svn commit: r54718 - head/ja_JP.eucJP/books/handbook/security
Ryusuke SUZUKI
ryusuke at FreeBSD.org
Sun Nov 29 01:57:07 UTC 2020
Author: ryusuke
Date: Sun Nov 29 01:57:06 2020
New Revision: 54718
URL: https://svnweb.freebsd.org/changeset/doc/54718
Log:
- Merge the following from the English version:
r43278 -> r43744 head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified:
head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml
==============================================================================
--- head/ja_JP.eucJP/books/handbook/security/chapter.xml Sat Nov 28 06:38:37 2020 (r54717)
+++ head/ja_JP.eucJP/books/handbook/security/chapter.xml Sun Nov 29 01:57:06 2020 (r54718)
@@ -3,7 +3,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r43278
+ Original revision: r43744
$FreeBSD$
-->
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="security">
@@ -14,33 +14,33 @@
<authorgroup>
<author>
<personname>
- <firstname>Matthew</firstname>
- <surname>Dillon</surname>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
</personname>
- <contrib>ËܾϤδð¤Ë¤·¤¿ security(7) ¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤Î¼¹É®: </contrib>
+ <contrib>´ó¹Æ: </contrib>
</author>
</authorgroup>
</info>
<indexterm><primary>¥»¥¥å¥ê¥Æ¥£</primary></indexterm>
- <para><emphasis>Ìõ: &a.jp.hino;¡¢(jpman
- ¥×¥í¥¸¥§¥¯¥È¤ÎÀ®²Ì¤òÍøÍѤµ¤»¤Æ¤¤¤¿¤À¤¤Þ¤·¤¿)¡£</emphasis></para>
+<!-- <para><emphasis>Ìõ: &a.jp.hino;¡¢(jpman
+ ¥×¥í¥¸¥§¥¯¥È¤ÎÀ®²Ì¤òÍøÍѤµ¤»¤Æ¤¤¤¿¤À¤¤Þ¤·¤¿)¡£</emphasis></para> -->
<sect1 xml:id="security-synopsis">
<title>¤³¤Î¾Ï¤Ç¤Ï</title>
- <para>¤³¤Î¾Ï¤Ç¤Ï¡¢´ðËÜŪ¤Ê¥·¥¹¥Æ¥à¥»¥¥å¥ê¥Æ¥£¤Î¹Í¤¨Êý¡¢
- ³Ð¤¨¤Æ¤ª¤¯¤Ù¤°ìÈÌŪ¤Ê¥ë¡¼¥ë¤ò¾Ò²ð¤·¡¢
- &os; ¤Ë¤ª¤±¤ë¹âÅÙ¤ÊÏÃÂê¤Ë¤Ä¤¤¤Æ´Êñ¤ËÀâÌÀ¤·¤Þ¤¹¡£
- ¤³¤³¤Ç°·¤¦ÏÃÂê¤Î¿¤¯¤Ï¡¢
- °ìÈÌŪ¤Ê¥·¥¹¥Æ¥à¤ä¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥»¥¥å¥ê¥Æ¥£¤Ë¤â¤¢¤Æ¤Ï¤Þ¤ê¤Þ¤¹¡£
- ¥·¥¹¥Æ¥à¤ò°ÂÁ´¤ËÊݤĤ³¤È¤Ï¡¢¥Ç¡¼¥¿¡¢ÃÎŪºâ»º¡¢»þ´Ö¡¢¤½¤Î¾¤ò¡¢
- ¥Ï¥Ã¥«¡¼¤ä¤½¤ÎƱÎफ¤é¼é¤ë¤¿¤á¤Ë¤Ï·ç¤«¤»¤Þ¤»¤ó¡£</para>
+ <para>ʪÍýŪ¤â¤·¤¯¤Ï²¾ÁÛŪ¤Ë´Ø¤ï¤é¤º¡¢
+ ¥»¥¥å¥ê¥Æ¥£¤ÏÉý¹¤¤¥È¥Ô¥Ã¥¯¤Ç¤¢¤ê¡¢
+ ¶È³¦Á´ÂΤ¬¥»¥¥å¥ê¥Æ¥£¤È¤È¤â¤ËÀ®Ä¹¤·¤Æ¤¤¤Þ¤¹¡£
+ ¥·¥¹¥Æ¥à¤ª¤è¤Ó¥Í¥Ã¥È¥ï¡¼¥¯¤ò°ÂÁ´¤Ë¤¹¤ëɸ½àŪ¤ÊÊýË¡¤Ï¿ô¿¤¯Ê¸½ñ²½¤µ¤ì¤Æ¤ª¤ê¡¢
+ &os; ¤Î¥æ¡¼¥¶¤â¡¢
+ ¹¶·â¤ä¿¯Æþ¼Ô¤«¤é¼é¤ëÊýË¡¤òÍý²ò¤·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£</para>
- <para>&os; ¤Ï¡¢
- ¥·¥¹¥Æ¥à¤È¥Í¥Ã¥È¥ï¡¼¥¯¤ÎÀ°¹çÀ¤ª¤è¤Ó°ÂÁ´À¤òÊݸ¤ë»ÅÁȤߤȰìÏ¢¤Î¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤òÄ󶡤·¤Æ¤¤¤Þ¤¹¡£</para>
+ <para>¤³¤Î¾Ï¤Ç¤Ï¡¢¥»¥¥å¥ê¥Æ¥£¤Î´ðÁä䵻½Ñ¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£
+ &os; ¥·¥¹¥Æ¥à¤Ï¡¢Ê£¿ô¤Î¥ì¥¤¥ä¤Ë´ØÏ¢¤¹¤ë¥»¥¥å¥ê¥Æ¥£¤òÄ󶡤·¤Þ¤¹¡£
+ ¤½¤·¤Æ¡¢°ÂÁ´À¤ò¹â¤á¤ë¤¿¤á¤Ë¥µ¡¼¥É¥Ñ¡¼¥Æ¥£À½¤Î¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤òÍøÍѤ¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£</para>
<para>¤³¤Î¾Ï¤òÆɤà¤È¡¢°Ê²¼¤Î¤³¤È¤¬¤ï¤«¤ê¤Þ¤¹¡£</para>
@@ -123,391 +123,381 @@
<sect1 xml:id="security-intro">
<title>¤Ï¤¸¤á¤Ë</title>
- <para>¥»¥¥å¥ê¥Æ¥£¤È¤Ï¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤ò¤¤¤Ä¤âǺ¤Þ¤»¤ë»Å»ö¤Î°ì¤Ä¤Ç¤¹¡£
- &os; ¤Ï¡¢¸ÇͤΥ»¥¥å¥ê¥Æ¥£µ¡¹½¤òÈ÷¤¨¤Æ¤¤¤Þ¤¹¤¬¡¢
- ÄɲäΥ»¥¥å¥ê¥Æ¥£µ¡¹½¤òÀßÄꤷÊݼ餹¤ë»Å»ö¤Ï¤ª¤½¤é¤¯¡¢
- ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤È¤·¤Æ¤â¤Ã¤È¤âÂ礤ÊÀÕ̳¤Î°ì¤Ä¤Ç¤·¤ç¤¦¡£</para>
+ <para>¥»¥¥å¥ê¥Æ¥£¤ò¹â¤á¤ë¤³¤È¤Ï¤¹¤Ù¤Æ¤Î¿Í¤ÎÀÕǤ¤Ç¤¹¡£
+ ¥·¥¹¥Æ¥à¤Ë¼å¤¤¿¯Æþ¥Ý¥¤¥ó¥È¤¬Â¸ºß¤¹¤ë¤È¡¢¿¯Æþ¼Ô¤Ï½ÅÍפʾðÊó¤òÆÀ¤¿¤ê¡¢
+ ¥Í¥Ã¥È¥ï¡¼¥¯Á´ÂΤËÈï³²¤òµÚ¤Ü¤¹¤³¤È¤¬¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
+ ¿¤¯¤Î¥»¥¥å¥ê¥Æ¥£¤Î¥È¥ì¡¼¥Ë¥ó¥°¤Ç¤Ï¡¢
+ ¾ðÊó¥·¥¹¥Æ¥à¤Îµ¡Ì©À (confidentiality)¡¢
+ ´°Á´À (integrity) ¤ª¤è¤Ó²ÄÍÑÀ (availability)
+ ¤ò°ÕÌ£¤¹¤ë¥»¥¥å¥ê¥Æ¥£¤Î 3 Í×ÁǤǤ¢¤ë
+ <acronym>CIA</acronym> ¤¬¼è¤ê°·¤ï¤ì¤Þ¤¹¡£</para>
- <para>¤Þ¤¿¡¢¥·¥¹¥Æ¥à¥»¥¥å¥ê¥Æ¥£¤Ë¤Ï¡¢
- ¤µ¤Þ¤¶¤Þ¤Ê·Á¤Ç¤Î¹¶·â¤ËÂн褹¤ë¤³¤È¤È¤â´Ø·¸¤·¤Æ¤¤¤Þ¤¹¡£
- ¹¶·â¤ÎÃæ¤Ë¤Ï <systemitem class="username">root</systemitem>
- ¸¢¸Â¤òÃ¥¤ª¤¦¤È¤Ï¤·¤Ê¤¤¤±¤ì¤É¤â¡¢
- ¥¯¥é¥Ã¥·¥å¤ä¥·¥¹¥Æ¥à¤ÎÉÔ°ÂÄê¾õÂÖ¤ò°ú¤µ¯¤³¤½¤¦¤È¤¹¤ë¤â¤Î¤â¤¢¤ê¤Þ¤¹¡£
- ¤³¤Î¥»¥¥å¥ê¥Æ¥£ÌäÂê¤Ï¡¢¤¤¤¯¤Ä¤«¤ËʬÎह¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£</para>
+ <para><acronym>CIA</acronym> ¤Î 3 Í×ÁǤϡ¢
+ ¥³¥ó¥Ô¥å¡¼¥¿¥»¥¥å¥ê¥Æ¥£¤Î´ðËܤȤʤë¹Í¤¨¤Ç¤¹¡£
+ ¸ÜµÒ¤ä¥¨¥ó¥É¥æ¡¼¥¶¤Ï¡¢¥Ç¡¼¥¿¤Î¥×¥é¥¤¥Ð¥·¡¼¤ò´üÂÔ¤·¤Þ¤¹¡£
+ Èà¤é¤Ï¡¢¥Ç¡¼¥¿¤¬Êѹ¹¤µ¤ì¤Ê¤¤¤³¤È¤ä¡¢
+ ¾ðÊ󤬱£¤µ¤ì¤Æ¤¤¤ë¤³¤È¤ò´üÂÔ¤·¤Þ¤¹¡£
+ Èà¤é¤Ï¤Þ¤¿¡¢¤¤¤Ä¤Ç¤â¾ðÊó¤Ë¥¢¥¯¥»¥¹¤Ç¤¤ë¤³¤È¤ò´üÂÔ¤·¤Þ¤¹¡£
+ ¤³¤ì¤é¤Ï¡¢¥·¥¹¥Æ¥à¤Îµ¡Ì©À¡¢´°Á´À¡¢²ÄÍÑÀ¤ò¹½À®¤·¤Þ¤¹¡£</para>
- <orderedlist>
- <listitem>
- <para>¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â (denial of service attack)</para>
- </listitem>
+ <para>¥»¥¥å¥ê¥Æ¥£¤Î¥×¥í¥Õ¥§¥Ã¥·¥ç¥Ê¥ë¤Ï¡¢<acronym>CIA</acronym>
+ ¤ò¼é¤ë¤¿¤á¤Ë¡¢Â¿ÁØËɱҤÎÀïά¤òºÎÍѤ·¤Þ¤¹¡£
+ ¤³¤Î¿ÁØËɱÒÀïά¤Ç¤Ï¥»¥¥å¥ê¥Æ¥£¤Î¥ì¥¤¥¢¤òÊ£¿ôÍÑ°Õ¤¹¤ë¤³¤È¤Ç¡¢
+ °ì¤Ä¤Î¥ì¥¤¥ä¤¬Çˤé¤ì¤Æ¤â¡¢
+ ¥»¥¥å¥ê¥Æ¥£¥·¥¹¥Æ¥àÁ´ÂΤ¬Çˤé¤ì¤ë¤³¤È¤òËɤ®¤Þ¤¹¡£
+ ¥·¥¹¥Æ¥à¤Î´ÉÍý¼Ô¤Ï¡¢¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤òñ¤Ë͸ú¤Ë¤¹¤ë¤À¤±¤Ç¤Ï¤Ê¤¯¡¢
+ ¥Í¥Ã¥È¥ï¡¼¥¯¤â¤·¤¯¤Ï¥·¥¹¥Æ¥à¤ò°ÂÁ´¤ËÊݤÄɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ¥¢¥«¥¦¥ó¥È¤ò´Æºº¤·¡¢¥Ð¥¤¥Ê¥ê¤Î´°Á´À¡¢
+ °°Õ¤Î¤¢¤ë¥Ä¡¼¥ë¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤Ê¤¤¤³¤È¤ò³Îǧ¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ¤³¤Î¤¿¤á¤Ë¡¢
+ ´ÉÍý¼Ô¤Ï¶¼°Ò¤¬¤É¤Î¤è¤¦¤Ê¤â¤Î¤«¤òÍý²ò¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
- <listitem>
- <para>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ÎÉÔÀµÍøÍÑ (user account compromise)</para>
- </listitem>
+ <sect2 xml:id="security-threats">
+ <title>¶¼°Ò</title>
- <listitem>
- <para>¥¢¥¯¥»¥¹²Äǽ¤Ê¥µ¡¼¥Ó¥¹¤ò»È¤Ã¤¿ root ¸¢¸Â¤ÎÉÔÀµÍøÍÑ</para>
- </listitem>
+ <para>¥³¥ó¥Ô¥å¡¼¥¿¥»¥¥å¥ê¥Æ¥£¤ª¤±¤ë¶¼°Ò¤È¤Ï²¿¤Ç¤·¤ç¤¦¤«¡©
+ Ĺǯ¡¢¶¼°Ò¤Ï¥ê¥â¡¼¥È¤Î¹¶·â¼Ô¡¢
+ ¤¹¤Ê¤ï¤Á±ó³Ö¤«¤é¤Îµö²Ä¤Î¤Ê¤¤¥·¥¹¥Æ¥à¤Ø¤Î¥¢¥¯¥»¥¹¤ò´ë¤Æ¤ë¿Í¡¹¤È¹Í¤¨¤é¤ì¤Æ¤¤¤Þ¤·¤¿¡£
+ º£Æü¤Ç¤Ï¡¢¤³¤ÎÄêµÁ¤Ï½¾¶È°÷¡¢°°Õ¤Î¤¢¤ë¥½¥Õ¥È¥¦¥§¥¢¡¢
+ ÉÔÀµ¤Ê¥Í¥Ã¥È¥ï¡¼¥¯¥Ç¥Ð¥¤¥¹¡¢¼«Á³ºÒ³²¡¢¥»¥¥å¥ê¥Æ¥£¤ÎÀȼåÀ¡¢
+ ¤½¤·¤Æ¶¥¹ç¤¹¤ë²ñ¼Ò¤Ç¤µ¤¨¤â´Þ¤á¤ë¤è¤¦¤Ë³ÈÄ¥¤µ¤ì¤Æ¤¤¤Þ¤¹¡£</para>
- <listitem>
- <para>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ò·Ðͳ¤·¤¿ root ¸¢¸Â¤ÎÉÔÀµ»ÈÍÑ</para>
- </listitem>
+ <para>ËèÆü¡¢¿ôÀé¤â¤Î¥·¥¹¥Æ¥à¤ª¤è¤Ó¥Í¥Ã¥È¥ï¡¼¥¯¤¬¹¶·â¤µ¤ì¡¢
+ ¿ôÉ´¤â¤Î¥·¥¹¥Æ¥à¤¬µö²Ä¤Ê¤¯¥¢¥¯¥»¥¹¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
+ ´Êñ¤Ê¥¢¥¯¥·¥Ç¥ó¥È¤È¤¤¤Ã¤¿¤â¤Î¤«¤é¡¢¥ê¥â¡¼¥È¤«¤é¤Î¹¶·â¡¢
+ »º¶È¥¹¥Ñ¥¤¤Ç¤¢¤Ã¤¿¤ê¡¢°ÊÁ°Æ¯¤¤¤Æ¤¤¤¿½¾¶È°÷¤«¤é¤Î¹¶·â¤È¤¤¤Ã¤¿¥±¡¼¥¹¤â¤¢¤ê¤Þ¤¹¡£
