svn commit: r51188 - head/ja_JP.eucJP/books/handbook/security
Ryusuke SUZUKI
ryusuke at FreeBSD.org
Tue Nov 7 14:14:44 UTC 2017
Author: ryusuke
Date: Tue Nov 7 14:13:27 2017
New Revision: 51188
URL: https://svnweb.freebsd.org/changeset/doc/51188
Log:
- Merge the following from the English version:
r38230 -> r38269 head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified:
head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml
==============================================================================
--- head/ja_JP.eucJP/books/handbook/security/chapter.xml Tue Nov 7 14:04:40 2017 (r51187)
+++ head/ja_JP.eucJP/books/handbook/security/chapter.xml Tue Nov 7 14:13:27 2017 (r51188)
@@ -3,28 +3,37 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r38230
+ Original revision: r38269
$FreeBSD$
-->
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="security">
- <info><title>¥»¥¥å¥ê¥Æ¥£</title>
+
+ <info>
+ <title>¥»¥¥å¥ê¥Æ¥£</title>
+
<authorgroup>
- <author><personname><firstname>Matthew</firstname><surname>Dillon</surname></personname><contrib>ËܾϤδð¤Ë¤·¤¿ security(7) ¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤Î¼¹É®: </contrib></author>
+ <author>
+ <personname>
+ <firstname>Matthew</firstname>
+ <surname>Dillon</surname>
+ </personname>
+
+ <contrib>ËܾϤδð¤Ë¤·¤¿ security(7) ¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤Î¼¹É®: </contrib>
+ </author>
</authorgroup>
</info>
-
<indexterm><primary>¥»¥¥å¥ê¥Æ¥£</primary></indexterm>
- <para><emphasis>Ìõ: &a.jp.hino;¡¢(jpman ¥×¥í¥¸¥§¥¯¥È¤ÎÀ®²Ì¤òÍøÍѤµ¤»
- ¤Æ¤¤¤¿¤À¤¤Þ¤·¤¿)¡£</emphasis></para>
+ <para><emphasis>Ìõ: &a.jp.hino;¡¢(jpman
+ ¥×¥í¥¸¥§¥¯¥È¤ÎÀ®²Ì¤òÍøÍѤµ¤»¤Æ¤¤¤¿¤À¤¤Þ¤·¤¿)¡£</emphasis></para>
<sect1 xml:id="security-synopsis">
<title>¤³¤Î¾Ï¤Ç¤Ï</title>
<para>¤³¤Î¾Ï¤Ç¤Ï¡¢´ðËÜŪ¤Ê¥·¥¹¥Æ¥à¥»¥¥å¥ê¥Æ¥£¤Î¹Í¤¨Êý¡¢
³Ð¤¨¤Æ¤ª¤¯¤Ù¤°ìÈÌŪ¤Ê¥ë¡¼¥ë¤ò¾Ò²ð¤·¡¢
- &os; ¤Ë¤ª¤±¤ë¹âÅÙ¤ÊÏÃÂê¤Ë¤Ä¤¤¤Æ´Êñ¤ËÀâÌÀ¤·¤Þ¤¹
+ &os; ¤Ë¤ª¤±¤ë¹âÅÙ¤ÊÏÃÂê¤Ë¤Ä¤¤¤Æ´Êñ¤ËÀâÌÀ¤·¤Þ¤¹¡£
¤³¤³¤Ç°·¤¦ÏÃÂê¤Î¿¤¯¤Ï¡¢
°ìÈÌŪ¤Ê¥·¥¹¥Æ¥à¤ä¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥»¥¥å¥ê¥Æ¥£¤Ë¤â¤¢¤Æ¤Ï¤Þ¤ê¤Þ¤¹¡£
¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤Ï¤â¤Ï¤ä¡¢Ã¯¤â¤¬¿ÆÀÚ¤ÊÎٿͤǤ¢¤í¤¦¤È¤¹¤ë
@@ -105,8 +114,8 @@
<!-- <para>Additional security topics are covered throughout this book.
For example, Mandatory Access Control is discussed in <xref
- linkend="mac"/> and Internet Firewalls are discussed in <xref
- linkend="firewalls"/>.</para> -->
+ linkend="mac"> and Internet Firewalls are discussed in <xref
+ linkend="firewalls">.</para> -->
</sect1>
<sect1 xml:id="security-intro">
@@ -115,8 +124,8 @@
<para>¥»¥¥å¥ê¥Æ¥£¤È¤Ï¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤ò¤¤¤Ä¤âǺ¤Þ¤»¤ë»Å»ö¤Î°ì¤Ä¤Ç¤¹¡£
¤¹¤Ù¤Æ¤Î BSD &unix; ¥Þ¥ë¥Á¥æ¡¼¥¶¥·¥¹¥Æ¥à¤Ï¡¢
½¾Í褫¤é¤¤¤¯¤Ä¤«¤Î¥»¥¥å¥ê¥Æ¥£µ¡¹½¤òÈ÷¤¨¤Æ¤¤¤Þ¤¹¤¬¡¢
- ¥æ¡¼¥¶¤òµ¿¿´°Åµ´¤Ë´Ù¤é¤»¤Ê¤¤¤è¤¦¤ËÄɲäΥ»¥¥å¥ê¥Æ¥£µ¡¹½¤ò¹½ÃÛ¤·
- Êݼ餹¤ë»Å»ö¤Ï¤ª¤½¤é¤¯¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤È¤·¤Æ¤â¤Ã¤È¤âÂ礤ÊÀÕ̳¤Î°ì¤Ä¤Ç¤·¤ç¤¦¡£
+ ¥æ¡¼¥¶¤òµ¿¿´°Åµ´¤Ë´Ù¤é¤»¤Ê¤¤¤è¤¦¤ËÄɲäΥ»¥¥å¥ê¥Æ¥£µ¡¹½¤ò¹½ÃÛ¤·Êݼ餹¤ë»Å»ö¤Ï¤ª¤½¤é¤¯¡¢
+ ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤È¤·¤Æ¤â¤Ã¤È¤âÂ礤ÊÀÕ̳¤Î°ì¤Ä¤Ç¤·¤ç¤¦¡£
¥Þ¥·¥ó¤Î°ÂÁ´À¤ËÈ¿±Ç¤µ¤ì¤ë¤Î¤Ï¡¢´ÉÍý¼Ô¤¬ºî¶È¤·¤¿¤³¤È¤À¤±¤Ç¤¹¡£
¤Þ¤¿¥»¥¥å¥ê¥Æ¥£ÌäÂê¤Ï¡¢²÷Ŭ¤Ê´Ä¶¤ËɬÍפʤâ¤Î¤È¶¥¹ç¤·¤Þ¤¹¡£
°ìÈÌ¤Ë &unix; ¥·¥¹¥Æ¥à¤ÏËÄÂç¤Ê¿ô¤Î¥×¥í¥»¥¹¤òƱ»þ¤ËÆ°ºî¤µ¤»¤ë¤³¤È¤¬¤Ç¤¡¢
@@ -159,11 +168,13 @@
<primary>DoS ¹¶·â</primary>
<see>¥µ¡¼¥Ó¥¹Ë¸³² (DoS)</see>
</indexterm>
+
<indexterm>
<primary>¥»¥¥å¥ê¥Æ¥£</primary>
<secondary>DoS ¹¶·â</secondary>
<see>¥µ¡¼¥Ó¥¹Ë¸³² (DoS)</see>
</indexterm>
+
<indexterm><primary>¥µ¡¼¥Ó¥¹Ë¸³² (DoS)</primary></indexterm>
<para>¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â (DoS ¹¶·â) ¤È¤Ï¡¢
@@ -176,12 +187,10 @@
¥Ñ¥±¥Ã¥È°ì¤Ä¤Ç¥Þ¥·¥ó¤ò¥¯¥é¥Ã¥·¥å¤µ¤»¤è¤¦¤È¤¹¤ë¤â¤Î¤â¤¢¤ê¤Þ¤¹¡£
¸å¼Ô¤Ë¤Ï¡¢¥«¡¼¥Í¥ë¤Ë¥Ð¥°½¤Àµ¤ò»Ü¤¹¤³¤È¤Ë¤è¤Ã¤Æ¤Î¤ßÂбþ¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
¥µ¡¼¥Ð¥×¥í¥»¥¹¤ËÂФ¹¤ë¹¶·â¤Ï¡¢¥ª¥×¥·¥ç¥ó¤òŬÀڤ˻ØÄꤹ¤ë¤³¤È¤Ë¤è¤Ã¤Æ¡¢
- ¹¶·â¤µ¤ì¤Æ¤¤¤ë¾õ¶·¤Ç¥µ¡¼¥Ð¥×¥í¥»¥¹¤ÎÉé²Ù¾å¾º¤Ë¸Â³¦¤òÀßÄꤹ¤ë¤³¤È¤Ç
- Âбþ¤Ç¤¤ë¾ì¹ç¤¬Â¿¤¤¤Ç¤¹¡£¤³¤ì¤é¤ËÈæ¤Ù¤ë¤È¡¢
+ ¹¶·â¤µ¤ì¤Æ¤¤¤ë¾õ¶·¤Ç¥µ¡¼¥Ð¥×¥í¥»¥¹¤ÎÉé²Ù¾å¾º¤Ë¸Â³¦¤òÀßÄꤹ¤ë¤³¤È¤ÇÂбþ¤Ç¤¤ë¾ì¹ç¤¬Â¿¤¤¤Ç¤¹¡£¤³¤ì¤é¤ËÈæ¤Ù¤ë¤È¡¢
¥Í¥Ã¥È¥ï¡¼¥¯¤Ø¤ÎÎÏǤ¤»¤Î¹¶·â¤Ø¤ÎÂбþ¤Ï¤º¤Ã¤ÈÆñ¤·¤¯¤Ê¤ê¤Þ¤¹¡£
¤¿¤È¤¨¤Ð¡¢µ¶Â¤¥Ñ¥±¥Ã¥È¤Ë¤è¤ë¹¶·â (spoof-packet attack) ¤Ï¡¢
- ¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤«¤é¥·¥¹¥Æ¥à¤òÀÚ¤êÎ¥¤¹°Ê³°¤ÎÊýË¡¤Ç
- Ëɤ°¤³¤È¤Ï¤Û¤È¤ó¤ÉÉÔ²Äǽ¤Ç¤¹¡£
+ ¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤«¤é¥·¥¹¥Æ¥à¤òÀÚ¤êÎ¥¤¹°Ê³°¤ÎÊýË¡¤ÇËɤ°¤³¤È¤Ï¤Û¤È¤ó¤ÉÉÔ²Äǽ¤Ç¤¹¡£
¤³¤Î¹¶·â¤Ë¤è¤Ã¤Æ¡¢¥Þ¥·¥ó¤òÍî¤È¤·¤Æ¤·¤Þ¤¦¤³¤È¤Ï¤Ç¤¤Ê¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢
Àܳ¤·¤Æ¤¤¤ë¥¤¥ó¥¿¡¼¥Í¥Ã¥È²óÀþ¤ò˰Ϥµ¤»¤Æ¤·¤Þ¤¦¤³¤È¤Ï¤Ç¤¤Þ¤¹¡£</para>
@@ -195,20 +204,26 @@
¤³¤Î¤´»þÀª¤Ç¤â¡¢¼«Ê¬¤¿¤Á¤Î¥Þ¥·¥ó¤Çɸ½à¤Î
<application>telnetd</application>,
<application>rlogind</application>,
- <application>rshd</application>, <application>ftpd</application>
- ¥µ¡¼¥Ð¤ò¼Â¹Ô¤µ¤»¤Æ¤¤¤ë¥·¥¹¥Æ
- ¥à´ÉÍý¼Ô¤Ï¿¤¤¤Î¤Ç¤¹¡£¤³¤ì¤é¤Î¥µ¡¼¥Ð¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢°Å¹æ²½¤µ
- ¤ì¤¿¥³¥Í¥¯¥·¥ç¥ó¾å¤ÇÆ°ºî¤·¤Æ¤¤¤Þ¤»¤ó¡£¤½¤Î·ë²Ì¡¢Êú¤¨¤Æ¤¤¤ë¥æ¡¼¥¶
- ¿ô¤¬É¸½à¤¯¤é¤¤¤Ç¤¢¤ì¤Ð¡¢¥ê¥â¡¼¥È¥í¥°¥¤¥ó (¤½¤Î¥·¥¹¥Æ¥à¤Ë¥í¥°¥¤¥ó
- ¤¹¤ë¤Ë¤ÏºÇ¤âÉáÄ̤ÇÊØÍø¤ÊÊýË¡¤Ç¤¹) ¤·¤Æ¤¤¤ë¥æ¡¼¥¶¤Î¤¦¤Á°ì¿Í°Ê¾å¤Ï¡¢
- ¥Ñ¥¹¥ï¡¼¥É¤òÇÁ¤¸«¤é¤ì¤Æ¤·¤Þ¤¦¤Ç¤·¤ç¤¦¡£¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬Ãí°Õ¿¼¤¤
- ¿Í¤Ê¤é¤Ð¡¢¤¿¤È¤¨¥í¥°¥¤¥ó¤¬À®¸ù¤·¤Æ¤¤¤¿¤È¤·¤Æ¤â¡¢¥ê¥â¡¼¥È¥¢¥¯¥»¥¹
- ¥í¥°¤ò²òÀϤ·¤Æ¡¢µ¿¤ï¤·¤¤Á÷¿®¸µ¥¢¥É¥ì¥¹¤òõ¤¹¤â¤Î¤Ç¤¹¡£</para>
+ <application>rshd</application>,
+ <application>ftpd</application>
+ ¥µ¡¼¥Ð¤ò¼Â¹Ô¤µ¤»¤Æ¤¤¤ë¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¿¤¤¤Î¤Ç¤¹¡£
+ ¤³¤ì¤é¤Î¥µ¡¼¥Ð¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢
+ °Å¹æ²½¤µ¤ì¤¿¥³¥Í¥¯¥·¥ç¥ó¾å¤ÇÆ°ºî¤·¤Æ¤¤¤Þ¤»¤ó¡£
+ ¤½¤Î·ë²Ì¡¢Êú¤¨¤Æ¤¤¤ë¥æ¡¼¥¶¿ô¤¬É¸½à¤¯¤é¤¤¤Ç¤¢¤ì¤Ð¡¢¥ê¥â¡¼¥È¥í¥°¥¤¥ó
+ (¤½¤Î¥·¥¹¥Æ¥à¤Ë¥í¥°¥¤¥ó¤¹¤ë¤Ë¤ÏºÇ¤âÉáÄ̤ÇÊØÍø¤ÊÊýË¡¤Ç¤¹)
+ ¤·¤Æ¤¤¤ë¥æ¡¼¥¶¤Î¤¦¤Á°ì¿Í°Ê¾å¤Ï¡¢
+ ¥Ñ¥¹¥ï¡¼¥É¤òÇÁ¤¸«¤é¤ì¤Æ¤·¤Þ¤¦¤Ç¤·¤ç¤¦¡£
+ ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬Ãí°Õ¿¼¤¤¿Í¤Ê¤é¤Ð¡¢
+ ¤¿¤È¤¨¥í¥°¥¤¥ó¤¬À®¸ù¤·¤Æ¤¤¤¿¤È¤·¤Æ¤â¡¢
+ ¥ê¥â¡¼¥È¥¢¥¯¥»¥¹¥í¥°¤ò²òÀϤ·¤Æ¡¢
+ µ¿¤ï¤·¤¤Á÷¿®¸µ¥¢¥É¥ì¥¹¤òõ¤¹¤â¤Î¤Ç¤¹¡£</para>
<para>¤Ò¤È¤¿¤Ó¹¶·â¼Ô¤¬¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Ø¤Î¥¢¥¯¥»¥¹¸¢¤òÆþ¼ê¤·¤¿¤é¡¢
- ¹¶·â¼Ô¤Ï <systemitem class="username">root</systemitem> ¸¢¸Â¤òÇˤì¤ë¤È²¾Äꤹ¤ë¤Ù¤¤Ç¤¹¡£
- ¤·¤«¤·¡¢¥»¥¥å¥ê¥Æ¥£¤ò½½Ê¬°Ý»ý¤·¡¢¼êÆþ¤ì¤Î¹Ô¤ÆϤ¤¤¿¥·¥¹¥Æ¥à¤Ë¤ª¤¤
- ¤Æ¤Ï¡¢¤¢¤ë¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Ø¤Î¥¢¥¯¥»¥¹¤¬²Äǽ¤È¤Ê¤Ã¤Æ¤â¡¢
+ ¹¶·â¼Ô¤Ï <systemitem class="username">root</systemitem>
+ ¸¢¸Â¤òÇˤì¤ë¤È²¾Äꤹ¤ë¤Ù¤¤Ç¤¹¡£
+ ¤·¤«¤·¡¢¥»¥¥å¥ê¥Æ¥£¤ò½½Ê¬°Ý»ý¤·¡¢
+ ¼êÆþ¤ì¤Î¹Ô¤ÆϤ¤¤¿¥·¥¹¥Æ¥à¤Ë¤ª¤¤¤Æ¤Ï¡¢
+ ¤¢¤ë¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Ø¤Î¥¢¥¯¥»¥¹¤¬²Äǽ¤È¤Ê¤Ã¤Æ¤â¡¢
ɬ¤º¤·¤â¹¶·â¼Ô¤Ë <systemitem class="username">root</systemitem>
¤Ø¤Î¥¢¥¯¥»¥¹¸¢¤òÍ¿¤¨¤ë¤È¤Ï¸Â¤ê¤Þ¤»¤ó¡£¤³¤Î°ã¤¤¤Ï½ÅÍפǤ¹¡£
