ZITA
hosts_access - mafaira ekugadzirisa mafaira ekugadzirisa
DESCRIPTION
Iri peji peji rinotsanangura nyore nyore kutarisa mutauro wakabva kune vateereri (zita remutambo / kero, zita remushandisi), uye sevha (zita rekuita, zita rekukoka / kero) maitiro. Mienzaniso inopiwa pamugumo. Muverengi asingashiviriri anokurudzirwa kuti aende kune chikamu cheEAMPAMPLES chekutsvaga nokukurumidza .Indaneti yakawedzerwa yeruzivo rwekutaura inorondedzerwa muWestern_options (5) rugwaro. Izvo zvakapetwa zvinoshandiswa purogiramu yekuvaka nguva nekuvaka ne -DPROCESS_OPTIONS.
Mutsamba inotevera, daemon ndiyo iyo nzira yekuita ye network network maitiro , uye mutengi ndiro zita uye / kana kero yebasa rinokumbira basa. Network daemon mazita mazita akataurwa mu inetd configuration file.
KUTAITWA KUTAURA MAFILE
Izvo zvinoshandiswa kupedza software inoongorora mafaira maviri. Kutsvakurudza kunomira pamutambo wokutanga.
Kutsvaga kuchapiwa apo (daemon, muteresi) ari vaviri anofambisa kupinda mune /etc/hosts.allow file.
Kana zvisina kudaro, kuwanika kucharamba apo (daemon, muteresi) sendimi inopindirana kupinda mukati me /etc/hosts.deny file.
Kana zvisina kudaro, kuwanika kuchapiwa.
A isiri iyo yaivepo yekugadzirisa faira faira inotorwa sekunge iine faira isina chinhu. Nokudaro, kutaridzika kwekugona kunogona kuvharwa nekupa pasina magwaro ekugadzirisa.
MITEMO YOKUTAURA NOKUTANGA
Dhigirii rimwe nerimwe rekushandisa rinoshandisa zero kana mamwe mitsetse yemagwaro. Mitsara iyi inoshandiswa mukugadzirisa kwechitarisiko. Tsvakurudzo inoguma apo mutsva unowanikwa.
A newline character inoratidzirwa kana inotangira nehutsika shure. Izvi zvinokubvumira iwe kuputsa mitsetse yakareba kuitira kuti zvive nyore kuronga.
Mitsara isina kumira kana mitsetse inotanga ne `# 'unhu haigoni kuonekwa. Izvi zvinokubvumira kuti uise zvinyorwa uye whitespace kuitira kuti tafura dzive nyore kuverenga.
Mimwe mitsara inofanirwa kugutsikana maitiro aya, zvinhu pakati pe [] kusarudza:
daemon_list: client_list [: shell_command]
daemon_list inorongwa rwemumwe kana kupfuura daemon mazita mazita (argv [0] maitiro) kana wildcards (ona pasi).
client_list ndeyorodzero yezita rimwe kana mazita akawanda, mazita adhesi, mapepa kana kuti wildcards (ona pasi apa) iyo ichafananirana nechokumutumira wezita revatengi kana kuti kero.
Iyo yakaoma kwazvo mafomu daemon @ mutariri uye user @ mutambi inotsanangurwa muzvikamu pane server server endpoint patterns uye pamutauro wevashandi vekuteerera, maererano.
Nyora zvinyorwa zvinofanira kuparadzaniswa nematanda uye / kana makasita.
Kunze kweNIS (YP) netgroup lookups, vose vanogona kutarisa kuongorora zvinenge zvisingaiti.
PATTERNS
Mutauro wekushandisa kutonga unoshandisa nzira dzinotevera:
Tambo inotanga ne `. ' character. Zita reimba rinowirirana kana zvikamu zvekupedzisira zvezita razvo zvinopindirana netsika yakataurwa. Somuenzaniso, mufananidzo `.tue.nl 'unofanidza zita rekukoka` wzv.win.tue.nl'.
Tsambo inoguma ne' `. ' character. Kero yeimba inofananidza kana iyo yekutanga nhamba dzenhamba dzichienderana netsamba yakapiwa. Somuenzaniso, muenzaniso '131.155.' inofanidza kero ye (inenge inenge iri) vose vanogara muEindhoven University network (131.155.xx).