+ ¥·¥¹¥Æ¥à¤Î¥æ¡¼¥¶¤È¤·¤Æ¤Ï¡¢
+ ´Ö°ã¤¤¤¬¥»¥¥å¥ê¥Æ¥£°ãÈ¿¤Ë·Ò¤¬¤Ã¤¿¾ì¹ç¤Ë¤Ï¡¢
+ ²ÄǽÀ¤Î¤¢¤ëÌäÂê¤ò¥»¥¥å¥ê¥Æ¥£¥Á¡¼¥à¤ËÊó¹ð¤¹¤ë¤³¤È¤¬½ÅÍפǤ¹¡£
+ ´ÉÍý¼Ô¤È¤·¤Æ¤Ï¡¢¶¼°Ò¤òÇÄ°®¤·¡¢
+ ¤½¤Î¶¼°Ò¤Î±Æ¶Á¤ò¾®¤µ¤¯¤¹¤ë¤è¤¦¤Ë½àÈ÷¤ò¤·¤Æ¤ª¤¯¤³¤È¤¬½ÅÍפǤ¹¡£</para>
+ </sect2>
- <listitem>
- <para>¥Ð¥Ã¥¯¥É¥¢¤ÎÀßÃÖ</para>
- </listitem>
- </orderedlist>
+ <sect2 xml:id="security-groundup">
+ <title>¥Ü¥È¥à¥¢¥Ã¥×¥¢¥×¥í¡¼¥Á</title>
- <indexterm>
- <primary>DoS ¹¶·â</primary>
- <see>¥µ¡¼¥Ó¥¹Ë¸³² (DoS)</see>
- </indexterm>
+ <para>¥»¥¥å¥ê¥Æ¥£¤ò¹Í¤¨¤ë¾å¤Ç¡¢
+ ¤·¤Ð¤·¤Ð¥Ü¥È¥à¥¢¥Ã¥×¥¢¥×¥í¡¼¥Á¤¬°ìÈÖÎɤ¤ÊýË¡¤È¤Ê¤ê¤Þ¤¹¡£
+ ¤³¤Î¹Í¤¨¤Ç¤Ï¡¢´ÉÍý¼Ô¤¬´ðËÜŪ¤Ê¥¢¥«¥¦¥ó¥È¡¢¥·¥¹¥Æ¥àÀßÄê¤ò¹Ô¤Ã¤Æ¤«¤é¡¢
+ ¥µ¡¼¥É¥Ñ¡¼¥Æ¥£À½¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤ÎÀßÄê¡¢
+ ¤½¤·¤Æ¥Í¥Ã¥È¥ï¡¼¥¯¥ì¥¤¥ä¤ËÀßÄê¤ò¹¤²¤Æ¤¤¤¤Þ¤¹¡£
+ ¥·¥¹¥Æ¥à¥Ý¥ê¥·¡¼¤ª¤è¤Ó¼ê³¤¤ò¹Ô¤¦¾å¤Ç¤Ï¡¢
+ ¤³¤Î¤è¤¦¤ÊÀßÄê¤Î¦Ì̤¬¤¢¤ê¤Þ¤¹¡£</para>
- <indexterm>
- <primary>¥»¥¥å¥ê¥Æ¥£</primary>
- <secondary>DoS ¹¶·â</secondary>
- <see>¥µ¡¼¥Ó¥¹Ë¸³² (DoS)</see>
- </indexterm>
+ <para>¥Ó¥¸¥Í¥¹¤Î¿¤¯¤Î´Ä¶¤Ç¤Ï¡¢
+ »ÈÍѤ¹¤ë¥Ç¥Ð¥¤¥¹¤ÎÀßÄê¤ËÂФ¹¤ë¥»¥¥å¥ê¥Æ¥£¥Ý¥ê¥·¤¬¤¹¤Ç¤ËºöÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£
+ ¤³¤Î¥Ý¥ê¥·¤Ë¤Ï¡¢ºÇÄã¸Â¥¨¥ó¥É¥æ¡¼¥¶¤Î¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¡¢
+ ¥Ç¥¹¥¯¥È¥Ã¥×¡¢·ÈÂÓÅÅÏää¥é¥Ã¥×¥È¥Ã¥×¤È¤¤¤Ã¤¿¥â¥Ð¥¤¥ë¥Ç¥Ð¥¤¥¹¡¢¤ª¤è¤Ó
+ À½Éʤª¤è¤Ó³«È¯¥µ¡¼¥Ð¤ÎξÊý¤ËÂФ¹¤ë¥»¥¥å¥ê¥Æ¥£¤ÎÀßÄ꤬´Þ¤Þ¤ì¤Æ¤¤¤ë¤Ù¤¤Ç¤¹¡£
+ ¿¤¯¤Î¾ì¹ç¤Ë¤Ï¡¢¥³¥ó¥Ô¥å¡¼¥¿¤Î¥»¥¥å¥ê¥Æ¥£¤ò¹Í¤¨¤ëºÝ¤Ë¡¢
+ ɸ½àºî¶È¼ê³½ñ (<acronym>SOP</acronym>)
+ ¤¬¤¹¤Ç¤Ë¸ºß¤·¤Þ¤¹¡£
+ ¤ï¤«¤é¤Ê¤±¤ì¤Ð¡¢¥»¥¥å¥ê¥Æ¥£¥Á¡¼¥à¤Ë¿Ò¤Í¤Æ¤¯¤À¤µ¤¤¡£</para>
+ </sect2>
- <indexterm><primary>¥µ¡¼¥Ó¥¹Ë¸³² (DoS)</primary></indexterm>
+ <sect2 xml:id="security-accounts">
+ <title>¥·¥¹¥Æ¥à¤ª¤è¤Ó¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È</title>
- <para>¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â (<acronym>DoS</acronym> ¹¶·â) ¤È¤Ï¡¢
- ¥Þ¥·¥ó¤«¤éɬÍפʻñ¸»¤òÃ¥¤¦¹Ô°Ù¤Ç¤¹¡£
- Ä̾¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â¤Ï¤½¤Î¥Þ¥·¥ó¤Ç¼Â¹Ô¤µ¤ì¤ë¥µ¡¼¥Ð¤ä¥Í¥Ã¥È¥ï¡¼¥¯¥¹¥¿¥Ã¥¯¤ò²áÉé²Ù¾õÂ֤ˤ·¤Æ¡¢
- ¥Þ¥·¥ó¤ò¥¯¥é¥Ã¥·¥å¤µ¤»¤¿¤ê¡¢
- ¥Þ¥·¥ó¤ò»È¤¨¤Ê¤¯¤·¤¿¤ê¤¹¤ë¤è¤¦¤ÊÎÏǤ¤»¤ÎÊýË¡¤Ç¤¹¡£
- ¥µ¡¼¥Ð¥×¥í¥»¥¹¤ËÂФ¹¤ë¹¶·â¤Ï¡¢¥ª¥×¥·¥ç¥ó¤òŬÀڤ˻ØÄꤹ¤ë¤³¤È¤Ë¤è¤Ã¤Æ¡¢
- ¹¶·â¤µ¤ì¤Æ¤¤¤ë¾õ¶·¤Ç¥µ¡¼¥Ð¥×¥í¥»¥¹¤ÎÉé²Ù¾å¾º¤Ë¸Â³¦¤òÀßÄꤹ¤ë¤³¤È¤ÇÂбþ¤Ç¤¤ë¾ì¹ç¤¬Â¿¤¤¤Ç¤¹¡£¤³¤ì¤é¤ËÈæ¤Ù¤ë¤È¡¢
- ¥Í¥Ã¥È¥ï¡¼¥¯¤Ø¤ÎÎÏǤ¤»¤Î¹¶·â¤Ø¤ÎÂбþ¤Ï¤º¤Ã¤ÈÆñ¤·¤¯¤Ê¤ê¤Þ¤¹¡£
- ¤³¤Î¹¶·â¤Ë¤è¤Ã¤Æ¡¢¥Þ¥·¥ó¤òÍî¤È¤·¤Æ¤·¤Þ¤¦¤³¤È¤Ï¤Ç¤¤Ê¤¤¤«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢
- Àܳ¤·¤Æ¤¤¤ë¥¤¥ó¥¿¡¼¥Í¥Ã¥È²óÀþ¤ò˰Ϥµ¤»¤Æ¤·¤Þ¤¦¤³¤È¤Ï¤Ç¤¤Þ¤¹¡£</para>
+ <para>¥·¥¹¥Æ¥à¤ò°ÂÁ´¤Ë¤¹¤ë¤Ë¤¢¤¿¤ê¡¢ºÇ¤âŬÀڤʽÐȯÅÀ¤Ï¡¢
+ ¥¢¥«¥¦¥ó¥È¤Î´Æºº¤Ç¤¹¡£
+ ¥ë¡¼¥È¥¢¥«¥¦¥ó¥È¤Î¥Ñ¥¹¥ï¡¼¥É¤¬¶¯ÎϤǤ¢¤ë¤³¤È¡¢
+ ¥·¥§¥ë¥¢¥¯¥»¥¹¤òɬÍפȤ·¤Ê¤¤¥¢¥«¥¦¥ó¥È¤Ï̵¸ú¤Ë¤¹¤ë¤³¤È¤ò³Î¼Â¤Ë¤ª¤³¤Ê¤Ã¤Æ¤¯¤À¤µ¤¤¡£
+ ¤Þ¤¿¡¢¸¢¸Â¤òɬÍפȤ¹¤ë¥æ¡¼¥¶¤ËÂФ·¤Æ¤Ï¡¢
+ <package>security/sudo</package> ¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¡¢
+ ¥¢¥¯¥»¥¹¤¬É¬ÍפȤʤ륢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¤ß¤Ë¥¢¥¯¥»¥¹¤òµö²Ä¤¹¤ë¤è¤¦¤Ë¤·¤Æ¤¯¤À¤µ¤¤¡£
+ root ¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢·è¤·¤Æ¶¦Í¤¹¤Ù¤¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£</para>
- <indexterm>
- <primary>¥»¥¥å¥ê¥Æ¥£</primary>
- <secondary>¥¢¥«¥¦¥ó¥ÈÉÔÀµÍøÍÑ</secondary>
- </indexterm>
+ <para>¥¢¥«¥¦¥ó¥È¤Ø¤Î¥¢¥¯¥»¥¹¤ò̵¸ú¤Ë¤¹¤ëÊýË¡¤ÏÆóÄ̤ꤢ¤ê¤Þ¤¹¡£
+ °ì¤ÄÌܤÎÊýË¡¤Ï¡¢¥¢¥«¥¦¥ó¥È¤ò¥í¥Ã¥¯¤¹¤ëÊýË¡¤Ç¤¹¡£Îã¤È¤·¤Æ¡¢
+ toor ¥¢¥«¥¦¥ó¥È¤ò¥í¥Ã¥¯¤¹¤ëÊýË¡¤ò°Ê²¼¤Ë¼¨¤·¤Þ¤¹¡£</para>
- <para>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ÎÉÔÀµÍøÍѤϡ¢
- <acronym>DoS</acronym> ¹¶·â¤è¤ê¤â¤º¤Ã¤È¤è¤¯¤¢¤ëÌäÂê¤Ç¤¹¡£
- ¤³¤Î¤´»þÀª¤Ç¤â¡¢
- °Å¹æ²½¤µ¤ì¤Æ¤¤¤Ê¤¤¥µ¡¼¥Ó¥¹¤ò¼Â¹Ô¤µ¤»¤Æ¤¤¤ë¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¿¤¯¡¢
- ¤½¤Î¤¿¤á¡¢¥ê¥â¡¼¥È¤«¤é¥í¥°¥¤¥ó¤·¤Æ¤¤¤ë¥æ¡¼¥¶¤Ï¡¢
- ¥Ñ¥¹¥ï¡¼¥É¤òÇÁ¤¸«¤é¤ì¤Æ¤·¤Þ¤¦´í¸±À¤¬¤¢¤ê¤Þ¤¹¡£
- ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬Ãí°Õ¿¼¤¤¿Í¤Ê¤é¤Ð¡¢
- ¥ê¥â¡¼¥È¥¢¥¯¥»¥¹¥í¥°¤ò²òÀϤ·¤Æ¡¢
- µ¿¤ï¤·¤¤Á÷¿®¸µ¥¢¥É¥ì¥¹¤äµ¿¤ï¤·¤¤¥í¥°¥¤¥ó¤òõ¤¹¤â¤Î¤Ç¤¹¡£</para>
+ <screen>&prompt.root; <userinput>pw lock toor</userinput></screen>
- <para>¥»¥¥å¥ê¥Æ¥£¤ò½½Ê¬°Ý»ý¤·¡¢
- ¼êÆþ¤ì¤Î¹Ô¤ÆϤ¤¤¿¥·¥¹¥Æ¥à¤Ë¤ª¤¤¤Æ¤Ï¡¢
- ¤¢¤ë¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Ø¤Î¥¢¥¯¥»¥¹¤¬²Äǽ¤È¤Ê¤Ã¤Æ¤â¡¢
- ɬ¤º¤·¤â¹¶·â¼Ô¤Ë <systemitem class="username">root</systemitem>
- ¤Ø¤Î¥¢¥¯¥»¥¹¸¢¤òÍ¿¤¨¤ë¤È¤Ï¸Â¤ê¤Þ¤»¤ó¡£
- <systemitem class="username">root</systemitem>
- ¤Ø¤Î¥¢¥¯¥»¥¹¸¢¤¬¤Ê¤±¤ì¤Ð¡¢
- ¹¶·â¼Ô¤Ï¼«Ê¬¤Î¿¯Æþ¤Îº¯Àפò±£Ê乤뤳¤È¤¬¤Ç¤¤Þ¤»¤ó¤·¡¢
- ¤½¤Î¥æ¡¼¥¶¤Î¥Õ¥¡¥¤¥ë¤ò°ú¤Ã¤«¤²ó¤·¤¿¤ê¡¢
- ¥Þ¥·¥ó¤ò¥¯¥é¥Ã¥·¥å¤µ¤»¤¿¤ê¤¹¤ë¤Î¤¬¤»¤¤¤¼¤¤¤Ç¤¹¡£
- ¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ÎÉÔÀµÍøÍѤϤ᤺¤é¤·¤¤¤³¤È¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
- ¤Ê¤¼¤Ê¤é°ìÈ̥桼¥¶¤Ï¡¢
- ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Û¤ÉÃí°Õ¤òʧ¤ï¤Ê¤¤·¹¸þ¤¬¤¢¤ë¤«¤é¤Ç¤¹¡£</para>
+ <para>¤³¤Î¥³¥Þ¥ó¥É¤Ï¡¢¥¢¥«¥¦¥ó¥È¤ÎÀßÄê¤ò
+ <quote>toor:*:0:0::0:0:Bourne-again Superuser:/root:</quote>
+ ¤«¤é <quote>toor:*LOCKED**:0:0::0:0:Bourne-again
+ Superuser:/root:</quote> ¤Ø¤ÈÊѹ¹¤·¤Þ¤¹¡£</para>
- <indexterm>
- <primary>¥»¥¥å¥ê¥Æ¥£</primary>
- <secondary>΢¸ý (¥Ð¥Ã¥¯¥É¥¢)</secondary>
- </indexterm>
+ <para>¤È¤¤Ë¤Ï (¤ª¤½¤é¤¯ÄɲäΥµ¡¼¥Ó¥¹¤Î¤¿¤á¤Ë)¡¢
+ ¤³¤ÎÊýË¡¤¬»È¤¨¤Ê¤¤¾ì¹ç¤¬¤¢¤ê¤Þ¤¹¡£
+ ¤½¤Î¤è¤¦¤Ê¾ì¹ç¤Ë¤Ï¡¢°Ê²¼¤ÎÎã¤Î¤è¤¦¤Ë¡¢
+ ¥·¥§¥ë¤ò /sbin/nologin ¤ËÊѹ¹¤¹¤ë¤³¤È¤Ç¡¢
+ ¥í¥°¥¤¥ó¥¢¥¯¥»¥¹¤òµñÈݤǤ¤Þ¤¹¡£</para>
- <para><systemitem class="username">root</systemitem>
- ¸¢¸Â¤òÃ¥¼è¤¹¤ëÊýË¡¤Ï¡¢ÀøºßŪ¤Ë²¿Ä̤ê¤â¤¢¤ê¤Þ¤¹¡£
- ¹¶·â¼Ô¤Ï <systemitem class="username">root</systemitem>
- ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÃΤäƤ¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¤·¡¢
- ¹¶·â¼Ô¤¬ <systemitem class="username">root</systemitem>
- ¸¢¸Â¤Ç¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¥µ¡¼¥Ó¥¹¤Î¥Ð¥°¤ÎÀȼåÀ¤òÍøÍѤǤ¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
- ¤Þ¤¿¡¢¹¶·â¼Ô¤Ï SUID-root
- ¥×¥í¥°¥é¥à¤Ë¸ºß¤¹¤ë¥Ð¥°¤òÃΤäƤ¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
- ¹¶·â¼Ô¤Ï¡¢
- ¥Ð¥Ã¥¯¥É¥¢¤È¤·¤ÆÃΤé¤ì¤Æ¤¤¤ë¥×¥í¥°¥é¥à¤ò»È¤Ã¤ÆÀȼåÀ¤Ê¥·¥¹¥Æ¥à¤òõ¤·¤¿¤ê¡¢
- ½¤Àµ¤µ¤ì¤Æ¤¤¤Ê¤¤ÀȼåÀ¤òÍøÍѤ·¤Æ¥¢¥¯¥»¥¹¤·¤¿¤ê¡¢
- ¹¶·â¼Ô¤Ë¤è¤ë°ãË¡¹Ô°Ù¤Îº¯Àפò¾Ã¤½¤¦¤È¤·¤¿¤ê¤¹¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£</para>
+ <screen>&prompt.root; <userinput>chsh -s /usr/sbin/nologin toor</userinput></screen>
- <para>¥»¥¥å¥ê¥Æ¥£¤ò²þÁ±¤¹¤ëÊýË¡¤Ï¡¢¾ï¤Ë¡¢
- ¥¿¥Þ¥Í¥®¤ÎÈé¤Î¤è¤¦¤Ë³¬Áز½¤¹¤ë¼êË¡