¤È¤¤¤¦¤Î¤Ï¡¢°ìÈÌŪ¤Ë
@@ -225,7 +240,8 @@
<secondary>΢¸ý (¥Ð¥Ã¥¯¥É¥¢)</secondary>
</indexterm>
- <para>¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢¤¢¤ë¥Þ¥·¥ó¾å¤Ç <systemitem class="username">root</systemitem>
+ <para>¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢¤¢¤ë¥Þ¥·¥ó¾å¤Ç
+ <systemitem class="username">root</systemitem>
¸¢¸Â¤òÃ¥¼è¤¹¤ëÊýË¡¤Ï¡¢
ÀøºßŪ¤Ë²¿Ä̤ê¤â¤¢¤ë¤È¤¤¤¦¤³¤È¤ò¿´¤·¤Æ¤ª¤«¤Í¤Ð¤Ê¤ê¤Þ¤»¤ó¡£
¹¶·â¼Ô¤Ï <systemitem class="username">root</systemitem>
@@ -233,24 +249,29 @@
¹¶·â¼Ô¤¬ <systemitem class="username">root</systemitem>
¸¢¸Â¤Ç¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¥µ¡¼¥Ð¤Î¥Ð¥°¤ò¸«¤Ä¤±¡¢
¥Í¥Ã¥È¥ï¡¼¥¯Àܳ¤ò²ð¤·¤Æ
- <systemitem class="username">root</systemitem> ¸¢¸Â¤òÇˤ뤳¤È¤¬¤Ç¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
+ <systemitem class="username">root</systemitem>
+ ¸¢¸Â¤òÇˤ뤳¤È¤¬¤Ç¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
¤Þ¤¿¡¢¹¶·â¼Ô¤Ï suid-root ¥×¥í¥°¥é¥à¤Ë¸ºß¤¹¤ë¥Ð¥°¤òÃΤäƤ¤¤Æ¡¢
¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤òÇˤì¤Ð
- <systemitem class="username">root</systemitem> ¸¢¸Â¤òÃ¥¼è¤Ç¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
+ <systemitem class="username">root</systemitem>
+ ¸¢¸Â¤òÃ¥¼è¤Ç¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
¹¶·â¼Ô¤¬¤¢¤ë¥Þ¥·¥ó¾å¤Ç
- <systemitem class="username">root</systemitem> ¸¢¸Â¤òÇˤëÊýË¡¤òÃΤ俤ʤé¤Ð¡¢
+ <systemitem class="username">root</systemitem>
+ ¸¢¸Â¤òÇˤëÊýË¡¤òÃΤ俤ʤé¤Ð¡¢
¹¶·â¼Ô¤Ï΢¸ý¤òÍÑ°Õ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤»¤ó¡£
- ¤³¤ì¤Þ¤Ç¤Ëȯ¸«¤µ¤ì¡¢¤Õ¤µ¤¬¤ì¤¿ <systemitem class="username">root</systemitem>
+ ¤³¤ì¤Þ¤Ç¤Ëȯ¸«¤µ¤ì¡¢¤Õ¤µ¤¬¤ì¤¿
+ <systemitem class="username">root</systemitem>
¤Î·ê¤Î¿¤¯¤Ë¤Ï¡¢¹¶·â¼Ô¤¬¼«Ê¬¤Î¤·¤¿¤³¤È¤Îº¯Àפò¾Ã¤½¤¦¤È¤·¤¿ºî¶È¤¬¡¢
¤«¤Ê¤ê¤Î³ä¹ç¤Ç´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£
¤½¤Î¤¿¤á¡¢¤Û¤È¤ó¤É¤Î¹¶·â¼Ô¤Ï΢¸ý¤òºî¤ë¤Î¤Ç¤¹¡£Î¢¸ý¤Ï¡¢
¹¶·â¼Ô¤¬¤¿¤ä¤¹¤¯¥·¥¹¥Æ¥à¤Ø¤Î
- <systemitem class="username">root</systemitem> ¥¢¥¯¥»¥¹¤òºÆ¤ÓÆÀ¤é¤ì¤ë¤è¤¦¤Ë¤·¤Þ¤¹¤¬¡¢
+ <systemitem class="username">root</systemitem>
+ ¥¢¥¯¥»¥¹¤òºÆ¤ÓÆÀ¤é¤ì¤ë¤è¤¦¤Ë¤·¤Þ¤¹¤¬¡¢
Íǽ¤Ê´ÉÍý¼Ô¤Ë¿¯Æþ¤ò¸¡ÃΤ¹¤ëÊØÍø¤Ê¼êÃʤòÍ¿¤¨¤ë¤â¤Î¤Ç¤â¤¢¤ê¤Þ¤¹¡£
¹¶·â¼Ô¤Ë΢¸ý¤òºî¤é¤»¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤È¤¤¤¦¤³¤È¤Ï¡¢
¥»¥¥å¥ê¥Æ¥£¤Ë¤È¤Ã¤Æ¤Ï¼ÂºÝ¤Ë¤ÏÎɤ¯¤Ê¤¤¤³¤È¤«¤â¤·¤ì¤Þ¤»¤ó¡£
- ¤Ê¤¼¤Ê¤é¡¢¹¶·â¼Ô¤¬ºÇ½é¤Ë¸«¤Ä¤±¤Æ¿¯Æþ¤·¤Æ¤¤¿¥»¥¥å¥ê¥Æ¥£¥Û¡¼¥ë¤Ï
- ¤Õ¤µ¤¬¤ì¤Ê¤¤¤«¤é¤Ç¤¹¡£</para>
+ ¤Ê¤¼¤Ê¤é¡¢
+ ¹¶·â¼Ô¤¬ºÇ½é¤Ë¸«¤Ä¤±¤Æ¿¯Æþ¤·¤Æ¤¤¿¥»¥¥å¥ê¥Æ¥£¥Û¡¼¥ë¤Ï¤Õ¤µ¤¬¤ì¤Ê¤¤¤«¤é¤Ç¤¹¡£</para>
<para>¥»¥¥å¥ê¥Æ¥£¤ò²þÁ±¤¹¤ëÊýË¡¤Ï¡¢¾ï¤Ë¡¢
¥¿¥Þ¥Í¥®¤ÎÈé¤Î¤è¤¦¤Ë³¬Áز½¤¹¤ë¼êË¡
@@ -264,8 +285,9 @@
</listitem>
<listitem>
- <para><systemitem class="username">root</systemitem> ¤Î°ÂÁ´À¤ò¹â¤á¤ë –
- <systemitem class="username">root</systemitem> ¸¢¸Â¤ÇÆ°ºî¤¹¤ë¥µ¡¼¥Ð¤È
+ <para><systemitem class="username">root</systemitem>
+ ¤Î°ÂÁ´À¤ò¹â¤á¤ë – <systemitem
+ class="username">root</systemitem> ¸¢¸Â¤ÇÆ°ºî¤¹¤ë¥µ¡¼¥Ð¤È
suid/sgid ¥Ð¥¤¥Ê¥ê¡£</para>
</listitem>
@@ -278,13 +300,13 @@
</listitem>
<listitem>
- <para>¥«¡¼¥Í¥ë¤Î¥³¥¢¡¢raw ¥Ç¥Ð¥¤¥¹¡¢¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤Î°ÂÁ´À¤ò
- ¹â¤á¤ë¡£</para>
+ <para>¥«¡¼¥Í¥ë¤Î¥³¥¢¡¢raw ¥Ç¥Ð¥¤¥¹¡¢
+ ¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤Î°ÂÁ´À¤ò¹â¤á¤ë¡£</para>
</listitem>
<listitem>
- <para>¥·¥¹¥Æ¥à¤ËÂФ·¤Æ¹Ô¤Ê¤ï¤ì¤¿¡¢ÉÔŬÀÚ¤ÊÊѹ¹¤ò¤¹¤Ð¤ä¤¯¸¡½Ð¤¹
- ¤ë¡£</para>
+ <para>¥·¥¹¥Æ¥à¤ËÂФ·¤Æ¹Ô¤Ê¤ï¤ì¤¿¡¢
+ ÉÔŬÀÚ¤ÊÊѹ¹¤ò¤¹¤Ð¤ä¤¯¸¡½Ð¤¹¤ë¡£</para>
</listitem>
<listitem>
@@ -292,12 +314,13 @@
</listitem>
</orderedlist>
- <para>ËܾϤμ¡¤ÎÀá¤Ç¤Ï¡¢¾åµ¤Î³Æ¹àÌܤˤĤ¤¤Æ¤è¤ê¿¼¤¯·¡¤ê²¼¤²¤Æ¤¤¤
- ¤Þ¤¹¡£</para>
+ <para>ËܾϤμ¡¤ÎÀá¤Ç¤Ï¡¢
+ ¾åµ¤Î³Æ¹àÌܤˤĤ¤¤Æ¤è¤ê¿¼¤¯·¡¤ê²¼¤²¤Æ¤¤¤¤Þ¤¹¡£</para>
</sect1>
<sect1 xml:id="securing-freebsd">
<title>&os; ¤Î°ÂÁ´À¤ò¹â¤á¤ë</title>
+
<indexterm>
<primary>¥»¥¥å¥ê¥Æ¥£</primary>
<secondary>&os; ¤Î°ÂÁ´À¤ò¹â¤á¤ë</secondary>
@@ -305,6 +328,7 @@
<note>
<title>¥³¥Þ¥ó¥ÉÂÐ¥×¥í¥È¥³¥ë</title>
+
<para>¤³¤Îʸ½ñ¤òÄ̤·¤Æ¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ò»Ø¤¹¤Î¤Ë¤Ï
<application>ÂÀ»ú</application> ¤ò»È¤¤¡¢
¥³¥Þ¥ó¥É¤ò»Ø¤¹¾ì¹ç¤Ë¤Ï¡¢<command>ÅùÉý</command> ¥Õ¥©¥ó¥È¤ò»È¤¤¤Þ¤¹¡£
@@ -314,91 +338,98 @@
ssh ¤Ê¤É¤ËÂФ·¤Æ͸ú¤Ç¤¹¡£</para>
</note>
- <indexterm>
- <primary>¥»¥¥å¥ê¥Æ¥£</primary>
- <secondary>°ÂÁ´À¤ò¹â¤á¤ë</secondary>
- </indexterm>
+ <para>°Ê²¼¤ÎÀá¤Ç¤Ï¡¢ËܾϤΠ<link
+ linkend="security-intro">Á°Àá</link> ¤Ç¤È¤ê¤¢¤²¤¿ &os;
+ ¥·¥¹¥Æ¥à¤Î°ÂÁ´À¤ò¹â¤á¤ëÊýË¡¤Ë¤Ä¤¤¤Æ½Ò¤Ù¤Þ¤¹¡£</para>
- <para>°Ê²¼¤ÎÀá¤Ç¤Ï¡¢ËܾϤÎ<link linkend="security-intro">Á°Àá
- </link>¤Ç¤È¤ê¤¢¤²¤¿ &os; ¥·¥¹¥Æ¥à¤Î°ÂÁ´À¤ò¹â¤á¤ëÊýË¡¤Ë¤Ä¤¤¤Æ
- ½Ò¤Ù¤Þ¤¹¡£</para>
-
<sect2 xml:id="securing-root-and-staff">
<title><systemitem class="username">root</systemitem>
¥¢¥«¥¦¥ó¥È¤È¥¹¥¿¥Ã¥Õ¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À¤ò¹â¤á¤ë</title>
+
<indexterm>
<primary><command>su</command></primary>
</indexterm>
<para><systemitem class="username">root</systemitem>
- ¤Î¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À¤ò³ÎÊݤ·¤Ê¤¤¤¦¤Á¤«¤é
- ¥¹¥¿¥Ã¥Õ¤Î¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À¤ò¤¦¤ó¤Ì¤ó¤·¤Æ¤â¤·¤«¤¿¤¬¤¢¤ê¤Þ¤»¤ó¡£
+ ¤Î¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À¤ò³ÎÊݤ·¤Ê¤¤¤¦¤Á¤«¤é¥¹¥¿¥Ã¥Õ¤Î¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À¤ò¤¦¤ó¤Ì¤ó¤·¤Æ¤â¤·¤«¤¿¤¬¤¢¤ê¤Þ¤»¤ó¡£
¤Û¤È¤ó¤É¤Î¥·¥¹¥Æ¥à¤Ç¤Ï¡¢<systemitem class="username">root</systemitem>
- ¥¢¥«¥¦¥ó¥È¤Ë³ä¤êÅö¤Æ¤¿¥Ñ¥¹¥ï¡¼¥É¤¬ 1 ¤Ä¤¢¤ê
- ¤Þ¤¹¡£¤Þ¤ººÇ½é¤Ë¤¹¤Ù¤¤³¤È¤Ï¡¢¤³¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï<emphasis>¤¤¤Ä¤Ç
- ¤â</emphasis>ÉÔÀµÍøÍÑ¤Î´í¸±¤Ë»¯¤µ¤ì¤Æ¤¤¤ë¤È²¾Äꤹ¤ë¤³¤È¤Ç¤¹¡£¤³¤ì¤Ï
- <systemitem class="username">root</systemitem>
+ ¥¢¥«¥¦¥ó¥È¤Ë³ä¤êÅö¤Æ¤¿¥Ñ¥¹¥ï¡¼¥É¤¬ 1
+ ¤Ä¤¢¤ê¤Þ¤¹¡£¤Þ¤ººÇ½é¤Ë¤¹¤Ù¤¤³¤È¤Ï¡¢
+ ¤³¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï<emphasis>¤¤¤Ä¤Ç¤â</emphasis>ÉÔÀµÍøÍÑ¤Î´í¸±¤Ë»¯¤µ¤ì¤Æ¤¤¤ë¤È²¾Äꤹ¤ë¤³¤È¤Ç¤¹¡£
+ ¤³¤ì¤Ï <systemitem class="username">root</systemitem>
¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¾Ã¤¹¤Ù¤¤À¤È¸À¤Ã¤Æ¤¤¤ë¤Î¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
<systemitem class="username">root</systemitem>
¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢¥Þ¥·¥ó¤Ë¥³¥ó¥½¡¼¥ë¤«¤é¥¢¥¯¥»¥¹¤¹¤ë¤Î¤Ë¤Ï¡¢
- ¤Û¤È¤ó¤É¤¤¤Ä¤Ç¤âɬÍפʤâ¤Î¤Ç¤¹¡£¤³¤³¤Ç¸À¤¤¤¿¤¤¤Î¤Ï¡¢¥³¥ó¥½¡¼¥ë
- °Ê³°¤«¤é¤Ï¡¢¤½¤·¤Æ²Äǽ¤Ê¤é &man.su.1; ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¾ì¹ç¤â
+ ¤Û¤È¤ó¤É¤¤¤Ä¤Ç¤âɬÍפʤâ¤Î¤Ç¤¹¡£
+ ¤³¤³¤Ç¸À¤¤¤¿¤¤¤Î¤Ï¡¢¥³¥ó¥½¡¼¥ë°Ê³°¤«¤é¤Ï¡¢
+ ¤½¤·¤Æ²Äǽ¤Ê¤é &man.su.1; ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¾ì¹ç¤â
<systemitem class="username">root</systemitem>
- ¤Î¥Ñ¥¹¥ï¡¼¥É¤ò»È¤¨¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤Ù¤¤Ç¤¢¤ë¡¢¤È¤¤¤¦¤³¤È¤Ç
- ¤¹¡£¤¿¤È¤¨¤Ð¡¢¤¢¤Ê¤¿¤¬»È¤Ã¤Æ¤¤¤ë pty ¤¬¡¢
- <filename>/etc/ttys</filename> ¥Õ¥¡¥¤¥ë¤Ç insecure ¤È»ØÄê
- ¤µ¤ì¤Æ¤¤¤ë¤«³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£¤½¤¦¤¹¤ë¤È¡¢
+ ¤Î¥Ñ¥¹¥ï¡¼¥É¤ò»È¤¨¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤Ù¤¤Ç¤¢¤ë¡¢¤È¤¤¤¦¤³¤È¤Ç¤¹¡£
+ ¤¿¤È¤¨¤Ð¡¢¤¢¤Ê¤¿¤¬»È¤Ã¤Æ¤¤¤ë pty ¤¬¡¢
+ <filename>/etc/ttys</filename> ¥Õ¥¡¥¤¥ë¤Ç insecure
