̃IvV͖ɂȂĂ܂ChΕǂ IP }XJ[
     hszXg\zꍇɂ́C̃IvVLɂȂ
     ͂łDzXgʂ̃zXg܂Ńf[^鎞Cf[^
     KPƂ̃f[^pPbgő킯ł͂ȂC̃p
     Pbgɕ܂D̖̂_́C|[gԍ͍ŏ̃p
     Pbgɂi[ĂȂƂłD܂C҂ĂȂ
     ͂̏̐ڑ̎c̃pPbgɓ邱Ƃ\Ȃ̂łD
     ̃IvV́Cteardrop Uɑ΂pb`𓖂ĂĂȂzXg
     ɑ΂ teardrop UhƂł͂łD

  o  Packet Signatures (CONFIG_NCPFS_PACKET_SIGNING)

     ̃IvV 2.1 ñJ[lŗp\ȃIvVŁCZL
     eBłɂ邽߂ NCP pPbgɏ悤ɂ܂Dʏ
     ͂𖳌ɂĂč\܂񂪁CKvȂΎgƂł
     D

  o  IP: Firewall packet netlink device (CONFIG_IP_FIREWALL_NETLINK)

     ͎ɕ֗ȃIvVŁC[UԃvÕpPbg̐擪
      128 oCg͂CɊÂẴpPbgۂ
     ߂悤ɂł܂D

  6.2.  o[W 2.2 ̃J[l̃RpCIvV

  2.2.x J[lł̃IvV͓łCVIvV
  JĂ܂DɋRg̑
  ./linux/Documentation/Configure.help Ă܂D̃Rg
  ́CJ[l̃RpC make config  Help @\ŎQƂłh
  LgƓ̂łDȉł͐VǉꂽIvV
  ܂DKvȑ̃IvVɂẮC2.0 p̐QƂĂ
  D2.2 J[lɂő̕ύX_́CIP firewalling ̃R[h
  D2.2 J[ĺCIP firewalling sɂ́C ipchains g
  ɂȂ܂D2.0 J[lŎgĂ ipfwadm ͎g܂D

  o  Socket Filtering (CONFIG_FILTER)

     ̐lɂƂẮC̃IvV no ݒ肵Ă̂S
     D̃IvVgƁC[UԂ̃tB^Cӂ̃\Pbg
     ڑāCpPbg󂯎邩ۂ邩߂邱Ƃł܂D
     ĂKvłCt@C^̂悤ȃvOgނƂ
     ̂łȂ΁C̃IvVɂ no ݒ肷ׂłD{ HOWTO
     ̎M_ł́CTCP SẴvgRT|[gĂ܂D

  o  Port Forwarding |[g](Port Forwarding) IP }XJ[hւ̒
     @\łCw肳ꂽ|[gɂꕔ̃pPbgɂāCh
     ǂ̊Oւ̓]܂D̃IvV𗧂̂́C
     Ⴆ WWW T[ohΕǂ̒IP }XJ[hszXǧ
     sCO̐EANZXł悤ɂꍇłDO
     ̃NCAghΕǂ 80 ԃ|[gɃNGXg𑗂ƁChΕǂ
     ̃NGXg WWW T[oɓ]܂DWWW T[o̓NGXg
     ČʂhΕǌoRŌ̃NCAgɑ܂DNCA
     gɂƂẮChΕǂ̃}V WWW T[oĂ悤Ɍ
     D̋@\́ChΕǂ̌ɑS\ WWW T[o
     ɕג(load balancing)s߂ɎgƂł܂D

     ̋@\Ɋւ
     http://www.monmouth.demon.co.uk/ipsubs/portforwarding.html ɂ
      (WWW ɂ́CC^[lbgɐڑĂC lynx 
     Netscape ̂悤ȃvOg}VKvł)DʓIȏ
     ɂĂ ftp://ftp.compsoc.net/users/steve/ipportfw/linux21/ 
     D

  o  Socket Filtering (CONFIG_FILTER) ̃IvVgƁC[U
     vO͔Cӂ̃\PbgɃtB^t邱ƂłC̎
     ̃f[^\PbgoRŎ擾ۂɋ邩ۂ邩J[l
     Ɏw邱Ƃł܂DLinux ̃\PbgtB^O͌݁CTCP
     SĂ̎ނ̃\Pbgœ삵܂Dڂ̓eLXgt@C
     ./linux/Documentation/networking/filter.txt D

  o  IP: Masquerading J[l 2.2  IP }XJ[h͉ǂĂ
     DȃvgR̃}XJ[fBÕT|[gǉĂ
     ܂Dڂ IP Chains HOWTO D

  6.3.  J[lfoCX

  Linux ɂ́CZLeB̌ɂgubNfoCXLN^f
  oCX܂D

  /dev/random  /dev/urandom ƂCł_ȃf[^o
   2 ̃foCXJ[lɗpӂĂ܂D

  /dev/random  /dev/urandom ͂ǂSłC PGP ̌ ssh 
  `W̐C_ȐKvƂ鑼̃AvP[V
  ŗpł͂łD͂ƂĐ̏V[PX^
  CU҂̐\邱Ƃ͕s\Ȃ͂łD̓͂瓾
  ӖɂČtʂ胉_ł邱Ƃۏ؂邽߁C
  ςȓw͂sĂ܂D

  2 ̃foCX̗B̈Ⴂ́C/dev/random ̓_ȃoCgSĎg
  _ƁCvZs߂̃[Ȗ҂Ԃ蒷_łDꕔ̃VXe
  ł́C[UVGgVXeɓ̂҂ԁC
  ubNĂ܂ƂɒӂĂDāC /dev/random
  gOɂ͋CtKv܂D(głǂʂ͑C
  @L[͏𐶐鎞ŁC[UɁu͂C\łvƕ\
  ܂ŃL[{[hJԂ@Ă炤ꍇłD)

  /dev/random ͔ɍĩGgs[C荞݊Ԃ̎ԓ̑
  l琶Ă܂D̃foCX͏\ȃrbg̃_f[^
  p\ɂȂ܂ŃubN܂D

  /dev/urandom lłCGgs[̕ێʂȂȂƁCݕ
  Ăl̈ÍwIɋnbVlԂ܂D /dev/random
  قǈSł͂܂񂪁CقƂǂ̖ړIɑ΂Ă͂ŏ\łD

  ̃foCX͈ȉ̂悤ɂēǂݏoƂł܂:

               root#  head -c 6 /dev/urandom | mmencode

  ̓R\[ 6 ̃_ȕo͂܂D̓pX[h
  Ȃǂɂ悢ł傤Dmmencode  metamail pbP[WɓĂ
  D

  ASY̐ɂẮC /usr/src/linux/drivers/char/random.c 
  QƂĂD

  ɂĕM(Dave)ɋĂCTheodore Y. Ts'o , Jon
  Lewis 񑼂 Linux-kernel ML ̊FɊӂ܂D

  7.  lbg[ÑZLeB

  lbg[Nɐڑ鎞ԂΒقǁClbg[ÑZL
  eB͏dvɂȂ܂Dlbg[ÑZLeBj邱Ƃ́CI
  邢̓[JZLeBj邱ƂȒPȂƂC
  ӂĂ܂D

  lbg[ÑZLeBmۂx邽߂̗ǂc[͂
  C̑ Linux ̊efBXgr[VɂtĂ
  D
  7.1.  pPbg

  N҂lbg[Nł葽̃VXẽANZX𓾂邽߂ɂ悭
  g@̈CɈpĂzXgŃpPbgvOg
  ƂłD́uvOv́CC[Tlbg̃pPbgXg[
   passwd, login, su ̂悤Ȃ̂ĎČ̃gtBbN
  OɎc܂D̂悤ɂāCN҂͔j낤ƂƂĂȂVXe
  ̃pX[hĂ܂܂D(ÍĂȂ)pX[h́C
  ̂悤ȍUɑ΂ĔɐƎłD

  : zXg A ͊ɔjĂ܂DU҂̓pPbgvOC
  Xg[܂DzXg C zXg B ւ̊Ǘ҂̃OCEo
  ܂D܂Ǘ҂ B ɃOCƂɁCl̃pX[h肵
  DꂩCǗ҂͉邽߂ su s܂D̂
  ɁCzXg B  root ̃pX[hł܂DŁCǗ҂N
  𑼂̃TCg̃zXg Z  telnet ܂DāCU҂̓zXg Z
   password/login 肷邱Ƃł܂D