- (a multi-layered <quote>onion peel</quote> approach)
- ¤Ç¼ÂÁõ¤µ¤ì¤ë¤Ù¤¤Ç¤¹¡£¤³¤ì¤é¤Ï¼¡¤Î¤è¤¦¤ËʬÎà¤Ç¤¤Þ¤¹¡£</para>
+ <note>
+ <para>¾¤Î¥æ¡¼¥¶¤Î¥·¥§¥ë¤Ï¡¢¥¹¡¼¥Ñ¡¼¥æ¡¼¥¶¤Î¤ß¤¬Êѹ¹¤Ç¤¤Þ¤¹¡£
+ Ä̾ï¤Î¥æ¡¼¥¶¤¬¹Ô¤ª¤¦¤È¤¹¤ë¤È¼ºÇÔ¤·¤Þ¤¹¡£</para>
+ </note>
- <orderedlist>
- <listitem>
- <para><systemitem class="username">root</systemitem>
- ¤È¥¹¥¿¥Ã¥Õ¤Î¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À¤ò¹â¤á¤ë¡£</para>
- </listitem>
+ <para>¥¢¥«¥¦¥ó¥È¾ðÊó¤Ï¡¢°Ê²¼¤Î¤è¤¦¤ËºÇ¸å¤Î¥¨¥ó¥È¥ê¤¬
+ <quote>nologin</quote> ¥·¥§¥ë¤È¤Ê¤ê¤Þ¤¹¡£</para>
- <listitem>
- <para><systemitem class="username">root</systemitem>
- ¤Î°ÂÁ´À¤ò¹â¤á¤ë – <systemitem
- class="username">root</systemitem> ¸¢¸Â¤ÇÆ°ºî¤¹¤ë¥µ¡¼¥Ð¤È
- SUID/SGID ¥Ð¥¤¥Ê¥ê¡£</para>
- </listitem>
+ <programlisting>toor:*:0:0::0:0:Bourne-again Superuser:/root:/usr/sbin/nologin</programlisting>
- <listitem>
- <para>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À¤ò¹â¤á¤ë¡£</para>
- </listitem>
+ <para><filename>/usr/sbin/nologin</filename> ¥·¥§¥ë¤Ï¡¢
+ &man.login.1;
+ ¥³¥Þ¥ó¥É¤¬¤³¤Î¥æ¡¼¥¶¤Ë¥·¥§¥ë¤ò³ä¤êÅö¤Æ¤ë¤³¤È¤ò¥Ö¥í¥Ã¥¯¤·¤Þ¤¹¡£</para>
+ </sect2>
- <listitem>
- <para>¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤Î°ÂÁ´À¤ò¹â¤á¤ë¡£</para>
- </listitem>
+ <sect2 xml:id="security-sudo">
+ <title>¥¢¥«¥¦¥ó¥È¤Î¸¢¸Â¤ò³ÈÂ礹¤ë</title>
- <listitem>
- <para>¥«¡¼¥Í¥ë¤Î¥³¥¢¡¢raw ¥Ç¥Ð¥¤¥¹¡¢
- ¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤Î°ÂÁ´À¤ò¹â¤á¤ë¡£</para>
- </listitem>
+ <para>¾ì¹ç¤Ë¤è¤Ã¤Æ¤Ï¡¢
+ ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ø¤Î¥¢¥¯¥»¥¹¤ò¾¤Î¥æ¡¼¥¶¤È¶¦Í¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ &os; ¤Ï¤³¤Î¤¿¤á¤ËÆó¤Ä¤ÎÊýË¡¤òÍÑ°Õ¤·¤Æ¤¤¤Þ¤¹¡£
+ Âè°ì¤ÎÊýË¡¤Ï¿ä¾©¤µ¤ì¤Þ¤»¤ó¤¬¡¢
+ ¥ë¡¼¥È¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¶¦Í¤·¡¢¥æ¡¼¥¶¤ò
+ <systemitem class="groupname">wheel</systemitem>
+ ¥°¥ë¡¼¥×¤Ë²Ã¤¨¤ëÊýË¡¤Ç¤¹¡£
+ ¤³¤ì¤ò¹Ô¤¦¤Ë¤Ë¤Ï¡¢<filename>/etc/group</filename> ¤òÊÔ½¸¤·¡¢
+ ºÇ½é¤Î¥°¥ë¡¼¥×¤ÎºÇ¸å¤Ë¥æ¡¼¥¶¤òÄɲ䷤Ƥ¯¤À¤µ¤¤¡£
+ ¥æ¡¼¥¶¤Ï¥«¥ó¥Þ¶èÀÚ¤ê¤Ç´ÉÍý¤µ¤ì¤Æ¤¤¤Þ¤¹¡£</para>
- <listitem>
- <para>¥·¥¹¥Æ¥à¤ËÂФ·¤Æ¹Ô¤Ê¤ï¤ì¤¿¡¢
- ÉÔŬÀÚ¤ÊÊѹ¹¤ò¤¹¤Ð¤ä¤¯¸¡½Ð¤¹¤ë¡£</para>
- </listitem>
+ <para>¸¢¸Â¤Î³ÈÂç¤ò¤¹¤ëŬÀÚ¤ÊÊýË¡¤Ï¡¢
+ <package>security/sudo</package> port ¤ò»È¤¦ÊýË¡¤Ç¤¹¡£
+ ¤³¤Î port ¤Ï¡¢Äɲäδƺº¡¢¤è¤ê¤¤áºÙ¤«¤¤¥æ¡¼¥¶´ÉÍý¡¢¤ª¤è¤Ó
+ ¥æ¡¼¥¶¤ò &man.service.8;
+ ¤Î¤è¤¦¤Ê¸¢¸Â¤¬Í¿¤¨¤é¤ì¤¿¥³¥Þ¥ó¤Î¤ß¤Î¼Â¹Ô¤ËÀ©¸Â¤¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£</para>
- <listitem>
- <para>ɬÍפȻפï¤ì¤ë°Ê¾å¤ÎÂбþ¤ò¤È¤ë (paranoia)¡£</para>
- </listitem>
- </orderedlist>
+ <para>¥¤¥ó¥¹¥È¡¼¥ë¤¬½ª¤ï¤Ã¤¿¤é¡¢
+ <command>visudo</command> ¥¤¥ó¥¿¥Õ¥§¡¼¥¹¤ò»È¤Ã¤Æ
+ <filename>/usr/local/etc/sudoers</filename>
+ ¥Õ¥¡¥¤¥ë¤òÊÔ½¸¤·¤Æ¤¯¤À¤µ¤¤¡£
+ °Ê²¼¤ÎÎã¤Ç¤Ï¡¢¿·¤·¤¯ webadmin ¥°¥ë¡¼¥×¤¬ºîÀ®¤µ¤ì¡¢
+ <systemitem class="username">trhodes</systemitem>
+ ¥æ¡¼¥¶¤¬¤³¤Î¥°¥ë¡¼¥×¤ËÄɲ䵤ì¤Þ¤¹¡£
+ ¤½¤Î¸å¡¢¥æ¡¼¥¶¤Ë <package>apache24</package>
+ ¤òºÆµ¯Æ°¤¹¤ë¥¢¥¯¥»¥¹¸¢¸Â¤òÍ¿¤¨¤Þ¤¹¡£
+ ¤³¤Î¼ê³¤¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
- <para>¼¡¤ÎÀá¤Ç¤Ï¡¢¾åµ¤Î¹àÌܤˤĤ¤¤Æ¤è¤ê¿¼¤¯·¡¤ê²¼¤²¤Æ¤¤¤¤Þ¤¹¡£</para>
- </sect1>
+ <screen>&prompt.root; <userinput>pw groupadd webadmin -M trhodes -g 6000</userinput></screen>
- <sect1 xml:id="securing-freebsd">
- <title>&os; ¤Î°ÂÁ´À¤ò¹â¤á¤ë</title>
+ <screen>&prompt.root; <userinput>visudo</userinput></screen>
- <indexterm>
- <primary>¥»¥¥å¥ê¥Æ¥£</primary>
- <secondary>&os; ¤Î°ÂÁ´À¤ò¹â¤á¤ë</secondary>
- </indexterm>
+ <programlisting>%webadmin ALL=(ALL) /usr/sbin/service apache24 *</programlisting>
- <para>¤³¤ÎÀá¤Ç¤Ï¡¢<link
- linkend="security-intro">Á°Àá</link> ¤Ç¤È¤ê¤¢¤²¤¿ &os;
- ¥·¥¹¥Æ¥à¤Î°ÂÁ´À¤ò¹â¤á¤ëÊýË¡¤Ë¤Ä¤¤¤ÆÀâÌÀ¤·¤Þ¤¹¡£</para>
+ <para>¥í¡¼¥«¥ë¤Î¥æ¡¼¥¶´ÉÍý¤Ë¤ª¤¤¤Æ¡¢
+ <package>security/sudo</package> ¤Ï¡¢
+ Èó¾ï¤Ëµ®½Å¤Ê¥ê¥½¡¼¥¹¤òÄ󶡤·¤Þ¤¹¡£
+ ¤Þ¤¿¡¢¥Ñ¥¹¥ï¡¼¥É¤òÉÔɬÍפˤ·¤Æ¡¢¥Ç¥Õ¥©¥ë¥È¤ò &man.ssh.1;
+ ¸°¤ÎÊýË¡¤À¤±¤Ë¤¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£
+ &man.sshd.8; ·Ðͳ¤Î¥Ñ¥¹¥ï¡¼¥É¤Ë¤è¤ë¥í¥°¥¤¥ó¤ò̵¸ú¤Ë¤·¡¢
+ <command>sudo</command>
+ ¤Ø¤Î¥í¡¼¥«¥ë¥Ñ¥¹¥ï¡¼¥É¤Î¤ß¤ò»È¤¦¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢
+ <xref linkend="openssh"/> ¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
+ </sect2>
- <sect2 xml:id="securing-root-and-staff">
- <title><systemitem class="username">root</systemitem>
- ¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À¤ò¹â¤á¤ë</title>
+ <sect2 xml:id="security-passwords">
+ <title>¥Ñ¥¹¥ï¡¼¥É</title>
- <indexterm>
- <primary>&man.su.1;</primary>
- </indexterm>
+ <para>¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢¥Æ¥¯¥Î¥í¥¸¡¼¤Ë¤ª¤±¤ëɬÍ×°¤Ç¤¹¡£
+ ¥Ñ¥¹¥ï¡¼¥É¤Ï¶Ë¤á¤ÆÊ£»¨¤Ç¤¢¤ë¤À¤±¤Ç¤Ï¤Ê¤¯¡¢
+ ¥Ñ¥¹¥ï¡¼¥É¤òÊݸ¤ë¶¯ÎϤʥϥå·¥å¥á¥«¥Ë¥º¥à¤â¤Þ¤¿É¬ÍפȤʤê¤Þ¤¹¡£
+ ¤³¤Îʸ½ñ¤ò½ñ¤¤¤Æ¤¤¤ë»þÅÀ¤Ç¤Ï¡¢
+ &os; ¤Ï <function>crypt()</function> ¥é¥¤¥Ö¥é¥ê¤Ç
+ <acronym>DES</acronym>, <acronym>MD</acronym>5, Blowfish,
+ <acronym>SHA</acronym>256 ¤ª¤è¤Ó <acronym>SHA</acronym>512
+ ¤ËÂбþ¤·¤Æ¤¤¤Þ¤¹¡£
+ ¥Ç¥Õ¥©¥ë¥È¤Ï <acronym>SHA</acronym>512 ¤Ç¤¢¤ê¡¢
+ ¶¯Å٤μ夤°Å¹æ¤Ø¤ÏÊѹ¹¤¹¤Ù¤¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
+ ¤·¤«¤·¤Ê¤¬¤é¡¢Blowfish ¤ò¹¥¤à¥æ¡¼¥¶¤â¤ª¤ê¤Þ¤¹¡£
+ <acronym>DES</acronym> ¤ò½ü¤¯³Æ¥á¥«¥Ë¥º¥à¤Ç¤Ï¡¢
+ ³«»Ï¤Îʸ»ú¡¢»ÈÍѤ·¤Æ¤¤¤ë¥Ï¥Ã¥·¥å¥á¥«¥Ë¥º¥à¤ò¼±Ê̲Äǽ¤ÊÆÃħ¤ò»ý¤Ã¤Æ¤¤¤Þ¤¹¡£
+ <acronym>MD</acronym>5 ¥á¥«¥Ë¥º¥à¤Ç¤Ï¡¢¥·¥ó¥Ü¥ë¤Ï
+ <quote>$</quote> ¤ÎÉä¹æ¤Ç¤¹¡£
+ <acronym>SHA</acronym>256 ¤Þ¤¿¤Ï¡¢
+ <acronym>SHA</acronym>512 ¤Ç¤Ï¡¢¥·¥ó¥Ü¥ë¤Ï <quote>$6$</quote>¡¢
+ ¤½¤·¤Æ Blowfish ¤Ï <quote>$2a$</quote> ¤Ç¤¹¡£
+ °Å¹æ¶¯Å٤μ夤¥Ñ¥¹¥ï¡¼¥É¤ò»ÈÍѤ·¤Æ¤¤¤ë¾ì¹ç¤Ë¤Ï¡¢
+ ¼¡²ó¤Î¥í¥°¥¤¥ó»þ¤Ë¥æ¡¼¥¶¤¬
+ &man.passwd.1; ¤ò¼Â¹Ô¤·¤ÆºÆ¥Ï¥Ã¥·¥å²½¤¹¤ë¤³¤È¤òÂ¥¤¹¤Ù¤¤Ç¤¹¡£</para>
- <para>¤Û¤È¤ó¤É¤Î¥·¥¹¥Æ¥à¤Ç¤Ï¡¢
- <systemitem class="username">root</systemitem>
- ¥¢¥«¥¦¥ó¥È¤Ë³ä¤êÅö¤Æ¤¿¥Ñ¥¹¥ï¡¼¥É¤¬ 1 ¤Ä¤¢¤ê¤Þ¤¹¡£
- ¤³¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï<emphasis>¤¤¤Ä¤Ç¤â</emphasis>ÉÔÀµÍøÍÑ¤Î´í¸±¤Ë»¯¤µ¤ì¤Æ¤¤¤ë¤È¹Í¤¨¤Æ¤¯¤À¤µ¤¤¡£
- ¤³¤ì¤Ï¥Ñ¥¹¥ï¡¼¥É¤ò̵¸ú¤Ë¤¹¤Ù¤¤À¤È¸À¤Ã¤Æ¤¤¤ë¤Î¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
- ¥Ñ¥¹¥ï¡¼¥É¤Ï¡¢¥Þ¥·¥ó¤Ë¥³¥ó¥½¡¼¥ë¤«¤é¥¢¥¯¥»¥¹¤¹¤ë¤Î¤Ë¤Ï¡¢
- ¤Û¤È¤ó¤É¤¤¤Ä¤Ç¤âɬÍפʤâ¤Î¤Ç¤¹¡£
- ¤·¤«¤·¤Ê¤¬¤é¡¢¥³¥ó¥½¡¼¥ë°Ê³°¤«¤é¤Ï¡¢
- ¤½¤·¤Æ²Äǽ¤Ê¤é &man.su.1;
- ¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¾ì¹ç¤â¥Ñ¥¹¥ï¡¼¥É¤ò»È¤¨¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤Ù¤¤Ç¤¹¡£
- ¤¿¤È¤¨¤Ð¡¢<filename>/etc/ttys</filename> ¤Î¥¨¥ó¥È¥ê¤Ë¤ª¤¤¤Æ¡¢
- ÆÃÄê¤Î¥¿¡¼¥ß¥Ê¥ë¤ËÂФ·