+ ¤È»ØÄꤵ¤ì¤Æ¤¤¤ë¤«³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£¤½¤¦¤¹¤ë¤È¡¢
<command>telnet</command> ¤ä <command>rlogin</command> ·Ðͳ¤Ç¤Ï
- <systemitem class="username">root</systemitem> ¤ÇľÀÜ¥í¥°¥¤¥ó¤Ç¤¤Ê¤¤¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
+ <systemitem class="username">root</systemitem>
+ ¤ÇľÀÜ¥í¥°¥¤¥ó¤Ç¤¤Ê¤¤¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
¤³¤ì¤Ï¡¢<filename>/etc/ssh/sshd_config</filename> ¤òÊÔ½¸¤·¤Æ
<literal>PermitRootLogin</literal> ¤Ë <literal>no</literal>
¤¬ÀßÄꤵ¤ì¤ë¤è¤¦¤Ë¤¹¤ë¤³¤È¤Ç¼Â¸½¤Ç¤¤Þ¤¹¡£
- <application>sshd</application> ¤Î¤è¤¦¤Ê¡¢ÊÌ¤Î¥í¥°¥¤¥ó¥µ¡¼¥Ó¥¹
- ¤ò»È¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ç¤âƱÍͤˡ¢Ä¾ÀÜ <systemitem class="username">root</systemitem>
- ¤Ø¥í¥°¥¤¥ó¤¹¤ë¤³¤È¤òµö¤·
- ¤Æ¤¤¤Ê¤¤¤«¤É¤¦¤«³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£¤¹¤Ù¤Æ¤Î¥¢¥¯¥»¥¹¼êÃÊ —
- ¤¿¤È¤¨¤Ð FTP
+ <application>sshd</application> ¤Î¤è¤¦¤Ê¡¢
+ ÊÌ¤Î¥í¥°¥¤¥ó¥µ¡¼¥Ó¥¹¤ò»È¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ç¤âƱÍͤˡ¢Ä¾ÀÜ
+ <systemitem class="username">root</systemitem>
+ ¤Ø¥í¥°¥¤¥ó¤¹¤ë¤³¤È¤òµö¤·¤Æ¤¤¤Ê¤¤¤«¤É¤¦¤«³Îǧ¤·¤Æ¤¯¤À¤µ¤¤¡£
+ ¤¹¤Ù¤Æ¤Î¥¢¥¯¥»¥¹¼êÃÊ — ¤¿¤È¤¨¤Ð FTP
¤Î¤è¤¦¤Ê¥µ¡¼¥Ó¥¹¤¬¡¢Îɤ¯¥¯¥é¥Ã¥¯¤ÎÂоݤȤʤ뤳¤È¤ò¹Í¤¨¤Þ¤·¤ç¤¦¡£
<systemitem class="username">root</systemitem> ¤Ø¤ÎľÀÜ¥í¥°¥¤¥ó¤Ï¡¢
¥·¥¹¥Æ¥à¥³¥ó¥½¡¼¥ë·Ðͳ¤Ç¤Î¤ß²Äǽ¤Ç¤¢¤ë¤Ù¤¤Ê¤Î¤Ç¤¹¡£</para>
+
<indexterm>
<primary><systemitem class="groupname">wheel</systemitem></primary>
</indexterm>
- <para>¤Þ¤¿ÅöÁ³¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤È¤·¤Æ¼«Ê¬¤¬ <systemitem class="username">root</systemitem>
- ¤Ë¤Ê¤ì¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤¯É¬Íפ¬
- ¤¢¤ê¤Þ¤¹¤«¤é¡¢¤½¤Î¤¿¤á¤Î·ê¤ò¤¤¤¯¤Ä¤«³«¤±¤Æ¤ª¤¤Þ¤¹¡£¤·
- ¤«¤·¡¢¤½¤ì¤é¤Î·ê¤òÆ°ºî¤µ¤»¤ë¤Ë¤Ï¡¢¤µ¤é¤ËÄɲäΥѥ¹¥ï¡¼¥Éǧ¾Ú¤¬
- ɬÍפǤ¢¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤¯¤³¤È¤¬½ÅÍפǤ¹¡£
- <systemitem class="username">root</systemitem> ¤Ç¥¢¥¯¥»¥¹²Äǽ¤È
- ¤¹¤ëÊýË¡¤Î°ì¤Ä¤È¤·¤Æ¡¢Å¬Àڤʥ¹¥¿¥Ã¥Õ¥¢¥«¥¦¥ó¥È¤ò
+ <para>¤Þ¤¿ÅöÁ³¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤È¤·¤Æ¼«Ê¬¤¬
+ <systemitem class="username">root</systemitem>
+ ¤Ë¤Ê¤ì¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤¯É¬Íפ¬¤¢¤ê¤Þ¤¹¤«¤é¡¢
+ ¤½¤Î¤¿¤á¤Î·ê¤ò¤¤¤¯¤Ä¤«³«¤±¤Æ¤ª¤¤Þ¤¹¡£
+ ¤·¤«¤·¡¢¤½¤ì¤é¤Î·ê¤òÆ°ºî¤µ¤»¤ë¤Ë¤Ï¡¢
+ ¤µ¤é¤ËÄɲäΥѥ¹¥ï¡¼¥Éǧ¾Ú¤¬É¬ÍפǤ¢¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤¯¤³¤È¤¬½ÅÍפǤ¹¡£
+ <systemitem class="username">root</systemitem>
+ ¤Ç¥¢¥¯¥»¥¹²Äǽ¤È¤¹¤ëÊýË¡¤Î°ì¤Ä¤È¤·¤Æ¡¢Å¬Àڤʥ¹¥¿¥Ã¥Õ¥¢¥«¥¦¥ó¥È¤ò
(<filename>/etc/group</filename> Ãæ¤Î)
- <systemitem class="groupname">wheel</systemitem> ¥°¥ë¡¼¥×¤Ë²Ã¤¨¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£
- <systemitem class="groupname">wheel</systemitem> ¥°¥ë¡¼¥×¤ËÆþ¤Ã¤Æ¤¤¤ë¥¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤Ï
+ <systemitem class="groupname">wheel</systemitem>
+ ¥°¥ë¡¼¥×¤Ë²Ã¤¨¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£
+ <systemitem class="groupname">wheel</systemitem>
+ ¥°¥ë¡¼¥×¤ËÆþ¤Ã¤Æ¤¤¤ë¥¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤Ï
<command>su</command> ¤ò»È¤Ã¤Æ
<systemitem class="username">root</systemitem> ¤Ë¤Ê¤ë¤³¤È¤¬µö¤µ¤ì¤Þ¤¹¡£
¥Ñ¥¹¥ï¡¼¥É¥¨¥ó¥È¥ê¤Ë¤ª¤¤¤Æ¡¢¥¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤ò
- <systemitem class="groupname">wheel</systemitem> ¥°¥ë¡¼¥×¤ËÃÖ¤¯¤³¤È¤Ë¤è¤Ã¤ÆľÀÜ
<systemitem class="groupname">wheel</systemitem>
+ ¥°¥ë¡¼¥×¤ËÃÖ¤¯¤³¤È¤Ë¤è¤Ã¤ÆľÀÜ
+ <systemitem class="groupname">wheel</systemitem>
¸¢¸Â¤òÍ¿¤¨¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£¥¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤Î¥¢¥«¥¦¥ó¥È¤Ï
- <systemitem class="groupname">staff</systemitem> ¥°¥ë¡¼¥×¤Ë½ê°¤µ¤»¤ë¤Ù¤¤Ç¡¢¤½¤Î¾å¤Ç
+ <systemitem class="groupname">staff</systemitem>
+ ¥°¥ë¡¼¥×¤Ë½ê°¤µ¤»¤ë¤Ù¤¤Ç¡¢¤½¤Î¾å¤Ç
<filename>/etc/group</filename> ¥Õ¥¡¥¤¥ë¤òÄ̤·¤Æ
- <systemitem class="groupname">wheel</systemitem> ¥°¥ë¡¼¥×¤Ë²Ã¤¨¤ë¤Ù¤¤Ç¤¹¡£¼ÂºÝ¤Ë
- <systemitem class="username">root</systemitem> ¥¢¥¯¥»¥¹¤ÎɬÍפʥ¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤Î¤ß
- <systemitem class="groupname">wheel</systemitem> ¥°¥ë¡¼¥×¤ËÃÖ¤¯¤è¤¦¤Ë¤¹¤Ù¤¤Ç¤¹¡£
+ <systemitem class="groupname">wheel</systemitem>
+ ¥°¥ë¡¼¥×¤Ë²Ã¤¨¤ë¤Ù¤¤Ç¤¹¡£¼ÂºÝ¤Ë
+ <systemitem class="username">root</systemitem>
+ ¥¢¥¯¥»¥¹¤ÎɬÍפʥ¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤Î¤ß
+ <systemitem class="groupname">wheel</systemitem>
+ ¥°¥ë¡¼¥×¤ËÃÖ¤¯¤è¤¦¤Ë¤¹¤Ù¤¤Ç¤¹¡£
¾¤Îǧ¾ÚÊýË¡¤Î¾ì¹ç¡¢¤¿¤È¤¨¤Ð Kerberos ¤ò»ÈÍѤ¹¤ë¾ì¹ç¤Ë¤Ï¡¢
<systemitem class="username">root</systemitem> ¥¢¥«¥¦¥ó¥È¤Î
Kerberos <filename>.k5login</filename> ¥Õ¥¡¥¤¥ë¤ò»È¤¨¤Ð¡¢Ã¯¤â
<systemitem class="groupname">wheel</systemitem> ¥°¥ë¡¼¥×¤ËÃÖ¤¯É¬Íפʤ¯
<systemitem class="username">root</systemitem> ¤Ë &man.ksu.1;
- ¤¹¤ë¤³¤È¤òµö²Ä¤Ç¤¤Þ¤¹¡£¤³¤Î¤ä¤ê
- Êý¤Ï¤è¤ê¤è¤¤²ò·èºö¤Ê¤Î¤«¤â¤·¤ì¤Þ¤»¤ó¡£¤Ê¤¼¤Ê¤é¡¢
- <literal>wheel</literal> ¤Î¥á¥«¥Ë¥º¥à¤Ç¤Ï¡¢¿¯Æþ¼Ô¤¬¥Ñ¥¹¥ï¡¼¥É
- ¥Õ¥¡¥¤¥ë¤ò¼ê¤ËÆþ¤ì¡¢¥¹¥¿¥Ã¥Õ¥¢¥«¥¦¥ó¥È¤Î¤¤¤º¤ì¤« 1 ¤Ä¤òÇˤ뤳
- ¤È¤¬¤Ç¤¤ë¤È¡¢
- <systemitem class="username">root</systemitem> ¤òÇˤ뤳¤È¤¬¤Þ¤À¤Ç¤¤Æ¤·¤Þ¤¦¤«¤é¤Ç¤¹¡£
- <systemitem class="groupname">wheel</systemitem> ¤Î¥á¥«¥Ë¥º¥à¤òÍѤ¤¤ëÊý¤¬¡¢
- ²¿¤â¤·¤Ê¤¤¤è¤ê¤ÏÎɤ¤¤Î¤Ç¤¹¤¬¡¢
+ ¤¹¤ë¤³¤È¤òµö²Ä¤Ç¤¤Þ¤¹¡£
+ ¤³¤Î¤ä¤êÊý¤Ï¤è¤ê¤è¤¤²ò·èºö¤Ê¤Î¤«¤â¤·¤ì¤Þ¤»¤ó¡£¤Ê¤¼¤Ê¤é¡¢
+ <literal>wheel</literal> ¤Î¥á¥«¥Ë¥º¥à¤Ç¤Ï¡¢
+ ¿¯Æþ¼Ô¤¬¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤ò¼ê¤ËÆþ¤ì¡¢¥¹¥¿¥Ã¥Õ¥¢¥«¥¦¥ó¥È¤Î¤¤¤º¤ì¤«
+ 1 ¤Ä¤òÇˤ뤳¤È¤¬¤Ç¤¤ë¤È¡¢
+ <systemitem class="username">root</systemitem>
+ ¤òÇˤ뤳¤È¤¬¤Þ¤À¤Ç¤¤Æ¤·¤Þ¤¦¤«¤é¤Ç¤¹¡£
+ <systemitem class="groupname">wheel</systemitem>
+ ¤Î¥á¥«¥Ë¥º¥à¤òÍѤ¤¤ëÊý¤¬¡¢²¿¤â¤·¤Ê¤¤¤è¤ê¤ÏÎɤ¤¤Î¤Ç¤¹¤¬¡¢
ɬ¤º¤·¤âºÇ¤â°ÂÁ´¤ÊÁªÂò»è¤È¤Ï¸Â¤ê¤Þ¤»¤ó¡£</para>
<para>¥¢¥«¥¦¥ó¥È¤ò´°Á´¤Ë¥í¥Ã¥¯¤¹¤ë¤Ë¤Ï¡¢
@@ -430,40 +461,42 @@
¥æ¡¼¥¶¤¬ &man.ssh.1;
¤Î¸°¤òÀßÄꤹ¤ë¤Ê¤É¤È¤¤¤Ã¤¿Ç§¾Ú¼êÃʤòÍøÍѤ·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£</para>
- <para>¤³¤ì¤é¤Î¥»¥¥å¥ê¥Æ¥£¤Î»ÅÁȤߤǤϡ¢À©¸Â¤Î¶¯¤¤¥µ¡¼¥Ð¤«¤é
- À©¸Â¤Î¼å¤¤¥µ¡¼¥Ð¤Ø¥í¥°¥¤¥ó¤¹¤ë¤³¤È¤òÁ°Äó¤È¤·¤Æ¤¤¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢
- ¥á¥¤¥ó¥Þ¥·¥ó¤Ç¡¢ÍÍ¡¹¤Ê¼ïÎà¤Î¥µ¡¼¥Ð¤ò¼Â¹Ô¤µ¤»¤Æ¤¤¤ë¾ì¹ç¡¢¥ï¡¼¥¯
- ¥¹¥Æ¡¼¥·¥ç¥ó¤Ç¤Ï¤½¤ì¤é¤Î¥µ¡¼¥Ð¤ò¼Â¹Ô¤µ¤»¤Æ¤Ï¤Ê¤ê¤Þ¤»¤ó¡£¥ï¡¼¥¯
- ¥¹¥Æ¡¼¥·¥ç¥ó¤ò½½Ê¬¤Ë°ÂÁ´¤Ë¤·¤Æ¤ª¤¯¤¿¤á¤Ë¤Ï¡¢¼Â¹Ô¤¹¤ë¥µ¡¼¥Ð¤Î¿ô
- ¤ò¡¢°ì¤Ä¤â¥µ¡¼¥Ð¤¬¼Â¹Ô¤µ¤ì¤Æ¤¤¤Ê¤¤¤È¤¤¤¦¤¯¤é¤¤¤Ë¤Þ¤Ç¤Ç¤¤ë¸Â¤ê
- ¸º¤é¤¹¤Ù¤¤Ç¤¹¡£¤Þ¤¿¡¢¥Ñ¥¹¥ï¡¼¥É¤ÇÊݸ¤ì¤¿¥¹¥¯¥ê¡¼¥ó¥»¡¼¥Ð¤ò
- Áö¤é¤»¤Æ¤ª¤¯¤Ù¤¤Ç¤¹¡£¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¤Ø¤ÎʪÍýŪ¥¢¥¯¥»¥¹¤¬Í¿
- ¤¨¤é¤ì¤¿¤È¤¹¤ë¤È¡¢¤â¤Á¤í¤ó¸À¤¦¤Þ¤Ç¤â¤Ê¤¯¡¢¹¶·â¼Ô¤Ï´ÉÍý¼Ô¤¬ÀßÄê
- ¤·¤¿¤¤¤«¤Ê¤ë¼ïÎà¤Î¥»¥¥å¥ê¥Æ¥£¤ò¤â¤¦¤ÁÇˤ뤳¤È¤¬¤Ç¤¤ë¤Î¤Ç¤¹¡£
+ <para>¤³¤ì¤é¤Î¥»¥¥å¥ê¥Æ¥£¤Î»ÅÁȤߤǤϡ¢
+ À©¸Â¤Î¶¯¤¤¥µ¡¼¥Ð¤«¤éÀ©¸Â¤Î¼å¤¤¥µ¡¼¥Ð¤Ø¥í¥°¥¤¥ó¤¹¤ë¤³¤È¤òÁ°Äó¤È¤·¤Æ¤¤¤Þ¤¹¡£
+ ¤¿¤È¤¨¤Ð¡¢¥á¥¤¥ó¥Þ¥·¥ó¤Ç¡¢ÍÍ¡¹¤Ê¼ïÎà¤Î¥µ¡¼¥Ð¤ò¼Â¹Ô¤µ¤»¤Æ¤¤¤ë¾ì¹ç¡¢
+ ¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¤Ç¤Ï¤½¤ì¤é¤Î¥µ¡¼¥Ð¤ò¼Â¹Ô¤µ¤»¤Æ¤Ï¤Ê¤ê¤Þ¤»¤ó¡£
+ ¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¤ò½½Ê¬¤Ë°ÂÁ´¤Ë¤·¤Æ¤ª¤¯¤¿¤á¤Ë¤Ï¡¢
