  Linux Security HOWTO
  Kevin Fenzi, kevin@tummy.com & Dave Wreski,
  dave@linuxsecurity.com
  v1.1.1, 17 March 2000
  The Linux Japanese FAQ Project
  31 March 2000

  ̃hLgł, Linux VXe̊Ǘ҂ZLeB֘A
  ɂĂ̈ʓIȉs܂. ̃hLgł, ZL
  eBɑ΂ʓIȍl, Linux VXeN҂Sɂ
  @̗̋Ă܂.  ܂, ZLeB֘ȀvO
  ւ̃|C^܂܂Ă܂.  P, ݓIȔᔻ, ǉ, ͊}
  ܂.  tB[hobN𒘎җɑĂ.  ̍ۂɂ̓TuWFN
  gɁuSecurity HOWTOvƂĂ.
  ______________________________________________________________________

  ڎ

  1. ͂߂
     1.1 ̃hLg̍ŐVłɂ
     1.2 tB[hobN
     1.3 Ɛӎ
     1.4 쌠\
     1.5 {ɂ

  2. Tv
     2.1 ȂZLeBKvȂ̂
     2.2 ǂ̒xSȂSȂ̂?
     2.3 ̂?
     2.4 ZLeB|V[̍쐬
     2.5 ̃TCgSɂ邱Ƃ̈Ӌ`
        2.5.1 zXg̃ZLeB
        2.5.2 [JElbg[ÑZLeB
        2.5.3 BɂZLeB
     2.6 {hLg̍\

  3. IȃZLeB
     3.1 Rs[^ւ̎{
     3.2 BIOS ̃ZLeB
     3.3 u[g[_̃ZLeB
     3.4 xlock  vlock
     3.5 IȍU󂯂Ƃ̔

  4. [J̃ZLeB
     4.1 VKAJEg̍쐬
     4.2 root ̃ZLeB

  5. t@Cƃt@CVXẽZLeB
     5.1 umask ̐ݒ
     5.2 t@C̃p[~bV
     5.3 VXẽ`FbN
     5.4 gC̖ؔn
     5.5 pX[h̃ZLeBƈÍ
     5.6 PGP yьJÍ
     5.7 SSL, S-HTTP, HTTPS, S/MIME
     5.8 Linux ɂ IPSEC ̎
     5.9 ssh (Secure Shell)  stelnet
     5.10 PAM - \ȔF؃W[
     5.11 Íɂ IP ̃JvZ (Cryptographic IP Encapsulation, CIPE)
     5.12 Kerberos
     5.13 VhEpX[h
     5.14 "Crack"  "John the Ripper"
     5.15 CFS (Ít@CVXe) TCFS (ߓIÍt@CVXe)
     5.16 X11, SVGA, fBXvCɊւZLeB
        5.16.1 X11
        5.16.2 SVGA
        5.16.3 GGI (Generic Graphics Interface project)

  6. J[l̃ZLeB
     6.1 o[W 2.0 ̃J[l̃RpCIvV
     6.2 o[W 2.2 ̃J[l̃RpCIvV
     6.3 J[lfoCX

  7. lbg[ÑZLeB
     7.1 pPbg
     7.2 VXeT[rX tcp_wrappers
     7.3 DNS ̊mF
     7.4 identd
     7.5 SATAN, ISS ̑̃lbg[NTvO
        7.5.1 |[gT󂯂Ƃ̌o
     7.6 sendmail, qmail  MTA
     7.7 T[rXWQU
     7.8 NFS (Network File System) ̃ZLeB
     7.9 NIS (Network Information service) (Ă YP)
     7.10 hΕ(t@CAEH[)
     7.11 IP Chains - Linux J[l 2.2.x ɂhΕǂ̍\z
     7.12 zvCx[glbg[N(VPN, Virtual Private Network)

  8. ZLeB̏ (lbg[NɐڑO)
     8.1 }VŜ̃obNAbv̍쐬
     8.2 K؂ȃobNAbvv̌
     8.3 RPM t@Cf[^x[X Debian ̃t@Cf[^x[X̃obNAbv
     8.4 VXeO̊Ď
     8.5 VXeXVpbP[W̓Kp

  9. VXeɐNꂽꍇ⌻ݐNĂꍇ̑Ή
     9.1 ZLeBjĂŒ
     9.2 ɃZLeBjĂ܂ꍇ
        9.2.1 ZLeB̌ǂ
        9.2.2 Q̌ς
        9.2.3 obNAbv, obNAbv, obNAbv!
        9.2.4 N҂˂~߂

  10. ZLeB֌W̏
     10.1 FTP TCg
     10.2 EFuTCg
     10.3 [OXg
     10.4 

  11. p
  12. 悭鎿
  13. ܂Ƃ
  14. ӎ

  ______________________________________________________________________

  1.  ͂߂

  ̃hLgł, Linux ̃ZLeBɊւȘb
  ܂.  ʓIȍlƃlbgŐ܂ꂽ\[Xɂċc_܂.