- <systemitem class="username">root</systemitem>
- ¤Ç¥í¥°¥¤¥ó¤Ç¤¤Ê¤¤¤è¤¦¤Ë
- <literal>insecure</literal> ¤ÈÀßÄꤷ¤Æ¤¯¤À¤µ¤¤¡£
- &os; ¤Ç¤Ï¡¢¥Ç¥Õ¥©¥ë¥È¤Ç¡¢
- <filename>/etc/ssh/sshd_config</filename> ¤Ë¤ª¤¤¤Æ
- <literal>PermitRootLogin</literal> ¤¬ <literal>no</literal>
- ¤ÈÀßÄꤵ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢&man.ssh.1; ¤ò»È¤Ã¤¿
- <systemitem class="username">root</systemitem>
- ¤Ø¥í¥°¥¤¥ó¤Ï̵¸ú¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
- ¤¹¤Ù¤Æ¤Î¥¢¥¯¥»¥¹¼êÃÊ¡¢¤¿¤È¤¨¤Ð FTP
- ¤è¤¦¤Ê¥µ¡¼¥Ó¥¹¤Ï¡¢Îɤ¯¥¯¥é¥Ã¥¯¤ÎÂоݤȤʤ뤳¤È¤òÍý²ò¤·¤Æ¤¯¤À¤µ¤¤¡£
- <systemitem class="username">root</systemitem> ¤Ø¤ÎľÀÜ¥í¥°¥¤¥ó¤Ï¡¢
- ¥·¥¹¥Æ¥à¥³¥ó¥½¡¼¥ë·Ðͳ¤Ç¤Î¤ß²Äǽ¤Ç¤¢¤ë¤Ù¤¤Ê¤Î¤Ç¤¹¡£</para>
+ <note>
+ <para>¤³¤Îʸ½ñ¤ò½ñ¤¤¤Æ¤¤¤ë»þÅÀ¤Ç¡¢Blowfish ¤Ï
+ <acronym>AES</acronym> ¤Ç¤Ê¤±¤ì¤Ð¡¢
+ <acronym>FIPS</acronym> (Federal Information
+ Processing Standards) ¤Ë½àµò¤â¤·¤Æ¤¤¤Þ¤»¤ó¡£
+ ¤½¤Î¤¿¤á¡¢»ÈÍѤǤ¤Ê¤¤´Ä¶¤¬¤¢¤ê¤Þ¤¹¡£</para>
+ </note>
- <indexterm>
- <primary><systemitem class="groupname">wheel</systemitem></primary>
- </indexterm>
+ <para>¥Í¥Ã¥È¥ï¡¼¥¯¤ËÀܳ¤·¤Æ¤¤¤ë¥·¥¹¥Æ¥à¤Ë¤Ä¤¤¤Æ¤Ï¡¢
+ ÆóÍ×ÁÇǧ¾Ú¤ò»ÈÍѤ¹¤Ù¤¤Ç¤¹¡£
+ ¤³¤Îǧ¾Ú¤Ç¤Ï¡¢Ä̾濫¤Ê¤¿¤¬½êͤ¹¤ëÍ×ÁǤÈÃΤäƤ¤¤ëÍ×ÁǤ¬ÍѤ¤¤é¤ì¤Þ¤¹¡£
+ &os; ¤Î¥Ù¡¼¥¹¥·¥¹¥Æ¥à¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë
+ <application>OpenSSH</application> ¤ª¤è¤Ó ssh-keys ¤Ç¤Ï¡¢
+ ¥Í¥Ã¥È¥ï¡¼¥¯¤Ø¤Î¤¹¤Ù¤Æ¤Î¥í¥°¥¤¥ó¤Ë¤ª¤±¤ëÆóÍ×ÁÇǧ¾Ú¤Î¸ò´¹¤Ç¡¢
+ ¥Ñ¥¹¥ï¡¼¥É¤ò»ÈÍѤ¹¤Ù¤¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
+ ¤è¤ê¾ÜºÙ¤Ê¾ðÊó¤Ë¤Ä¤¤¤Æ¤Ï¡¢¥Ï¥ó¥É¥Ö¥Ã¥¯¤Î
+ <xref linkend="openssh"/> Àá¤ò¤´Í÷¤¯¤À¤µ¤¤¡£
+ Kerberose ¤Î¥æ¡¼¥¶¤Ï¡¢¥Í¥Ã¥È¥ï¡¼¥¯¤Ç
+ <application>OpenSSH</application>
+ ¤ò¼ÂÁõ¤¹¤ë¤¿¤á¤ËÄɲäÎÊѹ¹¤¬É¬Íפˤʤë¤Ç¤·¤ç¤¦¡£</para>
+ </sect2>
- <para>¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï
- <systemitem class="username">root</systemitem>
- ¤Ë¤Ê¤ì¤ë¤è¤¦¤Ë¤·¤Æ¤ª¤¯É¬Íפ¬¤¢¤ë¤Î¤Ç¡¢
- ÄɲäΥѥ¹¥ï¡¼¥Éǧ¾Ú¤ÎÀßÄ꤬ɬÍפȤʤê¤Þ¤¹¡£
- ¤Ò¤È¤Ä¤Ï¡¢Å¬Àڤʥ桼¥¶¥¢¥«¥¦¥ó¥È¤ò
- <filename>/etc/group</filename> Ãæ¤Î
- <systemitem class="groupname">wheel</systemitem> ¤Ë²Ã¤¨¤ëÊýË¡¤Ç¤¹¡£
- <systemitem class="groupname">wheel</systemitem>
- ¤Î¥á¥ó¥Ð¤Ï¡¢&man.su.1; ¤ò»È¤Ã¤Æ
- <systemitem class="username">root</systemitem> ¤Ë¤Ê¤ë¤³¤È¤¬µö¤µ¤ì¤Þ¤¹¡£
- ¼ÂºÝ¤Ë
- <systemitem class="username">root</systemitem>
- ¥¢¥¯¥»¥¹¤ÎɬÍפʥ桼¥¶¤Î¤ß
- <systemitem class="groupname">wheel</systemitem>
- ¤ËÃÖ¤¯¤è¤¦¤Ë¤¹¤Ù¤¤Ç¤¹¡£
- Kerberos ¤ò»ÈÍѤ·¤Æǧ¾Ú¹Ô¤¦¾ì¹ç¤Ë¤Ï¡¢
- <systemitem class="username">root</systemitem>
- ¤Î¥Û¡¼¥à¥Ç¥£¥ì¥¯¥È¥ê¤Ë <filename>.k5login</filename>
- ¤òºîÀ®¤¹¤ë¤³¤È¤Ç¡¢
- ï¤â <systemitem class="groupname">wheel</systemitem> ¤ËÃÖ¤¯É¬Íפʤ¯
- &man.ksu.1; ¤¹¤ë¤³¤È¤òµö²Ä¤Ç¤¤Þ¤¹¡£</para>
+ <sect2 xml:id="security-rkhunter">
+ <title>¥Ð¥Ã¥¯¥É¥¢¤ª¤è¤Ó¥ë¡¼¥È¥¥Ã¥È</title>
- <para>¥¢¥«¥¦¥ó¥È¤ò´°Á´¤Ë¥í¥Ã¥¯¤¹¤ë¤Ë¤Ï¡¢
- &man.pw.8; ¤ò»È¤Ã¤Æ¤¯¤À¤µ¤¤¡£</para>
+ <para>¥Ð¥Ã¥¯¥É¥¢¤ª¤è¤Ó¥ë¡¼¥È¥¥Ã¥È¤Ï¡¢
+ ¤½¤ì¤é¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤¿¸å¤Ë¶¼°Ò¤È¤Ê¤ê¤Þ¤¹¡£
+ ¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ë¤È¡¢¤³¤Î°°Õ¤Î¤¢¤ë¥½¥Õ¥È¥¦¥§¥¢¤Ï¡¢
+ ¹¶·â¼Ô¤Î¤¿¤á¤Ë¿¯Æþ¸ý¤òÀßÃÖ¤·¤Þ¤¹¡£
+ ¼ÂºÝŪ¤Ë¤Ï¡¢¥·¥¹¥Æ¥à¤¬°ìÅÙ±øÀ÷¤µ¤ì¤¿¸å¤Ë¡¢Ä´ºº¤¬¹Ô¤ï¤ì¡¢
+ ¾Ãµî¤µ¤ì¤Þ¤¹¡£
+ ¿µ½Å¤Ê¥»¥¥å¥ê¥Æ¥£¤ä¥·¥¹¥Æ¥à¥¨¥ó¥¸¥Ë¥¢¤Ç¤µ¤¨¤â¡¢
+ ¹¶·â¼Ô¤¬»Ä¤·¤¿¥½¥Õ¥È¥¦¥§¥¢¤ò¸«Æ¨¤·¤Æ¤·¤Þ¤¦¤È¤¤¤¦¶²¤í¤·¤¤¥ê¥¹¥¯¤¬Â¸ºß¤·¤Æ¤¤¤Þ¤¹¡£</para>
- <screen>&prompt.root; <userinput>pw lock staff</userinput></screen>
+ <para>¥Ð¥Ã¥¯¥É¥¢¤Þ¤¿¤Ï¥ë¡¼¥È¥¥Ã¥È¥½¥Õ¥È¥¦¥§¥¢¤Ï¡¢
+ ´ÉÍý¼Ô¤Ë¤È¤Ã¤ÆÌò¤ËΩ¤Ä¤³¤È¤¬°ì¤Ä¤¢¤ê¤Þ¤¹¡£
+ ¤½¤ì¤Ï¡¢°ìÅÙ¸¡½Ð¤¹¤ë¤È¡¢
+ ¥·¥¹¥Æ¥à¤Î¤É¤³¤«¤¬´í¸±¤ËËÁ¤µ¤ì¤Æ¤¤¤ë¤³¤È¤Îº¯ÀפȤʤê¤Þ¤¹¡£
+ ¤·¤«¤·¡¢Ä̾盧¤Î¼ï¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ï¡¢¤È¤Æ¤â¤¦¤Þ¤¯±£¤ì¤Æ¤¤¤Þ¤¹¡£
+ ¥Ð¥Ã¥¯¥É¥¢¤ª¤è¤Ó¥ë¡¼¥È¥¥Ã¥È¤ò¸¡½Ð¤¹¤ë¥Ä¡¼¥ë¤¬Â¸ºß¤·¤Æ¤ª¤ê¡¢
+ ¤½¤ì¤¦¤Á¤Î°ì¤Ä¤¬¡¢
+ <package>security/rkhunter</package> ¤Ç¤¹¡£</para>
- <para>¤³¤ì¤Ë¤è¤ê¡¢»ØÄꤵ¤ì¤¿¥æ¡¼¥¶¤Ï¡¢&man.ssh.1;
- ¤ò´Þ¤à¤¤¤«¤Ê¤ëÊýË¡¤Ç¤â¥í¥°¥¤¥ó¤Ç¤¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£</para>
+ <para>¥¤¥ó¥¹¥È¡¼¥ë¸å¡¢°Ê²¼¤Î¥³¥Þ¥ó¥É¤Ç¥·¥¹¥Æ¥à¤ò¥Á¥§¥Ã¥¯¤Ç¤¤Þ¤¹¡£
+ ¼Â¹Ô¤¹¤ë¤È¿¤¯¤Î¾ðÊ󤬽ÐÎϤµ¤ì¤Þ¤¹¡£</para>
- <para>¥¢¥«¥¦¥ó¥È¤Ø¤Î¥¢¥¯¥»¥¹¤ò¥Ö¥í¥Ã¥¯¤¹¤ë¤â¤¦°ì¤Ä¤ÎÊýË¡¤Ï¡¢
- °Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¤ò
- <quote><literal>*</literal></quote> 1 ʸ»ú¤ËÃÖ¤´¹¤¨¤ë¤³¤È¤Ç¤¹¡£
- ¤³¤Îʸ»ú¤Ï¡¢°Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¤Ë¥Þ¥Ã¥Á¤¹¤ë¤³¤È¤Ï¤Ê¤¤¤Î¤Ç¡¢
- ¥æ¡¼¥¶¥¢¥¯¥»¥¹¤ò¥Ö¥í¥Ã¥¯¤·¤Þ¤¹¡£
- ¤¿¤È¤¨¤Ð¡¢¼¡¤Î¥¢¥«¥¦¥ó¥È¤Î¥¨¥ó¥È¥ê¤ò¡¢</para>
+ <screen>&prompt.root; <userinput>rkhunter -c</userinput></screen>
- <programlisting>foobar:R9DT/Fa1/LV9U:1000:1000::0:0:Foo Bar:/home/foobar:/usr/local/bin/tcsh</programlisting>
+ <para>¤³¤Î¥×¥í¥»¥¹¤ò¼Â¹ÔÃæ¤Ë <keycap>ENTER</keycap>
+ ¥¡¼¤ò²¿ÅÙ¤«²¡¤¹É¬Íפ¬¤¢¤ê¤Þ¤¹¡£
+ ´°Î»¤¹¤ë¤È¡¢¥¹¥Æ¡¼¥¿¥¹¥á¥Ã¥»¡¼¥¸¤¬²èÌ̤Ëɽ¼¨¤µ¤ì¤Þ¤¹¡£
+ ¤³¤Î¥á¥Ã¥»¡¼¥¸¤Ï¡¢¥Á¥§¥Ã¥¯¤·¤¿¥Õ¥¡¥¤¥ë¤ÎÎÌ¡¢µ¿¤ï¤·¤¤¥Õ¥¡¥¤¥ë¤Î¿ô¡¢
+ ²ÄǽÀ¤Î¤¢¤ë¥ë¡¼¥È¥¥Ã¥ÈÅù¤Î¾ðÊó¤ò´Þ¤ß¤Þ¤¹¡£
+ ¥Á¥§¥Ã¥¯¤ÎºÇÃæ¡¢±£¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¡¢
+ <application>OpenSSH</application> ¥×¥í¥È¥³¥ë¤ÎÁªÂò¡¢¤½¤·¤Æ¡¢
+ »þ¤Ë¤Ï¡¢¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ë¥½¥Õ¥È¥¦¥§¥¢¤ÎÁ²¼åÀ¤Î¥Ð¡¼¥¸¥ç¥ó¤Ë´Ø¤¹¤ë°ìÈÌŪ¤Ê¥»¥¥å¥ê¥Æ¥£¤Î·Ù¹ð¤¬½ÐÎϤµ¤ì¤Þ¤¹¡£
+ ¤¹¤°¤Ë¡¢¤â¤·¤¯¤Ï¤è¤ê¾ÜºÙ¤Ê²òÀϤ¬¹Ô¤ï¤ì¤¿¸å¤Ë¡¢Âбþ¤¬²Äǽ¤Ç¤¹¡£</para>
- <para>&man.vipw.8; ¤ò»È¤Ã¤Æ°Ê²¼¤Î¤è¤¦¤ËÊѹ¹¤·¤Þ¤¹¡£</para>
+ <para>´ÉÍý¼Ô¤Ï³§¡¢
+ ôÅö¤·¤Æ¤¤¤ë¥·¥¹¥Æ¥à¾å¤Ç²¿¤¬¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¤«¤òÇÄ°®¤·¤Æ¤¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ <application>rkhunter</application>,
+ <application>lsof</application> ¤ä
+ &man.netstat.1; ¤ª¤è¤Ó &man.ps.1; ¤È¤¤¤Ã¤¿¥Í¥¤¥Æ¥£¥Ö¤Î¥Ä¡¼¥ë¤Ï¡¢
+ ¥·¥¹¥Æ¥à¤Ë´Ø¤¹¤ë¤«¤Ê¤ê¿¤¯¤Î¾ðÊó¤òÍ¿¤¨¤Æ¤¯¤ì¤Þ¤¹¡£
+ Àµ¾ï¤Ê¾õÂÖ¤¬¤É¤Î¤è¤¦¤Ê¾õÂ֤Ǥ¢¤ë¤«¤òÇÄ°®¤·¤Æ¤ª¤¡¢
+ ËÜÍè¤È°ã¤¦¾õ¶·¤Ë¤Ê¤Ã¤¿¾ì¹ç¤Ë¤Ï¡¢¼ÁÌä¤ò¤·¤¿¤ê¡¢
+ µ¿¤¤¿¼¤¯¤Ê¤Ã¤Æ¤¯¤À¤µ¤¤¡£
+ ¥»¥¥å¥ê¥Æ¥£¤¬Çˤé¤ì¤ë¤³¤È¤òÈò¤±¤ë¤³¤È¤ÏÍýÁۤǤ¹¤¬¡¢
+ Çˤé¤ì¤¿¤³¤È¤òÇÄ°®¤¹¤ë¤³¤È¤Ïɬ¿Ü¤Ç¤¹¡£</para>
+ </sect2>
- <programlisting>foobar:*:1000:1000::0:0:Foo Bar:/home/foobar:/usr/local/bin/tcsh</programlisting>
+ <sect2 xml:id="security-ids">
+ <title>¥Ð¥¤¥Ê¥ê¸¡¾Ú</title>
- <para>¤³¤ÎÊѹ¹¤Ë¤è¤Ã¤Æ
- <systemitem class="username">foobar</systemitem> ¤Ï¡¢
- Ä̾ï¤Î¥í¥°¥¤¥ó¤Ï¤Ç¤¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£
- ¤³¤Î¤è¤¦¤Ê¥¢¥¯¥»¥¹À©¸Â¤ò¤·¤¿¸å¤Ï¡¢
- ¥µ¥¤¥È¤Ç <application>Kerberos</application> ¤ò¥»¥Ã¥È¥¢¥Ã¥×¤·¤¿¤ê¡¢
- ¥æ¡¼¥¶¤¬ &man.ssh.1;