+ ¼Â¹Ô¤¹¤ë¥µ¡¼¥Ð¤Î¿ô¤ò¡¢
+ °ì¤Ä¤â¥µ¡¼¥Ð¤¬¼Â¹Ô¤µ¤ì¤Æ¤¤¤Ê¤¤¤È¤¤¤¦¤¯¤é¤¤¤Ë¤Þ¤Ç¤Ç¤¤ë¸Â¤ê¸º¤é¤¹¤Ù¤¤Ç¤¹¡£
+ ¤Þ¤¿¡¢¥Ñ¥¹¥ï¡¼¥É¤ÇÊݸ¤ì¤¿¥¹¥¯¥ê¡¼¥ó¥»¡¼¥Ð¤òÁö¤é¤»¤Æ¤ª¤¯¤Ù¤¤Ç¤¹¡£
+ ¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¤Ø¤ÎʪÍýŪ¥¢¥¯¥»¥¹¤¬Í¿¤¨¤é¤ì¤¿¤È¤¹¤ë¤È¡¢
+ ¤â¤Á¤í¤ó¸À¤¦¤Þ¤Ç¤â¤Ê¤¯¡¢
+ ¹¶·â¼Ô¤Ï´ÉÍý¼Ô¤¬ÀßÄꤷ¤¿¤¤¤«¤Ê¤ë¼ïÎà¤Î¥»¥¥å¥ê¥Æ¥£¤ò¤â¤¦¤ÁÇˤ뤳¤È¤¬¤Ç¤¤ë¤Î¤Ç¤¹¡£
¤³¤Î¤³¤È¤Ï¡¢´ÉÍý¼Ô¤È¤·¤Æɬ¤º¹Í¤¨¤Æ¤ª¤«¤Í¤Ð¤Ê¤é¤Ê¤¤ÌäÂê¤Ç¤¹¤¬¡¢
- ¥·¥¹¥Æ¥àÇˤê¤ÎÂç¿¿ô¤Ï¡¢¥Í¥Ã¥È¥ï¡¼¥¯·Ðͳ¤Ç¥ê¥â¡¼¥È¤«¤é¡¢¥ï¡¼¥¯
- ¥¹¥Æ¡¼¥·¥ç¥ó¤ä¥µ¡¼¥Ð¤Ø¤ÎʪÍýŪ¥¢¥¯¥»¥¹¼êÃʤò»ý¤¿¤Ê¤¤¿Í¡¹¤Ë¤è¤Ã
- ¤Æ¹Ô¤ï¤ì¤ë¤È¤¤¤¦»ö¼Â¤â¤Þ¤¿¡¢Ç°Æ¬¤ËÃÖ¤¤¤Æ¤ª¤¯É¬Íפ¬¤¢¤ê¤Þ¤¹¡£
- </para>
+ ¥·¥¹¥Æ¥àÇˤê¤ÎÂç¿¿ô¤Ï¡¢¥Í¥Ã¥È¥ï¡¼¥¯·Ðͳ¤Ç¥ê¥â¡¼¥È¤«¤é¡¢
+ ¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¤ä¥µ¡¼¥Ð¤Ø¤ÎʪÍýŪ¥¢¥¯¥»¥¹¼êÃʤò»ý¤¿¤Ê¤¤¿Í¡¹¤Ë¤è¤Ã¤Æ¹Ô¤ï¤ì¤ë¤È¤¤¤¦»ö¼Â¤â¤Þ¤¿¡¢
+ ǰƬ¤ËÃÖ¤¤¤Æ¤ª¤¯É¬Íפ¬¤¢¤ê¤Þ¤¹¡£</para>
<para>Kerberos ¤Î¤è¤¦¤ÊÊýË¡¤ò»È¤¦¤³¤È¤Ç¡¢
- ¥¹¥¿¥Ã¥Õ¥¢¥«¥¦¥ó¥È¤Î¥Ñ
- ¥¹¥ï¡¼¥É¤ÎÊѹ¹¤â¤·¤¯¤ÏÄä»ß¤ò°ì²Õ½ê¤Ç¹Ô¤Ê¤¦¤³¤È¤È¡¢¥¹¥¿¥Ã¥Õ¥á¥ó
- ¥Ð¤¬¥¢¥«¥¦¥ó¥È¤ò»ý¤Ä¤¹¤Ù¤Æ¤Î¥Þ¥·¥ó¤Ë¨»þ¤Ë¤½¤Î¸ú²Ì¤òµÚ¤Ü¤¹¤³¤È
- ¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£¥¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤Î¥¢¥«¥¦¥ó¥È¤¬´í¸±¤Ë»¯¤µ¤ì¤¿¤È
- ¤¤Ë¡¢¤¹¤Ù¤Æ¤Î¥Þ¥·¥ó¤Ç¥¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¨ºÂ¤ËÊѹ¹¤¹
- ¤ëǽÎϤò²á¾®É¾²Á¤·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£¥Ñ¥¹¥ï¡¼¥É¤¬Ê¬»¶¤µ¤ì¤Æ¤¤¤ë¾õ
- ¶·¤Ç¤Ï¡¢N Âæ¤Î¥Þ¥·¥ó¤Ç¥Ñ¥¹¥ï¡¼¥É¤òÊѹ¹¤¹¤ë¤È¡¢¤Æ¤ó¤ä¤ï¤ó¤ä¤Î»ö
- ÂÖ¤ò¾·¤¯²ÄǽÀ¤¬¤¢¤ê¤Þ¤¹¡£Kerberos ¤ò»ÈÍѤ¹¤ë¤È¡¢¥Ñ¥¹¥ï¡¼¥É¤Î
- ºÆȯ¹Ô¤ËÀ©¸Â (re-passwording restriction) ¤ò²Ý¤¹¤ë¤³¤È¤â¤Ç¤¤Þ
- ¤¹¡£¤³¤Îµ¡Ç½¤ò»È¤¦¤³¤È¤Ë¤è¤ê¡¢¤¢¤ë Kerberos ¥Á¥±¥Ã¥È¤ò¤·¤Ð¤é¤¯
- ·Ð¤Ä¤È¥¿¥¤¥à¥¢¥¦¥È¤Ë¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¤À¤±¤Ç¤Ê¤¯¡¢°ìÄê´ü´Ö ( Îã
- ¤¨¤Ð¡¢1 ¥ö·î¤Ë 1 ²ó) ·Ð¤Ä¤È¡¢¥æ¡¼¥¶¤Ë¿·¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤òÁª¤Ö¤è
- ¤¦¤ËÍ׵᤹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£</para>
+ ¥¹¥¿¥Ã¥Õ¥¢¥«¥¦¥ó¥È¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÊѹ¹¤â¤·¤¯¤ÏÄä»ß¤ò°ì²Õ½ê¤Ç¹Ô¤Ê¤¦¤³¤È¤È¡¢
+ ¥¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤¬¥¢¥«¥¦¥ó¥È¤ò»ý¤Ä¤¹¤Ù¤Æ¤Î¥Þ¥·¥ó¤Ë¨»þ¤Ë¤½¤Î¸ú²Ì¤òµÚ¤Ü¤¹¤³¤È¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£
+ ¥¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤Î¥¢¥«¥¦¥ó¥È¤¬´í¸±¤Ë»¯¤µ¤ì¤¿¤È¤¤Ë¡¢
+ ¤¹¤Ù¤Æ¤Î¥Þ¥·¥ó¤Ç¥¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¨ºÂ¤ËÊѹ¹¤¹¤ëǽÎϤò²á¾®É¾²Á¤·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
+ ¥Ñ¥¹¥ï¡¼¥É¤¬Ê¬»¶¤µ¤ì¤Æ¤¤¤ë¾õ¶·¤Ç¤Ï¡¢
+ N Âæ¤Î¥Þ¥·¥ó¤Ç¥Ñ¥¹¥ï¡¼¥É¤òÊѹ¹¤¹¤ë¤È¡¢
+ ¤Æ¤ó¤ä¤ï¤ó¤ä¤Î»öÂÖ¤ò¾·¤¯²ÄǽÀ¤¬¤¢¤ê¤Þ¤¹¡£
+ Kerberos ¤ò»ÈÍѤ¹¤ë¤È¡¢¥Ñ¥¹¥ï¡¼¥É¤ÎºÆȯ¹Ô¤ËÀ©¸Â
+ (re-passwording restriction) ¤ò²Ý¤¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£
+ ¤³¤Îµ¡Ç½¤ò»È¤¦¤³¤È¤Ë¤è¤ê¡¢¤¢¤ë Kerberos
+ ¥Á¥±¥Ã¥È¤ò¤·¤Ð¤é¤¯·Ð¤Ä¤È¥¿¥¤¥à¥¢¥¦¥È¤Ë¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¤À¤±¤Ç¤Ê¤¯¡¢
+ °ìÄê´ü´Ö (Î㤨¤Ð¡¢1 ¥ö·î¤Ë 1 ²ó) ·Ð¤Ä¤È¡¢
+ ¥æ¡¼¥¶¤Ë¿·¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤òÁª¤Ö¤è¤¦¤ËÍ׵᤹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£</para>
</sect2>
<sect2>
- <title>root ¸¢¸Â¤Ç¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¥µ¡¼¥Ð¤È SUID/SGID ¥Ð¥¤¥Ê¥ê¤Î°ÂÁ´À¤ò¹â¤á¤ë</title>
+ <title>root ¸¢¸Â¤Ç¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¥µ¡¼¥Ð¤È
+ SUID/SGID ¥Ð¥¤¥Ê¥ê¤Î°ÂÁ´À¤ò¹â¤á¤ë</title>
+
<indexterm>
<primary><command>ntalk</command></primary>
</indexterm>
@@ -489,49 +522,58 @@
<primary><application>rlogind</application></primary>
</indexterm>
- <para>ÍÑ¿´¿¼¤¤¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢¼«Ê¬¤ËɬÍפʥµ¡¼¥Ð¥×¥í¥»¥¹¤À¤±¤ò
- ²áÉÔ¤ʤ¯¼Â¹Ô¤µ¤»¤ë¤â¤Î¤Ç¤¹¡£¥µ¡¼¥É¥Ñ¡¼¥Æ¥£À½¤Î¥µ¡¼¥Ð¤Ï¡¢¤è¤¯¥Ð¥°¤ò»ý¤Ã
- ¤Æ¤¤¤¬¤Á¤À¤È¤¤¤¦¤³¤È¤ËÃí°Õ¤·¤Æ²¼¤µ¤¤¡£¤¿¤È¤¨¤Ð¡¢¸Å¤¤¥Ð¡¼¥¸¥ç¥ó¤Î
+ <para>ÍÑ¿´¿¼¤¤¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢
+ ¼«Ê¬¤ËɬÍפʥµ¡¼¥Ð¥×¥í¥»¥¹¤À¤±¤ò²áÉÔ¤ʤ¯¼Â¹Ô¤µ¤»¤ë¤â¤Î¤Ç¤¹¡£
+ ¥µ¡¼¥É¥Ñ¡¼¥Æ¥£À½¤Î¥µ¡¼¥Ð¤Ï¡¢
+ ¤è¤¯¥Ð¥°¤ò»ý¤Ã¤Æ¤¤¤¬¤Á¤À¤È¤¤¤¦¤³¤È¤ËÃí°Õ¤·¤Æ²¼¤µ¤¤¡£
+ ¤¿¤È¤¨¤Ð¡¢¸Å¤¤¥Ð¡¼¥¸¥ç¥ó¤Î
<application>imapd</application> ¤ä
<application>popper</application>
- ¤ò¼Â¹Ô¤µ¤»¤Æ¤ª¤¯¤Î¤Ï¡¢Á´À¤³¦¤ËËüǽ¤Î <systemitem class="username">root</systemitem>
- ¤ÎÀÚÉä¤òÍ¿¤¨¤Æ¤¤¤ë¤è¤¦¤Ê¤â¤Î¤Ç¤¹¡£¼«Ê¬¤ÇÃí°Õ¿¼¤¯¥Á¥§¥Ã¥¯¤·¤Æ¤¤¤Ê¤¤
- ¥µ¡¼¥Ð¤Ï¡¢·è¤·¤Æ¼Â¹Ô¤·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£<systemitem class="username">root</systemitem>
+ ¤ò¼Â¹Ô¤µ¤»¤Æ¤ª¤¯¤Î¤Ï¡¢Á´À¤³¦¤ËËüǽ¤Î
+ <systemitem class="username">root</systemitem>
+ ¤ÎÀÚÉä¤òÍ¿¤¨¤Æ¤¤¤ë¤è¤¦¤Ê¤â¤Î¤Ç¤¹¡£
+ ¼«Ê¬¤ÇÃí°Õ¿¼¤¯¥Á¥§¥Ã¥¯¤·¤Æ¤¤¤Ê¤¤¥µ¡¼¥Ð¤Ï¡¢
+ ·è¤·¤Æ¼Â¹Ô¤·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
+ <systemitem class="username">root</systemitem>
¤Ç¼Â¹Ô¤µ¤»¤ëɬÍפΤ¢¤ë¥µ¡¼¥Ð¤Ï¤Û¤È¤ó¤É¤¢¤ê¤Þ¤»¤ó¡£¤¿¤È¤¨¤Ð¡¢
<application>ntalk</application>,
<application>comsat</application>,
- <application>finger</application> ¥Ç¡¼¥â¥ó¤ò¡¢ÀìÍѥ桼¥¶¤Î
- <firstterm>º½¾ì (sandbox)</firstterm> ¤Ç¼Â¹Ô¤µ¤»¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
+ <application>finger</application> ¥Ç¡¼¥â¥ó¤ò¡¢
+ ÀìÍѥ桼¥¶¤Î <firstterm>º½¾ì (sandbox)</firstterm>
+ ¤Ç¼Â¹Ô¤µ¤»¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
´ÉÍý¼Ô¤¬ËÄÂç¤Ê¿ô¤ÎÌäÂê¤ò·Ð¸³¤·¤Æ¤¤¤Ê¤¤¤Î¤Ê¤é¡¢
- ¤³¤Î¡Öº½¾ì¡×¤Ï´°
- àú¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¤¬¡¢¥»¥¥å¥ê¥Æ¥£¤Ë´Ø¤¹¤ë¥¿¥Þ¥Í¥®Åª¥¢¥×¥í¡¼¥Á¤Ï
- ¤³¤³¤Ç¤âÀ®¤êΩ¤Á¤Þ¤¹¡£º½¾ì¤Ç¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¥µ¡¼¥Ð¥×¥í¥»¥¹¤ò·Ðͳ
- ¤·¤Æ¿¯Æþ¤ò²Ì¤¿¤¹¤³¤È¤¬¤Ç¤¤¿¤È¤·¤Æ¤â¡¢¹¶·â¼Ô¤Ï¤µ¤é¤Ëº½¾ì¤«¤é³°
- ¤Ëæ½Ð¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£¹¶·â¼Ô¤¬Ä̲᤻¤Í¤Ð¤Ê¤é¤Ê¤¤Áؤοô¤¬
- Áý¤¨¤ì¤ÐÁý¤¨¤ë¤Û¤É¡¢¤½¤ì¤À¤±¹¶·â¼Ô¤¬¿¯Æþ¤ËÀ®¸ù¤¹¤ë³ÎΨ¤¬¸º¤ê¤Þ
- ¤¹¡£Root ¤ÎÈ´¤±·ê¤ÏÎò»ËŪ¤Ë¡¢´ðËÜ¥·¥¹¥Æ¥à¥µ¡¼¥Ð¤â´Þ¤á¡¢
+ ¤³¤Î¡Öº½¾ì¡×¤Ï´°àú¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¤¬¡¢
+ ¥»¥¥å¥ê¥Æ¥£¤Ë´Ø¤¹¤ë¥¿¥Þ¥Í¥®Åª¥¢¥×¥í¡¼¥Á¤Ï¤³¤³¤Ç¤âÀ®¤êΩ¤Á¤Þ¤¹¡£
+ º½¾ì¤Ç¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¥µ¡¼¥Ð¥×¥í¥»¥¹¤ò·Ðͳ¤·¤Æ¿¯Æþ¤ò²Ì¤¿¤¹¤³¤È¤¬¤Ç¤¤¿¤È¤·¤Æ¤â¡¢
+ ¹¶·â¼Ô¤Ï¤µ¤é¤Ëº½¾ì¤«¤é³°¤Ëæ½Ð¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£
+ ¹¶·â¼Ô¤¬Ä̲᤻¤Í¤Ð¤Ê¤é¤Ê¤¤Áؤοô¤¬Áý¤¨¤ì¤ÐÁý¤¨¤ë¤Û¤É¡¢
+ ¤½¤ì¤À¤±¹¶·â¼Ô¤¬¿¯Æþ¤ËÀ®¸ù¤¹¤ë³ÎΨ¤¬¸º¤ê¤Þ¤¹¡£
+ Root ¤ÎÈ´¤±·ê¤ÏÎò»ËŪ¤Ë¡¢´ðËÜ¥·¥¹¥Æ¥à¥µ¡¼¥Ð¤â´Þ¤á¡¢
<systemitem class="username">root</systemitem>
¸¢¸Â¤Ç¼Â¹Ô¤µ¤ì¤ë¤Û¤È¤ó¤É¤¹¤Ù¤Æ¤Î¥µ¡¼¥Ð¥×¥í¥»¥¹¤Çȯ¸«¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
¥æ¡¼¥¶¤¬ <application>sshd</application> ·Ðͳ¤Ç¤Î¤ß¥í¥°¥¤¥ó¤·¡¢
<application>telnetd</application>,
<application>rshd</application>,
- <application>rlogind</application> ·Ðͳ¤Ç¥í¥°¥¤¥ó¤¹¤ë¤³¤È¤¬·è
- ¤·¤Æ¤Ê¤¤¥Þ¥·¥ó¤ò²ÔƯ¤µ¤»¤Æ¤¤¤ë¤Î¤Ç¤¢¤ì¤Ð¡¢¤½¤ì¤é¤Î¥µ¡¼¥Ó¥¹¤òÄä
- »ß¤µ¤»¤Æ²¼¤µ¤¤!</para>
+ <application>rlogind</application>
+ ·Ðͳ¤Ç¥í¥°¥¤¥ó¤¹¤ë¤³¤È¤¬·è¤·¤Æ¤Ê¤¤¥Þ¥·¥ó¤ò²ÔƯ¤µ¤»¤Æ¤¤¤ë¤Î¤Ç¤¢¤ì¤Ð¡¢
+ ¤½¤ì¤é¤Î¥µ¡¼¥Ó¥¹¤òÄä»ß¤µ¤»¤Æ²¼¤µ¤¤!</para>
- <para>&os; ¤Ç¤Ï¡¢º£¤Ç¤Ï <application>ntalkd</application>,
+ <para>&os; ¤Ç¤Ï¡¢º£¤Ç¤Ï
+ <application>ntalkd</application>,
<application>comsat</application>,