  ł́CU҂͂̍Us߂ɃVXejKvȂǂ܂
  Dm[gp\RɎ݁Clbg[NɌqł܂΂悢
  ̂łD

  ̍Uhɂ́Cssh ̃pX[hF؂Í܂DPOP ̏ꍇ
   APOP gƂŁC̍UhƂł܂D(ʏ POP ́C
  pX[hÍɃlbg[Nɗ̂ŁC̍Uɑ΂Ĕ
  ɐƎłD)

  7.2.  VXeT[rX tcp_wrappers

  ǂȃlbg[NłCLinux VXeڑOɂ܂mFׂ
  Ƃ́Cǂ̃T[rX񋟂邩łD񋟂KvT[rX͖
  ׂłC邱Ƃ Sz̎炷ƂłCU
  ZLeBz[T]n܂D

  Linux ŃT[rX𖳌ɂ邽߂̕@͐FX܂D /etc/inetd.conf
  t@C΁Cinetd oRŒ񋟂ĂT[rXmF邱Ƃ
  ܂DKv̖T[rX́CRgAEg(s̐擪 # }
  ܂)Cinetd ̃vZX SIGHUP 𑗂邱ƂŖɂ邱Ƃł
  D

  /etc/services t@C̃T[rX폜(܂̓RgAEg)@
  ܂Dɂ胍[J̃NCAgT[rXȂ
  Ȃ܂(Ⴆ ftp ̍폜C̃}V烊[gTCg ftp
  ƁC"unknown service" ƂG[ɂȂł傤)DT[rX
  ̍폜ɔguɌ̉l͂Ȃł傤DƂ̂CT[
  rX폜ĂZLeBシ킯ł͂ȂłD
  /etc/services  ftp ̍ڂRgAEgĂĂC[J̃[
  U ftp g΁CFTP ̈ʓIȃ|[gԍgNCAg
  pӂ΂Ɠ삷̂łD

  LȂ܂܎cĂƂ悢T[rXɂ͈ȉ̂悤Ȃ̂܂:

  o  ftp

  o  telnet (or ssh)

  o  mail, such as pop-3 or imap

  o  identd

  ̃pbP[WgȂƂĂȂ΁C̃pbP[WS
  폜@܂DRedHat fBXgr[Vł́C rpm -e
  pbP[W ƂR}hpbP[WŜ폜R}h
  DDebian ̏ꍇ́Cdpkg --remove R}hœl̂Ƃsł
  D

  āCrsh/rlogin/rcp [eBeB(/etc/inetd.conf  login
  (rlogin gp)Cshell(rcp gp)Cexec (rsh gp)̍ڂ܂)
  /etc/inetd.conf N̂𖳌ɂƎvƂł傤D
  ̃vgR͔Ɋ댯łCߋɂU󂯂錴ƂȂĂ
  D

  /etc/rc.d/rcN.d(N ̓VXẽx)fBNg`FbNCs
  vȃT[oNĂȂǂmF܂傤D /etc/rc.d/rcN.d
  ̃t@C͎ۂɂ /etc/rc.d/init.d fBNg̃t@Cւ̃V
  {bNNłDinit.d fBNg̃t@C̖OύX
  ƁC̃t@Cɑ΂ /etc/rc.d/rcN.d 璣ĂSẴV
  {bNN𖳌ɂ邱Ƃł܂D̃x̃T[rX
  𖳌ɂꍇ́CK؂ȃt@C̖OɂāC啶 'S' 
   's' ɒuĂD͈ȉ̂悤ɍs܂:

              root#  cd /etc/rc6.d
              root#  mv S45dhcpd s45dhcpd

  BSD X^C rc t@C̃VXȅꍇɂ́CsvȃvO
  /etc/rc* T܂D

  قƂǂ Linux fBXgr[Vɂ́CSĂ TCP T[rX
  ubsO()v tcp_wrappers tĂ܂D
  tcp_wrapper(tcpd)́Cinetd ۂ̃T[ȏɌĂяo܂Dtcpd
  ̓T[rXvzXg`FbNCT[őNANZXۂs
  ܂D/etc/hosts.allow t@CC̃}ṼT[rX󂯂
  Kv}Vw肵܂傤D

  Ƃ_CAAbvڑĂ郆[ÚCSĂۂݒ߂
  ܂Dtcpd ̓T[rXւ̃ANZXsL^邱Ƃł̂ŁCU
  󂯂ۂɂ͌x󂯂邱Ƃł܂DVT[rXǉۂ
  ́CK TCP x[X tcp_wrappers gݒɂׂłDႦΒʏ
  ̃_CAAbv[U͊O̐ڑ֎~邱Ƃł܂C
  Ԃł[̎擾C^[lbgւ̃lbg[Nڑ͂ł܂D
  sɂ́C/etc/hosts.allow Ɉȉ̐ݒǉĂ:

  ALL: 127

  ܂CRȂ /etc/hosts.deny ֌W܂D

  ALL: ALL

  ɂCO炠Ȃ̃}Vւ̐ڑ͑Sċ֎~܂C
  C^[lbg̃T[oւ̐ڑ͋܂D

  tcp_wrappers ̂ inetd sT[rXłCI
  ]n͂قƂǂȂƂoĂĂDT[rX͑ɂ
  sĂ邩܂Dnetstat -ta s΁Cg
  }VōsĂT[rXSĕ\邱Ƃł܂D

  7.3.  DNS ̊mF

  ̃lbg[N̑SẴzXgɊւčŐV DNS ۂ
  ́CZLeB̌Ɍq܂DĂȂzXglbg[
  NɌqꂽۂɂ́C̃zXg DNS GgȂƂ环ʂ
  邱Ƃł܂DT[rX̑͐ DNS GgȂ}V
  ̐ڑ󂯕tȂ悤ɐݒ肷邱Ƃł܂D

  7.4.  identd

  identd ͈ʓI inetd ̑ƂȂ鏬ȃvOłDidentd 
  ǂ̃[Uǂ TCP T[rX󂯂Ă邩ɊĎCvɉ
  ̌ʂ񍐂܂D

  ̐l identd ̗LvĂCidentd 𖳌ɂCO
  TCg identd ւ̃NGXgubN肵Ă܂Didentd
  ̓[gTCg邽߂ɂ̂ł͂܂D[g identd
  瓾f[^ǂmp͂܂Didentd ̃NGX
  g͔F؂s܂D

  ł́Cǂ identd ĝł傤H ͓ǎ҂̊F
  Ă邩łCǐՒ̍ۂ̃f[^ɂȂ邩łD identd 
  pĂȂ΁C[gTCg TCP T[rX󂯂[U⃆
  [UID m点邱Ƃł܂D[gTCg̊Ǘ҂߂ĂĔ
  ̃TCgUĂƌĂꍇCȒPɂ̃[Uɑ΂čs
  NƂł܂D identd ĂȂ΁Cʂ̃O
  ׁC̎ɒNׂ̂Ȃ΂Ȃ܂񂪁C̃[U˂~
  ߂邱Ƃ͈ʂɂƂĂԂƂłD

  قƂǂ̃fBXgr[VɕtĂ identd ͈ʂɎv
  ׂݒ肪\łD̃[Uɂ identd 𖳌ɂ
  邱Ƃł܂(.noident t@C܂)Cidentd NGXg̃
  OSĎcƂł܂(̐ݒ߂܂)C[Ȗ
  Ƀ[UID  NO-USER Ԃ悤ɂ邱Ƃł܂D

  7.5.  SATAN, ISS ̑̃lbg[NTvO

  }Vlbg[Ñ|[gT[rX̒Ts\tgEFÃpbP
  [W͂낢날܂DSATAN  ISS, SAINT, Nessus ͂̎̃pbP[
  W̒łɗLȂ̂łD̃\tgEFA͒Ώۂ̃}V(
  ̓lbg[N̑SĂ̑Ώۃ}V)̐ڑ\ȃ|[gSĂɐڑC
  ̃|[gŒ񋟂ĂT[rXɂĒׂ悤Ƃ܂D̏
  ÂāCT[oɑ΂̍Uɑ΂ă}VƎł邩ǂ
  ׂ邱Ƃł܂D