   HOWTO hLg̑ƃZLeB̘bŏdȂ镔
  , hLg͓KȏꏊŎ܂.

  ̃hLg, ŐV̖̂ł́u܂v.  ɐV
  QNĂ܂.  ̃hLg͍ŐV̏ǂŌ
  Ηǂ̂, ̂悤ȈpȂ߂̈ʓIȕ@
  .

  1.1.  ̃hLg̍ŐVłɂ

  ̃hLg̍ŐVł͒I comp.os.linux.answers ɓe
  . ܂, ȉɎ悤, hLg֘ȀW߂ĂTCg
  uł傤:

  http://www.linuxdoc.org/

  ܂, Linux ̃EFuy[Wł{hLg邱Ƃł
  傤.

  http://metalab.unc.edu/mdw/linux.html

  Ō, {hLg̍ŐV(e`܂)

  http://scrye.com/~kevin/lsh/

  

  http://www.linuxsecurity.com/Security-HOWTO

  ܂

  http://www.tummy.com/security-howto

  ƂTCgœł܂.

  : a http://www.linux.or.jp/JF/JFdocs/Security-HOWTO.html ɂ
  ܂.

  1.2.  tB[hobN

  Rg, ̕, ǉ, ᔻȂǂ͈ȉ̃[AhXɑ
  :

  kevin@tummy.com

  

  dave@linuxsecurity.com

  : tB[hobN͗̒҂ɑĂ.  ܂, Kevin g
  ĂXptB^邽, TuWFNgɂ "Linux",
  "security", "HOWTO" ̂ꂩKĂ.

  : {Ɋւ̎wE, tB[hobN͂ǉp
  肾Ƃ JF vWFNg(<JF@linux.or.jp>) ܂łA.

  1.3.  Ɛӎ

  No liability for the contents of this document can be accepted.  Use
  the concepts, examples and other content at your own risk.
  Additionally, this is an early version, possibly with many
  inaccuracies or errors.

  A number of the examples and descriptions use the RedHat(tm) package
  layout and system setup. Your mileage may vary.

  As far as we know, only programs that, under certain terms may be used
  or evaluated for personal purposes will be described. Most of the
  programs will be available, complete with source, under GNU
  <http://www.gnu.org/copyleft/gpl.html> terms.

  : {Ă܂, ͂܂ŎQlł.

  {hLg̓eɂĂ̐ӔC͈؎܂.  Ȃg̐ӔC
  ŊTO, s, ̑̓e𗘗pĂ.  ܂, {hLg
  ͏΂̃o[WȂ̂, 炭smȕԈႢ
  v܂.

  Ⴈѐ̑ Red Hat (tm) pbP[WɊÂĂ܂.  ǎ҂
  gpĂpbP[WɂĎ菇ς邱Ƃł傤.

  M҂̒mĂ, lړIŎgp邢͕]łgp̃v
  Oɂĉ܂.  قƂǂ̃vO GNU
  <http://www.gnu.org/copyleft/gpl.html> ̏ɏ], Sȃ\[XR[
  htŔzzĂ܂.

  1.4.  쌠\

  This document is copyrighted (c)1998-2000 Kevin Fenzi and Dave Wreski,
  and distributed under the following terms:

  o  Linux HOWTO documents may be reproduced and distributed in whole or
     in part, in any medium, physical or electronic, as long as this
     copyright notice is retained on all copies. Commercial
     redistribution is allowed and encouraged; however, the authors
     would like to be notified of any such distributions.

  o  All translations, derivative works, or aggregate works
     incorporating any Linux HOWTO documents must be covered under this
     copyright notice.  That is, you may not produce a derivative work
     from a HOWTO and impose additional restrictions on its
     distribution. Exceptions to these rules may be granted under
     certain conditions; please contact the Linux HOWTO coordinator at
     the address given below.

  o  If you have questions, please contact Tim Bynum, the Linux HOWTO
     coordinator, at

  tjbynum@metalab.unc.edu

  : {Ă܂, ͂܂ŎQlł.