- <application>finger</application> ¤Ïº½¾ì¤Ç¼Â¹Ô¤µ¤»¤ë¤³¤È¤¬¥Ç¥Õ¥©
- ¥ë¥È¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£¼¡¤Ëº½¾ì¤Ç¼Â¹Ô¤µ¤»¤ë¤Ù¤¥×¥í¥°¥é¥à¤Î¸õÊä¤È
- ¤·¤Æ¡¢&man.named.8; ¤¬¤¢¤ê¤Þ¤¹¡£
+ <application>finger</application>
+ ¤Ïº½¾ì¤Ç¼Â¹Ô¤µ¤»¤ë¤³¤È¤¬¥Ç¥Õ¥©¥ë¥È¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
+ ¼¡¤Ëº½¾ì¤Ç¼Â¹Ô¤µ¤»¤ë¤Ù¤¥×¥í¥°¥é¥à¤Î¸õÊä¤È¤·¤Æ¡¢
+ &man.named.8; ¤¬¤¢¤ê¤Þ¤¹¡£
<filename>/etc/defaults/rc.conf</filename> ¥Õ¥¡¥¤¥ë¤Ë¤Ï¡¢
- <application>named</application> ¤òº½¾ì¤Ç¼Â¹Ô¤¹¤ë¤¿¤á¤ËɬÍפÊ
- °ú¿ô¤¬¥³¥á¥ó¥È¥¢¥¦¥È¤µ¤ì¤¿·Á¼°¤Ç´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£¿·¤·¤¤¥·¥¹¥Æ¥à
- ¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤¤¤ë¤«¡¢¤½¤ì¤È¤â´û¸¤Î¥·¥¹¥Æ¥à¤ò¥¢¥Ã¥×¥°¥ì¡¼
- ¥É¤·¤Æ»È¤Ã¤Æ¤¤¤ë¤«¤Ë°Í¸¤·¤Þ¤¹¤¬¡¢º½¾ì¤È¤·¤Æ»ÈÍѤ¹¤ëÆÃÊ̤Υ桼
- ¥¶¥¢¥«¥¦¥ó¥È¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤Ê¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£ÍÑ¿´¿¼¤¤
- ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ç¤¢¤ì¤Ð¡¢¤Ç¤¤ë¤À¤±¤¤¤Ä¤Ç¤â¸¦µæ¤òÂդ餺¡¢¥µ¡¼¥Ð
- ¤Ëº½¾ì¤ò»Å¹þ¤à¤â¤Î¤Ç¤·¤ç¤¦¡£</para>
+ <application>named</application>
+ ¤òº½¾ì¤Ç¼Â¹Ô¤¹¤ë¤¿¤á¤ËɬÍפʰú¿ô¤¬¥³¥á¥ó¥È¥¢¥¦¥È¤µ¤ì¤¿·Á¼°¤Ç´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£
+ ¿·¤·¤¤¥·¥¹¥Æ¥à¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤¤¤ë¤«¡¢
+ ¤½¤ì¤È¤â´û¸¤Î¥·¥¹¥Æ¥à¤ò¥¢¥Ã¥×¥°¥ì¡¼¥É¤·¤Æ»È¤Ã¤Æ¤¤¤ë¤«¤Ë°Í¸¤·¤Þ¤¹¤¬¡¢
+ º½¾ì¤È¤·¤Æ»ÈÍѤ¹¤ëÆÃÊ̤Υ桼¥¶¥¢¥«¥¦¥ó¥È¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤Ê¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£
+ ÍÑ¿´¿¼¤¤¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ç¤¢¤ì¤Ð¡¢¤Ç¤¤ë¤À¤±¤¤¤Ä¤Ç¤â¸¦µæ¤òÂդ餺¡¢
+ ¥µ¡¼¥Ð¤Ëº½¾ì¤ò»Å¹þ¤à¤â¤Î¤Ç¤·¤ç¤¦¡£</para>
+
<indexterm>
<primary><application>sendmail</application></primary>
</indexterm>
@@ -540,54 +582,60 @@
<application>sendmail</application>,
<application>popper</application>,
<application>imapd</application>,
- <application>ftpd</application> ¤Ê¤É¤Ç¤¹¡£¤³¤ì¤é¤Î¤¦¤Á¤¤¤¯¤Ä¤«
- ¤Î¥µ¡¼¥Ð¤Ë¤ÏÂå¤ï¤ê¤È¤Ê¤ë¤â¤Î¤¬¤¢¤ê¤Þ¤¹¤¬¡¢Âå¤ï¤ê¤Î¤â¤Î¤ò¥¤¥ó¥¹
- ¥È¡¼¥ë¤¹¤ë¤Ë¤Ï¡¢¤¢¤Ê¤¿¤¬»×¤¦¤è¤ê¿¤¯¤Î»Å»ö¤¬É¬Íפˤʤ뤫¤â¤·¤ì
- ¤Þ¤»¤ó (ÊØÍø¤µ¤È¤¤¤¦Í×ÁǤ¬¤Þ¤¿¤â¾¡Íø¤ò¼ý¤á¤ë¤ï¤±¤Ç¤¹)¡£¤³¤ì¤é
- ¤Î¥µ¡¼¥Ð¤Ï¡¢<systemitem class="username">root</systemitem>
+ <application>ftpd</application> ¤Ê¤É¤Ç¤¹¡£
+ ¤³¤ì¤é¤Î¤¦¤Á¤¤¤¯¤Ä¤«¤Î¥µ¡¼¥Ð¤Ë¤ÏÂå¤ï¤ê¤È¤Ê¤ë¤â¤Î¤¬¤¢¤ê¤Þ¤¹¤¬¡¢
+ Âå¤ï¤ê¤Î¤â¤Î¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤Ë¤Ï¡¢
+ ¤¢¤Ê¤¿¤¬»×¤¦¤è¤ê¿¤¯¤Î»Å»ö¤¬É¬Íפˤʤ뤫¤â¤·¤ì¤Þ¤»¤ó
+ (ÊØÍø¤µ¤È¤¤¤¦Í×ÁǤ¬¤Þ¤¿¤â¾¡Íø¤ò¼ý¤á¤ë¤ï¤±¤Ç¤¹)¡£
+ ¤³¤ì¤é¤Î¥µ¡¼¥Ð¤Ï¡¢<systemitem class="username">root</systemitem>
¸¢¸Â¤Ç¼Â¹Ô¤·¤Ê¤±¤ì¤Ð¤Ð¤Ê¤é¤Ê¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£¤Þ¤¿¡¢
- ¤³¤ì¤é¤Î¥µ¡¼¥Ð·Ðͳ¤ÇÀ¸¤¸¤ë¿¯Æþ¤ò¸¡½Ð¤¹¤ë¤¿¤á¤Ë¤Ï¡¢Â¾¤Î»ÅÁȤߤË
- Íê¤é¤Ê¤¯¤Æ¤Ï¤Ê¤é¤Ê¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£</para>
+ ¤³¤ì¤é¤Î¥µ¡¼¥Ð·Ðͳ¤ÇÀ¸¤¸¤ë¿¯Æþ¤ò¸¡½Ð¤¹¤ë¤¿¤á¤Ë¤Ï¡¢
+ ¾¤Î»ÅÁȤߤËÍê¤é¤Ê¤¯¤Æ¤Ï¤Ê¤é¤Ê¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£</para>
<para>¥·¥¹¥Æ¥à¤Î <systemitem class="username">root</systemitem>
- ¸¢¸Â¤ÎÀøºßŪ¤Ê·ê¤Ç¾¤ËÂ礤ʤâ¤Î¤Ë¤Ï¡¢¥·
- ¥¹¥Æ¥à¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤¿ suid-root/sgid ¥Ð¥¤¥Ê¥ê¤¬¤¢¤ê¤Þ¤¹¡£
- ¤³¤ì¤é¤Î¥Ð¥¤¥Ê¥ê¤Ï¡¢<application>rlogin</application> ¤Î¤è¤¦¤Ë¡¢
- <filename class="directory">/bin</filename>, <filename
- class="directory">/sbin</filename>, <filename
- class="directory">/usr/bin</filename> ¤Þ¤¿¤Ï <filename
- class="directory">/usr/sbin</filename>
- ¤Ë¸ºß¤¹¤ë¤â¤Î¤¬¤Û¤È¤ó¤É¤Ç¤¹¡£100% °ÂÁ´¤Ê¤â¤Î¤Ï¸ºß¤·¤Ê¤¤¤È¤Ï
- ¤¤¤¨¡¢¥·¥¹¥Æ¥à¥Ç¥Õ¥©¥ë¥È¤Î siud/sgid ¥Ð¥¤¥Ê¥ê¤ÏÈæ³ÓŪ°ÂÁ´¤È¤¤
- ¤¨¤Þ¤¹¡£¤½¤ì¤Ç¤â¤Ê¤ª¡¢<systemitem class="username">root</systemitem>
+ ¸¢¸Â¤ÎÀøºßŪ¤Ê·ê¤Ç¾¤ËÂ礤ʤâ¤Î¤Ë¤Ï¡¢
+ ¥·¥¹¥Æ¥à¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤¿ suid-root/sgid ¥Ð¥¤¥Ê¥ê¤¬¤¢¤ê¤Þ¤¹¡£
+ ¤³¤ì¤é¤Î¥Ð¥¤¥Ê¥ê¤Ï¡¢
+ <application>rlogin</application> ¤Î¤è¤¦¤Ë¡¢<filename
+ class="directory">/bin</filename>, <filename
+ class="directory">/sbin</filename>, <filename
+ class="directory">/usr/bin</filename> ¤Þ¤¿¤Ï <filename
+ class="directory">/usr/sbin</filename>
+ ¤Ë¸ºß¤¹¤ë¤â¤Î¤¬¤Û¤È¤ó¤É¤Ç¤¹¡£
+ 100% °ÂÁ´¤Ê¤â¤Î¤Ï¸ºß¤·¤Ê¤¤¤È¤Ï¤¤¤¨¡¢
+ ¥·¥¹¥Æ¥à¥Ç¥Õ¥©¥ë¥È¤Î siud/sgid ¥Ð¥¤¥Ê¥ê¤ÏÈæ³ÓŪ°ÂÁ´¤È¤¤¤¨¤Þ¤¹¡£
+ ¤½¤ì¤Ç¤â¤Ê¤ª¡¢<systemitem class="username">root</systemitem>
¥»¥¥å¥ê¥Æ¥£¥Û¡¼¥ë¤¬¤³¤ì¤é¤Î¥Ð¥¤¥Ê¥ê¤Ë¤È¤¤ª¤êȯ¸«¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
1998 ǯ¤Ë <application>xterm</application>
(ÉáÄÌ¡¢suid ÀßÄꤵ¤ì¤Æ¤¤¤Þ¤¹) ¤òÀȼå¤Ë¤·¤Æ¤¤¤¿
- <literal>Xlib</literal> ¤Î <systemitem class="username">root</systemitem>
+ <literal>Xlib</literal> ¤Î
+ <systemitem class="username">root</systemitem>
¥»¥¥å¥ê¥Æ¥£¥Û¡¼¥ë¤¬¸«¤Ä¤«¤ê¤Þ¤·¤¿¡£
°ÂÁ´¤Ç¤¢¤ëÊý¤¬¤è¤¤¤Î¤Ç¡¢
- ÍÑ¿´¿¼¤¤¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï»ÄÇ°¤Ë»×¤¤¤Ê¤¬¤é¤â¡¢¥¹¥¿¥Ã¥Õ¤Î¤ß¤¬¼Â¹Ô
- ¤¹¤ëɬÍפ¬¤¢¤ë suid ¥Ð¥¤¥Ê¥ê¤Ï¡¢¥¹¥¿¥Ã¥Õ¤Î¤ß¤¬¥¢¥¯¥»¥¹²Äǽ¤ÊÆÃ
- Ê̤ʥ°¥ë¡¼¥×¤Ë´Þ¤á¤ë¤è¤¦¤ËÀ©¸Â¤ò²Ã¤¨¡¢Ã¯¤â»È¤ï¤Ê¤¤ suid ¥Ð¥¤¥Ê
- ¥ê¤Ï (<command>chmod 000</command> ¤ò¼Â¹Ô¤·¤Æ) ÊÒÉÕ¤±¤Æ¤·¤Þ¤¦
- ¤Ç¤·¤ç¤¦¡£¥Ç¥£¥¹¥×¥ì¥¤¤ò»ý¤¿¤Ê¤¤¥µ¡¼¥Ð¤Ï¡¢°ìÈÌŪ¤Ë
+ ÍÑ¿´¿¼¤¤¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï»ÄÇ°¤Ë»×¤¤¤Ê¤¬¤é¤â¡¢
+ ¥¹¥¿¥Ã¥Õ¤Î¤ß¤¬¼Â¹Ô¤¹¤ëɬÍפ¬¤¢¤ë suid ¥Ð¥¤¥Ê¥ê¤Ï¡¢
+ ¥¹¥¿¥Ã¥Õ¤Î¤ß¤¬¥¢¥¯¥»¥¹²Äǽ¤ÊÆÃÊ̤ʥ°¥ë¡¼¥×¤Ë´Þ¤á¤ë¤è¤¦¤ËÀ©¸Â¤ò²Ã¤¨¡¢
+ ï¤â»È¤ï¤Ê¤¤ suid ¥Ð¥¤¥Ê¥ê¤Ï
+ (<command>chmod 000</command> ¤ò¼Â¹Ô¤·¤Æ) ÊÒÉÕ¤±¤Æ¤·¤Þ¤¦¤Ç¤·¤ç¤¦¡£
+ ¥Ç¥£¥¹¥×¥ì¥¤¤ò»ý¤¿¤Ê¤¤¥µ¡¼¥Ð¤Ï¡¢°ìÈÌŪ¤Ë
<application>xterm</application> ¤Î¥Ð¥¤¥Ê¥ê¤òɬÍפȤ·¤Þ¤»¤ó¡£
- sgid ¥Ð¥¤¥Ê¥ê¤â¤Û¤È¤ó¤ÉƱÍÍ¤Î´í¸±¤Ê¸ºß¤Ë¤Ê¤êÆÀ¤Þ¤¹¡£¿¯Æþ¼Ô¤¬
- kmem ¤Ë sgid ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤òÇˤ뤳¤È¤¬¤Ç¤¤¿¾ì¹ç¡¢¤½¤Î¿¯Æþ¼Ô
- ¤Ï <filename>/dev/kmem</filename> ¤òÆɤ߽Ф¹¤³¤È¤¬¤Ç¤¤ë¤è¤¦¤Ë
- ¤Ê¤ë¤Ç¤·¤ç¤¦¡£¤Ä¤Þ¤ê¡¢°Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤òÆɤ߽Ф¹
- ¤³¤È¤¬¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¤Î¤Ç¡¢¥Ñ¥¹¥ï¡¼¥É¤ò»ý¤Ä¤É¤Î¥¢¥«¥¦¥ó¥È¤ò¤â¡¢
+ sgid ¥Ð¥¤¥Ê¥ê¤â¤Û¤È¤ó¤ÉƱÍÍ¤Î´í¸±¤Ê¸ºß¤Ë¤Ê¤êÆÀ¤Þ¤¹¡£
+ ¿¯Æþ¼Ô¤¬ kmem ¤Ë sgid ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤òÇˤ뤳¤È¤¬¤Ç¤¤¿¾ì¹ç¡¢
+ ¤½¤Î¿¯Æþ¼Ô¤Ï <filename>/dev/kmem</filename>
+ ¤òÆɤ߽Ф¹¤³¤È¤¬¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¤Ç¤·¤ç¤¦¡£¤Ä¤Þ¤ê¡¢
+ °Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤òÆɤ߽Ф¹¤³¤È¤¬¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¤Î¤Ç¡¢
+ ¥Ñ¥¹¥ï¡¼¥É¤ò»ý¤Ä¤É¤Î¥¢¥«¥¦¥ó¥È¤ò¤â¡¢
ÀøºßŪ¤Ê´í¸±¤Ë»¯¤¹¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£Â¾¤Ë¤â¡¢
- <literal>kmem</literal> ¥°¥ë¡¼¥×¤òÇˤä¿¿¯Æþ¼Ô¤¬ pty ¤òÄ̤·¤Æ
- Á÷¤é¤ì¤¿¥¡¼¥¹¥È¥í¡¼¥¯¤ò´Æ»ë¤Ç¤¤ë¤È¤¤¤¦´í¸±¤¬¤¢¤ê¤Þ¤¹¡£¥¡¼¥¹
- ¥È¥í¡¼¥¯¤Ë¤Ï¡¢°ÂÁ´¤ÊÊýË¡¤Ç¥í¥°¥¤¥ó¤¹¤ë¥æ¡¼¥¶¤¬»È¤Ã¤Æ¤¤¤ë pty
+ <literal>kmem</literal> ¥°¥ë¡¼¥×¤òÇˤä¿¿¯Æþ¼Ô¤¬ pty
+ ¤òÄ̤·¤ÆÁ÷¤é¤ì¤¿¥¡¼¥¹¥È¥í¡¼¥¯¤ò´Æ»ë¤Ç¤¤ë¤È¤¤¤¦´í¸±¤¬¤¢¤ê¤Þ¤¹¡£
+ ¥¡¼¥¹¥È¥í¡¼¥¯¤Ë¤Ï¡¢°ÂÁ´¤ÊÊýË¡¤Ç¥í¥°¥¤¥ó¤¹¤ë¥æ¡¼¥¶¤¬»È¤Ã¤Æ¤¤¤ë pty
¤â´Þ¤Þ¤ì¤Þ¤¹¡£
- <systemitem class="groupname">tty</systemitem> ¥°¥ë¡¼¥×¤òÇˤä¿¿¯Æþ¼Ô¤Ï¡¢¤Û¤ÜǤ°Õ¤Î¥æ¡¼¥¶¤Î
- tty ¤Ø½ñ¤¹þ¤ß¤¬¤Ç¤¤Þ¤¹¡£¥æ¡¼¥¶¤¬Ã¼Ëö¥×¥í¥°¥é¥à¤ä¥¡¼¥Ü¡¼¥É¤ò
- ¥·¥ß¥å¥ì¡¼¥·¥ç¥ó¤¹¤ëµ¡Ç½¤ò»ý¤Ã¤¿¥¨¥ß¥å¥ì¡¼¥¿¤ò»È¤Ã¤Æ¤¤¤ë¾ì¹ç¡¢