- ¤Î¸°¤òÀßÄꤹ¤ë¤Ê¤É¤È¤¤¤Ã¤¿Ç§¾Ú¼êÃʤòÍøÍѤ·¤Ê¤±¤ì¤Ð¤Ê¤ê¤Þ¤»¤ó¡£</para>
+ <para>¥·¥¹¥Æ¥à¥Õ¥¡¥¤¥ë¤ª¤è¤Ó¥Ð¥¤¥Ê¥ê¤Î¸¡¾Ú¤Ï¡¢
+ ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤ª¤è¤Ó¥»¥¥å¥ê¥Æ¥£¥Á¡¼¥à¤ËÂФ·¤Æ¡¢
+ ¥·¥¹¥Æ¥à¤ÎÊѹ¹¤Ë´Ø¤¹¤ë¾ðÊó¤òÄ󶡤·¤Æ¤¯¤ì¤ë¤¿¤á½ÅÍפǤ¹¡£
+ ¤¤¤«¤Ê¤ë¥·¥¹¥Æ¥à¤Ë¤ª¤¤¤Æ¤â¡¢¥·¥¹¥Æ¥à´ÉÍý¥Á¡¼¥à¤ÎÃΤé¤Ê¤¤¤È¤³¤í¤Ç¡¢
+ ÆâÉô¤Î¥³¥Þ¥ó¥É¤ä¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÏÊѹ¹¤¹¤Ù¤¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
+ ¥·¥¹¥Æ¥à¤ÎÊѹ¹¤ò¤ò¥â¥Ë¥¿¥ê¥ó¥°¤¹¤ë¥½¥Õ¥È¥¦¥§¥¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ï¡¢
+ ¿¯Æþ¸¡ÃÎ¥·¥¹¥Æ¥à (Intrusion Detection System)
+ ¤Þ¤¿¤Ï <acronym>IDS</acronym> ¤È¸Æ¤Ð¤ì¤Þ¤¹¡£</para>
- <para>¤³¤ì¤é¤Î¥»¥¥å¥ê¥Æ¥£¤Î»ÅÁȤߤǤϡ¢
- À©¸Â¤Î¶¯¤¤¥µ¡¼¥Ð¤«¤éÀ©¸Â¤Î¼å¤¤¥µ¡¼¥Ð¤Ø¥í¥°¥¤¥ó¤¹¤ë¤³¤È¤òÁ°Äó¤È¤·¤Æ¤¤¤Þ¤¹¡£
- ¤¿¤È¤¨¤Ð¡¢¥µ¡¼¥Ð¤¬¥Í¥Ã¥È¥ï¡¼¥¯¥µ¡¼¥Ó¥¹¤ò¼Â¹Ô¤µ¤»¤Æ¤¤¤ë¾ì¹ç¡¢
- ¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¤Ç¤Ï¤½¤ì¤é¤Î¥µ¡¼¥Ó¥¹¤ò¼Â¹Ô¤µ¤»¤Æ¤Ï¤Ê¤ê¤Þ¤»¤ó¡£
- ¥ï¡¼¥¯¥¹¥Æ¡¼¥·¥ç¥ó¤ò½½Ê¬¤Ë°ÂÁ´¤Ë¤·¤Æ¤ª¤¯¤¿¤á¤Ë¤Ï¡¢
- ¼Â¹Ô¤¹¤ë¥µ¡¼¥Ó¥¹¤ò¥¼¥í¤Ë¤¹¤ë¤«¡¢²Äǽ¤Ê¸Â¤ê¸º¤é¤·¡¢
- ¥Ñ¥¹¥ï¡¼¥É¤ÇÊݸ¤ì¤¿¥¹¥¯¥ê¡¼¥ó¥»¡¼¥Ð¤òÁö¤é¤»¤Æ¤ª¤¯¤Ù¤¤Ç¤¹¡£
- ¥·¥¹¥Æ¥à¤Ø¤ÎʪÍýŪ¥¢¥¯¥»¥¹¤¬Í¿¤¨¤é¤ì¤¿¤È¤¹¤ë¤È¡¢
- ¤â¤Á¤í¤ó¸À¤¦¤Þ¤Ç¤â¤Ê¤¯¡¢
- ¹¶·â¼Ô¤Ï¤¤¤«¤Ê¤ë¼ïÎà¤Î¥»¥¥å¥ê¥Æ¥£¤ò¤â¤¦¤ÁÇˤ뤳¤È¤¬¤Ç¤¤ë¤Î¤Ç¤¹¡£
- ¹¬¤¤¤Ë¤â¡¢¥·¥¹¥Æ¥àÇˤê¤ÎÂç¿¿ô¤Ï¡¢¥Í¥Ã¥È¥ï¡¼¥¯·Ðͳ¤Ç¥ê¥â¡¼¥È¤«¤é¡¢
- ¥·¥¹¥Æ¥à¤Ø¤ÎʪÍýŪ¥¢¥¯¥»¥¹¼êÃʤò»ý¤¿¤Ê¤¤¿Í¡¹¤Ë¤è¤Ã¤Æ¹Ô¤ï¤ì¤Æ¤¤¤Þ¤¹¡£</para>
+ <para>&os; ¤Ï¡¢´ðËÜŪ¤Ê
+ <acronym>IDS</acronym> ¥·¥¹¥Æ¥à¤ò¥Í¥¤¥Æ¥£¥Ö¤ÇÄ󶡤·¤Æ¤¤¤Þ¤¹¡£
+ ¼ÂºÝ¤Ë¡¢ËèÈդΠ&man.periodic.8; ¥»¥¥å¥ê¥Æ¥£¤Ë´Ø¤¹¤ë¥á¡¼¥ë¤ÎÃæ¤Ç¤Ï¡¢
+ ´ÉÍý¼Ô¤ËÊѹ¹ÅÀ¤òÄÌÃΤ·¤Þ¤¹¡£
+ ¾ðÊó¤Ï¥í¡¼¥«¥ë¤ËÊݸ¤µ¤ì¤Æ¤¤¤ë¤Î¤Ç¡¢
+ °°Õ¤Î¤¢¤ë¥æ¡¼¥¶¤¬Êѹ¹¤·¡¢¾ðÊó¤ò
+ <quote>µ½¤¯</quote> ²ÄǽÀ¤¬¤¢¤ê¤Þ¤¹¡£
+ ¤½¤Î¤¿¤á¡¢¥Ð¥¤¥Ê¥ê¤Î½ð̾¤ÎÊ̤Υ»¥Ã¥È¤òºîÀ®¤·¤Æ¡¢
+ Æɤ߼è¤êÀìÍѤΠroot ½êͤΥǥ£¥ì¥¯¥È¥ê¡¢¤Ç¤¤ì¤Ð¡¢
+ <acronym>USB</acronym> ¥Ç¥£¥¹¥¯¤Þ¤¿¤Ï
+ <application>rsync</application>
+ ¥µ¡¼¥Ð¤È¤¤¤Ã¤¿¥·¥¹¥Æ¥à¤È¤ÏÊ̤Υ·¥¹¥Æ¥à¤ËÊݸ¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
- <para>Kerberos ¤ò»È¤¦¤³¤È¤Ç¡¢
- ¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤ÎÊѹ¹¤â¤·¤¯¤ÏÄä»ß¤ò°ì²Õ½ê¤Ç¹Ô¤Ê¤¦¤³¤È¤È¡¢
- ¥æ¡¼¥¶¤¬¥¢¥«¥¦¥ó¥È¤ò»ý¤Ä¤¹¤Ù¤Æ¤Î¥Þ¥·¥ó¤Ë¨»þ¤Ë¤½¤Î¸ú²Ì¤òµÚ¤Ü¤¹¤³¤È¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£
- ¥¢¥«¥¦¥ó¥È¤¬´í¸±¤Ë»¯¤µ¤ì¤¿¤È¤¤Ë¡¢
- ¤¹¤Ù¤Æ¤Î¥Þ¥·¥ó¾å¤Î´ØÏ¢¤¹¤ë¥Ñ¥¹¥ï¡¼¥É¤ò¨ºÂ¤ËÊѹ¹¤¹¤ëǽÎϤò²á¾®É¾²Á¤·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
- Kerberos ¤Ç¤Ï¡¢Kerberos ¥Á¥±¥Ã¥È¤Ë¥¿¥¤¥à¥¢¥¦¥È¤òÀßÄê¤Ç¤¡¢
- ÀßÄꤷ¤¿´ü´Ö¤¬·Ð²á¤¹¤ë¤È¥æ¡¼¥¶¤Ë¿·¤·¤¤¥Ñ¥¹¥ï¡¼¥É¤òÁª¤Ö¤è¤¦¤ËÍ׵᤹¤ë¤È¤¤¤Ã¤¿ÄɲäÎÀ©¸Â¤ò²Ý¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£</para>
- </sect2>
+ <para>¤Þ¤ººÇ½é¤Ë¡¢¥·¡¼¥É¤òÀ¸À®¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ¤³¤ì¤Ï¡¢¿ôÃÍÄê¿ô¤Ç¡¢¥Ï¥Ã¥·¥åÃͤÎÀ¸À®¤ä¥Ï¥Ã¥·¥åÃͤθ¡¾Ú¤Ç»È¤ï¤ì¤Þ¤¹¡£
+ ¤³¤Î¥·¡¼¥É¤¬¤Ê¤¤¤È¡¢
+ ¥Õ¥¡¥¤¥ë¤Î¥Á¥§¥Ã¥¯¥µ¥à¤ÎÃͤòµ¶¤Ã¤¿¤ê¸¡¾Ú¤¬²Äǽ¤Ë¤Ê¤ê¤Þ¤¹¡£
+ °Ê²¼¤ÎÎã¤Ç¤Ï¡¢¥·¡¼¥É¤Ï <option>-s</option>
+ ¥Õ¥é¥°¤Ç»ØÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£
+ ºÇ½é¤Ë°Ê²¼¤Î¥³¥Þ¥ó¥É¤òÍѤ¤¤Æ <filename>/bin</filename>
+ ¤Î¥Ï¥Ã¥·¥åÃͤª¤è¤Ó¥Á¥§¥Ã¥¯¥µ¥à¤òÀ¸À®¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
- <sect2>
- <title>root ¸¢¸Â¤Ç¼Â¹Ô¤µ¤ì¤Æ¤¤¤ë¥µ¡¼¥Ð¤È
- SUID/SGID ¥Ð¥¤¥Ê¥ê¤Î°ÂÁ´À¤ò¹â¤á¤ë</title>
+ <screen>&prompt.root; <userinput>mtree -s 3483151339707503 -c -K cksum,sha256digest -p /bin > bin_chksum_mtree</userinput></screen>
- <indexterm>
- <primary>º½¾ì (sandbox)</primary>
- </indexterm>
- <indexterm>
- <primary>&man.sshd.8;</primary>
- </indexterm>
+ <para>¤³¤Î¥³¥Þ¥ó¥É¤Î½ÐÎϤϰʲ¼¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
- <para>ÍÑ¿´¿¼¤¤¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢É¬Íפʥµ¡¼¥Ó¥¹¤À¤±¤ò͸ú¤Ë¤·¡¢
- ¥µ¡¼¥É¥Ñ¡¼¥Æ¥£À½¤Î¥µ¡¼¥Ð¤Ï¡¢
- ¤è¤¯¥Ð¥°¤ò»ý¤Ã¤Æ¤¤¤¬¤Á¤À¤È¤¤¤¦¤³¤È¤ËÃí°Õ¤·¤Æ¤¤¤ë¤â¤Î¤Ç¤¹¡£
- Ãí°Õ¿¼¤¯¥Á¥§¥Ã¥¯¤·¤Æ¤¤¤Ê¤¤¥µ¡¼¥Ð¤Ï¡¢·è¤·¤Æ¼Â¹Ô¤·¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
- ¿¤¯¤Î¥Ç¡¼¥â¥ó¤Ï¡¢¥µ¡¼¥Ó¥¹ÀìÍѤΥ¢¥«¥¦¥ó¥È¡¢¤â¤·¤¯¤Ï
- <firstterm>º½¾ì (sandbox)</firstterm> ¤Çµ¯Æ°¤µ¤»¤ë¤³¤È¤¬¤Ç¤¤ë¤Î¤Ç¡¢
- <systemitem class="username">root</systemitem>
- ¸¢¸Â¤Ç¥µ¡¼¥Ó¥¹¤ò¼Â¹Ô¤¹¤ëÁ°¤Ë¤Ï¡¢¤è¤¯¹Í¤¨¤Æ¤¯¤À¤µ¤¤¡£
- &man.telnetd.8; ¤Þ¤¿¤Ï &man.rlogind.8;
- ¤Î¤è¤¦¤Ê°ÂÁ´¤Ç¤Ï¤Ê¤¤¥µ¡¼¥Ó¥¹¤Ï͸ú¤Ë¤·¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£</para>
+ <screen>&prompt.root; mtree: /bin checksum: 3427012225</screen>
- <para>¾¤Î¥·¥¹¥Æ¥à¤ÎÀøºßŪ¤Ê¥»¥¥å¥ê¥Æ¥£¥Û¡¼¥ë¤Ë¤Ï¡¢
- SUID-root ¤ª¤è¤Ó SGID ¥Ð¥¤¥Ê¥ê¤¬¤¢¤ê¤Þ¤¹¡£
- ¤³¤ì¤é¤Î¥Ð¥¤¥Ê¥ê¤Ï¡¢
- &man.rlogin.1; ¤Î¤è¤¦¤Ë¡¢<filename>/bin</filename>,
- <filename>/sbin</filename>, <filename>/usr/bin</filename>
- ¤Þ¤¿¤Ï <filename>/usr/sbin</filename>
- ¤Ë¸ºß¤¹¤ë¤â¤Î¤¬¤Û¤È¤ó¤É¤Ç¤¹¡£
- 100% °ÂÁ´¤Ê¤â¤Î¤Ï¸ºß¤·¤Ê¤¤¤È¤Ï¤¤¤¨¡¢
- ¥·¥¹¥Æ¥à¥Ç¥Õ¥©¥ë¥È¤Î SUID/SGID ¥Ð¥¤¥Ê¥ê¤ÏÈæ³ÓŪ°ÂÁ´¤È¤¤¤¨¤Þ¤¹¡£
- SUID ¥Ð¥¤¥Ê¥ê¤Ï¡¢
- ¥¹¥¿¥Ã¥Õ¤Î¤ß¤¬¥¢¥¯¥»¥¹²Äǽ¤ÊÆÃÊ̤ʥ°¥ë¡¼¥×¤ËÀ©¸Â¤·¡¢
- »È¤ï¤Ê¤¤ SUID ¥Ð¥¤¥Ê¥ê¤Ïºï½ü¤¹¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Þ¤¹¡£
- SGID ¥Ð¥¤¥Ê¥ê¤â¤Û¤È¤ó¤ÉƱÍÍ¤Î´í¸±¤Ê¸ºß¤Ë¤Ê¤êÆÀ¤Þ¤¹¡£
- ¿¯Æþ¼Ô¤¬ kmem ¤Ë SGID ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤òÇˤ뤳¤È¤¬¤Ç¤¤¿¾ì¹ç¡¢
- ¤½¤Î¿¯Æþ¼Ô¤Ï <filename>/dev/kmem</filename>
- ¤òÆɤ߽Ф¹¤³¤È¤¬¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¤Ç¤·¤ç¤¦¡£¤Ä¤Þ¤ê¡¢
- °Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤òÆɤ߽Ф¹¤³¤È¤¬¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ë¤Î¤Ç¡¢
- ¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ò¡¢ÀøºßŪ¤Ê´í¸±¤Ë»¯¤¹¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£Â¾¤Ë¤â¡¢
- <literal>kmem</literal> ¥°¥ë¡¼¥×¤òÇˤä¿¿¯Æþ¼Ô¤¬ pty
- ¤òÄ̤·¤ÆÁ÷¤é¤ì¤¿¥¡¼¥¹¥È¥í¡¼¥¯¤ò´Æ»ë¤Ç¤¤ë¤È¤¤¤¦´í¸±¤¬¤¢¤ê¤Þ¤¹¡£
- ¥¡¼¥¹¥È¥í¡¼¥¯¤Ë¤Ï¡¢°ÂÁ´¤ÊÊýË¡¤Ç¥í¥°¥¤¥ó¤¹¤ë¥æ¡¼¥¶¤¬»È¤Ã¤Æ¤¤¤ë pty
- ¤â´Þ¤Þ¤ì¤Þ¤¹¡£
- <systemitem class="groupname">tty</systemitem>
- ¥°¥ë¡¼¥×¤òÇˤä¿¿¯Æþ¼Ô¤Ï¡¢¤Û¤ÜǤ°Õ¤Î¥æ¡¼¥¶¤Î
- tty ¤Ø½ñ¤¹þ¤ß¤¬¤Ç¤¤Þ¤¹¡£
- ¥æ¡¼¥¶¤¬Ã¼Ëö¥×¥í¥°¥é¥à¤ä¥¡¼¥Ü¡¼¥É¤ò¥·¥ß¥å¥ì¡¼¥·¥ç¥ó¤¹¤ëµ¡Ç½¤ò»ý¤Ã¤¿¥¨¥ß¥å¥ì¡¼¥¿¤ò»È¤Ã¤Æ¤¤¤ë¾ì¹ç¡¢
- ¿¯Æþ¼Ô¤ÏÀøºßŪ¤Ë¡¢
- ·ë¶É¤½¤Î¥æ¡¼¥¶¤È¤·¤Æ¼Â¹Ô¤µ¤ì¤ë¥³¥Þ¥ó¥É¤ò¥æ¡¼¥¶¤ÎüËö¤Ë¥¨¥³¡¼¤µ¤»¤ë¥Ç¡¼¥¿¥¹¥È¥ê¡¼¥à¤òÀ¸À®¤Ç¤¤ë²ÄǽÀ¤¬¤¢¤ê¤Þ¤¹¡£</para>
- </sect2>
+ <para><filename>bin_cksum_mtree</filename> ¥Õ¥¡¥¤¥ë¤ò¸«¤ë¤È¡¢
+ °Ê²¼¤Î¤è¤¦¤Ê½ÐÎϤȤʤê¤Þ¤¹¡£</para>
- <sect2 xml:id="secure-users">
- <title>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Î°ÂÁ´À¤ò¹â¤á¤ë</title>
+ <programlisting># user: root
+# machine: dreadnaught
+# tree: /bin
+# date: Mon Feb 3 10:19:53 2014
+# .