  Copyright (c)1998-2000 Kevin Fenzi and Dave Wreski

  ̃hLg Kevin Fenzi  Dave Wreski ̒앨ł, ȉ̏
  ɊÂĔzzĂ܂:

  o  Linux HOWTO hLg, ̒쌠\SĂ̕Ɏc
     , Ŝ邢͈ꕔ𕡐Ezz邱, Cӂ̕fB
     AdqfBAŕEzz邱Ƃł܂.  ƓIȍĔzz͏
     コĂ܂, ̂悤Ȕzzsꍇɂ͒҂ɘA邱
     ]܂.

  o  |, h, Linux HOWTO hLĝꂩW߂WS
     ͂̒쌠\ɏ]Ȃ΂Ȃ܂.  ܂, HOWTO hL
     ghhLg, ɐǉ邱Ƃ͂ł
     .  ̏̉ł, ̋Kɂ͗OF߂܂.  
     ɃAhX Linux HOWTO ̐blƑkĂ.

  o  ^_, Linux HOWTO ̐blł Tim Bynum ܂łA
     . AhX͈ȉɎ܂.

  tjbynum@metalab.unc.edu

  1.5.  {ɂ

  { Linux Japanese FAQ Project s܂ (P
  <fujiwara@linux.or.jp> ({), J <yaz-hase@qb3.so-
  net.ne.jp> (Z), ֌ˍK <sekido@mbox.kyoto-inet.or.jp> (Z, 
  ), H <ike@whitedragon.org> (Z, ), 鐳
  <takavoid@palette.plala.or.jp> (Z) X{ ~
  <morimoto@xantia.citroen.org> (v1.1.1 Ǐ]) ).  {Ɋւ錠
  ɏ̂Ƃ܂.

  2.  Tv

  {hLgł, Linux VXeSɂ邽߂̕@, 悭g
  \tgEFAɂĉ܂. ̓IȓeɓO, {I
  TOɂċc_, ZLeB̊bĂƂɂ܂傤.

  2.1.  ȂZLeBKvȂ̂

  ɕω, O[oȃf[^ʐM, ȃC^[lbgڑ, 
  y[X̃\tgEFAJ̐E̒, ZLeB͂dvɂȂ
  ܂.  O[oRs[eBO͖{IɊ댯Ȃ̂, ZL
  eB͍{Iȗvł.  Ⴆ΃f[^ A n_ B n_܂ŃC
  ^[lbgőꍇl, f[^͌oH̓rő̒n_
  ʂ̂, lf[^T₂Ă܂\܂.  
  VXẽ[Uł, Ȃ̃f[^ӂĈӐ}Ȃ悤
  Ȃ̂ɕςĂ܂܂.  uNbJ[vƂĒmN
  ҂, VXẽANZXsɓĂ܂܂.  N
  bJ[͂ȂɂȂ肷܂߂ɍxȒmp, Ȃf[^
  񂾂, Ȃg̃f[^ɃANZXłȂ悤ɂĂ܂
  .  ȂunbJ[vƁuNbJ[v̈ႢĂȂ悤
  , Eric Raymond ̏ꂽunbJ[ɂȂ@(How to Become A
  Hacker)v. (http://www.netaxs.com/~esr/faqs/hacker-
  howto.html œł܂)

  : unbJ[ɂȂ@ (How to Become A Hacker)v̓{
  http://www.linux.or.jp/JF/JFdocs/hacker.txt ܂
  http://www.post1.com/home/hiyori13/freeware/hacker.html œł
  .

  2.2.  ǂ̒xSȂSȂ̂?

  ŏ, SɈSȃRs[^VXe݂͑ȂƂoĂ
  .  ł̂, ҂VXep̂荢ɂ邱
  Ƃł.  ʂ Linux ̃z[[UȂ, RĂNb
  J[ĥ͂قǑςł͂܂.  Ƃ͂, Linux dvȎd
  ɎgĂꍇ(s, ʐMƎ҂Ȃ)ɂ, Ƒ̍ƂKvɂ
  ł傤.

  lɓׂʂ̗vfƂ, ZLeB߂΍߂ق, Z
  LeBזɂȂ邱Ƃ܂.  , ړIɑ΂ď\g
  ₷SȃVXeƂȂ悤oXƂĂȂ΂Ȃ
  .  Ⴆ, Ȃ̃VXeɓdbŐڑĂ郆[USĂ
  R[obNfgĂ炢, ނ̉ƂɃR[obN悤ɂ
  Ƃł܂.  ɂSȉ^pȂ܂, [UƂɂ
  Ȃ悤ȃP[Xł̓OCɂȂĂ܂܂.  Linux VXe
  lbg[NC^[lbgɌqȂݒ\ł, ł͕֗
  ȂĂ܂܂.