- ¿¯Æþ¼Ô¤ÏÀøºßŪ¤Ë¡¢·ë¶É¤½¤Î¥æ¡¼¥¶¤È¤·¤Æ¼Â¹Ô¤µ¤ì¤ë¥³¥Þ¥ó¥É¤ò¥æ¡¼
- ¥¶¤ÎüËö¤Ë¥¨¥³¡¼¤µ¤»¤ë¥Ç¡¼¥¿¥¹¥È¥ê¡¼¥à¤òÀ¸À®¤Ç¤¤ë²ÄǽÀ¤¬¤¢¤ê
- ¤Þ¤¹¡£</para>
+ <systemitem class="groupname">tty</systemitem>
+ ¥°¥ë¡¼¥×¤òÇˤä¿¿¯Æþ¼Ô¤Ï¡¢¤Û¤ÜǤ°Õ¤Î¥æ¡¼¥¶¤Î
+ tty ¤Ø½ñ¤¹þ¤ß¤¬¤Ç¤¤Þ¤¹¡£
+ ¥æ¡¼¥¶¤¬Ã¼Ëö¥×¥í¥°¥é¥à¤ä¥¡¼¥Ü¡¼¥É¤ò¥·¥ß¥å¥ì¡¼¥·¥ç¥ó¤¹¤ëµ¡Ç½¤ò»ý¤Ã¤¿¥¨¥ß¥å¥ì¡¼¥¿¤ò»È¤Ã¤Æ¤¤¤ë¾ì¹ç¡¢
+ ¿¯Æþ¼Ô¤ÏÀøºßŪ¤Ë¡¢
+ ·ë¶É¤½¤Î¥æ¡¼¥¶¤È¤·¤Æ¼Â¹Ô¤µ¤ì¤ë¥³¥Þ¥ó¥É¤ò¥æ¡¼¥¶¤ÎüËö¤Ë¥¨¥³¡¼¤µ¤»¤ë¥Ç¡¼¥¿¥¹¥È¥ê¡¼¥à¤òÀ¸À®¤Ç¤¤ë²ÄǽÀ¤¬¤¢¤ê¤Þ¤¹¡£</para>
</sect2>
<sect2 xml:id="secure-users">
@@ -596,16 +644,14 @@
<para>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Ï¡¢ÉáÄÌ¡¢°ÂÁ´À¤ò¹â¤á¤ë¤³¤È¤¬ºÇ¤âº¤Æñ¤Ç¤¹¡£
¥¹¥¿¥Ã¥Õ¤ËÂФ·¤Æ¤Ï¡¢¤È¤Æ¤â¸·³Ê¤Ê¥¢¥¯¥»¥¹À©¸Â¤ò¶¯À©¤·¥Ñ¥¹¥ï¡¼¥É¤ò
<quote>¥¢¥¹¥¿¥ê¥¹¥¯</quote> ¤Ç³°¤¹¤³¤È¤¬¤Ç¤¤ë¤Ç¤·¤ç¤¦¤¬¡¢
- ´ÉÍý¼Ô¤¬
- »ý¤Á¤¦¤ë°ìÈ̥桼¥¶¤¹¤Ù¤Æ¤Î¥¢¥«¥¦¥ó¥È¤ËÂФ·¤ÆƱ¤¸¤³¤È¤Ï¤Ç¤¤Ê¤¤
- ¤«¤â¤·¤ì¤Þ¤»¤ó¡£´ÉÍý¼Ô¤¬½½Ê¬¤ËÅýΨ¤ò¤È¤ë¤³¤È¤¬¤Ç¤¤ë¤Ê¤é¡¢´ÉÍý
- ¼Ô¤Ï¾¡Íø¤·¡¢¥æ¡¼¥¶¤Î¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´¤òŬÀڤ˳ÎÊݤǤ¤ë¤«¤â¤·¤ì
- ¤Þ¤»¤ó¡£¤½¤ì¤¬¤Ç¤¤Ê¤¤¤Ê¤é¤Ð¡¢¤è¤ê¤¤¤Ã¤½¤¦µ¤¤òÇۤäưìÈ̥桼¥¶
- ¤Î¥¢¥«¥¦¥ó¥È¤ò´Æ»ë¤¹¤ë¤è¤ê¤Û¤«¤¢¤ê¤Þ¤»¤ó¡£
+ ´ÉÍý¼Ô¤¬»ý¤Á¤¦¤ë°ìÈ̥桼¥¶¤¹¤Ù¤Æ¤Î¥¢¥«¥¦¥ó¥È¤ËÂФ·¤ÆƱ¤¸¤³¤È¤Ï¤Ç¤¤Ê¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£
+ ´ÉÍý¼Ô¤¬½½Ê¬¤ËÅýΨ¤ò¤È¤ë¤³¤È¤¬¤Ç¤¤ë¤Ê¤é¡¢´ÉÍý¼Ô¤Ï¾¡Íø¤·¡¢
+ ¥æ¡¼¥¶¤Î¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´¤òŬÀڤ˳ÎÊݤǤ¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
+ ¤½¤ì¤¬¤Ç¤¤Ê¤¤¤Ê¤é¤Ð¡¢
+ ¤è¤ê¤¤¤Ã¤½¤¦µ¤¤òÇۤäưìÈ̥桼¥¶¤Î¥¢¥«¥¦¥ó¥È¤ò´Æ»ë¤¹¤ë¤è¤ê¤Û¤«¤¢¤ê¤Þ¤»¤ó¡£
°ìÈ̥桼¥¶¥¢¥«¥¦¥ó¥È¤ËÂФ· ssh ¤ä Kerberos ¤òÍøÍѤ¹¤ë¤³¤È¤Ë¤Ï¡¢
- ¥·¥¹¥Æ¥à´ÉÍý¤¬¤µ¤é¤ËÁý¤¨¤¿¤ê¥Æ¥¯¥Ë¥«¥ë¥µ¥Ý¡¼¥È¤¬É¬ÍפË
- ¤Ê¤ë¤Ê¤É¤ÎÌäÂ꤬¤¢¤ê¤Þ¤¹¡£¤½¤ì¤Ç¤â¡¢°Å¹æ²½¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤È
- Èæ³Ó¤¹¤ë¤È¤Ï¤ë¤«¤ËÎɤ¤²ò¤Ç¤¹¡£</para>
+ ¥·¥¹¥Æ¥à´ÉÍý¤¬¤µ¤é¤ËÁý¤¨¤¿¤ê¥Æ¥¯¥Ë¥«¥ë¥µ¥Ý¡¼¥È¤¬É¬Íפˤʤë¤Ê¤É¤ÎÌäÂ꤬¤¢¤ê¤Þ¤¹¡£
+ ¤½¤ì¤Ç¤â¡¢°Å¹æ²½¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤ÈÈæ³Ó¤¹¤ë¤È¤Ï¤ë¤«¤ËÎɤ¤²ò¤Ç¤¹¡£</para>
</sect2>
<sect2>
@@ -615,13 +661,15 @@
¤½¤ì¤é¤Î¥¢¥«¥¦¥ó¥È¤Î¥¢¥¯¥»¥¹¤Ë¤Ï
ssh ¤ä Kerberos ¤ò»È¤¦¤è¤¦¤Ë¤¹¤ë¤³¤È¤¬¡¢Í£°ì¤Î³Î¼Â¤ÊÊýË¡¤Ç¤¹¡£
°Å¹æ²½¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë
- (<filename>/etc/spwd.db</filename>) ¤Ï <systemitem class="username">root</systemitem>
+ (<filename>/etc/spwd.db</filename>) ¤Ï
+ <systemitem class="username">root</systemitem>
¤Ç¤Î¤ßÆɤ߽Ф·²Äǽ¤À¤±¤ì¤É¤â¡¢
¤¿¤È¤¨¡¢¿¯Æþ¼Ô¤¬ root ¤Î½ñ¤¹þ¤ß¸¢¸Â¤ÏÆÀ¤é¤ì¤Ê¤¯¤È¤â¡¢
Æɤ߽Ф·¥¢¥¯¥»¥¹¸¢¸Â¤òÆÀ¤ë¤³¤È¤Ï²Äǽ¤«¤â¤·¤ì¤Þ¤»¤ó¡£</para>
<para>¥»¥¥å¥ê¥Æ¥£¥¹¥¯¥ê¥×¥È¤Ç¾ï¤Ë¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤ÎÊѹ¹¤ò¥Á¥§¥Ã
- ¥¯¤·¡¢Êó¹ð¤¹¤ë¤è¤¦¤Ë¤¹¤Ù¤¤Ç¤¹ (<link linkend="security-integrity">¥Õ¥¡¥¤¥ë¤Î´°Á´À¤Î¥Á¥§¥Ã¥¯</link>
+ ¥¯¤·¡¢Êó¹ð¤¹¤ë¤è¤¦¤Ë¤¹¤Ù¤¤Ç¤¹ (<link
+ linkend="security-integrity">¥Õ¥¡¥¤¥ë¤Î´°Á´À¤Î¥Á¥§¥Ã¥¯</link>
ÀỲ¾È)¡£</para>
</sect2>
@@ -630,30 +678,32 @@
¹â¤á¤ë</title>
<para><systemitem class="username">root</systemitem>
- ¤Î¸¢¸Â¤òÇˤë¤È¡¢¹¶·â¼Ô¤Ï¤Û¤È¤ó¤É²¿¤Ç¤â¤Ç¤¤Þ¤¹¤¬¡¢Æä˽ÅÊõ¤µ
- ¤ì¤ëÆÃÄê¤Î»öÊÁ¤â¤¤¤¯¤Ä¤«¤¢¤ê¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢ºÇ¶á¤Î¥«¡¼¥Í¥ë¤Ï¡¢ÁÈ
- ¤ß¹þ¤ß¤Î¥Ñ¥±¥Ã¥ÈÇÁ¤¸«¥Ç¥Ð¥¤¥¹ (packet sniffing device) ¥É¥é¥¤
- ¥Ð¤òÈ÷¤¨¤Æ¤¤¤ë¤â¤Î¤¬¤Û¤È¤ó¤É¤Ç¤¹¡£&os; ¤Ç¤Ï
- <filename>bpf</filename> ¥Ç¥Ð¥¤¥¹¤È¸Æ¤Ð¤ì¤Æ¤¤¤Þ¤¹¡£¿¯Æþ¼Ô
- ¤ÏÉáÄÌ¡¢¿¯ÆþºÑ¤ß¤Î¥Þ¥·¥ó¤Ç¥Ñ¥±¥Ã¥ÈÇÁ¤¸«¥×¥í¥°¥é¥à¤ò¼Â¹Ô¤µ¤»¤è
- ¤¦¤È»î¤ß¤Þ¤¹¡£¿¯Æþ¼Ô¤Ë¤ï¤¶¤ï¤¶¤½¤¦¤¤¤¦µ¡Ç½¤òÄ󶡤¹¤ëɬÍפϤʤ¤
- ¤Î¤Ç¡¢¤Û¤È¤ó¤É¤Î¥·¥¹¥Æ¥à¤Ç <filename>bpf</filename>
+ ¤Î¸¢¸Â¤òÇˤë¤È¡¢¹¶·â¼Ô¤Ï¤Û¤È¤ó¤É²¿¤Ç¤â¤Ç¤¤Þ¤¹¤¬¡¢
+ Æä˽ÅÊõ¤µ¤ì¤ëÆÃÄê¤Î»öÊÁ¤â¤¤¤¯¤Ä¤«¤¢¤ê¤Þ¤¹¡£
+ ¤¿¤È¤¨¤Ð¡¢ºÇ¶á¤Î¥«¡¼¥Í¥ë¤Ï¡¢ÁȤ߹þ¤ß¤Î¥Ñ¥±¥Ã¥ÈÇÁ¤¸«¥Ç¥Ð¥¤¥¹
+ (packet sniffing device) ¥É¥é¥¤¥Ð¤òÈ÷¤¨¤Æ¤¤¤ë¤â¤Î¤¬¤Û¤È¤ó¤É¤Ç¤¹¡£
+ &os; ¤Ç¤Ï <filename>bpf</filename> ¥Ç¥Ð¥¤¥¹¤È¸Æ¤Ð¤ì¤Æ¤¤¤Þ¤¹¡£
+ ¿¯Æþ¼Ô¤ÏÉáÄÌ¡¢
+ ¿¯ÆþºÑ¤ß¤Î¥Þ¥·¥ó¤Ç¥Ñ¥±¥Ã¥ÈÇÁ¤¸«¥×¥í¥°¥é¥à¤ò¼Â¹Ô¤µ¤»¤è¤¦¤È»î¤ß¤Þ¤¹¡£
+ ¿¯Æþ¼Ô¤Ë¤ï¤¶¤ï¤¶¤½¤¦¤¤¤¦µ¡Ç½¤òÄ󶡤¹¤ëɬÍפϤʤ¤¤Î¤Ç¡¢
+ ¤Û¤È¤ó¤É¤Î¥·¥¹¥Æ¥à¤Ç <filename>bpf</filename>
¥Ç¥Ð¥¤¥¹¤òÁȤ߹þ¤à¤Ù¤¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£</para>
<indexterm>
<primary><command>sysctl</command></primary>
</indexterm>
+
<para><filename>bpf</filename> ¥Ç¥Ð¥¤¥¹¤ò³°¤·¤Æ¤â¡¢
<filename>/dev/mem</filename> ¤È
<filename>/dev/kmem</filename>
¤È¤¤¤¦Çº¤ß¤Î¼ï¤¬¤Þ¤À»Ä¤Ã¤Æ¤¤¤Þ¤¹¡£¤³¤ÎÌäÂê¤Ë´Ø¤·¤Æ¤Ï¡¢¿¯Æþ¼Ô¤Ï
raw ¥Ç¥£¥¹¥¯¥Ç¥Ð¥¤¥¹¤Ë½ñ¤¹þ
- ¤à¤³¤È¤â¤Ç¤¤Þ¤¹¡£¤Û¤«¤Ë¤â¡¢¥â¥¸¥å¡¼¥ë¥í¡¼¥À¡¢&man.kldload.8; ¤È¤¤
- ¤¦¡¢Ê̤Υ«¡¼¥Í¥ëµ¡Ç½¤¬¤¢¤ê¤Þ¤¹¡£¤ä¤ëµ¤¤Þ¤ó¤Þ¤ó¤Î¿¯Æþ¼Ô¤Ï¡¢KLD
+ ¤à¤³¤È¤â¤Ç¤¤Þ¤¹¡£¤Û¤«¤Ë¤â¡¢¥â¥¸¥å¡¼¥ë¥í¡¼¥À¡¢&man.kldload.8;
+ ¤È¤¤¤¦¡¢Ê̤Υ«¡¼¥Í¥ëµ¡Ç½¤¬¤¢¤ê¤Þ¤¹¡£¤ä¤ëµ¤¤Þ¤ó¤Þ¤ó¤Î¿¯Æþ¼Ô¤Ï¡¢KLD
¥â¥¸¥å¡¼¥ë¤ò»È¤Ã¤Æ¼«Ê¬Æȼ«¤Î <filename>bpf</filename>
- ¤â¤·¤¯¤Ï¤½¤Î¾ÇÁ¤¸«¥Ç¥Ð¥¤¥¹
- ¤òÆ°ºîÃæ¤Î¥«¡¼¥Í¥ë¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤Ç¤¤Þ¤¹¡£¤³¤ÎÌäÂê¤ò
- Èò¤±¤ë¤¿¤á¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¥«¡¼¥Í¥ë¤ò¤è¤ê¹â¤¤¥»¥¥å¥¢¥ì¥Ù¥ë¡¢
+ ¤â¤·¤¯¤Ï¤½¤Î¾ÇÁ¤¸«¥Ç¥Ð¥¤¥¹¤òÆ°ºîÃæ¤Î¥«¡¼¥Í¥ë¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤Ç¤¤Þ¤¹¡£
+ ¤³¤ÎÌäÂê¤òÈò¤±¤ë¤¿¤á¡¢
+ ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¥«¡¼¥Í¥ë¤ò¤è¤ê¹â¤¤¥»¥¥å¥¢¥ì¥Ù¥ë¡¢
¾¯¤Ê¤¯¤È¤â¥»¥¥å¥¢¥ì¥Ù¥ë 1 ¤Ç¼Â¹Ô¤µ¤»¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
<para>¥«¡¼¥Í¥ë¤Î¥»¥¥å¥¢¥ì¥Ù¥ë¤Ï¤¤¤¯¤Ä¤«¤ÎÊýË¡¤ÇÀßÄê¤Ç¤¤Þ¤¹¡£
@@ -723,93 +773,101 @@
¤¹¤Ù¤Æ¤Î¥·¥¹¥Æ¥à¥Õ¥¡¥¤¥ë¤È¥Ç¥£¥ì¥¯¥È¥ê¤Ë <literal>schg</literal>
¥Õ¥é¥°¤òÀßÄꤷ¤Ê¤¤¤È¤¤¤¦¤È¤³¤í¤ÇÂŶ¨¤¹¤ë¤È¤¤¤¦¼ê¤â¤¢¤ê¤Þ¤¹¡£
¤â¤¦°ì¤Ä¤Î²ÄǽÀ¤È¤·¤Æ¤Ï¡¢Ã±½ã¤Ë
- <filename class="directory">/</filename> ¤ª¤è¤Ó
- <filename class="directory">/usr</filename>
+ <filename class="directory">/</filename> ¤ª¤è¤Ó <filename
+ class="directory">/usr</filename>
¤òÆɤ߹þ¤ßÀìÍѤǥޥ¦¥ó¥È¤¹¤ë¤³¤È¤Ç¤¹¡£
¤³¤³¤ÇÆÃÉ®¤¹¤Ù¤¤³¤È¤Ï¡¢¥·¥¹¥Æ¥à¤ò¼é¤í¤¦¤È¤·¤Æ¸·¤·¤¯¤·¤¹¤®¤ë¤È¡¢
¿¯Æþ¤ò¸¡½Ð¤¹¤ë¤È¤¤¤¦Èó¾ï¤Ë½ÅÍפʤ³¤È¤¬¤Ç¤¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¦¤È¤¤¤¦¤³¤È¤Ç¤¹¡£</para>
</sect2>
<sect2 xml:id="security-integrity">
- <title>¥Õ¥¡¥¤¥ë¤Î´°Á´À¤Î¥Á¥§¥Ã¥¯: ¥Ð¥¤¥Ê¥ê¡¢ÀßÄê¥Õ¥¡¥¤¥ë¤Ê¤É
- </title>
+ <title>¥Õ¥¡¥¤¥ë¤Î´°Á´À¤Î¥Á¥§¥Ã¥¯: ¥Ð¥¤¥Ê¥ê¡¢
+ ÀßÄê¥Õ¥¡¥¤¥ë¤Ê¤É</title>
- <para>¤³¤È¤³¤ÎÌäÂê¤Ë»ê¤ë¤È¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ë¤Ç¤¤ë¤³¤È¤Ï¡¢ÊØÍø¤µ
- ¤È¤¤¤¦Í×ÁǤ¬¤½¤Î½¹¤¤Æ¬¤ò¾å¤²¤Ê¤¤ÄøÅ٤ˡ¢¥³¥¢¥·¥¹¥Æ¥à¤ÎÀßÄê¤ÈÀ©
- ¸æ¥Õ¥¡¥¤¥ë¤òËɸ椹¤ë¤³¤È¤À¤±¤Ç¤¹¡£¤¿¤È¤¨¤Ð¡¢
- <filename class="directory">/</filename> ¤ª¤è¤Ó
- <filename class="directory">/usr</filename>
- ¤Ë¤¢¤ëÂçÉôʬ¤Î¥Õ¥¡¥¤¥ë¤Ë <literal>schg</literal> ¥Ó¥Ã¥È¤òÀßÄꤹ¤ë¤¿
- ¤á¤Ë <command>chflags</command> ¤ò»ÈÍѤ¹¤ë¤Î¤Ï¡¢¤ª¤½¤é¤¯µÕ¸ú²Ì
- ¤Ç¤·¤ç¤¦¡£¤Ê¤¼¤Ê¤é¡¢¤½¤¦¤¹¤ë¤³¤È¤Ç¥Õ¥¡¥¤¥ë¤ÏÊݸî¤Ç¤¤Þ¤¹¤¬¡¢¿¯
- Æþ¤ò¸¡½Ð¤¹¤ëÁë¤òÊĤ¶¤·¤Æ¤·¤Þ¤¦¤³¤È¤Ë¤â¤Ê¤ë¤«¤é¤Ç¤¹¡£¥»¥¥å¥ê¥Æ¥£
- ¤Î¥¿¥Þ¥Í¥®¤ÎºÇ¸å¤ÎÁؤϤª¤½¤é¤¯ºÇ¤â½ÅÍפʤâ¤Î — ¸¡½Ð¤Ç
- ¤¹¡£¥»¥¥å¥ê¥Æ¥£¤Î»Ä¤ê¤Î¤â¤Î¤Ï¡¢ÆÍÁ³¤Î¿¯Æþ¤ò¸¡½Ð¤Ç¤¤Ê¤±¤ì¤Ð¡¢
- ¤Þ¤Ã¤¿¤¯ÍÍѤǤϤ¢¤ê¤Þ¤»¤ó (¤¢¤ë¤¤¤Ï¡¢¤â¤Ã¤È°¤±¤ì¤Ð¡¢°ÂÁ´À¤Ë
- ÂФ¹¤ë´Ö°ã¤Ã¤¿´¶³Ð¤ò¿¢¤¨ÉÕ¤±¤Æ¤·¤Þ¤¤¤Þ¤¹)¡£
+ <para>¤³¤È¤³¤ÎÌäÂê¤Ë»ê¤ë¤È¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ë¤Ç¤¤ë¤³¤È¤Ï¡¢
+ ÊØÍø¤µ¤È¤¤¤¦Í×ÁǤ¬¤½¤Î½¹¤¤Æ¬¤ò¾å¤²¤Ê¤¤ÄøÅ٤ˡ¢