+/set type=file uid=0 gid=0 mode=0555 nlink=1 flags=none
+. type=dir mode=0755 nlink=2 size=1024 \
+ time=1380277977.000000000
+ \133 nlink=2 size=11704 time=1380277977.000000000 \
+ cksum=484492447 \
+ sha256digest=6207490fbdb5ed1904441fbfa941279055c3e24d3a4049aeb45094596400662a
+ cat size=12096 time=1380277975.000000000 cksum=3909216944 \
+ sha256digest=65ea347b9418760b247ab10244f47a7ca2a569c9836d77f074e7a306900c1e69
+ chflags size=8168 time=1380277975.000000000 cksum=3949425175 \
+ sha256digest=c99eb6fc1c92cac335c08be004a0a5b4c24a0c0ef3712017b12c89a978b2dac3
+ chio size=18520 time=1380277975.000000000 cksum=2208263309 \
+ sha256digest=ddf7c8cb92a58750a675328345560d8cc7fe14fb3ccd3690c34954cbe69fc964
+ chmod size=8640 time=1380277975.000000000 cksum=2214429708 \
+ sha256digest=a435972263bf814ad8df082c0752aa2a7bdd8b74ff01431ccbd52ed1e490bbe7</programlisting>
- <para>¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤Ï¡¢ÉáÄÌ¡¢°ÂÁ´À¤ò¹â¤á¤ë¤³¤È¤¬ºÇ¤âº¤Æñ¤Ç¤¹¡£
- µ¤¤òÇۤäƥ桼¥¶¥¢¥«¥¦¥ó¥È¤ò´Æ»ë¤¹¤ë¤è¤ê¤Û¤«¤¢¤ê¤Þ¤»¤ó¡£
- ¥æ¡¼¥¶¥¢¥«¥¦¥ó¥È¤ËÂФ· &man.ssh.1; ¤ä Kerberos ¤òÍøÍѤ¹¤ë¤Ë¤Ï¡¢
- ¥·¥¹¥Æ¥à´ÉÍý¤¬¤µ¤é¤ËÁý¤¨¤¿¤ê¥Æ¥¯¥Ë¥«¥ë¥µ¥Ý¡¼¥È¤¬É¬Íפˤʤê¤Þ¤¹¤¬¡¢
- °Å¹æ²½¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤ÈÈæ³Ó¤¹¤ë¤È¤Ï¤ë¤«¤ËÎɤ¤ÊýË¡¤òÄ󶡤·¤Þ¤¹¡£</para>
- </sect2>
+ <para>¥³¥ó¥Ô¥å¡¼¥¿¤Î¥Û¥¹¥È̾¡¢¸½ºß¤ÎÆüÉդȻþ´Ö¡¢&man.mtree.8;
+ ¤ò¼Â¹Ô¤·¤¿¥æ¡¼¥¶¤Î¾ðÊ󤹤٤Ƥ¬¤³¤Î¥ì¥Ý¡¼¥È¤Ë¤Ï´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£
+ ¤Þ¤¿¡¢³Æ¥Ð¥¤¥Ê¥ê¤ËÂФ¹¤ë¥Á¥§¥Ã¥¯¥µ¥à¡¢¥µ¥¤¥º¡¢¥¿¥¤¥à¥¹¥¿¥ó¥×¤ª¤è¤Ó
+ <acronym>SHA</acronym>256 ¥À¥¤¥¸¥§¥¹¥È¤â´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£</para>
- <sect2>
- <title>¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤Î°ÂÁ´À¤ò¹â¤á¤ë</title>
+ <para>¥Ð¥¤¥Ê¥ê½ð̾¤Î¸¡¾Ú¤Î¤¿¤á¤Ë¡¢
+ °Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤È¡¢¸½ºß¤Î½ð̾¤Î¥ê¥¹¥È¤òÆɤ߹þ¤ß¡¢
+ ·ë²Ì¤ò½ÐÎϤ·¤Þ¤¹¡£</para>
- <para>¤Ç¤¤ë¤À¤±Â¿¤¯¤Î¥Ñ¥¹¥ï¡¼¥É¤ò¥¢¥¹¥¿¥ê¥¹¥¯¤Ç³°¤·¡¢
- ¤½¤ì¤é¤Î¥¢¥«¥¦¥ó¥È¤Î¥¢¥¯¥»¥¹¤Ë¤Ï
- &man.ssh.1; ¤ä Kerberos ¤ò»È¤¦¤è¤¦¤Ë¤¹¤ë¤³¤È¤¬¡¢Í£°ì¤Î³Î¼Â¤ÊÊýË¡¤Ç¤¹¡£
- °Å¹æ²½¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë
- (<filename>/etc/spwd.db</filename>) ¤Ï
- <systemitem class="username">root</systemitem>
- ¤Ç¤Î¤ßÆɤ߽Ф·²Äǽ¤À¤±¤ì¤É¤â¡¢
- ¤¿¤È¤¨¡¢¿¯Æþ¼Ô¤¬ root ¤Î½ñ¤¹þ¤ß¸¢¸Â¤ÏÆÀ¤é¤ì¤Ê¤¯¤È¤â¡¢
- Æɤ߽Ф·¥¢¥¯¥»¥¹¸¢¸Â¤òÆÀ¤ë¤³¤È¤Ï²Äǽ¤«¤â¤·¤ì¤Þ¤»¤ó¡£</para>
+ <screen>&prompt.root; <userinput>mtree -s 3483151339707503 -p /bin < bin_chksum_mtree >> bin_chksum_output</userinput></screen>
- <para><link
- linkend="security-integrity">¥Õ¥¡¥¤¥ë¤Î´°Á´À¤Î¥Á¥§¥Ã¥¯</link>
- Àá¤ÇÀâÌÀ¤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ë¡¢
- ¥»¥¥å¥ê¥Æ¥£¥¹¥¯¥ê¥×¥È¤Ç¥Ñ¥¹¥ï¡¼¥É¥Õ¥¡¥¤¥ë¤ÎÊѹ¹¤ò¥Á¥§¥Ã¥¯¤·¡¢
- Êó¹ð¤¹¤ë¤è¤¦¤Ë¤¹¤Ù¤¤Ç¤¹¡£</para>
- </sect2>
+ <para>¤³¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤¹¤ë¤È¡¢¤¹¤Ç¤Ë¥Á¥§¥Ã¥¯¥µ¥à¤òÀ¸À®¤·¤Æ¤¤¤ë
+ <filename>/bin</filename> ¤ËÂФ·¤Æ¡¢Æ±ÍͤΥÁ¥§¥Ã¥¯¥µ¥à¤òÀ¸À®¤·¤Þ¤¹¡£
+ ¤³¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¤«¤éÊѹ¹¤¬¹Ô¤ï¤ì¤Æ¤¤¤Ê¤¤¤Î¤Ç¡¢
+ <filename>bin_chksum_output</filename> ¤Ø¤Î¼çÎϤ϶õ¤È¤Ê¤ê¤Þ¤¹¡£
+ Êѹ¹¤¬¹Ô¤ï¤ì¤¿¾ì¹ç¤ò¥·¥ß¥å¥ì¡¼¥È¤¹¤ë¤¿¤á¤Ë¡¢
+ <filename>/bin/cat</filename> ¥Õ¥¡¥¤¥ë¤ÎÆüÉÕ¤ò
+ &man.touch.1; ¤ò»È¤Ã¤ÆÊѹ¹¤·¤Æ¡¢
+ ºÆÅÙ¸¡¾Ú¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¤ß¤Þ¤¹¡£</para>
- <sect2>
- <title>¥«¡¼¥Í¥ë¤Î¥³¥¢¡¢raw ¥Ç¥Ð¥¤¥¹¡¢
- ¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤Î°ÂÁ´À¤ò¹â¤á¤ë</title>
+ <screen>&prompt.root; <userinput>touch /bin/cat</userinput></screen>
+ <screen>&prompt.root; <userinput>mtree -s 3483151339707503 -p /bin < bin_chksum_mtree >> bin_chksum_output</userinput></screen>
+ <screen>&prompt.root; <userinput>cat bin_chksum_output</userinput></screen>
+ <programlisting>cat changed
+ modification time expected Fri Sep 27 06:32:55 2013 found Mon Feb 3 10:28:43 2014</programlisting>
- <para>ºÇ¶á¤Î¥«¡¼¥Í¥ë¤Ï¡¢ÁȤ߹þ¤ß¤Î¥Ñ¥±¥Ã¥ÈÇÁ¤¸«¥Ç¥Ð¥¤¥¹
- (packet sniffing device) ¥É¥é¥¤¥Ð¤òÈ÷¤¨¤Æ¤¤¤ë¤â¤Î¤¬¤Û¤È¤ó¤É¤Ç¤¹¡£
- &os; ¤Ç¤Ï <filename>bpf</filename> ¤È¸Æ¤Ð¤ì¤Æ¤¤¤Þ¤¹¡£
- ¤³¤Î¥Ç¥Ð¥¤¥¹¤Ï DHCP ¤ÇɬÍפȤʤ뤿¤á¡¢
- DHCP ¤òÄ󶡤·¤¿¤ê»È¤¦É¬ÍפΤʤ¤¥·¥¹¥Æ¥à¤Ç¤Ï¡¢
- ¥«¥¹¥¿¥à¥«¡¼¥Í¥ë¥³¥ó¥Õ¥£¥°¥ì¡¼¥·¥ç¥ó¥Õ¥¡¥¤¥ë¤«¤é³°¤¹¤³¤È¤¬¤Ç¤¤Þ¤¹¡£</para>
+ <para><package>security/aide</package> ¤Î¤è¤¦¤Ê¡¢
+ ¤è¤ê¹âÅÙ¤Ê <acronym>IDS</acronym> ¥·¥¹¥Æ¥à¤â¤¢¤ê¤Þ¤¹¤¬¡¢
+ ¤Û¤È¤ó¤É¤Î¥±¡¼¥¹¤Ë¤ª¤¤¤Æ¡¢
+ &man.mtree.8; ¤Ï´ÉÍý¼Ô¤¬É¬ÍפȤ¹¤ëµ¡Ç½¤òÄ󶡤·¤Þ¤¹¡£
+ °°Õ¤Î¤¢¤ë¥æ¡¼¥¶¤¬¡¢
+ ¥·¡¼¥ÉÃͤª¤è¤Ó¥Á¥§¥Ã¥¯¥µ¥à¤Î½ÐÎϤò¸«¤ì¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤³¤È¤¬½ÅÍפǤ¹¡£</para>
+ </sect2>
- <indexterm>
- <primary>&man.sysctl.8;</primary>
- </indexterm>
+ <sect2 xml:id="security-tuning">
+ <title>¥»¥¥å¥ê¥Æ¥£¤Î¤¿¤á¤Î¥·¥¹¥Æ¥à¤ÎÄ´À°</title>
+
+ <para>¥·¥¹¥Æ¥à¤Îµ¡Ç½¤Î¿¤¯¤Ï¡¢&man.sysctl.8; ¤ò»È¤Ã¤ÆÄ´À°¤Ç¤¤Þ¤¹¡£
+ Denial of Service (<acronym>DOS</acronym>)
+ ¥¹¥¿¥¤¥ë¤Î¹¶·â¤òÈò¤±¤ë¤¿¤á¤Î¥»¥¥å¥ê¥Æ¥£µ¡Ç½¤ËÂФ·¤Æ¤âƱÍͤǤ¹¡£
+ ¤³¤ÎÀá¤Ç¤Ï¡¢¤è¤ê½ÅÍפÊÄ´À°¤Ë¤Ä¤¤¤Æ¤â¿¨¤ì¤Æ¤¤¤Þ¤¹¡£
+ &man.sysctl.8; ¤Ë¤è¤ê¡¢ÀßÄ꤬Êѹ¹¤µ¤ì¤¿»þ¤Ï¤¤¤Ä¤Ç¤â¡¢
+ ˾¤Þ¤Ê¤¤´í³²¤¬µ¯¤³¤ë²ÄǽÀ¤Ï¹â¤Þ¤ê¡¢
+ ¥·¥¹¥Æ¥à¤Î²ÄÍÑÀ¤Ë±Æ¶Á¤·¤Þ¤¹¡£
+ ¥·¥¹¥Æ¥àÁ´ÂΤÎÀßÄê¤òÊѹ¹¤¹¤ë»þ¤Ë¤Ï¡¢
+ ¥·¥¹¥Æ¥à¤Î <acronym>CIA</acronym> ¤ò¹Í¤¨¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
- <para><filename>bpf</filename> ¤ò³°¤·¤Æ¤â¡¢
- <filename>/dev/mem</filename> ¤ª¤è¤Ó
- <filename>/dev/kmem</filename> ¤È¤¤¤¦ÌäÂ꤬¤Þ¤À»Ä¤Ã¤Æ¤¤¤Þ¤¹¡£
- ¿¯Æþ¼Ô¤Ï raw ¥Ç¥£¥¹¥¯¥Ç¥Ð¥¤¥¹¤Ë½ñ¤¹þ¤à¤³¤È¤â¤Ç¤¤Þ¤¹¡£
- ¤ä¤ëµ¤¤Þ¤ó¤Þ¤ó¤Î¿¯Æþ¼Ô¤Ï¡¢&man.kldload.8;
- ¤ò»È¤Ã¤Æ¼«Ê¬Æȼ«¤Î <filename>bpf</filename>¡¢
- ¤â¤·¤¯¤Ï¾¤ÎÇÁ¤¸«¥Ç¥Ð¥¤¥¹¤òÆ°ºîÃæ¤Î¥«¡¼¥Í¥ë¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤Ç¤¤Þ¤¹¡£
- ¤³¤ÎÌäÂê¤òÈò¤±¤ë¤¿¤á¡¢¥«¡¼¥Í¥ë¤ò¤è¤ê¹â¤¤¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¡¢
- ¾¯¤Ê¤¯¤È¤â¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë 1 ¤Ç¼Â¹Ô¤µ¤»¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
+ <para>°Ê²¼¤Ç¤Ï¡¢&man.sysctl.8; ¤Î°ìÍ÷¡¢
+ ¤ª¤è¤ÓÊѹ¹¤¬¥·¥¹¥Æ¥à¤Ë¤É¤Î¤è¤¦¤Ë±Æ¶Á¤¹¤ë¤«¤òÀâÌÀ¤·¤Þ¤¹¡£</para>
- <para>¥«¡¼¥Í¥ë¤Î¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Ï¤¤¤¯¤Ä¤«¤ÎÊýË¡¤ÇÀßÄê¤Ç¤¤Þ¤¹¡£
- ¸½ºßÆ°¤¤¤Æ¤¤¤ë¥«¡¼¥Í¥ë¤Î¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ò¹â¤á¤ëºÇ¤â´Êñ¤ÊÊýË¡¤Ï¡¢
- <varname>kern.securelevel</varname> ¤òÀßÄꤹ¤ëÊýË¡¤Ç¤¹¡£</para>
-
- <screen>&prompt.root; <userinput>sysctl kern.securelevel=1</userinput></screen>
-