  `K͂̃TCgȂ, TCgǂ̒x̃ZLeBKvƂĂ
  , `FbN邽߂ǂȊčŝƂZLeB|
  V[߂ׂł. LȃZLeB|V[̗
  http://core.ring.gr.jp/pub/doc/rfc/rfc2196.txtł.  ͍ŋ߉肳
  Ă, Ђ̃ZLeB|V[ۂ̗ǂggɂȂ܂.

  : { http://www.ipa.go.jp/SECURITY/rfc/RFC2196-00JA.html
  ɂ܂.

  2.3.  ̂?

  VXeSɂ悤ƂO, ܂, ǂ̒x̃x̋Ђ玩g
  ̂, ǂ̒x̃XN`ׂȂ̂ (邢͖`ׂłȂ
  ), ʓIɃVXe͂ǂ̒xƎȂ܂܂ɂ̂߂ȂĂ͂Ȃ
  ܂.  ̂, Ȃ̂, ɂǂȉl̂,
  f[^⑼̍Yɑ΂Ă̐ӔC͒N̂m邽߂, VXe
  ׂ͂ł.

  o  XNƂ, N҂VXeւ̃ANZXɐ\ł.  N
     ҂̓t@C̓ǂݏ, QȂvOsł
     傤?  dvȃf[^Ƃłł傤? dvȎd̖W
     Qłł傤?  YĂ͂ȂȂ̂, NȂ̃AJE
     gVXeւ̃ANZXɓĂ܂, ̐l͂Ȃɂ
     肫邱ƂłĂ܂ƂƂł.

     , SłȂAJEgVXeɂЂƂ, ʓI
     lbg[NŜp\܂.  .rhost t@C
     gOCĂ郆[U, tftp ̂悤ȈSłȂ
     T[rXgĂꍇ, N҂𗘗pāuhA̒ɑ
     ݓv댯wƂɂȂ܂.  N҂Ȃ⑼
     ̒ÑVXẽAJEgɓ, ͑̃VXe⑼
     ̃AJEgɃANZX邽߂ɗp邩܂.

  o  Ђ͊T, Nlbg[NRs[^ɋȂɃANZX
     悤Ƃ邱Ƃ琶܂. NMpĂȂ̃VXeɃANZ
     X̂, Ă̐lǂ̂悤ȋЂ炷̂lĂ
     Ȃ΂Ȃ܂.

     N҂ɂ͂̃^Cv܂. ̓mĂ, VX
     eSɂ̂ɖ𗧂ł傤.

     o  DS - ̃^Cv̐N҂͊{I, ȂǂȃVXe
        f[^Ă̂m邱ƂɋĂ܂.

     o   - ̃^Cv̐N҂, Ȃ̃VXe_E,
        EFuy[WɗȂ, ɋ⎞Ԃ邱Ƃ
        Ƃ܂.

     o   - ̃^Cv̐N҂, ∫𓾂邽߂ɃVXeɐN
        悤Ƃ܂.  ̔\͂`邽߂, ̒ʂVXe
        ɐN悤Ƃ܂.

     o   - ̃^Cv̐N҂, ȂVXeɂǂȃf[
        ^uĂ̂ɋĂ܂.  ̐N҂, Ȃ
        KI邢͂ȊO̕@ŗv炷Ă
        vĂ̂ł傤.

     o  ؗp - ̃^Cv̐N҂͂Ȃ̃VXeɍƏ, 
        ̂߂ɎgƂɋĂ܂.  ނ͕ʂ
        `bg IRC T[o, |mA[JCũT[o, ʂĂɂ DNS
        T[o܂Ŏs܂.

     o   - ̃^Cv̐N҂, Ȃ̃VXegđ̃VXe
        ɐN邱ƂlĂ܂.  Ȃ̃VXe̐ڑ
        ǂ, ̓VXeɌpĂQ[gEFCȂ,
        ̃^Cv̐N҂ɂ悭_邩܂.

  o  VXe̐Ǝコ, Ȃ̃Rs[^̃lbg[Nǂ
     xĂ邩ƂƂ, NsȃANZXݓI
     \܂.

     ҂VXeɐNꍇ, ƂȂ̂ł傤?  R
     , ƒ납 PPP Ń_CAAbvڑĂ郆[U̖, 
     ̃}VC^[lbg⑼̑K̓lbg[NɌqłlX
     ͈قȂ܂.

     f[^𕜋邢͍Ăэ쐬̂ɂǂꂭ炢̎ԂKv
     傤?  ƏĂ, Ŏf[^č쐬
     ͂߂ɂȂƂɂ鎞Ԃ 10  1 ɐߖł܂. obN
     Abv̌v`FbN, ƂŃf[^̌؂Ă܂?