  SATAN(Security Administrator's Tool for Analyzing Networks)̓EFu
  C^tF[X|[gTvOłD}V邢̓lbg[
  Nɑ΂āClight, medium, strong ꂩ̃`FbNsݒ肪ł
  DSATAN 肵C̃}Vlbg[NC
  CƂ悢ł傤DKCSATAN  metalab
  <http://metalab.unc.edu/pub/packages/security/Satan-for-Linux/> L
  FTP/EFuTCg肵܂傤DߋɁCgC̖ؔnd܂ꂽ
  SATAN lbg[NŔzzꂽƂ邩
  Dhttp://www.trouble.org/~zen/satan/satan.html. SATAN ͂΂炭XV
  ĂȂ߁ČŐ鑼̃c[̕ɗ܂
  D

  ISS (Internet Security Scanner) |[gvOłDISS
   SATAN 삪ŷŁCK̓lbg[NɌĂł
  DC SATAN ̕ڂ悤łD

  Abacus ́CzXgx[X̃ZLeBƐNҔ̋@\c[
  DڂɂĂ WWW ̃z[y[WĂD
  http://www.psionic.com/abacus/

  SAINT  SATAN XV̂łDSAINT ̓EFux[XłCSATAN
  VǉĂ܂Dڂ
  http://www.wwdsi.com/~saint ĂD

  Nessus ̓t[̃ZLeBvOłD GTK ɂg
  ₷OtBJC^tF[XĂ܂D܂CV|[gT
  ݒ肷邽߂̑f炵vOC@\Ă܂Dڂɂ
  Ă http://www.nessus.org ĂD
  7.5.1.  |[gT󂯂Ƃ̌o

  SATAN  ISS Ȃǂ̒TvOɂT󂯂Ƃx邽
  ɐ݌vꂽc[܂DCtcp_wrappers ܂g
  Ƃ⃍OIɊmF邱ƂŁĈ悤ȒTƂm
  Ƃł܂DŒ̐ݒłCSATAN  RedHat ̕WVXẽO
  ɍՂc܂D

  uȂv|[gT܂DTCP ACK rbgZbgĂp
  Pbg(mĂڑł͂ȂĂ܂)͑CpPbgtB^
  OshΕǂʉ߂ł傤DmĂZbV
  |[gԂ RST pPbǵC̃|[gĂ؋Ƃ
  󂯎邱Ƃł܂DTCP wrappers ͂ołȂƎv܂D

  7.6.  sendmail , qmail   MTA

  [Uɒ񋟂T[rX̒łɏdvȂ̂ 1 ́C[T[o
  łDcOȂC͍UɓɎア̂ 1 ł܂DPɂ
  ̗ŔCȂ΂ȂȂd̐ƂƁCʂ root [U
  ̌KvƂ邩łD

  sendmail gꍇɂ͓ɁCKŐVo[WgƂdv
  Dsendmail ɂ̓ZLeB̖̒j܂DK
  ŐVo[W𓮍삳܂傤D http://www.sendmail.org

  [𑗐M邾Ȃ sendmail sKv͂ȂƂ͒mĂ
  ĂDƒ냆[Uł΁Csendmail SɎgȂĂ܂C
  [̑Mɂ͒PɃ[NCAggƂƂł܂D
  sendmail ̋Nt@C "-bd" tO폜Ăǂł傤D
  ɂ胁[M̃NGXgɂȂ܂D΁C܂ł̋N
  XNvgł͂Ȃȉ̃R}hg sendmail s΂悢
  Ƃł:

                       # /usr/lib/sendmail -q15m

  ɂ sendmail ́CŏɑMƂɂ܂złȂ[
  ɂāC15 ƂɑML[tbV܂D

  Ǘ҂̑ sendmail gȂŁCʂ̃[zG[WFgg
  悤ɂȂĂ܂Dqmail ւ̏芷Ă悢ł傤Dqmail
  ͓OIɃZLeBɒӂĐ݌vĂ܂D qmail ͍
  CSłDqmail  http://www.qmail.org œ肷邱Ƃł܂D

  : http://www.jp.qmail.org QlɂȂł傤D

  qmail ̑΍Rn "postfix" łD tcp_wrappers ̃ZLeB
  ֘Ac[̍҂ł Wietse Venema ꂽ̂łDȑO
  vmailer ƌĂ΂CIBM ̎x󂯂Ă܂DOIɃZL
  eBɔzďꂽ[zG[WFgłDvmailer Ɋւ
  ƏڂɂĂ http://www.postfix.org D

  7.7.  T[rXWQU

  uT[rXWQU(Denial of Service attack, DoS attack)v́C\[X
  HׂƂɂCȃNGXgɉȂ悤ɂC
  ȃ[U}VɃANZXłȂ悤ɂUłD

  T[rXWQU͋ߔNƂĂĂ܂Dł́CLȂ̂ŋ߂
  ̂Љ܂DV̂Ɍ̂ŁC͂ق
  ̈ꕔɉ߂Ȃ_ɂ͒ӂĂDŐV̏mɂ́CLinux 
  ZLeB֘A[OXg bugtraq [OXg₱
  A[JCuǂ݂܂傤D

  o  SYN Flooding - SYN flooding ̓lbg[Nł̃T[rXWQU
     D TCP ڑmۂ̎菇́uv𗘗p̂
     DV Linux J[l(2.0.30 ȍ~)ɂ́CSYN flooding Uɂ
     [U}VT[rXɃANZXłȂȂ邱Ƃh߂̐ݒ
     IvV܂DJ[l̓K؂ȖhpIvVɂ
     ́C``J[l̃ZLeB'' ̏͂QƂĂD

  o  Pentium  "F00F" oO -͍ŋߌ̂ŁC̃AZu
     R[h Intel Pentium vZbTɑƁC}Vu[g
     Ă܂Ƃ̂łD̉éCsĂ OS Ɋ֌WȂ
     Pentium vZbTςłSẴ}V󂯂܂(݊ CPU 
     Pentium Pro, Pentium II ł͖肠܂)DLinux 2.0.32 ȍ~
     ́C̃oOɑ΂ΏĂ̂ŁC}V~܂Ă܂
     Ƃ͂܂DJ[l 2.0.33 ł̑Ώ͂ɉǂĂCJ
     [l 2.0.32 ߂ł܂D Pentium gĂ̂
     CJ[l̃o[Wɏグ܂傤I

  o  Ping Flooding - Ping flooding ͒Pȗ͔C̃T[rXWQU
     DU҂͑ΏۂƂȂ}V ICMP pPbǵu^(flood)v𑗂
     ܂DU鑤̃}VU󂯂鑤̃}VLoh
     ĂꍇCU󂯂}V̓lbg[NɉȂȂ
     Ă܂܂D̍Üł "smurfing U" ł́CzXg
     ɑ΂āCȂ̃}V IP AhXԓƂ ICMP pPbg
     𑗂C΂Ȃ悤ɍ^𑗂܂D"smurf"  UɊւ
     http://www.quadrunner.com/~chuegen/smurf.txt ŏڂׂ邱Ƃ
     ܂D

     ping flooding U󂯂ꍇ́Ctcpdump Ȃǂ̃c[gĂǂ
     pPbĝ(邢͗悤Ɍ̂)𒲂ׁCǎ҂
     F񂪐ڑĂvoC_ɂ̃f[^ɊÂđk܂
     D ping flood U̓[^̃xhΕǂ̗pŊȒPɎ~߂邱
     Ƃł܂D

  o  Ping o' Death - Ping o' Death ÚCICMP ECHO REQUEST pPbg
     i[邽߂̃J[l̃f[^\̂傫 ICMP ECHO REQUEST
     pPbg𑗂̂łD(65,510 oCg) "ping" pPbg 1 
     𑗂ő̃VXenOCNbV邱Ƃ
     邽߁C̖͂̂܂ "Ping o' Death" ƂO
     D̖͂ƑOɏCĂ̂ŁC݂͐Sz̕Kv͑S
     ܂D

  o  Teardrop / New Tear - ŋ߂̍UŁCLinux  Windows vbg
     tH[ IP tOe[ṼoO𗘗p̂łD
     ΂C̓J[l̃o[W 2.0.33 ōsĂC̏C
     Lɂ邽߂ɃRpC̃IvVIKv͂܂
     DƂCLinux  'newtear' U͎󂯕tȂ悤łD