Netambo inotanga ne `@ 'hutano inorapwa seNIS (yekare YP) nhamba yeboka re netgroup. Zita reimba rinowirirana kana iri nhengo yejeri ye netgroup yakataurwa. Netgroup mitsamba haibatsirwi mazita ekutsvaga daemon kana kuti mazita emuteresi wemaseriti.
Mutsara wemufananidzo `nnnn / mmmm 'unotsanangurwa se' marata / mask 'maviri. An IPv4 host address inofananidzwa kana `net 'yakaenzana neyakatenderera uye yekero uye` mask'. Somuenzaniso, mureza / pattern mask `131.155.72.0/255.255.254.0 'inotarisana nekero imwe neimwe munharaunda' 131.155.72.0 'kuburikidza ne` 131.155.73.255'.
Chirevo chemufananidzo `[n: n: n: n: n: n: n: n] / m 'inotsanangurwa se` [net] / prefix prefix' vaviri. An IPv6 host address inokodzera kana `prefixlen 'bits ye` net' yakaenzana ne `prefixlen 'bits yekero. Semuenzaniso, iyo [mumbure] / prefixlen pattern `[3ffe: 505: 2: 1 ::] / 64 'inoenderana nekero imwe neimwe mumakero' 3ffe: 505: 2: 1 :: 'kuburikidza` 3ffe: 505: 2: 1: fff: fff: fff: fff '.
Rwonzi runotanga ne `/ 'chimiro rinorapwa sezita refaira . Zita renhare kana kero yakafananidzwa kana ichienderana chero ipi zvayo yakagamuchira zita kana kuti kero yekero yakanyorwa pane iyo inonzi faira. Iyo fomati yefaira ndeye zero kana mamwe mitsara ne zero kana zita rinopfuura rekugamuchira kana mapepa eateri akaparadzaniswa ne whitespace. Ipafisi zita rekushandisa rinogona kushandiswa kupi chero zita rekukoka kana kero yekero rinogona kushandiswa.
Wildcards `* 'uye`?' inogona kushandiswa kuenzanisa hostnames kana IP mazita . Iyi nzira yekufananidza haigoni kushandiswa pamwe chete ne `net / mask 'inoenderana, hostname inoenderana kutanga ne`.' kana kuti kero ye IP inoenderana nekuguma ne `. '.
WILDCARDS
Mutauro wekushandisa kutonga unotsigira wildcards zvakajeka:
ALL
Chikamu chepasi rose, nguva dzose chinowirirana.
LOCAL
Inobatanidza chero ani zvake ane zita risina dot dot.
HASINGAZI
Inobatanidza chero mushumiri ane zita risingazivikanwi, uye anofambisa chero ani zvake ane zita kana kero yacho asingazivikanwi. Iyi muenzaniso inofanira kushandiswa nekutarisira: mazita evanhu vanogona kunge asina kuwanikwa nekuda kwezita rechinguvana sevha matambudziko. A network network haichawanikwi kana software isingagoni kuverenga rudzi rwehutano rwauri kutaura.
KNOWN
Inofanirwa chero ani zvake ane zita raanozivikanwa, uye anofambisa chero ani zvake ane zita uye kero yake inozivikanwa. Iyi muenzaniso inofanira kushandiswa nekutarisira: mazita evanhu vanogona kunge asina kuwanikwa nekuda kwezita rechinguvana sevha matambudziko. A network network haichawanikwi kana software isingagoni kuverenga rudzi rwehutano rwauri kutaura.
PARANOID
Anobatanidza chero ani zvake ane zita risingatauri nekero racho. Apo tcpd yakavakwa ne -DPARANOID (default mode), iyo inodonhera zvikumbiro kubva kune vakadaro kunyange vasati vatarisa pahutachiona hwekubata tafura. Gadzira pasina -DPARANOID apo unoda humwe hutungamiri pane zvikumbiro zvakadaro.
OPERATORS
KUBVA
Shanduro inoshandiswa ndeye fomu: `list_1 EXCEPT list_2 '; ichi chivakwa chinobatanidza chero chinhu chakafanana nenyaya_ kunze kwekuti yakabatana nenyaya_2 . Icho CHINHU chakanaka chinogona kushandiswa mu daemon_lists uye mu client_lists. IYE chete muteresi anogona kugadziriswa: kana mutauro wekutonga unobvumira kushandiswa kwevabereki, kunze kwekuti b KUTEGA c 'ichataurirana se' ((CHIMWE (b KUTECHA c))'.