  2.4.  ZLeB|V[̍쐬

  [UeՂɗĎ邱Ƃł, ȒPňʓIȕj߂܂
  .  ̕j͑؂ȃf[^⃆[ŨvCoV[Ăł
  .  ɉčlׂƂ, NVXeɃANZXł̂ (
  ̗FlɎ̃AJEgg킹Ă̂ł傤?), NVXe
  Ƀ\tgEFACXg[邱Ƃł̂, Nǂ̃f[^L
  ̂, ꂩ玖̎̕VXe̓K؂ȎgɂĂł.

  ʂɎ󂯓ĂZLeB|V[͎̌tn܂܂.

                    "ĂȂƂ͋֎~Ă"

  , T[rX[Uɑ΂ĔF߂ĂȂꍇ, o܂ł
  [U͂̃T[rXgׂł͂ȂƂƂł.  K[UAJ
  EgɓKp|V[mF܂傤.  u, p[~bV
  肪킩Ȃ̂, root Ŏs悤vȂǂƌƂ, 炩ȃZ
  LeBz[ɂȂ܂, ܂ŕsgpꂽƂ̂ȂZL
  eBz[ɂȂ邩܂.

  rfc1244 ͓Ǝ̃lbg[NZLeB|V[邽߂̎wj
  ꂽhLgł.

  rfc1281 ̓ZLeB|V[̗hLgł, eXeb
  v̏ڍׂȐtĂ܂.

  Ō, ftp://coast.cs.purdue.edu/pub/doc/policy ɂ COAST |V[
  A[JCu𒲂, ł̃ZLeB|V[ǂ̂悤Ȃ̂
  Ɨǂł傤.

  2.5.  ̃TCgSɂ邱Ƃ̈Ӌ`

  {hLgł, ȂĂMdȍY ([J}V, f[
  ^, [U, lbg[N, Ȃ̕]) 邽߂̕@c_܂.
  N҂Ȃ̃[Ũf[^Ă܂, Ȃ̕]͂ǂ
  ł傤?  Ȃ̃EFuy[WɗĂ܂ǂȂ
  傤?  ܂, Ȃ̉Ђ̎̎ľv΂炳Ă܂?
  lbg[ÑCXg[lĂȂ, 1 ̃}Vlbg[
  NɂȂO, lׂvf͂񂠂܂.

  Ȃ_CAAbv PPP AJEggĂ, K͂ȃTC
  g^cĂꍇłĂ, N҂Ȃ̃VXeɋ
  Ƃ͌܂.  WIɂ̂, K͂ŗLȃTCgł͂
  ܂.  ̐N҂͋K͂Ɋ֌WȂł邾̃TCgsgp
  悤Ƃ܂.  , N҂͂Ȃڑ̃TCgɃANZX
  邽, Ȃ̃TCg̃ZLeBz[˂܂.

  N҂͎Ԃė]Ă, ȂǂȂɃVXeBĂ, 
  ̂ł͂Ȃ, PɑSẲ\Ă܂܂.  N҂Ȃ
  ̃VXeɋR͑ɂ񂠂܂, ɂĂ͌
  ŋc_܂.

  2.5.1.  zXg̃ZLeB

  Ǘ҂łWZLeB̕, 炭X̃zXgɊÂ
  ł傤.  ͊{I, g̃VXëSmۂ, 
  ̃lbg[N̑̃zXglł낤Ɗ҂邱Ƃł.  ǂp
  X[hI, LAN ւ̃T[rXSɍs, ƃO, Z
  LeBɖ肪邱ƂmĂvÕo[WAbv
  ŝ, [J̃lbg[NǗ҂ӔCčsׂƂł.
  ͐΂ɕKvȂƂȂ̂ł, lbg[N̋K͂K͂傫
  ȂƎ{ςɂȂĂ܂܂.

  2.5.2.  [JElbg[ÑZLeB

  lbg[ÑZLeB, 茳ɂzXg̃ZLeBƓK
  vȂƂł.  S, , 邢͂ȏ̃Rs[^lbg
  [Nɂꍇ, ̂ꂼꂪSłƐM邱Ƃ͂ł܂.
  ꂽ[Ũlbg[NɃANZXłȂ悤ɂ,
  hΕǂ\z, ͂ȈÍgp, üv}VSłȂ}
  Vlbg[Nɖ悤ɂ邱Ƃ, Sălbg[NǗ҂̔C
  ł.

  {hLgł̓TCgSɂ邽߂ɎgZp̂ɂ
  ċc_, ׂ̂N҂ɃANZXȂ悤ɂ@
  ܂.