     قƂǂ̍UɊւR[hт̃R[h̓쌴Ɋւ˂
     񂾐́Chttp://www.rootshell.com ̌GWgĒׂ
     Ƃł܂D

  7.8.  NFS (Network File System) ̃ZLeB

  NFS ͑ύLgĂt@CLvgRłDnfsd  mountd
  삵ĂT[o}V́CJ[l NFS t@CVXẽT|[
  ggݍ܂Ă鑼̃}V(NFS NCAg@\T|[gĂ
   Linux łȂĂ\܂)Ƀt@CVXeŜuGNX|[gv
  邱Ƃł܂Dmountd  /etc/mtab ɋL^Ă}Eg
  t@CVXeĎĂ܂D̃t@CVXe
  showmount R}hŕ\邱Ƃł܂D

  ̃TCgł́C[Ũz[fBNg񋟂邽߂ NFS p
  ĂCLAN ̂ǂ̃}VɃOCꍇɂz[fBNg
  gƂł܂D

  t@CVXeGNX|[g鎞ɂ́CZLeB
  Ƃł܂Dnfsd ɂ̓[g root [U([UID = 0) 
  nobody [UƂĈ킹CGNX|[gt@CŜɂ̓ANZX
  Ȃ悤ɐݒł܂DCX̃[U͎(邢͏Ȃ
  Ƃ[U ID )t@Cɂ̓ANZXł̂ŁC[J̃X[p
  [[U͂̃[UƂăOC邩 su s΁C̃[Ũt@
  CSĂɃANZX邱Ƃł܂D܂C̕@͓ǎ҂̊F
  [gt@CVXe}EgłU҂ɑ΂Ă͂ƂW
  QɂȂ܂D

  NFS gȂ΂ȂȂꍇ́C{ɕKvȃ}VɃGNX|[g
  邱ƂOꂵ܂傤D[gfBNgȉSGNX|[g
  悤ȂƂ͐΂ɍsĂ͂Ȃ܂DGNX|[g̕KvfBN
  gGNX|[g܂傤D

  NFS ɊւڂɂĂ NFS HOWTO QƂĂD
  http://metalab.unc.edu/mdw/HOWTO/NFS-HOWTO.html ɂ܂D

  7.9.  NIS (Network Information service) (Ă YP)

  NIS (Ă YP) ́C̃}Vɏzz邽߂̎dg݂łD
  NIS }X^͏e[uێC NIS }bvt@Cɕϊ
  D̃}bv̓lbg[Nœ邱Ƃł̂ŁCNIS NCAg
  ̓OCCpX[hCz[fBNgCVF̏(WI
  /etc/passwd t@CɏĂSĂ̏)𓾂邱Ƃł܂D
  ɂCpX[hxς邾ŁCNIS hC̑SẴ}V
  VݒLɂł܂D

  NIS ͑SSł͂܂DSɂȂCyŕ
  ɎgƂړIłDNIS hC̖O𐄑łΒNł(lb
  g[N̂ǂł)pX[ht@C̃Rs[𓾂邱ƂłC
  "Crack"  "John the Ripper" găpX[hj邱Ƃł
  D܂CȂ肷܂̉gbNFX\łDNIS gȂ
  ȂȂꍇɂ́C̊댯͒mĂĂD

  NIS+ ƌĂ΂ NIS ƈSȑ֍􂪂܂Dڂ NIS
  HOWTO QƂĂ: (http://metalab.unc.edu/mdw/HOWTO/NIS-
  HOWTO.html)D

  7.10.  hΕ(t@CAEH[)

  hΕǂ́C[J̃lbg[Nɏoł𐧌䂷邽߂̎dg
  ݂łDʁChΕǂɂȂzXg̓C^[lbgƃ[J LAN ɐ
  CȂ LAN C^[lbgւ̃ANZX͖hΕǂʂ蔲
  邵Ȃ悤ɂȂĂ܂D̂悤ɁChΕǂ̓C^[lbg LAN
  ̍s𐧌䂵܂D

  hΕǂɂ͂̎ނC̐ݒ@񂠂܂DLinux
  ͂ȂǂhΕǂɂȂ܂DhΕǂ̃R[h 2.0 ȍ~̃J[lɑg
  ݍނƂł܂DJ[l 2.0 ł ipfwadm, J[l 2.2 ł
  ipchains Ƃ[UԂœ삷c[gāClbg[
  NgtBbN̎ނVXe̓쒆ɕύX邱Ƃł܂D
  lbg[NgtBbÑO邱Ƃł܂D

  hΕǂ̓lbg[N邽߂ɑϕ֗dvȋZpłDCh
  Εǂ邩ƂāC̓̃}ṼZLeBsKvȂ킯
  ͌Ă܂D͋ɂ߂ďdȌłDhΕǂ Linux ɂ
  Ă̏ڂɂẮCmetalab ̍ŐṼA[JCuɂ Firewall-
  HOWTO ƂĂǂȂ̂ŁCQƂĂ
  (http://metalab.unc.edu/mdw/HOWTO/Firewall-HOWTO.html)D

  X IP-Masquerade mini-howto ɂ񂪂܂
  (http://metalab.unc.edu/mdw/HOWTO/mini/IP-Masquerade.html)D

  ipfwadm (hΕǂ̐ݒύX邽߂̃c[)Ɋւڂ͈ȉ
  z[y[Wɂ܂: http://www.xos.nl/linux/ipfwadm/

  hΕǂɊւołȂ̂ɁCPȂZLeBjłȂ
  hΕǂ̂̂ݒ肷\ł΁CO'Reilly and Associates Ђ̏
  uFirewallsv܂͂̑̃IChLgKǂł
  D̏Ђ̏ڂɂĂ http://www.ora.com D
  WZp(The National Institute of Standards and Technology)
  hΕǂɊւf炵hLg܂Ƃ߂Ă܂Dt 1995 N
  ƂȂĂ܂C݂łɖ𗧂܂D
  http://csrc.nist.gov/nistpubs/800-10/main.html ɂ܂Dȉ̕
  [ł傤:

  o  The Freefire Project -- t[ɗpłhΕǗpc[̃Xg
     Dhttp://sites.inka.de/sites/lina/freefire-l/index_en.html ɂ
     ܂D

  o  SunWorld Firewall Design -- O'Reilly ̏Ђ̒҂hL
     głCe̖hΕǂȒPɏЉĂ
     Dhttp://www.sunworld.com/swol-01-1996/swol-01-firewall.html ɂ
     ܂D

  7.11.  IP Chains - Linux J[l 2.2.x ɂhΕǂ̍\z

  Linux  IP Firewalling Chains ̓J[l 2.0 ̖hΕǗp̃R[hJ[
  l 2.2 pɍXV̂łD͈ȑO̎Ƒ̋@\
  Ă܂Dȉɗ񋓂܂:

  o  _ȃpPbg

  o  蕡GȃAJEeBO

  o  ɍׂ삪łCȒPȃ|V[ύX

  o  tOg̖IȃubN⋑ۂȂ

  o  pPbg̋L^

  o  ICMP/TCP/UDP ȊÕvgȐ

  ݁CJ[l 2.0  ipfwadm gł΁Cipfwadm ̃R}h`
   ipchains Ŏg`ɕϊXNvg܂D

  ڂ IP Chains HOWTO ǂ݂D
  http://www.rustcorp.com/linux/ipchains/HOWTO.html ɂ܂D

  7.12.  zvCx[glbg[N(VPN, Virtual Private Network)

  VPN ͉炩̊lbg[N̏ɁuzIȁvlbg[Nm
  @łD̉zlbg[ŃCÍ邱Ƃlbg[Nɉ
  Ă鉽炩̊m݂̑Ƃ̊Ԃ̃gtBbNʂȂƂ悭
  ܂DVPN ́CÍꂽzlbg[NpāCƂōƂĂ
  lƉЂ̓lbg[NC^[lbgoRŐڑ邽߂ɂ悭
  g܂D

  Linux  IP }XJ[hshΕǂgĂC MS 
  PPTP(Microsoft  VPN ڑ̂߂̐i)pPbgʉ߂Kv
  ꍇɂ́Cs߂̃J[lpb`gĂD
  url="ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html"
  name="ip-masq-vpn"> D