<para>¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢&os; ¤Î¥«¡¼¥Í¥ë¤Ï¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë
-1 ¤Çµ¯Æ°¤·¤Þ¤¹¡£
¤³¤Î¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Ï¡¢
@@ -521,479 +511,65 @@
<literal>YES</literal> ¤È¤·¡¢
<varname>kern_securelevel</varname>
¤ËɬÍפȤ¹¤ëÃͤòÀßÄꤹ¤ë¤³¤È¤Ç¡¢
- ¥·¥¹¥Æ¥àµ¯Æ°»þ¤Ë¥»¥¥å¥¢¥ì¥Ù¥ë¤ò¹â¤á¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£</para>
-
- <para>¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ò 1 °Ê¾å¤ËÀßÄꤹ¤ë¤È¡¢
- ÄɲÃÀìÍѤª¤è¤ÓÊѹ¹ÉԲĥե¡¥¤¥ë¤Î¥Õ¥é¥°¤ò³°¤¹¤³¤È¤Ï¤Ç¤¤Ê¤¯¤Ê¤ê¡¢
- ¤Þ¤¿ raw ¥Ç¥Ð¥¤¥¹¤Ø¤Î¥¢¥¯¥»¥¹¤¬µñÈݤµ¤ì¤Þ¤¹¡£
- ¤è¤ê¹â¤¤¥ì¥Ù¥ë¤ËÀßÄꤹ¤ë¤È¡¢¤è¤ê¿¤¯¤ÎÁàºî¤ËÀ©¸Â¤¬¤«¤«¤ê¤Þ¤¹¡£
- ³Æ¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Î´°Á´¤ÊÀâÌÀ¤Ë¤Ä¤¤¤Æ¤Ï¡¢
+ ¥·¥¹¥Æ¥àµ¯Æ°»þ¤Ë¥»¥¥å¥¢¥ì¥Ù¥ë¤ò¹â¤á¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
+ ¤³¤ì¤é¤ÎÀßÄê¤Ë¤Ä¤¤¤Æ¤Î¤è¤ê¾ÜºÙ¤Ê¾ðÊó¤Ë¤Ä¤¤¤Æ¤Ï¡¢
&man.security.7; ¤ª¤è¤Ó &man.init.8; ¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
- <note>
- <para>¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ò 1 °Ê¾å¤ËÀßÄꤷ¤¿¾ì¹ç¤Ë¤Ï¡¢
- <filename>/dev/io</filename> ¤Ø¤Î¥¢¥¯¥»¥¹¤¬¥Ö¥í¥Ã¥¯¤µ¤ì¤ë¤¿¤á¡¢
- <application>&xorg;</application> ¤ä¡¢
- <buildtarget>installworld</buildtarget> ¤Î¥×¥í¥»¥¹¤Ç¤Ï¡¢
- ¤¤¤¯¤Ä¤«¤Î¥Õ¥¡¥¤¥ë¤ÎÄɲÃÀìÍѤª¤è¤ÓÊѹ¹ÉԲĤΥե饰¤Ï°ì»þŪ¤Ë¥ê¥»¥Ã¥È¤µ¤ì¤ë¤¿¤á¡¢
- ¥½¡¼¥¹¤«¤é &os;
- ¤ò¹½ÃÛ¤·¤Æ¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤È¤¤Ê¤É¤ÇÌäÂ꤬°ú¤µ¯¤³¤µ¤ì¤ë²ÄǽÀ¤¬¤¢¤ê¤Þ¤¹¡£
- <application>&xorg;</application> ¤ÎÌäÂê¤Ë¤Ä¤¤¤Æ¤Ï¡¢
- µ¯Æ°¥×¥í¥»¥¹½é´ü¤Î¥»¥¥å¥¢¥ì¥Ù¥ë¤¬½½Ê¬Ä㤤¤È¤¤Ë
- &man.xdm.1; ¤òµ¯Æ°¤¹¤ë¤³¤È¤Ç¡¢¤³¤ÎÌäÂê¤ËÂбþ¤Ç¤¤Þ¤¹¡£
- ¤³¤Î¤è¤¦¤Ê±þµÞ½èÃ֤ϡ¢
- ¤¹¤Ù¤Æ¤Î¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ä¤½¤ì¤é¤¬²Ý¤¹ÀøºßŪ¤Ê¤¹¤Ù¤Æ¤ÎÀ©¸Â¤Ë¤ÏÂбþ¤Ç¤¤Ê¤¤¤Ç¤·¤ç¤¦¡£
- ¾¯¤·Àè¤ò¸«±Û¤·¤¿·×²èŪ¤ÊÂбþ¤ò¤¹¤Ù¤¤Ç¤¹¡£
- ³Æ¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Ç²Ý¤µ¤ì¤ëÀ©¸Â¤Ï¡¢
- ¥·¥¹¥Æ¥à¤ò»ÈÍѤ¹¤ë¤³¤È¤Ë¤è¤ëÍøÊØÀ¤òÃø¤·¤¯¸º¤é¤·¤Æ¤·¤Þ¤¦¤¿¤á¡¢
- ¤³¤ÎÀ©¸Â¤òÍý²ò¤¹¤ë¤³¤È¤Ï½ÅÍפǤ¹¡£
- ¤Þ¤¿¡¢³Æ¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ÎÀ©¸Â¤òÍý²ò¤¹¤ë¤³¤È¤Ç¡¢
- ¥Ç¥Õ¥©¥ë¥È¤ÎÀßÄê¤ò¤è¤ê¥·¥ó¥×¥ë¤Ë¤Ç¤¡¢
- ÀßÄê¤Ë´Ø¤¹¤ë°Õ³°À¤ò¾¯¤Ê¤¯¤Ç¤¤ë¤Ç¤·¤ç¤¦¡£</para>
- </note>
+ <warning>
+ <para><varname>securelevel</varname> ¤òÂ礤¯¤·¤¹¤®¤ë¤È¡¢
+ <application>Xorg</application>
+ ¤¬Æ°¤«¤Ê¤¯¤Ê¤Ã¤¿¤ê¡¢Â¾¤ÎÌäÂ꤬µ¯¤¤ë²ÄǽÀ¤¬¤¢¤ê¤Þ¤¹¡£
+ ¥Ç¥Ð¥Ã¥°¤Î¿´¤Å¤â¤ê¤ò¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
+ </warning>
- <para>¥«¡¼¥Í¥ë¤Î¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤ò 1 °Ê¾å¤ËÀßÄꤷ¤¿¾ì¹ç¤Ë¤Ï¡¢
- ¥·¥¹¥Æ¥àµ¯Æ°¤Ë´Ø¤ï¤ë½ÅÍפʥХ¤¥Ê¥ê¤ä¥Ç¥£¥ì¥¯¥È¥ê¡¢
- ¥¹¥¯¥ê¥×¥È¥Õ¥¡¥¤¥ë¡¢¤½¤·¤Æ¡¢
- ¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤¬ÀßÄꤵ¤ì¤ë¤Þ¤Ç¤Î´Ö¤Ë¼Â¹Ô¤µ¤ì¤ë¤¹¤Ù¤Æ¤Î¤â¤Î¤ËÂФ·¤Æ¡¢
- <literal>schg</literal> ¥Õ¥é¥°¤òÀßÄꤹ¤ë¤³¤È¤ÏÍÍѤǤ·¤ç¤¦¡£
- ¥·¥¹¥Æ¥à¤ò¤è¤ê¹â¤¤¥»¥¥å¥ê¥Æ¥£¥ì¥Ù¥ë¤Ç¼Â¹Ô¤µ¤»¤ë¤è¤¦¤Ë¤¹¤ë¤¬¡¢
- <literal>schg</literal>
- ¥Õ¥é¥°¤òÀßÄꤷ¤Ê¤¤¤È¤¤¤¦¤È¤³¤í¤ÇÂŶ¨¤¹¤ë¤È¤¤¤¦¼ê¤â¤¢¤ê¤Þ¤¹¡£
- ¤â¤¦°ì¤Ä¤Î²ÄǽÀ¤È¤·¤Æ¤Ï¡¢Ã±½ã¤Ë
- <filename>/</filename> ¤ª¤è¤Ó <filename>/usr</filename>
- ¤òÆɤ߹þ¤ßÀìÍѤǥޥ¦¥ó¥È¤¹¤ë¤³¤È¤Ç¤¹¡£
- ¤³¤³¤ÇÆÃÉ®¤¹¤Ù¤¤³¤È¤Ï¡¢¥·¥¹¥Æ¥à¤ò¼é¤í¤¦¤È¤·¤Æ¸·¤·¤¯¤·¤¹¤®¤ë¤È¡¢
- ¿¯Æþ¤ò¸¡½Ð¤¹¤ë¤³¤È¤¬¤Ç¤¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¦¤È¤¤¤¦¤³¤È¤Ç¤¹¡£</para>
- </sect2>
+ <para>¤Ä¤®¤ËÊѹ¹¤ò¸¡Æ¤¤¹¤Ù¤ &man.sysctl.8; ¤Ï¡¢
+ net.inet.tcp.blackhole ¤ª¤è¤Ó net.inet.udp.blackhole ¤Ç¤¹¡£
+ ¤³¤ì¤é¤òÀßÄꤹ¤ë¤È¡¢ÊĤ¸¤¿¥Ý¡¼¥È¤ËÂФ·¤ÆÆϤ¯
+ <acronym>SYN</acronym> ¥Ñ¥±¥Ã¥È¤Ï¥É¥í¥Ã¥×¤µ¤ì¡¢
+ <acronym>RST</acronym> ¥ì¥¹¥Ý¥ó¥¹¤òÊÖ¤·¤Þ¤»¤ó¡£
+ Ä̾ï¤Ï¡¢<acronym>RST</acronym> ¤òÊÖ¤·¡¢
+ ¤½¤Î¥Ý¡¼¥È¤¬ÊĤ¸¤é¤ì¤Æ¤¤¤ë¤³¤È¤òÅÁ¤¨¤Þ¤¹¡£
+ ¤³¤ì¤Ë¤è¤ê¡¢¥·¥¹¥Æ¥à¤ËÂФ¹¤ë <quote>¥¹¥Æ¥ë¥¹</quote>
+ ¥¹¥¥ã¥ó¤ËÂФ·¡¢¤¢¤ëÄøÅÙ¤ÎËɸæ¤È¤Ê¤ê¤Þ¤¹¡£
+ net.inet.tcp.blackhole ¤ò <quote>2</quote>¡¢
+ net.inet.udp.blackhole ¤ò <quote>1</quote> ¤ËÀßÄꤷ¤Æ¤¯¤À¤µ¤¤¡£
+ ¾ÜºÙ¤Ê¾ðÊó¤Ë¤Ä¤¤¤Æ &man.blackhole.4; ¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
- <sect2 xml:id="security-integrity">
- <title>¥Õ¥¡¥¤¥ë¤Î´°Á´À¤Î¥Á¥§¥Ã¥¯</title>
+ <para>¤µ¤é¤Ë¡¢net.inet.icmp.drop_redirect ¤ª¤è¤Ó
+ net.inet.ip.redirect ¤âÀßÄꤹ¤Ù¤¤Ç¤¹¡£
+ ¤³¤ì¤é 2 ¤Ä¤Î
+ &man.sysctl.8; ¤Ï¡¢¥ê¥À¥¤¥ì¥¯¥È¹¶·â¤òËɤ°½õ¤±¤È¤Ê¤ë¤Ç¤·¤ç¤¦¡£
+ ¥ê¥À¥¤¥ì¥¯¥È¹¶·â¤Ï¡¢
+ ¸Î°Õ¤ËÄ̾ï¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ç¤ÏɬÍפȤ·¤Ê¤¤¤è¤¦¤ÊÂçÎ̤Î
+ <acronym>ICMP</acronym> ¥¿¥¤¥× 5 ¤Î¥Ñ¥±¥Ã¥È¤òȯÀ¸¤·¤Þ¤¹¡£
+ ¤½¤Î¤¿¤á net.inet.icmp.drop_redirect ¤ò <quote>1</quote>¡¢
+ net.inet.ip.redirect ¤ò <quote>0</quote> ¤ËÀßÄꤷ¤Æ²¼¤µ¤¤¡£</para>
- <para>¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ë¤Ç¤¤ë¤³¤È¤Ï¡¢
- ÊØÍø¤µ¤È¤¤¤¦Í×ÁǤ¬¤½¤Î½¹¤¤Æ¬¤ò¾å¤²¤Ê¤¤ÄøÅ٤ˡ¢
- ¥³¥¢¥·¥¹¥Æ¥à¤ÎÀßÄê¤ÈÀ©¸æ¥Õ¥¡¥¤¥ë¤òËɸ椹¤ë¤³¤È¤À¤±¤Ç¤¹¡£
- ¤¿¤È¤¨¤Ð¡¢<filename>/</filename> ¤ª¤è¤Ó
- <filename>/usr</filename>
- ¤Ë¤¢¤ëÂçÉôʬ¤Î¥Õ¥¡¥¤¥ë¤Ë <literal>schg</literal>
- ¥Ó¥Ã¥È¤òÀßÄꤹ¤ë¤¿¤á¤Ë &man.chflags.1;
- ¤ò»ÈÍѤ¹¤ë¤Î¤Ï¡¢¤ª¤½¤é¤¯µÕ¸ú²Ì¤Ç¤·¤ç¤¦¡£
- ¤Ê¤¼¤Ê¤é¡¢¤½¤¦¤¹¤ë¤³¤È¤Ç¥Õ¥¡¥¤¥ë¤ÏÊݸî¤Ç¤¤Þ¤¹¤¬¡¢
- ¿¯Æþ¤ò¸¡½Ð¤¹¤ëÁë¤òÊĤ¶¤·¤Æ¤·¤Þ¤¦¤³¤È¤Ë¤â¤Ê¤ë¤«¤é¤Ç¤¹¡£
- ¥»¥¥å¥ê¥Æ¥£Âкö¤Ï¡¢
- ¿¯Æþ¤Î²ÄǽÀ¤ò¸¡½Ð¤Ç¤¤Ê¤±¤ì¤Ð¡¢ÍÍѤǤϤʤ¯¡¢
- ¤â¤Ã¤È°¤±¤ì¤Ð¡¢°ÂÁ´À¤ËÂФ¹¤ë´Ö°ã¤Ã¤¿´¶³Ð¤ò¿¢¤¨ÉÕ¤±¤Æ¤·¤Þ¤¤¤Þ¤¹¡£
- ¥»¥¥å¥ê¥Æ¥£¤ËÂФ¹¤ë»Å»ö¤ÎȾʬ¤Ï¡¢
- ¹¶·â¼Ô¤ò¹¶·â¤ÎºÇÃæ¤ËÊᤨ¤ë¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ë¡¢
- ¹¶·â¼Ô¤ò¿©¤¤»ß¤á¤ë¤Î¤Ç¤Ï¤Ê¤¯¿¯Æþ¤òÃ٤餻¤ë¤³¤È¤Ê¤Î¤Ç¤¹¡£</para>
+ <para>¥½¡¼¥¹¥ë¡¼¥Æ¥£¥ó¥°¤Ï¡¢
+ ÆâÉô¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Ç¥ë¡¼¥Æ¥£¥ó¥°¤Ç¤¤Ê¤¤¥¢¥É¥ì¥¹¤ò¸¡½Ð¤·¤¿¤ê¥¢¥¯¥»¥¹¤¹¤ë¤¿¤á¤ÎÊýË¡¤Ç¤¹¡£
+ Ä̾ï¥ë¡¼¥Æ¥£¥ó¥°¤Ç¤¤Ê¤¤¥¢¥É¥ì¥¹¤Ï¡¢
+ °Õ¿Þ¤·¤Æ¥ë¡¼¥Æ¥£¥ó¥°¤Ç¤¤Ê¤¤¤è¤¦¤Ë¤·¤Æ¤¤¤ë¤Î¤Ç¡¢
+ ¤³¤ÎÀßÄê¤Ï¤ª¤½¤é¤¯Ìµ¸ú¤Ë¤¹¤Ù¤¤Ç¤¹¡£
+ ¤³¤Îµ¡Ç½¤ò̵¸ú¤Ë¤¹¤ë¤Ë¤Ï¡¢
+ net.inet.ip.sourceroute ¤ª¤è¤Ó net.inet.ip.accept_sourceroute
+ ¤ò <quote>0</quote> ¤ËÀßÄꤷ¤Æ¤¯¤À¤µ¤¤¡£</para>
- <para>¿¯Æþ¤ò¸¡½Ð¤¹¤ëºÇ¤âÎɤ¤ÊýË¡¤Ï¡¢Êѹ¹¤µ¤ì¤Æ¤¤¤¿¤ê¡¢
- ¾Ã¤¨¤Æ¤¤¤¿¤ê¡¢Æþ¤ì¤¿³Ð¤¨¤¬¤Ê¤¤¤Î¤ËÆþ¤Ã¤Æ¤¤¤ë¥Õ¥¡¥¤¥ë¤òõ¤¹¤³¤È¤Ç¤¹¡£
- Êѹ¹¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤òõ¤¹¤Î¤ËºÇ¤âÎɤ¤ÊýË¡¤Ï¡¢¤â¤¦°ì¤Ä¤Î
- ¤·¤Ð¤·¤ÐÃæ±û¤Ë½¸¤á¤é¤ì¤¿¡¢
- ¥¢¥¯¥»¥¹¤¬À©¸Â¤µ¤ì¤¿¥·¥¹¥Æ¥à¤«¤é¹Ô¤Ê¤¦¤â¤Î¤Ç¤¹¡£
- ¤µ¤é¤Ë°ÂÁ´¤Ç¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥·¥¹¥Æ¥à¾å¤Ç¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤ò½ñ¤±¤Ð¡¢
- ¥¹¥¯¥ê¥×¥È¤ÏÀøºßŪ¤Ê¹¶·â¼Ô¤«¤é¤Ï¤Û¤Ü¸«¤¨¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£
- ¤³¤Î͸úÀ¤òºÇÂç¸Â¤Ë³èÍѤ¹¤ë¤¿¤á¤Ë¤Ï¡¢