+ ¥³¥¢¥·¥¹¥Æ¥à¤ÎÀßÄê¤ÈÀ©¸æ¥Õ¥¡¥¤¥ë¤òËɸ椹¤ë¤³¤È¤À¤±¤Ç¤¹¡£
+ ¤¿¤È¤¨¤Ð¡¢<filename
+ class="directory">/</filename> ¤ª¤è¤Ó <filename
+ class="directory">/usr</filename>
+ ¤Ë¤¢¤ëÂçÉôʬ¤Î¥Õ¥¡¥¤¥ë¤Ë <literal>schg</literal>
+ ¥Ó¥Ã¥È¤òÀßÄꤹ¤ë¤¿¤á¤Ë <command>chflags</command>
+ ¤ò»ÈÍѤ¹¤ë¤Î¤Ï¡¢¤ª¤½¤é¤¯µÕ¸ú²Ì¤Ç¤·¤ç¤¦¡£
+ ¤Ê¤¼¤Ê¤é¡¢¤½¤¦¤¹¤ë¤³¤È¤Ç¥Õ¥¡¥¤¥ë¤ÏÊݸî¤Ç¤¤Þ¤¹¤¬¡¢
+ ¿¯Æþ¤ò¸¡½Ð¤¹¤ëÁë¤òÊĤ¶¤·¤Æ¤·¤Þ¤¦¤³¤È¤Ë¤â¤Ê¤ë¤«¤é¤Ç¤¹¡£
+ ¥»¥¥å¥ê¥Æ¥£¤Î¥¿¥Þ¥Í¥®¤ÎºÇ¸å¤ÎÁؤϤª¤½¤é¤¯ºÇ¤â½ÅÍפʤâ¤Î
+ — ¸¡½Ð¤Ç¤¹¡£
+ ¥»¥¥å¥ê¥Æ¥£¤Î»Ä¤ê¤Î¤â¤Î¤Ï¡¢ÆÍÁ³¤Î¿¯Æþ¤ò¸¡½Ð¤Ç¤¤Ê¤±¤ì¤Ð¡¢
+ ¤Þ¤Ã¤¿¤¯ÍÍѤǤϤ¢¤ê¤Þ¤»¤ó
+ (¤¢¤ë¤¤¤Ï¡¢¤â¤Ã¤È°¤±¤ì¤Ð¡¢
+ °ÂÁ´À¤ËÂФ¹¤ë´Ö°ã¤Ã¤¿´¶³Ð¤ò¿¢¤¨ÉÕ¤±¤Æ¤·¤Þ¤¤¤Þ¤¹)¡£
¥¿¥Þ¥Í¥®¤Î»Å»ö¤ÎȾʬ¤Ï¡¢
¹¶·â¼Ô¤ò¹¶·â¤ÎºÇÃæ¤ËÊᤨ¤ë¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ë¡¢
¹¶·â¼Ô¤ò¿©¤¤»ß¤á¤ë¤Î¤Ç¤Ï¤Ê¤¯¿¯Æþ¤òÃ٤餻¤ë¤³¤È¤Ê¤Î¤Ç¤¹¡£</para>
- <para>¿¯Æþ¤ò¸¡½Ð¤¹¤ëºÇ¤âÎɤ¤ÊýË¡¤Ï¡¢Êѹ¹¤µ¤ì¤Æ¤¤¤¿¤ê¡¢¾Ã¤¨¤Æ¤¤¤¿
- ¤ê¡¢Æþ¤ì¤¿³Ð¤¨¤¬¤Ê¤¤¤Î¤ËÆþ¤Ã¤Æ¤¤¤ë¥Õ¥¡¥¤¥ë¤òõ¤¹¤³¤È¤Ç¤¹¡£Êѹ¹
- ¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤òõ¤¹¤Î¤ËºÇ¤âÎɤ¤ÊýË¡¤Ï¡¢¤â¤¦°ì¤Ä¤Î (¤·¤Ð¤·¤ÐÃæ
- ±û¤Ë½¸¤á¤é¤ì¤¿)¡¢¥¢¥¯¥»¥¹¤¬À©¸Â¤µ¤ì¤¿¥·¥¹¥Æ¥à¤«¤é¹Ô¤Ê¤¦¤â¤Î¤Ç
- ¤¹¡£¤µ¤é¤Ë°ÂÁ´¤Ç¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥·¥¹¥Æ¥à¾å¤Ç¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹
- ¥¯¥ê¥×¥È¤ò½ñ¤±¤Ð¡¢
+ <para>¿¯Æþ¤ò¸¡½Ð¤¹¤ëºÇ¤âÎɤ¤ÊýË¡¤Ï¡¢Êѹ¹¤µ¤ì¤Æ¤¤¤¿¤ê¡¢
+ ¾Ã¤¨¤Æ¤¤¤¿¤ê¡¢Æþ¤ì¤¿³Ð¤¨¤¬¤Ê¤¤¤Î¤ËÆþ¤Ã¤Æ¤¤¤ë¥Õ¥¡¥¤¥ë¤òõ¤¹¤³¤È¤Ç¤¹¡£
+ Êѹ¹¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤òõ¤¹¤Î¤ËºÇ¤âÎɤ¤ÊýË¡¤Ï¡¢¤â¤¦°ì¤Ä¤Î
+ (¤·¤Ð¤·¤ÐÃæ±û¤Ë½¸¤á¤é¤ì¤¿)¡¢
+ ¥¢¥¯¥»¥¹¤¬À©¸Â¤µ¤ì¤¿¥·¥¹¥Æ¥à¤«¤é¹Ô¤Ê¤¦¤â¤Î¤Ç¤¹¡£
+ ¤µ¤é¤Ë°ÂÁ´¤Ç¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥·¥¹¥Æ¥à¾å¤Ç¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤ò½ñ¤±¤Ð¡¢
¥¹¥¯¥ê¥×¥È¤ÏÀøºßŪ¤Ê¹¶·â¼Ô¤«¤é¤Ï¤Û¤Ü¸«¤¨¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£
- ¤³¤ì¤Ï½ÅÍפʤ³¤È¤Ç¤¹¡£¤³¤Î͸úÀ¤òºÇÂç¸Â¤Ë³èÍÑ
- ¤¹¤ë¤¿¤á¤Ë¤Ï¡¢°ìÈÌŪ¤Ë¡¢¥¢¥¯¥»¥¹¤ÎÀ©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤«¤é¼ÂºÝ¤Ë»È¤Ã¤Æ¤¤¤ë¾¤Î¥Þ¥·¥ó¤Ø¤Î¤«¤Ê¤ê¤Î¥¢¥¯¥»¥¹¤òµö²Ä¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£Éá
- Ä̤ϡ¢Â¾¤Î¥Þ¥·¥ó¤«¤é¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤ØÆɤ߹þ¤ßÀìÍѤÎ
+ ¤³¤ì¤Ï½ÅÍפʤ³¤È¤Ç¤¹¡£
+ ¤³¤Î͸úÀ¤òºÇÂç¸Â¤Ë³èÍѤ¹¤ë¤¿¤á¤Ë¤Ï¡¢°ìÈÌŪ¤Ë¡¢
+ ¥¢¥¯¥»¥¹¤ÎÀ©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤«¤é¼ÂºÝ¤Ë»È¤Ã¤Æ¤¤¤ë¾¤Î¥Þ¥·¥ó¤Ø¤Î¤«¤Ê¤ê¤Î¥¢¥¯¥»¥¹¤òµö²Ä¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ÉáÄ̤ϡ¢Â¾¤Î¥Þ¥·¥ó¤«¤é¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤ØÆɤ߹þ¤ßÀìÍѤÎ
NFS ¥¨¥¯¥¹¥Ý¡¼¥È¤ò¤·¤¿¤ê¡¢¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤«¤é¾¤Î¥Þ¥·¥ó¤Ø
ssh Àܳ¤ò¹Ô¤Ê¤¦¤¿¤á¤Ë¡¢
ssh ¸°¤Î¥Ú¥¢¤òºî¤Ã¤¿¤ê¤¹¤ë¤³¤È¤Ç¹Ô¤¤¤Þ¤¹¡£
- ¥Í¥Ã¥È¥ï¡¼¥¯¤Î¥È¥é¥Õ¥£¥Ã¥¯¤òÊ̤ˤ·¤Æ¡¢NFS ¤ÏºÇ¤â²Ä»ëÀ
- ¤Î¤Ê¤¤ÊýË¡¤Ç¤¹ — ³Æ¥¯¥é¥¤¥¢¥ó¥È¾å¤Î¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤ò¡¢
- »ö¼Â¾å¸¡½Ð¤µ¤ì¤º¤Ë´Æ»ë¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿
- ¥µ¡¼¥Ð¤¬¥¹¥¤¥Ã¥Á¤òÄ̤·¤Æ¥¯¥é¥¤¥¢¥ó¥È¤ËÀܳ¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¤¿¤¤
- ¤Æ¤¤ NFS ¤¬¤è¤êÎɤ¤ÁªÂò»è¤Ç¤¹¡£¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥µ¡¼¥Ð¤¬¥Ï¥Ö
- ¤ä¡¢¤¤¤¯¤Ä¤«¤Î¥ë¡¼¥Æ¥£¥ó¥°ÁؤòÄ̤·¤Æ¥¯¥é¥¤¥¢¥ó¥È¤ËÀܳ¤·¤Æ¤¤¤ë¾ì¹ç¡¢
+ ¥Í¥Ã¥È¥ï¡¼¥¯¤Î¥È¥é¥Õ¥£¥Ã¥¯¤òÊ̤ˤ·¤Æ¡¢
+ NFS ¤ÏºÇ¤â²Ä»ëÀ¤Î¤Ê¤¤ÊýË¡¤Ç¤¹ —
+ ³Æ¥¯¥é¥¤¥¢¥ó¥È¾å¤Î¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤ò¡¢
+ »ö¼Â¾å¸¡½Ð¤µ¤ì¤º¤Ë´Æ»ë¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
+ ¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥µ¡¼¥Ð¤¬¥¹¥¤¥Ã¥Á¤òÄ̤·¤Æ¥¯¥é¥¤¥¢¥ó¥È¤ËÀܳ¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢
+ ¤¿¤¤¤Æ¤¤ NFS ¤¬¤è¤êÎɤ¤ÁªÂò»è¤Ç¤¹¡£
+ ¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥µ¡¼¥Ð¤¬¥Ï¥Ö¤ä¡¢
+ ¤¤¤¯¤Ä¤«¤Î¥ë¡¼¥Æ¥£¥ó¥°ÁؤòÄ̤·¤Æ¥¯¥é¥¤¥¢¥ó¥È¤ËÀܳ¤·¤Æ¤¤¤ë¾ì¹ç¡¢
NFS ¤Ï (¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÌ̤Ç) ¤¢¤Þ¤ê¤Ë¤â´í¸±¤Ê¤Î¤Ç¡¢
ssh ¤ÎÊý¤¬Ç§¾Ú¤ò¹Ô¤Ã¤¿ÀפϻĤê¤Þ¤¹¤¬¡¢Îɤ¤ÊýË¡¤Ç¤·¤ç¤¦¡£</para>
- <para>¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤Ë¡¢´Æ»ë¤·¤è¤¦¤È¤¹¤ë¥¯¥é¥¤¥¢¥ó¥È¥·
- ¥¹¥Æ¥à¤Ø¤Î¾¯¤Ê¤¯¤È¤âÆɤ߹þ¤ß¤Î¥¢¥¯¥»¥¹¸¢¤òÍ¿¤¨¤¿¤é¡¢¼¡¤Ë¼ÂºÝ¤Ë
- ´Æ»ë¤¹¤ë¤¿¤á¤Î¥¹¥¯¥ê¥×¥È¤ò½ñ¤«¤Ê¤¯¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£NFS ¥Þ¥¦¥ó¥È
- ¤ò¤¹¤ì¤Ð¡¢&man.find.1; ¤ä &man.md5.1; ¤Ê¤É¤Îñ½ã¤Ê¥·¥¹¥Æ¥à¥æ¡¼
- ¥Æ¥£¥ê¥Æ¥£¤Ç¥¹¥¯¥ê¥×¥È¤ò½ñ¤¯¤³¤È¤¬¤Ç¤¤Þ¤¹¡£¾¯¤Ê¤¯¤È¤â 1 Æü 1
- ²ó¡¢¥¯¥é¥¤¥¢¥ó¥È¤Î¥Õ¥¡¥¤¥ë¤òľÀÜ md5 ¤Ë¤«¤±¡¢¤µ¤é¤Ë¤â¤Ã¤ÈÉÑÈË
- ¤Ë <filename class="directory">/etc</filename> ¤ª¤è¤Ó
- <filename class="directory">/usr/local/etc</filename>
- ¤Ë¤¢¤ë¤è¤¦¤Ê¥³¥ó¥È¥í¡¼¥ëÍÑ
- ¥Õ¥¡¥¤¥ë¤ò»î¸³¤¹¤ë¤Î¤¬°ìÈ֤Ǥ¹¡£¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤¬Àµ¤·
- ¤¤¤ÈÃΤäƤ¤¤ë¡¢´ð¤È¤Ê¤ë md5 ¾ðÊó¤ÈÈæ¤Ù¤Æ°ã¤¤¤¬¸«¤Ä¤«¤Ã¤¿¾ì¹ç¡¢
- ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤ËÄ´¤Ù¤ÆÍߤ·¤¤¤ÈÈáÌĤò¾å¤²¤ë¤è¤¦¤Ë¤¹¤Ù¤¤Ç¤¹¡£Í¥
- ¤ì¤¿¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤Ï¡¢
- <filename class="directory">/</filename> ¤ª¤è¤Ó
- <filename class="directory">/usr</filename>
+ <para>¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤Ë¡¢
+ ´Æ»ë¤·¤è¤¦¤È¤¹¤ë¥¯¥é¥¤¥¢¥ó¥È¥·¥¹¥Æ¥à¤Ø¤Î¾¯¤Ê¤¯¤È¤âÆɤ߹þ¤ß¤Î¥¢¥¯¥»¥¹¸¢¤òÍ¿¤¨¤¿¤é¡¢
+ ¼¡¤Ë¼ÂºÝ¤Ë´Æ»ë¤¹¤ë¤¿¤á¤Î¥¹¥¯¥ê¥×¥È¤ò½ñ¤«¤Ê¤¯¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
+ NFS ¥Þ¥¦¥ó¥È¤ò¤¹¤ì¤Ð¡¢&man.find.1; ¤ä &man.md5.1;
+ ¤Ê¤É¤Îñ½ã¤Ê¥·¥¹¥Æ¥à¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤Ç¥¹¥¯¥ê¥×¥È¤ò½ñ¤¯¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
+ ¾¯¤Ê¤¯¤È¤â 1 Æü 1 ²ó¡¢¥¯¥é¥¤¥¢¥ó¥È¤Î¥Õ¥¡¥¤¥ë¤òľÀÜ md5 ¤Ë¤«¤±¡¢
+ ¤µ¤é¤Ë¤â¤Ã¤ÈÉÑÈË¤Ë <filename
+ class="directory">/etc</filename> ¤ª¤è¤Ó <filename
+ class="directory">/usr/local/etc</filename>
+ ¤Ë¤¢¤ë¤è¤¦¤Ê¥³¥ó¥È¥í¡¼¥ëÍÑ¥Õ¥¡¥¤¥ë¤ò»î¸³¤¹¤ë¤Î¤¬°ìÈ֤Ǥ¹¡£
+ ¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤¬Àµ¤·¤¤¤ÈÃΤäƤ¤¤ë¡¢
+ ´ð¤È¤Ê¤ë md5 ¾ðÊó¤ÈÈæ¤Ù¤Æ°ã¤¤¤¬¸«¤Ä¤«¤Ã¤¿¾ì¹ç¡¢
+ ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤ËÄ´¤Ù¤ÆÍߤ·¤¤¤ÈÈáÌĤò¾å¤²¤ë¤è¤¦¤Ë¤¹¤Ù¤¤Ç¤¹¡£
+ Í¥¤ì¤¿¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤Ï¡¢<filename
+ class="directory">/</filename> ¤ª¤è¤Ó <filename
+ class="directory">/usr</filename>
¤Ê¤É¤Î¥·¥¹¥Æ¥à¥Ñ¡¼¥Æ¥£¥·¥ç¥ó¾å¤ÇÉÔŬÅö¤Ë
- suid ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤ä¡¢¿·¤¿¤ËºîÀ®¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤äºï½ü¤µ¤ì
- ¤¿¥Õ¥¡¥¤¥ë¤¬¤Ê¤¤¤«¤É¤¦¤«¤òÄ´¤Ù¤ë¤Ç¤·¤ç¤¦¡£</para>
+ suid ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤ä¡¢
+ ¿·¤¿¤ËºîÀ®¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤äºï½ü¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤¬¤Ê¤¤¤«¤É¤¦¤«¤òÄ´¤Ù¤ë¤Ç¤·¤ç¤¦¡£</para>
<para>NFS ¤Ç¤Ï¤Ê¤¯¡¢ssh ¤ò»ÈÍѤ¹¤ë¾ì¹ç¤Ï¡¢
- ¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤ò½ñ¤¯¤Î¤Ï¤º¤Ã¤ÈÆñ¤·¤¤¤³¤È¤Ç
- ¤¹¡£¥¹¥¯¥ê¥×¥È¤òÆ°¤«¤¹¤¿¤á¤Ë¤Ï¡¢¥¯¥é¥¤¥¢¥ó¥È¤ËÂФ·¤Æ¥¹¥¯¥ê¥×¥È
- ¤ò <command>scp</command> ¤·¤Ê¤¯¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¤·¡¢¤½¤ì¤ÏÌܤ˸«
- ¤¨¤Æ¤·¤Þ¤¤¤Þ¤¹¡£¤½¤·¤Æ¡¢°ÂÁ´¤Î¤¿¤á¤Ë¤Ï¡¢¥¹¥¯¥ê¥×¥È¤¬»È¤¦¥Ð¥¤¥Ê
- ¥ê (find ¤Ê¤É) ¤ò <command>scp</command> ¤¹¤ëɬÍפ⤢¤ê¤Þ¤¹¡£
+ ¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤ò½ñ¤¯¤Î¤Ï¤º¤Ã¤ÈÆñ¤·¤¤¤³¤È¤Ç¤¹¡£