  Linux ŗpł VPN ̃\[V͂܂:

  o  vpnd. http://www.crosswinds.net/nuremberg/~anstein/unix/vpnd.html
     D

  o  Free S/Wan. http://www.xs4all.nl/~freeswan/ D

  o  ssh g VPN \z邱Ƃł܂Dڂ VPN mini-howto
     D

  o  vps (virtual private server). http://www.strongcrypto.com 
     D

  |C^ڂɂẮCIPSEC ̏͂D

  8.  ZLeB̏ (lbg[NɐڑO)

  āCVXẽ`FbNICSg₷̂ɂȂClbg
  [Nɐڑ鏀ł܂Dł́CۂɐNꂽꍇɔ
  Ă̏̂߂ɂׂƂ܂DsĂ΁CN
  ҂ɒǂCVXe𕜋Cғ邱Ƃł܂D

  8.1.  }VŜ̃obNAbv̍쐬

  obNAbv̕@ۑ}̂ɂĂ̋c_͖{hLg͈̔͊Oł
  CobNAbvƃZLeBɂĊȒPɐGĂ܂:

  1 ̃p[eBVɓĂf[^ 650MB ȉł΁CCD-R Ƀf
  [^Rs[Ɨǂł傤(₂łCƕۊǂΒ
  ԕۑł܂)De[vȂǂ̓ǂݏ\ȃfBÁCobNAbv
  I莟揑݋֎~ɂC₂łȂ悤ɂׂłDobNAb
  v̓ICŃANZXłȂꏊɒu܂傤DǂobNAbv
  Ă΁CɃVXe̎_ɕ邱Ƃł
  D

  8.2.  K؂ȃobNAbvv̌

  6 {̃e[vg񂷂ƊǗyłD4 {̃e[v𕽓ɎgCc
  2 { 1 {jɊuTŎg܂DCN^obNAb
  vsCj̃e[v(K؂ȕ)ɂ̓tobNAbv܂D
  ɏdvȕύXVXeɂꍇCdvȃf[^ꍇɂ́C
  obNAbvŝK؂ł傤D

  8.3.  RPM t@Cf[^x[X Debian ̃t@Cf[^x[X̃obN
  Abv

  VXeɐNꂽ RPM f[^x[X tripwire Ɏg
  ł܂C̓f[^x[X₂ĂȂƂmȏꍇ
  łDłCRPM f[^x[Xtbs[fBXNɃRs[ĂC
  Rs[^oĕۊǂĂ܂傤DDebian fBXgr
  [VɂĂlłD

  t@C /var/lib/rpm/fileindex.rpm  /var/lib/rpm/packages.rpm ͑
  tbs[fBXN 1 ɂ͎܂Ȃł傤DłkΕʁX
  ̃tbs[fBXNɎ߂邱Ƃł͂łD

  ɃVXeɐNĂ܂Ƃɂ́C̃R}hsăVXe
  ̊et@C܂:

                               root#  rpm -Va

  rpm ̃IC}jAQƂ΁Co͂ȂIvVɊ
  ܂DRPM ̃oCî₂ĂȂƂmF
  ł_͖YȂłD

  ̕@gꍇɂ́CV RPM pbP[Wǉ邲Ƃ RPM f[
  ^x[X̃obNAbvȂ΂Ȃ܂D̕@gǂ
  ͗_ƌ_l킹Č߂ĂD

  8.4.  VXeO̊Ď

  syslog 瓾񂪉₂Ȃ悤ɂ̂͂ƂĂdvłD
  C/var/log ̃[UǂݏłȂ悤ɂĂ܂
  D

  Oɏo͂Ă邱ƁC auth ̍ڂɂ͖ڂʂ܂傤DႦ
  OCsĂƁC͐N݂̎̍Ղ܂D

  Oǂɂ邩 fBXgr[VɂĈقȂ܂DRedHat
  ̂悤 "Linux Filesystem Standard" ɏĂVXeł΁C
  /var/log  messages t@C mail.log ͂łD

  gĂfBXgr[VǂɃOo͂Ă̂
  ́C /etc/syslog.conf t@C΂킩܂D syslogd (VX
  ẽO邽߂̃f[)ɁCbZ[W̏o͂̎dw
  t@CłD

  OȂ߂Ȃ悤ɂC₷邽߂ɁCO[e
  [gXNvgf[ݒ肷邱Ƃł܂Dŋ߂ RedHat
  fBXgr[Vł logrotate pbP[W𒲂ׂĂ݂܂傤D
  ̃fBXgr[Vɂl̎dg݂͂łD

  Ot@C₂Ă܂ĂCCǂȎނ̉₂sꂽ
  𒲂ׂ܂傤DԋL^ĂȂڂ͂܂񂩁H (
  Ȃ)obNAbṽe[vŁC₂ĂȂO`FbN邱
  ł܂D

  N̍Ղ߁CN҂͒ʏ탍Ot@C₂܂Cł
  vʂƂŃ`FbNɈ邱Ƃ܂D悤Ƃ
  ĂCroot 𓾂邽߃vOsgp悤ƂĂN
  ҂ɋCÂ܂DN҂O₂OɁCO
  傤D

  su ɂ郆[UύX⃍OC̎ݓ̃[UAJEg܂ auth
  ̍ڂ́C̃O番ׂł傤D

  \Ȃ΁Cdvȃf[^̃Rs[SȃVXeɑ悤 syslog 
  ݒ肵܂傤DɂClogin/su/ftp ̋L^ĐN҂
  Ă܂Ƃh܂Dsyslog.conf ̃IC}jA @
  IvVQƂĂD

  @\ł syslogd ܂DႦ http://www.core-
  sdi.com/ssyslog/ ɂ Secure Syslog DSecure Syslog 
  g syslog ̃GgÍĒN₂łȂ悤ɂ܂D
  ʂ̍@\ syslogd ƂĂ syslog-ng ܂DpƃO
  L^_ɍsƂłC܂[g syslog ̃Xg[
  ₂łȂ悤ɂ܂D

  ŌɂȂ܂CNǂłȂ悤ȃO͖ɗ܂DKɊ
  uăOǂ݁C͂ǂȊł̂oIɒmĂ
  ܂傤DĂ΁Cُ킪ꍇɂɌ邱Ƃł
  D

  8.5.  VXeXVpbP[W̓Kp

  قƂǂ̃[U Linux  CD-ROM CXg[܂DCZ
  LeB̂߂̃VXeC͑y[XōsĂ̂ŁCV
  (Cς݂)vOɃ[XĂ܂D}Vlbg[N
  ɐڑOɂ́Cg̃fBXgr[V FTP TCg`Fb
  NCCXg[Ɏg CD-ROM VpbP[WSĎɓ
  傤D̃pbP[Wɂ̓ZLeB֘ȀdvȏCĂ
  Ƃ̂ŁCCXg[̂͗ǂlłD

  9.  VXeɐNꂽꍇ⌻ݐNĂꍇ̑Ή

  {hLg(邢͑)̃AhoCXɏ]ĂāCVXeւ̐N
  𔭌ꍇɂ͂ǂׂł傤H ܂ŏɂׂƂ́C
  ۂƂłDĂčsƁCN҂ɂߎSȂƂ
  Ȃ邩܂D

  9.1.  ZLeBjĂŒ

  ZLeBjĂŒł邱ƂɋCÂƁCْd
  邱ƂɂȂł傤DȂǂ̂悤ɑΏ邩́CdȈӖ
  邩łD

  ꂪIȍUł̂ȂCȂ͉ƂЁCɉ҂N
  ƂɋCÂƂƂȂ̂ł傤D܂́ĈƂ̏ꏊ̐
  C҂ɒm点ׂłDȂ΁CNP[XJ悤ƂĂ
  C}Vu[g悤ƂĂ̂̂܂D
  ꍇɂ́CȂ̌ƐE菇ɊÂāC~߂邩xɘA
  邱ƂɂȂł傤D