  2.5.3.  BɂZLeB

  c_ׂZLeB̃^Cv 1 ́uBɂZLeBvł.
  ͗Ⴆ, ZLeBIȎ_mĂT[rXWłȂ
  |[gɈړ, U҂ɑ݂΂Ȃ悤ɂĈp悤Ƃ
  ̂ł.  ̂悤Ȃ̂͐SzȂĂU҂ĈpĂ
  ܂.  BɂZLeB, ZLeBIɂ͑SӖł.  P
  ɏK͂ȃTCgrIȃTCgł邩Ƃ, N҂Ȃ
  ̎Ă̂ɋȂ킯ł͂܂.  ̏͂, Ȃ
  ̂ɂċc_܂.

  2.6.  {hLg̍\

  {hLg͂̏͂ɕĂ܂.  e͂ŃZLeB̂
  ܂Șb܂. ŏ̘b ``IȃZLeB'', }
  V̂̂𕨗IɂȂ悤ɂ邽߂̕@ł.  2 ̘b
   ``[J̃ZLeB'', [J[UVXe₂
  ̂h@ł. 3 Ԗڂ̘b ``t@Cƃt@CVXẽZL
  eB'' , t@CVXeƃt@C̃p[~bV̐ݒ̕@
  ܂.  ̘b ``pX[h̃ZLeBƈÍ'', }V
  lbg[NSɂ邽߂̈Í̎gc_܂.  ``J[l
  ̃ZLeB''ł, }VSɂ邽߂ɐݒ肠邢͈ӎ
  ׂJ[lIvVɂċc_܂.  ``lbg[ÑZL
  eB''ł, Linux VXeOlbg[N̍Uɑ΂ĂS
  ɂ@܂.  ``ZLeB̏''ł, }Vlbg
  [NɌqȌ̂肩ɂċc_܂.  ``VXeɐN
  ꂽ/Ăꍇ̑Ή'' ł, VXeɐN邱Ƃ
  Nŋ߂ɋNƂɋCÂꍇɂׂƂc_܂.  ``Z
  LeBɊւ''ł, ZLeBɊւ{Iȏ񌹂
  , Q & A ̏͂ł``悭鎿'' ł͂悭鎿
  ɑ΂񓚂܂.  Ō ``Ō'' ɂČт̌tq
  ׂ܂.

  {hLgǂŗĂ|Cg͎ 2 ܂.

  o  VXeɒӂ𕥂܂傤. /var/log/messages ̃VXeO
     `FbN, VXe܂傤.

  o  ŐVo[W̃\tgEFACXg[, ZLeB̌x
     o΃\tgEFAAbvO[h, VXeɍŐV̏
     Ԃɂ܂傤.  Pɂ邾, VXe͌IɈSɂȂ
     .

  3.  IȃZLeB

  ŏɍlׂZLeB̑w, Rs[^VXe̕IȃZ
  LeBł.  N}V֒ڐG邱Ƃł̂? G邱Ƃł
  ׂȂ̂?  ܂, ނ炪}VȂ悤̂? 邢
  ׂȂ̂?

  IȃZLeBǂ̒xKvɂȂ邩, ̏ꍇ, 󋵂\Z
  Č܂܂.

  Ȃ}V̉ƂŎgĂ̂Ȃ, Ԃ񒍈ӂׂ
  ͂܂Ȃł傤 (q₤邳eʂ}VKv͂邩
  ܂).  Ȃ, Ȃ蒍ӂȂ΂ȂȂł傤,
  [U͂̃}VŎdłKv܂.  ̂߂ɂ͈ȉ̊e
  ͂QlɂȂł傤.  ȂItBXɂȂ, Iƌ₠Ȃ
  Ȃ𗣂ĂƂɃ}VSɂĂKv邩܂
  , ̕Kv͖܂.  ЂɂĂ, R\[u
  邱Ƃ̓Nrɂ̋Kᔽł.

  hA̎{P[u, t̃Lrlbg, rfIĎû킩
  IȖh@͑SėǂlȂ̂ł, ̃hLg̎
  ͂ł͂܂ :-)

  3.1.  Rs[^ւ̎{

  ŋ߂ PC P[X̑ɂ́uvtĂ܂.  ʂ̓P[X̑Oʂ
  , {̈ʒuɃZbgł悤ɂȂĂ܂.
  P[X̌ɂ, ҂ PC 𓐂񂾂, P[XJĒڃn[h
  EFA蓐񂾂肷邱ƂhƂł܂.  P[Xɂ
  Ă, ̒Ñtbs[fBXN⑼̋@ɂ}V̍ċNh
  Ƃł܂.