+ ¥¹¥¯¥ê¥×¥È¤òÆ°¤«¤¹¤¿¤á¤Ë¤Ï¡¢¥¯¥é¥¤¥¢¥ó¥È¤ËÂФ·¤Æ¥¹¥¯¥ê¥×¥È¤ò
+ <command>scp</command> ¤·¤Ê¤¯¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¤·¡¢
+ ¤½¤ì¤ÏÌܤ˸«¤¨¤Æ¤·¤Þ¤¤¤Þ¤¹¡£
+ ¤½¤·¤Æ¡¢°ÂÁ´¤Î¤¿¤á¤Ë¤Ï¡¢¥¹¥¯¥ê¥×¥È¤¬»È¤¦¥Ð¥¤¥Ê¥ê (find ¤Ê¤É) ¤ò
+ <command>scp</command> ¤¹¤ëɬÍפ⤢¤ê¤Þ¤¹¡£
¥¯¥é¥¤¥¢¥ó¥È¥Þ¥·¥ó¤Î <application>ssh</application>
¥¯¥é¥¤¥¢¥ó¥È¤Ï¤¹¤Ç¤Ë¹¶·â¤µ¤ì¤Æ¤·¤Þ¤Ã¤Æ¤¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
·ë¶É¤Î¤È¤³¤í¡¢°ÂÁ´¤Ç¤Ê¤¤¥ê¥ó¥¯¾å¤Î¾ì¹ç¤Ï
ssh ¤ÏɬÍפ«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢ssh
¤ò°·¤¦¤Î¤Ï¤È¤Æ¤âÂçÊѤʤ³¤È¤Ç¤¹¡£</para>
- <para>Í¥¤ì¤¿¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤Ï¡¢¥æ¡¼¥¶¤ä¥¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤Î
- ¥¢¥¯¥»¥¹ÀßÄê¥Õ¥¡¥¤¥ë¤ÎÊѹ¹¤â¥Á¥§¥Ã¥¯¤¹¤ë¤â¤Î¤Ç¤¹¡£
+ <para>Í¥¤ì¤¿¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤Ï¡¢
+ ¥æ¡¼¥¶¤ä¥¹¥¿¥Ã¥Õ¥á¥ó¥Ð¤Î¥¢¥¯¥»¥¹ÀßÄê¥Õ¥¡¥¤¥ë¤ÎÊѹ¹¤â¥Á¥§¥Ã¥¯¤¹¤ë¤â¤Î¤Ç¤¹¡£
<filename>.rhosts</filename>, <filename>.shosts</filename>,
- <filename>.ssh/authorized_keys</filename> ¤Ê¤É
- <literal>MD5</literal> ¥Á¥§¥Ã¥¯¤ÎÈϰϳ°¤Ë¤Ê¤Ã¤Æ¤·¤Þ¤¦¤Ç¤¢¤í¤¦
- ¥Õ¥¡¥¤¥ë·²¤Ç¤¹¡£</para>
+ <filename>.ssh/authorized_keys</filename> ¤Ê¤É <literal>MD5</literal>
+ ¥Á¥§¥Ã¥¯¤ÎÈϰϳ°¤Ë¤Ê¤Ã¤Æ¤·¤Þ¤¦¤Ç¤¢¤í¤¦¥Õ¥¡¥¤¥ë·²¤Ç¤¹¡£</para>
<para>¥æ¡¼¥¶ÍѤΥǥ£¥¹¥¯ÍÆÎ̤¬Èó¾ï¤ËÂ礤¤¾ì¹ç¤Ï¡¢¥Ñ¡¼¥Æ¥£¥·¥ç¥ó
¾å¤Î³Æ¥Õ¥¡¥¤¥ë¤ò¸«¤Æ²ó¤ë¤Î¤ËÂçÊѤʻþ´Ö¤¬¤«¤«¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
@@ -824,41 +882,46 @@
<para>¥×¥í¥»¥¹¥¢¥«¥¦¥ó¥Æ¥£¥ó¥° (&man.accton.8; »²¾È) ¤Ï¡¢
¥Þ¥·¥ó¤Ø¤Î¿¯Æþ¤ò¸¡½Ð¤¹¤ë¤¿¤á¤Î¥á¥«¥Ë¥º¥à¤È¤·¤Æ¿ä¾©¤Ç¤¤ë¡¢
Èæ³ÓŪ¥ª¡¼¥Ð¥Ø¥Ã¥É¤Î¾¯¤Ê¤¤¥ª¥Ú¥ì¡¼¥Æ¥£¥ó¥°¥·¥¹¥Æ¥à¤Îµ¡Ç½¤Ç¤¹¡£
- ¿¯Æþ¤ò¼õ¤±¤¿¸å¤Ç¤âÅö³º¥Õ¥¡¥¤¥ë¤¬Ìµ½ý¤Ç¤¢¤ë¾ì¹ç¤Ë¡¢¿¯Æþ¼Ô¤¬
- ¼ÂºÝ¤Ë¤É¤Î¤è¤¦¤Ë¤·¤Æ¥·¥¹¥Æ¥à¤Ë¿¯Æþ¤·¤¿¤«¤òÄÉÀפ¹¤ë¤Î¤ËÆäËÌòΩ¤Á¤Þ¤¹¡£</para>
+ ¿¯Æþ¤ò¼õ¤±¤¿¸å¤Ç¤âÅö³º¥Õ¥¡¥¤¥ë¤¬Ìµ½ý¤Ç¤¢¤ë¾ì¹ç¤Ë¡¢
+ ¿¯Æþ¼Ô¤¬¼ÂºÝ¤Ë¤É¤Î¤è¤¦¤Ë¤·¤Æ¥·¥¹¥Æ¥à¤Ë¿¯Æþ¤·¤¿¤«¤òÄÉÀפ¹¤ë¤Î¤ËÆäËÌòΩ¤Á¤Þ¤¹¡£</para>
- <para>ºÇ¸å¤Ë¡¢¥»¥¥å¥ê¥Æ¥£¥¹¥¯¥ê¥×¥È¤Ï¥í¥°¥Õ¥¡¥¤¥ë¤ò½èÍý¤¹¤ë¤è¤¦
- ¤Ë¤·¡¢¥í¥°¥Õ¥¡¥¤¥ë¼«ÂΤâ¤Ç¤¤ë¤À¤±°ÂÁ´À¤Î¹â¤¤ÊýË¡¤ÇÀ¸À®¤¹¤ë¤è
- ¤¦¤Ë¤¹¤Ù¤¤Ç¤¹ — ¥ê¥â¡¼¥È syslog ¤Ï¶Ë¤á¤ÆͱפˤʤêÆÀ¤Þ
- ¤¹¡£¿¯Æþ¼Ô¤Ï¼«Ê¬¤Î¿¯Æþ¤Îº¯Àפòʤ¤¤±£¤½¤¦¤È¤·¤Þ¤¹¤·¡¢¤Þ¤¿¡¢¥í¥°
- ¥Õ¥¡¥¤¥ë¤Ï¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬ºÇ½é¤Î¿¯Æþ¤Î»þ¹ï¤ÈÊýË¡¤òÄÉÀפ·¤Æ¤æ¤¯
- ¤¿¤á¤Ë¶Ë¤á¤Æ½ÅÍפǤ¹¡£¥í¥°¥Õ¥¡¥¤¥ë¤ò±Êµ×¤Ë»Ä¤·¤Æ¤ª¤¯¤¿¤á¤Î 1
- ¤Ä¤ÎÊýË¡¤Ï¡¢¥·¥¹¥Æ¥à¥³¥ó¥½¡¼¥ë¤ò¥·¥ê¥¢¥ë¥Ý¡¼¥È¤Ë¤Ä¤Ê¤¤¤ÇÁö¤é¤»¡¢
+ <para>ºÇ¸å¤Ë¡¢
+ ¥»¥¥å¥ê¥Æ¥£¥¹¥¯¥ê¥×¥È¤Ï¥í¥°¥Õ¥¡¥¤¥ë¤ò½èÍý¤¹¤ë¤è¤¦¤Ë¤·¡¢
+ ¥í¥°¥Õ¥¡¥¤¥ë¼«ÂΤâ¤Ç¤¤ë¤À¤±°ÂÁ´À¤Î¹â¤¤ÊýË¡¤ÇÀ¸À®¤¹¤ë¤è¤¦¤Ë¤¹¤Ù¤¤Ç¤¹
+ — ¥ê¥â¡¼¥È syslog ¤Ï¶Ë¤á¤ÆͱפˤʤêÆÀ¤Þ¤¹¡£
+ ¿¯Æþ¼Ô¤Ï¼«Ê¬¤Î¿¯Æþ¤Îº¯Àפòʤ¤¤±£¤½¤¦¤È¤·¤Þ¤¹¤·¡¢¤Þ¤¿¡¢
+ ¥í¥°¥Õ¥¡¥¤¥ë¤Ï¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬ºÇ½é¤Î¿¯Æþ¤Î»þ¹ï¤ÈÊýË¡¤òÄÉÀפ·¤Æ¤æ¤¯¤¿¤á¤Ë¶Ë¤á¤Æ½ÅÍפǤ¹¡£
+ ¥í¥°¥Õ¥¡¥¤¥ë¤ò±Êµ×¤Ë»Ä¤·¤Æ¤ª¤¯¤¿¤á¤Î 1 ¤Ä¤ÎÊýË¡¤Ï¡¢
+ ¥·¥¹¥Æ¥à¥³¥ó¥½¡¼¥ë¤ò¥·¥ê¥¢¥ë¥Ý¡¼¥È¤Ë¤Ä¤Ê¤¤¤ÇÁö¤é¤»¡¢
¥³¥ó¥½¡¼¥ë¤ò´Æ»ë¤·¤Æ¤¤¤ë°ÂÁ´¤Ê¥Þ¥·¥ó¤Ë¾ðÊó¤ò½¸¤á¤ë¤³¤È¤Ç¤¹¡£</para>
</sect2>
<sect2>
<title>Êм¹¶¸ÅªÊýË¡</title>
- <para>¿¾¯Êм¹¶¸Åª¤Ë¤Ê¤Ã¤Æ¤â·è¤·¤Æ°¤¤¤³¤È¤Ë¤Ï¤Ê¤ê¤Þ¤»¤ó¡£¸¶Â§Åª
- ¤Ë¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢ÊØÍø¤µ¤Ë±Æ¶Á¤òÍ¿¤¨¤Ê¤¤ÈϰϤǤ¤¤¯¤Ä¤Ç¤â¥»
- ¥¥å¥ê¥Æ¥£µ¡Ç½¤òÄɲ乤뤳¤È¤¬¤Ç¤¤Þ¤¹¡£
+ <para>¿¾¯Êм¹¶¸Åª¤Ë¤Ê¤Ã¤Æ¤â·è¤·¤Æ°¤¤¤³¤È¤Ë¤Ï¤Ê¤ê¤Þ¤»¤ó¡£
+ ¸¶Â§Åª¤Ë¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢
+ ÊØÍø¤µ¤Ë±Æ¶Á¤òÍ¿¤¨¤Ê¤¤ÈϰϤǤ¤¤¯¤Ä¤Ç¤â¥»¥¥å¥ê¥Æ¥£µ¡Ç½¤òÄɲ乤뤳¤È¤¬¤Ç¤¤Þ¤¹¡£
¤Þ¤¿¡¢¤¤¤¯¤é¤«¹Íθ¤·¤¿·ë²Ì¡¢
ÊØÍø¤µ¤Ë<emphasis>±Æ¶Á¤òÍ¿¤¨¤ë</emphasis>¥»¥¥å¥ê¥Æ¥£µ¡Ç½¤òÄɲ乤뤳¤È¤â¤Ç¤¤Þ¤¹¡£
¤è¤ê½ÅÍפʤ³¤È¤Ï¡¢
¥»¥¥å¥ê¥Æ¥£´ÉÍý¼Ô¤Ï¤³¤ì¤ò¿¾¯º®¤¼¤³¤¼¤Ë¤·¤Æ»È¤¦¤Ù¤¤À¤È¤¤¤¦¤³¤È¤Ç¤¹¡£
- — ¤â¤·¤¢¤Ê¤¿¤¬¡¢ËÜʸ½ñ¤Ë½ñ¤«¤ì¤Æ¤¤¤ë´«¹ð¤ò¤½¤Î¤Þ¤Þ»ÈÍѤ·¤¿¾ì¹ç¤Ï¡¢
+ — ¤â¤·¤¢¤Ê¤¿¤¬¡¢
+ ËÜʸ½ñ¤Ë½ñ¤«¤ì¤Æ¤¤¤ë´«¹ð¤ò¤½¤Î¤Þ¤Þ»ÈÍѤ·¤¿¾ì¹ç¤Ï¡¢
ͽÁÛ¤µ¤ì¤ë¹¶·â¼Ô¤Ï¤ä¤Ï¤êËÜʸ½ñ¤òÆɤó¤Ç¤¤¤ë¤ï¤±¤Ç¤¹¤«¤é¡¢
¤¢¤Ê¤¿¤ÎËɸæºö¤ò¶µ¤¨¤Æ¤·¤Þ¤¦¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
</sect2>
<sect2>
<title>¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â</title>
- <indexterm><primary>¥µ¡¼¥Ó¥¹Ë¸³² (DoS)</primary></indexterm>
+ <indexterm>
+ <primary>¥µ¡¼¥Ó¥¹Ë¸³² (DoS)</primary>
+ </indexterm>
+
<para>¤³¤Î¥»¥¯¥·¥ç¥ó¤Ç¤Ï¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â (DoS ¹¶·â) ¤ò°·¤¤¤Þ¤¹¡£
- ¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â¤Ï¡¢ÉáÄ̤ϡ¢¥Ñ¥±¥Ã¥È¹¶·â¤Ç¤¹¡£¥Í¥Ã¥È¥ï¡¼¥¯¤òË°
- Ϥµ¤»¤ëºÇÀèü¤Îµ¶Â¤¥Ñ¥±¥Ã¥È (spoofed packet)
+ ¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â¤Ï¡¢ÉáÄ̤ϡ¢¥Ñ¥±¥Ã¥È¹¶·â¤Ç¤¹¡£
+ ¥Í¥Ã¥È¥ï¡¼¥¯¤ò˰Ϥµ¤»¤ëºÇÀèü¤Îµ¶Â¤¥Ñ¥±¥Ã¥È (spoofed packet)
¹¶·â¤ËÂФ·¤Æ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬ÂǤƤë¼ê¤Ï¤½¤ì¤Û¤É¿¤¯¤¢¤ê¤Þ¤»¤ó¤¬¡¢
°ìÈÌŪ¤Ë¡¢°Ê²¼¤Î¤è¤¦¤ÊÊýË¡¤Ë¤è¤ê¡¢
¤½¤Î¼ï¤Î¹¶·â¤Ë¤è¤Ã¤Æ¥µ¡¼¥Ð¤¬¥À¥¦¥ó¤·¤Ê¤¤¤³¤È¤ò³Î¼Â¤Ë¤¹¤ë¤³¤È¤Ç¡¢
@@ -870,8 +933,7 @@
</listitem>
<listitem>
- <para>Ƨ¤ßÂ湶·â¤ÎÀ©¸Â (ICMP ±þÅú¹¶·â¡¢ping broadcast ¤Ê¤É)¡£
- </para>
+ <para>Ƨ¤ßÂ湶·â¤ÎÀ©¸Â (ICMP ±þÅú¹¶·â¡¢ping broadcast ¤Ê¤É)¡£</para>
</listitem>
<listitem>
@@ -884,79 +946,84 @@
¿¤¯¤Î»Ò¥×¥í¥»¥¹¤òµ¯Æ°¤µ¤»¤ë¤³¤È¤Ë¤è¤ê¡¢
¥á¥â¥ê¡¢¥Õ¥¡¥¤¥ëµ½Ò»Ò¤Ê¤É¤ò»È¤¤¤Ä¤¯¤·¡¢
¥Û¥¹¥È¥·¥¹¥Æ¥à¤òºÇ½ªÅª¤ËÄä»ß¤µ¤»¤Þ¤¹¡£
+ <application>inetd</application> (&man.inetd.8; »²¾È) ¤Ë¤Ï¡¢
+ ¤³¤Î¼ï¤Î¹¶·â¤òÀ©¸Â¤¹¤ë¥ª¥×¥·¥ç¥ó¤¬¤¤¤¯¤Ä¤«¤¢¤ê¤Þ¤¹¡£
+ ¥Þ¥·¥ó¤¬¥À¥¦¥ó¤¹¤ë¤³¤È¤òËɻߤ¹¤ë¤³¤È¤Ï²Äǽ¤Ç¤¹¤¬¡¢
+ ¤³¤Î¼ï¤Î¹¶·â¤Ë¤è¤ê¥µ¡¼¥Ó¥¹¤¬ÃæÃǤ¹¤ë¤³¤È¤òËɻߤ¹¤ë¤³¤È¤Ï°ìÈÌŪ¤Ë¸À¤Ã¤Æ¤Ç¤¤Ê¤¤¤³¤È¤ËÃí°Õ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
<application>inetd</application>
- (&man.inetd.8; »²¾È) ¤Ë¤Ï¡¢¤³¤Î¼ï¤Î¹¶·â¤òÀ©¸Â¤¹¤ë¥ª¥×¥·¥ç¥ó¤¬
- ¤¤¤¯¤Ä¤«¤¢¤ê¤Þ¤¹¡£¥Þ¥·¥ó¤¬¥À¥¦¥ó¤¹¤ë¤³¤È¤òËɻߤ¹¤ë¤³¤È¤Ï²Äǽ¤Ç
- ¤¹¤¬¡¢¤³¤Î¼ï¤Î¹¶·â¤Ë¤è¤ê¥µ¡¼¥Ó¥¹¤¬ÃæÃǤ¹¤ë¤³¤È¤òËɻߤ¹¤ë¤³¤È¤Ï
- °ìÈÌŪ¤Ë¸À¤Ã¤Æ¤Ç¤¤Ê¤¤¤³¤È¤ËÃí°Õ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
- <application>inetd</application>
¤Î¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤òÃí°Õ¿¼¤¯Æɤó¤Ç²¼¤µ¤¤¡£Æäˡ¢
<option>-c</option>, <option>-C</option>, <option>-R</option>
¥ª¥×¥·¥ç¥ó¤ËÃí°Õ¤·¤Æ²¼¤µ¤¤¡£IP µ¶Â¤¹¶·â (spoofed-IP attack) ¤Ï
<application>inetd</application> ¤Î
<option>-C</option> ¥ª¥×¥·¥ç¥ó¤Î΢¤ò¤«¤±¤ë¤Î¤Ç¡¢
- °ìÈ̤˥ª¥×¥·¥ç¥ó¤òÁȤ߹ç¤ï¤»¤Æ»ÈÍѤ¹¤ë¤Ù¤¤Ç¤¢¤ë¤³¤È¤ËÃí°Õ¤·¤Æ²¼¤µ
- ¤¤¡£¥¹¥¿¥ó¥É¥¢¥í¥ó¥µ¡¼¥Ð¤ÎÃæ¤Ë¤Ï¡¢¼«Ê¬¼«¿È¤Ç fork ¤òÀ©¸Â¤¹¤ë¥Ñ
- ¥é¥á¡¼¥¿¤ò»ý¤Ã¤Æ¤¤¤ë¤â¤Î¤¬¤¢¤ê¤Þ¤¹¡£</para>
+ °ìÈ̤˥ª¥×¥·¥ç¥ó¤òÁȤ߹ç¤ï¤»¤Æ»ÈÍѤ¹¤ë¤Ù¤¤Ç¤¢¤ë¤³¤È¤ËÃí°Õ¤·¤Æ²¼¤µ¤¤¡£
+ ¥¹¥¿¥ó¥É¥¢¥í¥ó¥µ¡¼¥Ð¤ÎÃæ¤Ë¤Ï¡¢¼«Ê¬¼«¿È¤Ç fork
+ ¤òÀ©¸Â¤¹¤ë¥Ñ¥é¥á¡¼¥¿¤ò»ý¤Ã¤Æ¤¤¤ë¤â¤Î¤¬¤¢¤ê¤Þ¤¹¡£</para>
<para><application>Sendmail</application> ¤Ë¤Ï¡¢
- <option>-OMaxDaemonChildren</option> ¥ª¥×¥·¥ç¥ó¤¬¤¢¤ê¤Þ¤¹¡£¥·
- ¥¹¥Æ¥àÉé²Ù¤ÎÃÍÊѲ½¤Ë¤ÏÃ٤줬¤¢¤ë¤Î¤Ç¡¢
+ <option>-OMaxDaemonChildren</option> ¥ª¥×¥·¥ç¥ó¤¬¤¢¤ê¤Þ¤¹¡£
+ ¥·¥¹¥Æ¥àÉé²Ù¤ÎÃÍÊѲ½¤Ë¤ÏÃ٤줬¤¢¤ë¤Î¤Ç¡¢
<application>Sendmail</application>
¤ÎÉé²Ù¸Â³¦»ØÄꥪ¥×¥·¥ç¥ó¤ò»È¤¦¤è¤ê¤â¡¢
¤³¤Î¥ª¥×¥·¥ç¥ó¤ò»È¤¦Êý¤¬¤Þ¤È¤â¤ËÆ°ºî¤¹¤ë²ÄǽÀ¤Ï¤Ï¤ë¤«¤Ë¹â¤¤¤Ç¤¹¡£
<application>sendmail</application> ¤Î¼Â¹Ô¤ò³«»Ï¤¹¤ëºÝ¤Ë¡¢
- <literal>MaxDaemonChildren</literal> ¥Ñ¥é¥á¡¼¥¿¤òÀßÄꤹ¤ë¤Ù¤
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-all
mailing list