  [J̃[UZLeBj낤ƂĂ̂ꍇɂ́C
  ܂͖{ɂ̖{lȂ̂ǂmF܂傤D̐lOCĂ
  Ă錳̃TCg𒲂ׂ܂傤D̃TCg͂̐liOCĂ
  ƂłH Ⴄ̂Ȃ΁Clbg[NIȎiŘA
  傤DႦ΁C̐l̃ItBXƂɓdb蒼ڕĂb
  ̂łD̐lƂF߂C悤ƂĂ̂
  C߂悤ɓ`܂DĂȂƂCSgɊo
  ƌꂽꍇɂ́C͍̎XɒKvł傤Ds
  Oɂ́C܂𒲂ׂđ̏W߂܂傤D

  lbg[Nł̍Uꍇɂ́C܂(\Ȃ)lbg[N
  ւ̐ڑ؂藣܂DfڑȂ΃fP[u𔲂CC[T
  lbgڑȂ΃C[TlbgP[u𔲂܂傤DɂC
  ȔQhƂł܂C葤ɂɋCÂClbg[
  N̖肾Ǝv킹邱Ƃł邩܂D

  lbg[Nڑ؂藣Ȃꍇ(ZTCgC}V𕨗Iɑ
  łȂꍇ)ɂ́CP̍ƂāCtcp_wrappers  ipfwadm ̂悤
  c[gĐN҂̃TCg̃ANZXۂ܂傤D

  N҂ƓTCg̃[USċۂ邱ƂłȂꍇ́C[UA
  JEgbNׂłD[UAJEgbN̂͗eՂłȂ
  Ƃɂ͒ӂĂD.rhosts t@CCFTP ł̃ANZXCɂ
  蓾zXgɂ͋CtĂD
  ȏ̏u(lbg[N̐ؒfCU҂̃TCg̃ANZXہCAJ
  Eg̒~)̌́C̃[ŨvZXSĎ~߁COAEg
  ܂D

  U҂͖߂Ă悤Ƃł傤Čサ΂炭͎̃TCg
  ĎׂłD炭Cʂ̃AJEgʂ̃lbg[NAhX
  gĂł傤D

  9.2.  ɃZLeBjĂ܂ꍇ

  ɃVXeɐNĂ܂ƂɋCÂꍇCNɋCÂ
  (킭)N҂VXeǂoꍇɂ͂ǂ΂ł傤
  H

  9.2.1.  ZLeB̌ǂ

  U҂VXeɐN@𒲂ׂ邱ƂłCx͂̌
  Ȃ΂Ȃ܂DႦ΁C̃[UOC钼Oɂ
  FTP ̃GgƂ܂D̏ꍇɂ FTP ̃T[rX~C
  Vo[W̃T[ooĂȂC邢̓ZLeB֌W̃[
  OXgɏC@eĂȂ𒲂ׂ܂傤D

  SẴOt@C𒲂ׁCZLeB֌W̃[OXgEFuy
  [W𒲂ׁCC\ȐVʓIȎ_oĂȂׂ܂D
  Caldela ̃ZLeBC http://www.caldera.com/tech-ref/security/
  ɂ܂DRedHat ͂܂ZLeBCƃoOC𕪗Ă܂
  CfBXgr[V̒ http://www.redhat.com/errata ɂ
  ܂D

  Debian ɂ̓ZLeB̂߂̃[OXg WWW y[W
  Dڂ http://www.debian.com/security/ ĂD

  x_ZLeBXVpbP[W[XĂ΁Cقڊm
   Linux x_ZLeBXVpbP[WoĂł傤D

  ݂̓ZLeBčsvWFNg܂D̃vWFNg
  ́C[UԂœ삷郆[eBeBgDIɑSČāCZL
  eBIȎ_I[o[t[̉\镔TƂsĂ
  D̃vWFNgɂAiEXȉɈp܂:

       uX Linux ֘Ã\[XR[h̑gDIȊčs
       OpenBSD Ɠ炢Sɂ悤ƂĂ܂DX͊ɂ
       ̖𖾂炩ɂ (ďC)܂C܂܂
       ͂KvłD̃[OXg͒Nłeł܂C
       ZLeB֘ÄʓIȋc_ɂ𗧂\[XłD̃
       [OXg̃AhX security-audit@fer-
       ret.lmh.ox.ac.uk łDwǂɂ security-audit-sub-
       scribe@ferret.lmh.ox.ac.uk ɋ󃁁[𑗂Ăv

  U҂ߏoȂ΁Cނ͂܂߂Ăł傤DȂ̃}V
  ɖ߂Ă邾łȂC LAN ɂ鑼̃}Vɂ邩܂
  Dނ炪pPbgvOsĂCC̃}Vɂ
  ANZXł悤ɂȂĂ邱Ƃł傤D

  9.2.2.  Q̌ς

  ܂Q̌ςs܂D󂳂Ăł傤H Tripwire ̂
  ȁCVXe̊S`FbNvOsĂΔQ
  ׂ鏕ƂȂ͂łDłȂ΁Cdvȃf[^SČʂɊmF
  Ȃ΂ȂȂł傤D

  ŋ߂ Linux ̃VXẽCXg[ȒPɂȂ̂ŁCݒt@C
  ۑĂĂCfBXNtH[}bgCăCXg[C
  [Ũt@CƐݒt@C߂Ƃ菇lĂ݂Ă悢
  傤D΁CVĂꂢȃVXeł邱Ƃۏ؂ł܂D
  jꂽVXeobNAbvt@CsȂ΂ȂȂꍇ
  ́CoCi߂ɂ͓ɒӂ܂傤DN҂gC̖ؔn
  uĂ邩ȂłD

  N҂ root Dꂽꍇɂ́CăCXg[K{ƍlĂ
  DāC؋cĂƎvł傤C\̃fBXN
  ɂɕۊǂĂƂʂł͂Ȃ܂D

  ̌́CǂꂾOɂꂽ̂Cĉ󂳂ꂽʂ̓obNAbv
  Ă̂ǂSzȂ΂Ȃ܂Dł邾VobN
  Abvg܂傤D

  9.2.3.  obNAbvCobNAbvCobNAbvI

  ZLeB̖ɂāCIȃobNAbv͑ϋMdȂ̂łD
  VXej󂳂ꂽꍇCKvȃf[^obNAbv珑߂Ƃ
  ł܂DU҂ɂƂĉl̂f[^܂Cނ
  f[^j󂷂邾łȂCł܂܂DłŒ
  瑤Ƀf[^͎c܂D

  ₂ꂽt@CobNAbv珑߂Oɂ́CߋɓnĂ̕
  ̃obNAbvKׂ܂傤DN҂ƑOt@C󂵂
  邩ꂸC󂳂ꂽt@C̐obNAbvĂ邩
  ܂I

  CobNAbvɂ܂ZLeB̖񂠂܂D
  obNAbv͈Sȏꏊɕۊǂ܂傤DNobNAbvɐĜ
  mĂ܂傤D(U҂obNAbvɓĂ܂
  CmȂɂȂ̎SẴf[^ɃANZXĂ܂
  D)

  9.2.4.  N҂˂~߂

  āCN҂ߏoāCVXe𕜋܂C܂SĂ͏I
  Ă܂DN҂߂܂邱Ƃ͂܂܂񂪁CU󂯂Ƃ͕
  ĂׂłD

  Ȃ̃VXeɍUsU҂̃TCg̊Ǘ҂̘AɁCU
  󂯂Ƃ񍐂܂傤D̘A whois R}hC INTERNIC
  ̃f[^x[XŒׂ邱Ƃł܂DK؂ȃÕGgƓ𑊎
  Ƀ[ő܂傤Dɂ킩ĂN҂̓΁C
  m点܂傤D[𑗂(CɂȂȂ)dbׂłD
  Ǘ҂Ȃ̃TCgւ̍U҂ɋCÂCx͂̊Ǘ҂U
  ĂĂTCg̊Ǘ҂ɘbł邩܂D

  r̗NbJ[́CNbNVXeԂɂōU
  邱Ƃ悭܂ĎoHɂ͎BVXejꂽƂ
  mȂTCg()܂DłCNbJ[̖{nǐ
  ē˂~߂邱Ƃ͍łDbǗ҂ɗȂĂC̕
  ̔zĂ܂傤D

  ܂CĂZLeB֘Ac(CERT
  <http://www.cert.org/> )Cg Linux VXẽx_ɂ
  ׂłD

  10.  ZLeB֌W̏

  UNIX ʂ̃ZLeB Linux ̃ZLeB̂ɂĂC
  ǂTCg񂠂܂DZLeBɊւ郁[OXg 1
  (邢͂ȏ)wǂCZLeBɊւCɍŐV̏Ԃ
  ĂƂdvłDȉɋ郊Xg͗ʂȂłCƂĂ
  LvȂ̂łD