  }U[{[h̃T|[gP[X̍ɂĂ, P[X̌ŐFXȂ
  ł܂.   PC ł̓P[XJ邽߂ɂ͂󂳂ȂĂ͂
  ܂.  ܂, VL[{[h}EX}Ȃ̂܂.  
  ̓}U[{[hP[X̐ǂł.  ʏ, ̎͂
  ĂႭ, U҂͋UɂĊȒPɔj邱Ƃł̂ł, ł
  ͂ƂĂ֗ȋ@\ɂȂ蓾܂.

  }VɂĂ( Sun SPARC  Macintosh), wʂɃhO(dongle)
  tĂ, ʂăP[uq, P[u؂邩P[X
  Ȃ΍U҂̓P[uqƂł܂.  ɒPɓ싞
  At邱Ƃ, }V𓐂ƂĂlւ̑傫ȗ}~ʂ
  ܂.

  3.2.  BIOS ̃ZLeB

  BIOS ͂Ƃn[hEFAɋ߂x̃\tgEFA, x86 x[X
  n[hEFA̐ݒyёs܂.  LILO ̃u[g[_, BIOS
  ɃANZX Linux }Vǂău[g邩w܂.
  Linux ̑̃vbgtH[łl̃\tgEFA܂ (Mac 
  V Sun  OpenFirmware, Sun  boot PROM ).  BIOS ̐ݒ, U
  ҂}VċN Linux VXe𑀍삷̂hƂł܂.

   PC BIOS ł͋NpX[h̐ݒ邱Ƃł܂.  ͂
  ȂɈSł͂܂ (BIOS ̓Zbg邱Ƃł܂, P[X
  JȂOƂłł傤) , }~ʂ͑傫
  傤 (ԂɂȂ܂, VXeՂc邩
  ).  l S/Linux (SPARC(tm)vZbT̃}Vp Linux)ł,
  EEPROM ݒ肵ċNpX[h邱Ƃł܂.  ŐN҂
  ~߂ł邩܂.

   x86 }V BIOS ł, ̑ɂ𗧂ZLeBݒFX
  wł܂.  BIOS ̃}jA𒲂ׂ邩, ̃}VNɃ`Fb
  NĂ݂܂傤.  Ⴆ, tbs[fBXNł̋N֎~ł BIOS
  ܂, ꕔ̐ݒɃpX[h邱Ƃł BIOS 
  .

  : T[o}VǗĂ, NpX[hݒ肵Ăꍇ, l
  Ȃƃ}V͋N܂.  dȂǂ̎, }V̏ɍsăp
  X[hłłKv邱ƂoĂ܂傤.  ;-(

  3.3.  u[g[_̃ZLeB

  FXȃu[g[_ɂNpX[hݒ肷邱Ƃł܂.  Ⴆ
  LILO gĂꍇɂ, password  restricted ̐ݒ𒲂ׂĂ݂
  傤.  password ͋NɃpX[hv悤ɂ܂.
  restricted ̏ꍇ, LILO  vvgɑ΂ăIvV (single) 
  w肵ꍇNpX[hv悤ɂȂ܂.

  lilo.conf ̃IC}jA:

       password=password
              NC[WƂ̃IvV `password=...' (LQ) 
              ׂẴC[WɓKp܂.

       restricted
              NC[WƂ̃IvV `restricted' (LQ) 
              ׂẴC[WɓKp܂.

              password=password
                     C[WpX[hŕی삵܂.

              restricted
                     NC[WɃR}hCŃp[^w肵Ƃ
                     (: single) pX[hv܂.

  pX[hݒ肵, YĂ͂ȂȂƂɒӂĂ.
  :-) ܂, C̓U҂ɑ΂Ă, ̂悤ȃpX[h͒PȂ
  ~ߒxɂȂȂƂYĂ͂܂.  ̕@ł͒N
  tbs[fBXNNă[gp[eBV}Eg邱Ƃ
  hƂ͂ł܂.  u[g[_Ƒgݍ킹ZLeB@g
  ꍇɂ, Rs[^ BIOS Ńtbs[fBXN̋N𖳌
  邱Ƃł܂, BIOS pX[hی삷邱Ƃł܂.

  LILO ȊÕu[g[_(grub, silo, milo, linload )̃ZLeB
  AmȂ, Ђm点.