Kana mutemo wekutanga wekutaridzika wekugona kupinda une chikwata chegoogle, mutemo iwoyo unotungamirirwa ne% replacement (ona chikamu chinotevera). Chigumisiro chacho chinoitwa ne- bin / sh / sh mwana nzira yekuita nehuwandu hwekupinza, zvakabuda uye kukanganisa zvakabatana ne / dev / null . Taurai `` 'pakuguma kwemurairo kana iwe usingadi kumirira kusvikira wapedza.
Shell mirayiridzo haifaniri kuvimba nepakisa PAT ye inetd. Panzvimbo pezvo, vanofanira kushandisa mazita emhando yakakwana, kana kuti vanofanira kutanga ne PATH yakajeka = chero zvinyorwa.
Iko_mashoko_options (5) gwaro rinotsanangura imwe shanduro inoshandiswa inoshandisa sarudzo yekomba mune imwe nzira uye yakasiyana.
% ZVINHU
Kuwedzera kunotevera kunowanikwa mukati memirairo yegogi:
% a (% A)
Muteereri (server) kero yevaiti .
% c
Muteveri wemashoko: user @ host, user @ address, zita reimba, kana kuti kero, zvichienderana nekuwanda kwemashoko aripo.
% d
Dhiyabhorosi zita rekuti (argv [0] kukosha).
% h (% H)
Muteereri (server) zita rekugamuchira zita kana kuti kero, kana zita reimba risingawanikwi.
% n (% N)
Mushandisi (server) zita reimba (kana "asingazivi" kana "paranoid").
% p
Dhiyabhorosi yekuita id.
% s
Server info: daemon @ host, daemon @ kero, kana zita re daemon, zvichienderana nehuwandu hwemashoko aripo.
% u
Inoshandiswa nevashandisi vezita (kana "vasingazivi").
%%
Inowedzera kune imwechete%%.
Vadzidzi mu% kudarika kunogona kukanganisa shell inoshandiswa nekusimbisa.
SERVER ENDPOINT PATTERNS
Kuti tisiyanise vatengi nekero yenetaneti yavanosangana nayo, shandisa maitiro eforomu:
process_name @ host_pattern: client_list ...
Mienzaniso yakaita seyi inogona kushandiswa apo mishonga ine adhensi dzakasiyana dzee internet nedzimwe shandisi dzema internet. Vashandi vebasa vanogona kushandisa sangano iri kupa FTP, GOPHER kana WWW archives nemazita eInternet angangodaro ari emasangano akasiyana. Onawo 'kushandura' sarudzo muWords_options (5) dhidhiyo. Zvimwe zvirongwa (Solaris, FreeBSD) zvinogona kuva nekero imwe yekeroti yeinternet pane imwe yemagetsi; pamwe nedzimwe mamiriro ezvinhu iwe unogona kuenderera kuSIPIP kana PPP nheyo dzepisodes dzinogara mune imwe nzvimbo yakatsaurirwa kero yenzvimbo.
Mushandi_pattern inoteerera mitemo yakafanana yemasitadhi semazita evanhu uye mazita muklayeri_list mamiriro. Kazhinji, ruzivo rwekupedzisira kwepavha rinowanikwa chete nehutano hunoendesa.
CLIENT USERNAME LOOKUP
Apo muteresi wemubatsiri anobatsira purogiramu yeRFC 931 kana mumwe wemadzinza ayo (TAP, IDENT, RFC 1413) mapurogiramu ekugadzirisa anogona kuwanazve mamwe mashoko pamusoro pomuridzi wekubatana. Mushandisi wemutauro wemashoko, kana iripo, yakabatanidzwa pamwe chete nevatengi vezita revanhu, uye inogona kushandiswa kufanana nemaitiro akadai:
daemon_list: ... user_pattern @ host_pattern ...
Iyo daemon wrappers inogona kugadziriswa pakunyora nguva yekuita mutemo unotungamirirwa nemitemo (default) kana kuti nguva dzose kubvunzurudza mutambi wevatengi. Munyaya yezita rekutonga rinotungamirirwa nemitemo, mutemo wepamusoro unogona kuita kuti username ishande chete kana zvose daemon_list uye host_pattern match.
Mushandisi wemashandisi ane chimiro chimwechete se daemon process process pattern, saka mapurcards akafanana anoshanda (uwandu hwemashoko haubatsiri). Mumwe haafaniri kutorerwa nemazita ekushandisa, kunyange zvakadaro.
Izwi remutauro wevateresi hazvikwanisi kuvimbwa kana zvichinyanya kudiwa, kureva apo apo mutevedzeri wekodzero akaiswa pasi. Pasi pose, ALL uye (UN) VAZIVA ndivo chete mazita emashandisi anoita pfungwa.
Username lookups inogoneka chete neTCP-based based services, uye chete kana muenzi wevashandi achishandisa daemon yakakodzera; mune dzimwe mimwe zviitiko chigumisiro "chisingazikamwi".
Imwe inozivikanwa yeUNIX kernel bug inogona kukonzera kurasikirwa kwebasa kana zita rekushandisa rekuvhara rakachengetedzwa nemoto. Iyo yakagadzirirwa README inyandiko inotsanangura nzira yekuziva kana kernel yako ine iyi bug.
Zita rekushandisa rinogona kukonzera kunonoka kunoonekwa kune vasiri UNIX. Nguva yakatarwa yekushandurwa kwezita rekushandisa sevheti ndeyemasvondo gumi: yakapfupika kuti isangane nemitambo yakadzika, asi kwenguva yakakwana yekugumbura vashandi vePC.
Zita rekusarudza rekushandisa rinogona kuderedza dambudziko rekupedzisira. Somuenzaniso, mutemo wakafanana:
daemon_list: @pcnetgroup ALL @ ALL
yaizofananidza nhengo dzepc netgroup dzisina kuita username lookups, asi yaizoita zita rekushandisa rekushandisa nemamwe masangano ose.
DETECTING ADDRESS ZVINHU ZVINOKUDZIDZA
Izvo zvisina kukodzera mukuenzanisa nhamba ye generator yezhinji TCP / IP kushandiswa kunobvumira vashandi kuti vatevedzere vanhu vanovimbwa navo uye kuti vapinde mukati, semuenzaniso, iyo nzvimbo yakakura yebasa. Iyo IDENT (RFC931 nezvimwewo) basa rinogona kushandiswa kuona iyo yakadaro uye imwe yakagadzirisa kero spoofing kurwisa.
Usati wagamuchira muchengeti chikumbiro, wrappers anogona kushandisa IDENT service kuti aone kuti muchengeti haana kutumira chikumbiro zvachose. Kana mutambi wevachengeti anopa IDENT yesebhenekeri, mhinduro isina kunaka IDENT yekutsvaga (muchengeti unofananidzwa ne 'UNKNOWN @ mutariri') uchapupu hwakasimba hwehupenyu hwekukunda spoofing.
Chirongwa chakanaka chekutsvaga (iyo muchengeti anofanana ne 'KNOWN @ mutariri') haatenderi kutendeseka. Zvinogoneka kuti muchengeti aparadze zvose mutengesi weklayiti uye kuwanikwa kweDENT, kunyange zvazvo kuita kudaro kwakaoma zvikuru kupfuura spoofing kungoita mutengesi. Zvinogonawo kuva kuti IDENT server iyo inoreva nhema.
Cherechedza: IDENT zvitsva hazvishandi pamwe neDP services.
EXAMPLES
Mutauro wacho unoshanduka zvakakwana zvokuti mitemo yakasiyana-siyana yekuwana rusununguko rwekutonga inogona kuratidzirwa nehuwandu hwekukakavara. Kunyange zvazvo mutauro unoshandisa mairi maviri ekugadzirisa mafurafura, mitemo yakawanda inogona kushandiswa neimwe yematafura isinganzwisisi kana kunyange isina chinhu.
Paunenge uchiverenga mienzaniso iri pasi apa zvakakosha kuziva kuti gwaro rekubvumira rinotariswa pamberi pekurasikirwa tafura, kuti kutsvaga kunoguma apo mutsara unowanikwa, uye kuti kuwanika kunopiwa kana pasina kuwanikwa kunowanikwa zvachose.
Mienzaniso inoshandisa vagari uye mazita ekutonga. Inogona kuvandudzwa nekubatanidza kero uye / kana network / netmask information, kuti kuderedza kusvibiswa kwezita rekanguva revhareji kusakundikana.
ZVAKASVEDZWA
Muchiitiko ichi, kuwanika kunorambidzwa nekutadza. Mauto chete anonyatsobvumirwa anobvumirwa kupinda.
Izvo zvisiri izvo zvinoshandiswa (hapana kuwanikwa) zvinoshandiswa nemutambo muduku wokuramba:
/etc/hosts.deny: ALL: ALL
Izvi zvinoramba mabasa ose kune vose vane masimba, kunze kwekuti vachibvumirwa kupinda nekupinda mufoni yekubvumira.
Mauto anogamuchirwa akajeka akanyorwa mufoni yekubvumira. Semuyenzaniso:
/etc/hosts.allow: ALL: LOCAL @some_netgroup
Zvose: .foobar.edu PASI terminalserver.foobar.edu
Mutemo wekutanga unobvumira kusvibiswa kubva kune masimba munharaunda yemunharaunda (kwete `. 'Muzita reimba) uye kubva kune vamwe ve- some_netgroup netgroup. Mutemo wechipiri unobvumira kushandiswa kubva kune vose mauto mu foobar.edu domain (cherechedza iyo inotungamirira dot), kunze kwe terminalserver.foobar.edu .
KUPENYU KUPENYU
Pano, kuwanika kunopiwa nekutadza; zvinongorondedzerwa zvakananga maitiro zvakaramba basa.
Izvo zvisiri izvo zvinoshandiswa (kubvumirwa kunowanikwa) kunoita kuti chibvumirano chefaira chiwedzere kuitira kuti chikwanise kubviswa. Izvo zvisingazivikanwi zvisiri izvo zvakagadzirirwa zvinowanikwa mufaira rekuramba. Semuyenzaniso:
/etc/hosts.deny: ALL: vamwe.host.name, .some.domain
ZVACHOSE mu.fingerd: other.host.name, .other.domain
Mutemo wekutanga unoramba mamwe mauto uye madzinza ose mabasa; mutemo wechipiri unobvumira zvikumbiro zveminwe kubva kune dzimwe nzvimbo uye mazita.
BOOBY TRAPS
Muenzaniso unotevera unobvumira tftp zvikumbiro kubva kune vane masimba munharaunda yemunharaunda (ona chinyorwa chinotungamirira). Zvinokumbira kubva kune dzimwe nzvimbo dzesimba zvinorambwa. Panzvimbo pefaira rakakumbirwa, kuongorora kweminwe kunotumirwa kumunhu anokanganisa. Chigumisiro chacho chinotumirwa kumunhu mukuru.
/etc/hosts.allow:
in.tftpd: LOCAL, .my.domain /etc/hosts.deny: in.tftpd: ALL: spawn (/ zvimwe / kupi / safe_finger -l @% h | \ / usr / ucb / mail -s% d-% h root) &Mutemo wakachengeteka unouya ne tcpd wrapper uye unofanira kuiswa panzvimbo yakakodzera. Inogadzirisa zvinganganisa kukuvadza kubva kune data yakatumirwa nechokure kure siri server. Inopa kudzivirirwa zviri nani kudarika murairo weminwe wepamusoro.
Kuwedzerwa kwe% h (muchengeti wevatengi) ne% d (zita rebasa rekutsanangurira) rinotsanangurwa muchikamu chekuisa mirairo.
Inyevero: usati booby-tsunga daemon yako yemunwe, kunze kwekuti iwe wakagadzirirwa zvisingagumi zvemunwe.
Pakombiyuta moto firewall systems iyi tsvina inogona kutakurwa kunyanya. Iko inowanzofambisa moto inowanika chete inopa huwandu hweshumiro kune yekunze kwenyika. Mamwe mabasa ose anokwanisa "kubhadharwa" semuenzaniso wepamusoro. Chigumisiro chacho inonakidza kare-yambiro yehurongwa.
ONA DZIMWE
tcpd (8) tcp / ip daemon wrapper program. tcpdchk (8), tcpdmatch (8), zvirongwa zvekuedza.Zvinonyanya kukosha: Shandisa mutemo wevanhu ( % munhu ) kuti uone kuti murairo unoshandiswa sei pane imwe kombiyuta.