  10.1.  FTP TCg

  CERT  Computer Emergency Response Team ̗łDCERT ͍ŐV̍U
  ̑ΏɂĂ̌x𔭍sĂ܂Dڂ cert.org Ă
  D

  Replay (http://www.replay.com) ɂ̓ZLeB֘AvȎ傫
  A[JCu܂D̃TCg̓AJOɂ͂܂
  ŁCAJ̔nÍKɏ]Kv͂܂D

  Matt Blaze  CFS ̍҂łCZLeB̑ƂłDMatt ̃A
  [JCu ftp://ftp.research.att.com/pub/mab
  <ftp://ftp.research.att.com/pub/mab> ɂ܂D

  tue.nl ̓I_ɂ傫ȃZLeB֌W FTP TCgłD
  ftp.win.tue.nl

  10.2.  EFuTCg

  o  The Hacker FAQ ̓nbJ[Ɋւ FAQ ł: The Hacker FAQ

  o  COAST A[JCuɂ UNIX ̃ZLeB֘AvOƏ񂪂
     񂠂܂: COAST

  o  SuSe ɂZLeB̃y[W: http://www.suse.de/security/

  o  Rootshell.com ̓VXe̖m̂ɑϖ𗧂TCgŁC݂
     NbJ[ɂgĂ܂: http://www.rootshell.com/

  o  BUGTRAQ ̓ZLeBɊւ銩𔭍sĂ܂: BUGTRAQ
     archives

  o  CERT(the Computer Emergency Response Team) UNIX ɑ΂ʓI
     UɊւ銩𔭍sĂ܂: CERT ̃z[y[W

  o  Dan Farmer  SATAN ̃ZLeB֘Ac[̍҂łD̃z
     [y[Wɂ̓ZLeBɊւ鋻[ʂZLeB
     Ac[܂: Dan Farmers trouble.org

  o  The linux security WWW  Linux ̃ZLeB𒲂ׂ̂ɕ֗
     ȃTCgł: Linux Security WWW

  o  Infilsec ɂ͓̃vbgtH[̃ZLeBIȎ_𒲂ׂ邱
     Ƃł錟GW(vulnerability engine)܂:
     http://www.infilsec.com/vulnerabilities/

  o  CIAC ͈ʓIȖɂĒIɃZLeB bulitin 𑗂Ă
     ܂: http://ciac.llnl.gov/cgi-bin/index/bulletins

  o  Linux Pluggable Authentication Modules(ւ\ȔF؃W[
     )̗ǂ傪 http://www.kernel.org/pub/linux/libs/pam/ ɂ
     D

  o  Debian vWFNgɂ̓ZLeB֌W̏CpbP[WƏڂ
      WWW y[W܂(http://www.debian.com/security/)D

  o  WWW Security FAQ:  Lincoln Stein ꂽŁCWWW ̃Z
     LeBɊւf炵Ql
     Dhttp://www.w3.org/Security/Faq/www-security-faq.html 
     D

  10.3.  [OXg

  Bugtraq: Bugtraq wǂɂ́Clistserv@netspace.org ɖ{
  `subscribe bugtraq' ł郁[𑗂܂D([OXg̃A[J
  CuɂẮCOq̃NQƂĂD)

  CIAC: majordomo@tholia.llnl.gov ɖ{(TuWFNgł͂܂)
  `subscribe ciac-bulletin' ł郁[𑗂܂D

  RedHat ͂̃[OXg^cĂ܂C̒ł
  dvȂ̂ redhat-announce [OXgłDZLeB(̑)
  ̏CpbP[WɊւ񂪏oƂɂɓe܂D{
  usubscribe redhat-announcevł郁[ majordomo@redhat.com 
  ĂD

  Debian vWFNgZLeBXVpbP[W[OXg
  ^cĂ܂Dڂ http://www.debian.com/security/ 
  D

  10.4.  

  ZLeB֌W̗Ǐ͂񂠂܂D̏͂ł͂̈ꕔЉ
  DZLeB̖{ɉCVXeǗ̖{̑łZLeB
  ̘bĂ܂D (: ̖{̘a󂪂΂Ђm点
  D)

  Building Internet Firewalls By D. Brent Chapman & Elizabeth D. Zwicky

  1st Edition September 1995

  ISBN: 1-56592-124-0

  Practical UNIX & Internet Security, 2nd Edition By Simson Garfinkel &
  Gene Spafford

  2nd Edition April 1996

  ISBN: 1-56592-148-8

  Computer Security Basics By Deborah Russell & G.T. Gangemi, Sr.

  1st Edition July 1991

  ISBN: 0-937175-71-4

  Linux Network Administrator's Guide By Olaf Kirch

  1st Edition January 1995

  ISBN: 1-56592-087-2

  PGP: Pretty Good Privacy By Simson Garfinkel

  1st Edition December 1994

  ISBN: 1-56592-098-8

  : a

  R{aFĖuPGP Í[Ɠdqv

  ЃIC[Wp, 1996

  ISBN: 4-900900-02-8

  łD

  Computer Crime A Crimefighter's Handbook By David Icove, Karl Seger &
  William VonStorch (Consulting Editor Eugene H. Spafford)

  1st Edition August 1995

  ISBN: 1-56592-086-4

  11.  p

  o  F(authentication): 󂯎f[^ꂽ̂Ɠł邱
     ƂCf[^̑傪{Ɏۂɖ{lł邩ǂmF邱
     ƁD

  o  vǃzXg(bastion host):ʏ̓C^[lbgɐڑClb
     g[NŃ[UANZX钆SzXgDȂVXe
     Uɑ΂ĐƎł邽߁CxɈSɂȂ΂ȂȂD̖
     O͒̏Ԃ̊Oǂ̍xȖhHɗRDvǂ̊ē͎
     vłCʏ͊ȕǂCR̋lCU҂ނ
     邽߂̖M鉱D

  o  obt@I[o[t[(buffer overflow): ʏ̃vȌ
     ́Cu\obt@vmۂꂸCobt@̃I[o[t[
     `FbNsȂƂD̂悤ȃobt@I[o[t[
     ƁCvO(f[ setuid ꂽvO)𓮍쒆ɑ
     ̖ړIɈp邱Ƃ\łDʓIɁC̓X^bN̊֐
     ̖߂𑼂̏ꏊɏ㏑邱ƂōsD

  o  T[rXWQU(denial of service): T[rXWQÚCU҂{
     ̖ړIƂ͈قȂgŃRs[^̎HׂCʏ̃lb
     g[N̗pWQUłD

  o  dual-homed host: ȂƂ 2 ̃lbg[NC^tF[X
     Cėp̃Rs[^VXeD

  o  hΕ(firewall): ی삳ꂽlbg[NƃC^[lbgԁC邢
     ͈قȂlbg[Nm̊Ԃ̃ANZX𐧌R|[lg
     ̓R|[lg̏WD

  o  zXg(host): lbg[NɐڑꂽRs[^

  o  IP (IP spoofing): IP ͕̗̂vfȂCZpIɕGȍU
     łDȂ͑肪NmĂł邪Cۂɂ͂
     ł͂ȂƂCM֌WɊÂgbNŃZLeB̖N
     Ddaemon9, route, infinity ɂďꂽڂy[p[
     Phrack Magazine   7 C 48 ɂD

  o  ۔Fh~(non-repudiation): 傪f[^𑗂Ƃォے
     悤ƂĂC̑傪ۂɃf[^𑗂Ƃf[^
     ؖłƂD

  o  pPbg(packet): C^[lbgɂʐM̊{PʁD

  o  pPbgtB^O(packet filtering:) lbg[No肷
     f[^̗IIɐ䂷邱ƁDpPbgtB^́Cʏ͊O
     lbg[NƂ̊Ԃ̃[eBO̎ɁCpPbg̒ʍs邢
     ͋֎~(ʂ̓C^[lbgƓlbg[N̊)DpPbg
     tB^Os߂ɂ́C܂͋֎~pPbg̎(
      IP 邢̓|[gŎw)w肷郋[ݒ肷KvD