  : T[o}VɃpX[hݒ肵ꍇ, lȂƃ}V͋N
  ȂȂ܂.  dȂǂ̏ꍇł, }V̂ƂɍsăpX[h
  ł܂Ȃ΂ȂȂƂ͊oĂ܂傤. ;-(

  3.4.  xlock  vlock

  pɂɃ}V痣ďoȂ, R\[Ɂuv|, N}V
  , Ƃ̗lq`Ȃ悤ɂĂƗǂł傤.  
  ̂悤ȃvOƂ, xlock  vlock  2 Љ܂.

  xlock  X ̃fBXvCbN܂.  X T|[gĂ Linux
  fBXgr[VȂ,  xlock ̓CXg[Ă
  傤.  IvVɂĂ̓IC}jAQƂĂق̂
  , ܂ɐ, bNR\[ xterm  xlock
  N, fBXvCbN, pX[h͂ȂƉ
  ȂȂ܂.

  vlock  Linux ̉zR\[̈ꕔ邢͑SĂbN邽߂̊
  PȃvOł.  ݍƒ̃R\[ 1 bN邱Ƃ
  ł܂, SĂbN邱Ƃł܂.  zR\[ 1 b
  NĂꍇ, ̐l̓R\[gƂł܂. ł, bN
  Ă鉼z[̓bN܂ł͎gƂł܂.
  vlock  Red Hat Linux ɂ͓Ă܂, ĂȂfBXg
  r[V邩܂.

  RȂ, R\[bNΉ҂ɂȂ̍Ƃ
  hƂ͂ł܂, }VċNꂽ肵Ă肩̍Ƃ
  邱Ƃ͖h܂.  ܂, lbg[N̑̃}VR\[
  bN}VɃANZXĖNƂhƂł܂
  .

  ɏdvȓ_ƂĂ, N X EBhEVXe犮SɔĒ
  ̉zR\[̃OCvvgɍsƂ, X11 Nz
  R\[ɍs X TXyh, [ǓDĂ܂Ƃ
  hȂ_܂.  ł, S xdm ̐䉺ɂĎg
  Ƃl̂悢ł傤.

  3.5.  IȍU󂯂Ƃ̔

  ܂, }VċN̂KL^悤ɂ܂傤.  Linux
  ͊挒ň OS ł, Ȃ}VċN̂ OS ̃Abv
  O[hn[hEFǍ̎ł傤.  ȂmȂ
  Ƀ}VċNĂ, ͐N҂ɈpꂽƂ̈󂩂
  ܂.  N҂}VɕIȍUȋ, }VċN
  , d؂肵Ȃ΂ȂȂł.

  P[XRs[^ӂꂽ󂪖ǂ`FbN܂
  .  N҂͕ʃO獭Ղ܂, Să`FbN, 
  ׂ̂ǂł傤.

  Õf[^Sȏꏊ (Ǝꂽlbg[N̐p̃O
  T[o) ɒûǂlł. }Vpꂽꍇɂ, O
  f[^͂قƂǖɗȂȂ邩ł.  Ƃ̂, N҂͑
  OĂ܂ł.

  syslog f[ݒ肵, OIɒ̃OT[oɑ悤
  邱Ƃł܂, ͒ʏ͈Íꂸɑ܂. 
  , N҂͓]Ăf[^邱Ƃł܂. ɂ, 
  ̂Ȃlbg[N֌W̏񂪉kĂ܂܂.
  f[^𑗂ۂɈÍ邱Ƃł syslog f[܂.

  syslog ̃bZ[W̋U͗eՂł_ɂӂĂ.  
  p邽߂̃vOoĂ܂.  syslog ̓[JzXgo
  ꂽƌĂlbg[NoR̃OGgłĂ, {̑M
  ƂȂ󂯕tĂ܂܂.

  O𒲂ׂۂɂ͈ȉ̓_ɒӂ܂.

  o  OZ, sSł͂Ȃ

  o  OɋL^Ă鎞Ԃ͂Ȃ

  o  Õp[~bV⏊L҂͂Ȃ

  o  VXê̂, T[rX̍ċN͋L^ĂȂ

  o  ȂĂ郍O͂Ȃ

  o  ȏꏊ su ⃍OCsĂȂ

  VXeOf[^ɂĂ,  HOWTO  ``̏''Ő܂.

  4.  [J̃ZLeB

  Ƀ[J[U̍Uɑ΂VXẽZLeBɂčl
  .  ł, [J̃[Uɑ΂Ăł.

  [J[ŨAJEg̊l, U҂ root ̃AJEgj낤
  Ƃۂɍŏɍl邱Ƃ̈ł.  [Jɑ΂ZLeB
  Â, lXȃoO⃍[J̃T[rX̂܂ݒ𗘗p, 
  ʃ[Ǔ root [ǓցuAbvO[hv邱Ƃł
  ̂ł.  [Jɑ΂ZLeBłł, N҂z
  ΂ȂȂn[h͂܂c邱ƂɂȂ܂.

  [J[U, ