Scribd Logo
Upload

Welcome to Scribd!

  • 2 Xinetd

    Uploaded by

    Nguyễn Ngọc Liệu
    20 views20 pages

    Original Title

    2.Xinetd

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    20 views20 pages

    2 Xinetd

    Uploaded by

    Nguyễn Ngọc Liệu

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 20

    TCP WRAPPERS

    &
    XINETD
    Trnh by: Trn Huy Cng
    Cu hnh m !" ru#$ r%ng TCP Wr&''$r
    X(n$)
    TCP Wr&''$r
    Trn Huy Cng
    XINETD
    3

    XNETD l 1 chng trnh c dng qun


    l mt s ng dung truyn d liu nh nh
    telnet, tftp, vsftp.

    Kh nng ngn cn kiu tn cng t chi


    djch vu, port scanner

    Qun l truy cp

    File cu hnh:

    /etc/xinetd.conf : file cu hnh ton cuc

    /etc/xinetd.d/<service>.conf: th muc cha


    file cu hnh cho tng djch vu.
    Trn Huy Cng
    XINETD
    4
    !$r*(+$ $#n$,
    -#&g! . RE/SE
    !%+0$1y'$ . !r$&m
    2&( . n%
    u!$r . r%%
    !$r*$r . 3u!r3!b(n3(n4$#n$)
    #%g1%n1-&(#ur$ 5. /SERID
    )(!&b#$ . y$!
    6
    Trn Huy Cng
    XINETD
    5

    service : Mc jnh l tn djch vu, thng dng


    ph hp vi djch vu trong /etc/services file.

    flags: thit lp 1 con s bt ky cho 1 kt ni.


    REUSE trong xinetd l s dung lai 1 kt ni
    m t trc trong telnet (ging connection
    pool)

    socket_type: set loai network l TCP hay UDP

    wait : mc jnh th djch vu l 1 tin trnh ring


    l (yes) nhiu kt ni l (no)

    user: mc jnh l user D ca tin trnh dang


    chay.
    Trn Huy Cng
    XINETD
    6

    nstances: Gii han s lng connection

    server: ng dn executable file khi khi


    ng djch vu

    disable: djch vu bj disable hay khng

    only_from: cho php host no s dung djch vu

    no_access: kha nhng host no khng c


    s dung djch vu.

    access_times: khong thi gian m host c th


    s dung, phi jnh dang khong thi gian theo
    24 h v c jnh dang. HH:MM-HH:MM.
    Trn Huy Cng
    XINETD
    7

    #%g1%n1-&(#ur$ && #%g1%n1!u++$!!

    ATTEMPT S ln c gng login tht bai

    DURATON Thi gian s dung djch vu

    EXT Trang thi tt kt ni

    HOST ja chi P ca remote host

    PD M tin trnh x l kt ni

    USERD P ca remote user dua trn RFC


    1413
    Trn Huy Cng
    INSTA77 D8CH 9: XINETD
    8

    yum install xinetd

    yum install telnet*


    Trn Huy Cng
    C;/ H<NH D8CH 9: TE7NET
    9
    service telnet
    {
    flags = REUSED
    socket_type = stream
    wait = no
    user = root
    server = /usr/sbin/in.telnetd
    log_on_failure += USERD
    disable = no
    instances = 1
    only_from = 192.168.1.124
    access_times = 8:30-17:30
    }
    Trn Huy Cng
    C;/ H<NH D8CH 9: TE7NET
    10
    Cho php root login v djch vu telnet
    M file /etc/securetty thm vo
    pts/0
    pts/1
    pts/2
    pts/3
    pts/4
    pts/5
    pts/6
    pts/7
    pts/8
    pts/9
    Cu hnh m !" ru#$ r%ng TCP Wr&''$r
    X(n$)
    TCP Wr&''$r
    Trn Huy Cng
    TCP WRAPPERS
    12

    Thit lp thm mt
    tng bo v truy cp
    mt s djch vu nh
    xinetd, sendmail,
    sshd.

    S dung gi th
    vin
    /usr/lib/libwrap.a

    Ci mc jnh trn
    CentOS
    Trn Huy Cng
    TCP WRAPPERS
    13
    Khi c kt ni ti djch vu TCP wrapper, u tin
    djch vu ny kim tra trong file /etc/hosts.allow
    v /etc/hosts.deny xc jnh xem client c
    c php kt ni hay khng.
    Nu kt ni c cho php th TCP Wrappers s
    iu khin kt ni n ng djch vu yu cu
    m khng gy tr ngai g gia kt ni t server
    v client na
    Trn Huy Cng
    TCP WRAPPERS
    14
    Lc 1 request ca client ti djch vu TCP wrapped
    th s phi qua cc bc c bn sau y.
    B1. Djch vu s tham chiu ti file /etc/hosts.allow.
    Nu tm thy rule tng ng vi kt ni th kt
    ni s c cho php i qua. Nu khng n
    s phi qua bc 2.
    B2. Tham chiu vo file /etc/hosts.deny. Nu c 1
    rule no c tm thy th kt ni s bj hy b
    ngay lp tc. Nu khng tm thy rule no th n
    s cho thuc hin kt ni.
    Trn Huy Cng
    TCP WRAPPERS
    15
    Bi v file hosts.allow c truy vn u tin.
    Cc rule ca n c u tin hn cc rule trong
    file hosts.deny. Nu 1 kt ni c chp nhn
    bi file hosts.allow th nhng rule trong file
    hosts.deny s bj b qua.
    V cc rule trong 2 file ny s c truy vn t
    trn xung di v chi c rule u tin mi c
    hiu luc. V vy vic sp xp th tu cc rule
    trong file ny l rt quan trong.
    Trn Huy Cng
    TCP WRAPPERS
    16
    Nu khng c rule no tn tai hoc file khng tn
    tai th cc kt ni s khng bj kim tra bi TCP
    Wrapper.
    Bt ky 1 thay i no trong 2 file ny u c hiu
    luc ngay lp tc khng cn khi ng li dch v.
    Trn Huy Cng
    =8NH D>N? R/7E
    17
    Moi jnh dang trong 2 file hosts.allow v hosts.
    deny u ging ht nhau. Cc dng bt u bng
    u th u l ghi ch khng c ngha.
    Cc rule chi c chp nhn nu c cu trc
    nh sau: allow hoc deny
    )$&m%n7(! : clientList :<option>:<option>: ... :
    <action>
    Trn Huy Cng
    =8NH D>N? R/7E
    18
    <daemon lis!" cch nhau bng du : l danh
    sch tn cc tin trnh(khng phi l djch vu)
    hoc k tu ai in ALL .
    <clien lis!" danh sch c cch nhau bng
    du : cha tn my, ja chi P
    <o#ion!" danh sch cc hnh ng c ty
    chon hoc cc hnh ng phi lm tip theo lc
    cc rule hoat ng. Option h tr expansions,
    lnh shell commands
    <action>: cho php hoc khng cho php truy
    cp
    Trn Huy Cng
    TCP WRAPPERS
    19
    V du:
    in.elned " $%.$&'.$&'.%(&)).&)).&)).%" s#a*n
    (+in(echo ,(+in(dae, -.om /h !!
    (va.(log(elne.log " allo*
    in.elned"$%.$&'.$&'.%(&)).&)).
    &)).%" *is (+in(echo 01acke.2
    go a*ay 34
    @/ESTIAN
    &
    THANB CA/ DAR
    CA/R ATTENTIAN

    You might also like