  o  Elbg[N(perimeter network): ZLeB̑wǉ邽
     ɁCی삳ꂽlbg[NƊOlbg[NƂ̊Ԃɍlbg[
     NDElbg[N͔񕐑n(DMZ, demilitarized zone)ƌĂ΂
     ƂD

  o  㗝T[o(proxy server): NCAgɊOT[oփANZX
     邽߂̃vODNCAg͑㗝T[oɃANZXC㗝T
     [óCNCAg̋NGXgۂ̃T[oɒpC
     ̉NCAgɒpD

  o  [p[[U(superuser): root ̒ʏ́D

  12.  悭鎿

  1. hCoJ[lɒڑgݍނ̂ƁCW[Ƃč쐬̂
     ́Cǂ炪Sł傤H

     : W[pfoCXhCõ[h@\͖ɂĂ
     ǂƂӌ̐l܂DƂ̂CN҂gC̖ؔn
     d񂾃W[VXẽZLeBɉe^郂W[
     [h邩ȂłD

     CW[ǂݍނ߂ɂ root ɂȂȂĂ͂Ȃ܂
     DW[̃IuWFNgt@C邱Ƃł̂
     root łD܂CN҂W[gݍނ߂ɂ́Croot
     KvłDtɐN҂ root 𓾂Ă܂CW[
     [h邩ǂƂƂCƐ[ȎԂɂȂ܂D

     W[͂܂pɂɎgpȂfoCX𓮓Iɓǂݍނ
     ̎dg݂łDႦ΃T[o}VhΕǂȂǂł́CƂ͂
     ܂N܂D]āCT[oƂē}Vł́CJ[l
     ڃhCogݍޕǂł傤D܂CW[gƒ
     ڃJ[lɑgݍޏꍇ삪xȂ܂D

  2. [g̃}V root ŃOCł܂D

     : ``root ̃ZLeB''̏͂ǂ݂܂傤D̓[g̃
     [U telnet  root ƂăOC悤Ƃ̂h߁C킴
     ƂĂ̂łD root Ƃ telnet ŃOĈ̓ZL
     eBIɂ͔Ɋ댯ȂƂłDN҂ɂȂ\l͏
     ɂȂ̂΂ɂāCpX[h𓐂ނ߂̃vOIɓ
     Ă邱ƂYĂ͂Ȃ܂D

  3. RedHat Linux 4.2, 5.x ŃVhEpX[hgɂ͂ǂΗǂ
     ł傤H

     : VhEpX[h́CW /etc/passwd t@CȊÕt@C
     ɃpX[hi[@\łDɂ͂̗_
     Dŏ̗_́CVhEt@C /etc/shadow ͒Nłǂ߂Ȃ
     ȂȂ /etc/passwd t@CƈقȂCroot ǂݏoȂ_
     Dʂ̗_́CǗ҂ƂāC̃[UAJEg̏ԂNɂm
     点Ȃ܂܁CAJEgL܂͖ɂł邱ƂłD

     VhEpX[hgĂĂC[UO[v̊i[ɂ
     /etc/passwd t@Cg܂D̃t@ĆC /bin/ls ̃v
     OfBNg\̍ۂɃ[U ID K؂ȃ[Uɕϊ
     ߂Ɏg܂D

     /etc/shadow t@Cɂ́C[UƃpX[hƃAJEg̗L
     Ȃǂ̃AJEg񂾂܂܂Ă܂D

     VhEpX[hLɂ邽߂ɂ́Croot ɂȂ pwconv R}
     hs܂D /etc/shadow t@CCAvP[
     VɎg悤ɂȂ܂DRedHat 4.2 ȍ~ł́Cʏ
     /etc/passwd t@CVhEpX[hւ̕ύXւ̓K PAM 
     W[Iɍs܂D̕ύX͑SKv܂D

     pX[ḧSlĂ΁CԂpX[hŏǂ
     낤Ǝvł傤Ds߂ PAM ̈ꕔł
     `pam_cracklib' W[pł܂D̓pX[hɑ΂
     Crack CuKpCpX[hNbLOvOɂ
     ȒPɐȂǂׂ邱Ƃł܂D

  4. Apache  SSL g͂ǂėLɂ̂łH

     :

     1. o[W 0.8.0 ȍ~ SSLeay 
     <ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL> 肵܂

     2. RpCCeXgCăCXg[܂

     3. Apache 1.2.5 ̃\[X肵܂

     4. 
     <ftp://ftp.ox.ac.uk/pub/crypto/SSL/apache_1.2.5+ssl_1.13.tar.gz> 
      Apache SSLeay g肵܂

     5.  Apache 1.2.5 ̃\[XfBNgœWJCREADME ɏ]
     ăpb`𓖂Ă܂

     6. ݒƃRpCs܂

     AJOɂ Replay AssociatesoCipbP[W肷
     邱Ƃł܂D

  5. ZLeBmۂ܂܂ŁC[UAJEgɂ͂ǂ
     Ηǂł傤H

     : RedHat fBXgr[VC RedHat 5.0 ɂ́C[UA
     JEg̏ԂύXc[Ă܂D

  o  VhEpX[hƔVhEpX[h𑊌ݕϊ pwconv 
     unpwconv

  o  passwd t@C group t@C̍\ǂ pwck
      grpck

  o  [UAJEg̒ǉC폜CύXs useradd, usermod,
     userdelDO[vɂēl̍Ƃs߂ groupadd, gropumod,
     groupdel

  o  O[vɃpX[hݒ肷 gpasswd

     ̃vO͑SāuVhEΉvłD܂CVhEpX
     [hLł΁C/etc/shadow ̃pX[hQƂCL
     Ȃ΂̃t@C͎QƂ܂D

     ڂ́Cꂼ̃R}h̃IC}jAQƂĂ
     D

  6. Apache œ HTML pX[hŕی삷ɂ͂ǂ΂悢ł
     H

     http://www.apacheweek.org ̂ƂȂł傤H

     [UF؂ɂẮChttp://www.apacheweek.com/features/userauth
     ɏ񂪂܂CEFuT[oɊւ邻̑̃qg
     http://www.apache.org/docs/misc/security_tips.html ɂ܂D

  13.  ܂Ƃ

  ZLeBɊւx郁[OXgwǂ邱ƂƁCŐV
  ̃\tgEFAgƂɂāCZLeB啝Ɍコ邱Ƃ
  ł܂DOt@Cɒӂ𕥂Ctripwire ̂悤ȃvO
  IɎs΂Ɨǂł傤D

  ƒ̃}VǗ镪ɂ́C\ȃx̃ZLeBł͂
  ܂DdɎg}Vł͂Ȃw͂Kvł傤CLinux ͂Ȃ
  SȃvbgtH[łDLinux ̊J̓ɂCZLeB֘A
  ̏Cp OS ƑƂXĈ Linux ̓Z
  LeBKvȏꍇɂ͗zIȃvbgtH[ɂȂĂ܂D

  14.  ӎ

  {hLg̏͂낢ȏW߂̂łDځEԐړIɍv
  Ăȉ̕XɊӂ܂:

       Rob Riggs  rob@DevilsThumb.com

       S. Coffin  scoffin@netcom.com

       Viktor Przebinda  viktor@CRYSTAL.MATH.ou.edu

       Roelof Osinga  roelof@eboa.com

       Kyle Hasselbacher  kyle@carefree.quux.soltc.net

       David S. Jackson  dsj@dsj.net

       Todd G. Ruskell  ruskell@boulder.nist.gov

       Rogier Wolff  R.E.Wolff@BitWizard.nl

       Antonomasia  ant@notatla.demon.co.uk

       Nic Bellamy  sky@wibble.net

       Eric Hanchrow  offby1@blarg.net

  Robert J. Berger rberger@ibd.com

  Ulrich Alpers  lurchi@cdrom.uni-stuttgart.de

  David Noha  dave@c-c-s.com

  ȉ̕X͂ HOWTO FXȌtɖ|󂵂Ă܂!

  Linux ̌tL߂`ĂSĂ̕Xɐ[ӂ܂D

  |[h: Ziemek Borowski  ziembor@FAQ-bot.ZiemBor.Waw.PL

  {: P fjwr@mtj.biglobe.ne.jp

  ChlVA: Tedi Heriyanto  22941219@students.ukdw.ac.id