- ¥¢¥¯¥»¥¹¤ÎÀ©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤«¤é¾¤Î¥Þ¥·¥ó¤Ø¤Î¤«¤Ê¤ê¤Î¥¢¥¯¥»¥¹¤òµö²Ä¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
- ÉáÄ̤ϡ¢Æɤ߹þ¤ßÀìÍѤΠ<acronym>NFS</acronym> ¥¨¥¯¥¹¥Ý¡¼¥È¤ò¤·¤¿¤ê¡¢
- &man.ssh.1; ¸°¤Î¥Ú¥¢¤òÀßÄꤷ¤¿¤ê¤·¤Þ¤¹¡£
- ¥Í¥Ã¥È¥ï¡¼¥¯¤Î¥È¥é¥Õ¥£¥Ã¥¯¤òÊ̤ˤ·¤Æ¡¢
- <acronym>NFS</acronym> ¤ÏºÇ¤â²Ä»ëÀ¤Î¤Ê¤¤ÊýË¡¤Ç¤¹¡£
- ´ÉÍý¼Ô¤Ï¡¢³Æ¥¯¥é¥¤¥¢¥ó¥È¾å¤Î¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤ò¡¢
- »ö¼Â¾å¸¡½Ð¤µ¤ì¤º¤Ë´Æ»ë¤Ç¤¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£
- ¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥µ¡¼¥Ð¤¬¥¹¥¤¥Ã¥Á¤òÄ̤·¤Æ¥¯¥é¥¤¥¢¥ó¥È¤ËÀܳ¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢
- ¤¿¤¤¤Æ¤¤ <acronym>NFS</acronym> ¤¬¤è¤êÎɤ¤ÁªÂò»è¤Ç¤¹¡£
- ¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥µ¡¼¥Ð¤¬¡¢
- ¤¤¤¯¤Ä¤«¤Î¥ë¡¼¥Æ¥£¥ó¥°ÁؤòÄ̤·¤Æ¥¯¥é¥¤¥¢¥ó¥È¤ËÀܳ¤·¤Æ¤¤¤ë¾ì¹ç¡¢
- <acronym>NFS</acronym> ¤Ï¤¢¤Þ¤ê¤Ë¤â´í¸±¤Ê¤Î¤Ç¡¢
- &man.ssh.1; ¤ÎÊý¤¬Îɤ¤ÊýË¡¤Ç¤·¤ç¤¦¡£</para>
+ <para>¥Ö¥í¡¼¥É¥¥ã¥¹¥È¥¢¥É¥ì¥¹¤ËÂФ¹¤ë¤¹¤Ù¤Æ¤Î
+ <acronym>ICMP</acronym> ¥¨¥³¡¼¥ê¥¯¥¨¥¹¥È¤Ï¡¢¥É¥í¥Ã¥×¤·¤Æ¤¯¤À¤µ¤¤¡£
+ ¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Î¥³¥ó¥Ô¥å¡¼¥¿¤¬¥µ¥Ö¥Í¥Ã¥È¤Ë¤¢¤ë¤¹¤Ù¤Æ¤Î¥Û¥¹¥È¤Ë¥á¥Ã¥»¡¼¥¸¤òÁ÷¤ëɬÍפ¬¤¢¤ë¾ì¹ç¤Ë¤Ï¡¢
+ ¥á¥Ã¥»¡¼¥¸¤Ï¥Ö¥í¡¼¥É¥¥ã¥¹¥È¥¢¥É¥ì¥¹¤ËÁ÷¤é¤ì¤Þ¤¹¡£
+ ³°Éô¤Î¥Û¥¹¥È¤Ë¤Ä¤¤¤Æ¤Ï¡¢
+ ¤³¤Î¤è¤¦¤ÊÁ÷¿®¤ò¤¹¤ëɬÍפϤʤ¤¤Î¤Ç¡¢
+ ³°Éô¤«¤é¥Ö¥í¡¼¥É¥¥ã¥¹¥È¤Ø¤Î¥ê¥¯¥¨¥¹¥È¤ò¤¹¤Ù¤ÆµñÈݤ¹¤ë¤è¤¦¤Ë¡¢
+ net.inet.icmp.bmcastecho ¤ò <quote>0</quote>
+ ¤ËÀßÄꤷ¤Æ¤¯¤À¤µ¤¤¡£</para>
- <para>¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤Ë¡¢
- ´Æ»ë¤·¤è¤¦¤È¤¹¤ë¥¯¥é¥¤¥¢¥ó¥È¥·¥¹¥Æ¥à¤Ø¤Î¾¯¤Ê¤¯¤È¤âÆɤ߹þ¤ß¤Î¥¢¥¯¥»¥¹¸¢¤òÍ¿¤¨¤¿¤é¡¢
- ¼¡¤Ë´Æ»ë¤¹¤ë¤¿¤á¤Î¥¹¥¯¥ê¥×¥È¤ò½ñ¤«¤Ê¤¯¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¡£
- <acronym>NFS</acronym> ¥Þ¥¦¥ó¥È¤ò¤¹¤ì¤Ð¡¢&man.find.1; ¤ä &man.md5.1;
- ¤Ê¤É¤Îñ½ã¤Ê¥·¥¹¥Æ¥à¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤Ç¥¹¥¯¥ê¥×¥È¤ò½ñ¤¯¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
- ¾¯¤Ê¤¯¤È¤â 1 Æü 1 ²ó¡¢¥¯¥é¥¤¥¢¥ó¥È¤Î¥·¥¹¥Æ¥à¥Õ¥¡¥¤¥ë¤òľÀÜ
- &man.md5.1; ¤Ë¤«¤±¡¢
- ¤µ¤é¤Ë¤â¤Ã¤ÈÉÑÈË¤Ë <filename>/etc</filename> ¤ª¤è¤Ó
- <filename>/usr/local/etc</filename>
- ¤Ë¤¢¤ë¤è¤¦¤Ê¥³¥ó¥È¥í¡¼¥ëÍÑ¥Õ¥¡¥¤¥ë¤ò»î¸³¤¹¤ë¤Î¤¬°ìÈ֤Ǥ¹¡£
- ¥¢¥¯¥»¥¹À©¸Â¤µ¤ì¤¿¥Þ¥·¥ó¤¬Àµ¤·¤¤¤ÈÃΤäƤ¤¤ë¡¢
- ´ð¤È¤Ê¤ë md5 ¾ðÊó¤ÈÈæ¤Ù¤Æ°ã¤¤¤¬¸«¤Ä¤«¤Ã¤¿¾ì¹ç¡¢
- ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ë·Ù¹ð¤¹¤ë¤è¤¦¤Ë¤¹¤Ù¤¤Ç¤¹¡£
- Í¥¤ì¤¿¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤Ï¡¢
- <filename>/</filename> ¤ª¤è¤Ó <filename>/usr</filename>
- ¤Ê¤É¤Î¥·¥¹¥Æ¥à¥Ñ¡¼¥Æ¥£¥·¥ç¥ó¾å¤ÇÉÔŬÅö¤Ë
- SUID ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤ä¡¢
- ¿·¤¿¤ËºîÀ®¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤äºï½ü¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤¬¤Ê¤¤¤«¤É¤¦¤«¤òÄ´¤Ù¤ë¤Ç¤·¤ç¤¦¡£</para>
-
- <para><acronym>NFS</acronym> ¤Ç¤Ï¤Ê¤¯¡¢&man.ssh.1; ¤ò»ÈÍѤ¹¤ë¾ì¹ç¤Ï¡¢
- ¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤ò½ñ¤¯¤Î¤Ï¤è¤êÆñ¤·¤¤¤³¤È¤Ç¤¹¡£
- ¤¿¤È¤¨¤Ð¡¢¥¹¥¯¥ê¥×¥È¤òÆ°¤«¤¹¤¿¤á¤Ë¤Ï¡¢¥¯¥é¥¤¥¢¥ó¥È¤ËÂФ·¤Æ¥¹¥¯¥ê¥×¥È¤ò
- &man.scp.1; ¤·¤Ê¤¯¤Æ¤Ï¤¤¤±¤Þ¤»¤ó¤·¡¢
- ¥¯¥é¥¤¥¢¥ó¥È¥Þ¥·¥ó¤Î &man.ssh.1;
- ¥¯¥é¥¤¥¢¥ó¥È¤Ï¤¹¤Ç¤Ë¹¶·â¤µ¤ì¤Æ¤·¤Þ¤Ã¤Æ¤¤¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
- °ÂÁ´¤Ç¤Ê¤¤¥ê¥ó¥¯¾å¤Î¾ì¹ç¤Ï
- &man.ssh.1; ¤ÏɬÍפ«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢
- °·¤¤¤Ï¤È¤Æ¤âÂçÊѤˤʤê¤Þ¤¹¡£</para>
-
- <para>Í¥¤ì¤¿¥»¥¥å¥ê¥Æ¥£ÍÑ¥¹¥¯¥ê¥×¥È¤Ï¡¢
- <filename>.rhosts</filename>,
- <filename>.ssh/authorized_keys</filename>
- ¤Ê¤É¤Î±£¤·ÀßÄê¥Õ¥¡¥¤¥ë¤ÎÊѹ¹¤â¥Á¥§¥Ã¥¯¤¹¤ë¤â¤Î¤Ç¤¹¡£
- ¤³¤ì¤é¤Ï <literal>MD5</literal>
- ¥Á¥§¥Ã¥¯¤ÎÈϰϳ°¤Ë¤Ê¤Ã¤Æ¤·¤Þ¤¦¤Ç¤¢¤í¤¦¥Õ¥¡¥¤¥ë·²¤Ç¤¹¡£</para>
-
- <para>¥æ¡¼¥¶ÍѤΥǥ£¥¹¥¯ÍÆÎ̤¬Èó¾ï¤ËÂ礤¤¾ì¹ç¤Ï¡¢
- ¥Ñ¡¼¥Æ¥£¥·¥ç¥ó¾å¤Î³Æ¥Õ¥¡¥¤¥ë¤ò¸«¤Æ²ó¤ë¤Î¤ËÂçÊѤʻþ´Ö¤¬¤«¤«¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£
- ¤³¤Î¾ì¹ç¤Ï¡¢&man.mount.8; ¤Ë¤è¤ê <literal>nosuid</literal>
- ¤ò»È¤¦¤³¤È¤Ç¡¢¥Þ¥¦¥ó¥È¥Õ¥é¥°¤òÀßÄꤷ¤Æ¡¢
- SUID ¤µ¤ì¤¿¥Ð¥¤¥Ê¥ê¤òÃÖ¤±¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤Î¤¬Îɤ¤¹Í¤¨¤Ç¤¹¡£
- ¾¯¤Ê¤¯¤È¤â½µ¤Ë 1 Å٤ϥե¡¥¤¥ë¥·¥¹¥Æ¥à¤ò¥¹¥¥ã¥ó¤¹¤ë¤Ù¤¤Ç¤¹¡£
- ¤Ê¤¼¤Ê¤é¡¢ÌÜŪ¤Ï¡¢¿¯Æþ¤¬À®¸ù¤·¤¿¤«¤É¤¦¤«¤Ë´Ø¤ï¤é¤º¡¢
- ÉÔÀµ¿¯Æþ¤Î»î¤ß¤¬¤¢¤Ã¤¿¤³¤È¤Î¸¡½Ð¤ò¤¹¤ë¤³¤È¤À¤«¤é¤Ç¤¹¡£</para>
-
- <para>¥×¥í¥»¥¹¥¢¥«¥¦¥ó¥Æ¥£¥ó¥° (&man.accton.8; »²¾È) ¤Ï¡¢
- ¥Þ¥·¥ó¤Ø¤Î¿¯Æþ¤ò¸¡½Ð¤¹¤ë¤¿¤á¤Î¥á¥«¥Ë¥º¥à¤È¤·¤Æ¿ä¾©¤Ç¤¤ë¡¢
- Èæ³ÓŪ¥ª¡¼¥Ð¥Ø¥Ã¥É¤Î¾¯¤Ê¤¤ &os; ¤Îµ¡Ç½¤Ç¤¹¡£
- ¿¯Æþ¤ò¼õ¤±¤¿¸å¤Ç¤âÅö³º¥Õ¥¡¥¤¥ë¤¬Ìµ½ý¤Ç¤¢¤ë¾ì¹ç¤Ë¡¢
- ¿¯Æþ¼Ô¤¬¤É¤Î¤è¤¦¤Ë¤·¤Æ¥·¥¹¥Æ¥à¤Ë¿¯Æþ¤·¤¿¤«¤òÄÉÀפ¹¤ë¤Î¤ËÆäËÌòΩ¤Á¤Þ¤¹¡£</para>
-
- <para>ºÇ¸å¤Ë¡¢
- ¥»¥¥å¥ê¥Æ¥£¥¹¥¯¥ê¥×¥È¤Ï¥í¥°¥Õ¥¡¥¤¥ë¤ò½èÍý¤¹¤ë¤è¤¦¤Ë¤·¡¢
- ¥í¥°¥Õ¥¡¥¤¥ë¼«ÂΤâ¤Ç¤¤ë¤À¤±°ÂÁ´À¤Î¹â¤¤ÊýË¡¤ÇÀ¸À®¤¹¤ë¤è¤¦¤Ë¤·¡¢
- ¥ê¥â¡¼¥È¤Î syslog ¥µ¡¼¥Ð¤ËÁ÷¿®¤¹¤ë¤è¤¦¤Ë¤¹¤Ù¤¤Ç¤¹¡£
- ¿¯Æþ¼Ô¤Ï¼«Ê¬¤Î¿¯Æþ¤Îº¯Àפòʤ¤¤±£¤½¤¦¤È¤·¤Þ¤¹¤·¡¢¤Þ¤¿¡¢
- ¥í¥°¥Õ¥¡¥¤¥ë¤Ï¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬ºÇ½é¤Î¿¯Æþ¤Î»þ¹ï¤ÈÊýË¡¤òÄÉÀפ·¤Æ¤æ¤¯¤¿¤á¤Ë¶Ë¤á¤Æ½ÅÍפǤ¹¡£
- ¥í¥°¥Õ¥¡¥¤¥ë¤ò±Êµ×¤Ë»Ä¤·¤Æ¤ª¤¯¤¿¤á¤Î 1 ¤Ä¤ÎÊýË¡¤Ï¡¢
- ¥·¥¹¥Æ¥à¥³¥ó¥½¡¼¥ë¤ò¥·¥ê¥¢¥ë¥Ý¡¼¥È¤Ë¤Ä¤Ê¤¤¤ÇÁö¤é¤»¡¢
- ¥³¥ó¥½¡¼¥ë¤ò´Æ»ë¤·¤Æ¤¤¤ë°ÂÁ´¤Ê¥Þ¥·¥ó¤Ë¾ðÊó¤ò½¸¤á¤ë¤³¤È¤Ç¤¹¡£</para>
- </sect2>
-
- <sect2>
- <title>Êм¹¶¸ÅªÊýË¡</title>
-
- <para>¿¾¯Êм¹¶¸Åª¤Ë¤Ê¤Ã¤Æ¤â·è¤·¤Æ°¤¤¤³¤È¤Ë¤Ï¤Ê¤ê¤Þ¤»¤ó¡£
- ¸¶Â§Åª¤Ë¡¢¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Ï¡¢
- ÊØÍø¤µ¤Ë±Æ¶Á¤òÍ¿¤¨¤Ê¤¤ÈϰϤǤ¤¤¯¤Ä¤Ç¤â¥»¥¥å¥ê¥Æ¥£µ¡Ç½¤òÄɲ乤뤳¤È¤¬¤Ç¤¤Þ¤¹¡£
- ¤Þ¤¿¡¢¤¤¤¯¤é¤«¹Íθ¤·¤¿·ë²Ì¡¢
- ÊØÍø¤µ¤Ë<emphasis>±Æ¶Á¤òÍ¿¤¨¤ë</emphasis>¥»¥¥å¥ê¥Æ¥£µ¡Ç½¤òÄɲ乤뤳¤È¤â¤Ç¤¤Þ¤¹¡£
- ¤è¤ê½ÅÍפʤ³¤È¤Ï¡¢
- ¥»¥¥å¥ê¥Æ¥£´ÉÍý¼Ô¤Ï¤³¤ì¤ò¿¾¯º®¤¼¤³¤¼¤Ë¤·¤Æ»È¤¦¤Ù¤¤À¤È¤¤¤¦¤³¤È¤Ç¤¹¡£
- ¤â¤·¤³¤Î¾Ï¤Ç½ñ¤«¤ì¤Æ¤¤¤ë¿ä¾©¤µ¤ì¤ëÊýË¡¤ò¤½¤Î¤Þ¤Þ»ÈÍѤ·¤¿¾ì¹ç¤Ï¡¢
- ͽÁÛ¤µ¤ì¤ë¹¶·â¼Ô¤Ï¤ä¤Ï¤ê¤³¤Îʸ½ñ¤òÆɤó¤Ç¤¤¤ë¤ï¤±¤Ç¤¹¤«¤é¡¢
- Ëɸæºö¤ò¶µ¤¨¤Æ¤·¤Þ¤¦¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£</para>
- </sect2>
-
- <sect2>
- <title>¥µ¡¼¥Ó¥¹Ë¸³²¹¶·â</title>
-
- <indexterm>
- <primary>¥µ¡¼¥Ó¥¹Ë¸³² (DoS)</primary>
- </indexterm>
-
- <para><acronym>DoS</acronym> ¹¶·â¤Ï¡¢ÉáÄ̤ϡ¢¥Ñ¥±¥Ã¥È¹¶·â¤Ç¤¹¡£
- ¥Í¥Ã¥È¥ï¡¼¥¯¤ò˰Ϥµ¤»¤ëºÇÀèü¤Îµ¶Â¤¥Ñ¥±¥Ã¥È (spoofed packet)
- ¹¶·â¤ËÂФ·¤Æ¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬ÂǤƤë¼ê¤Ï¤½¤ì¤Û¤É¿¤¯¤¢¤ê¤Þ¤»¤ó¤¬¡¢
- °ìÈÌŪ¤Ë¡¢°Ê²¼¤Î¤è¤¦¤ÊÊýË¡¤Ë¤è¤ê¡¢
- ¤½¤Î¼ï¤Î¹¶·â¤Ë¤è¤Ã¤Æ¥µ¡¼¥Ð¤¬¥À¥¦¥ó¤·¤Ê¤¤¤³¤È¤ò³Î¼Â¤Ë¤¹¤ë¤³¤È¤Ç¡¢
- Èï³²¤ò¤¢¤ë¸ÂÅ٤˿©¤¤»ß¤á¤ë¤³¤È¤Ï¤Ç¤¤Þ¤¹¡£</para>
-
- <orderedlist>
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-all
mailing list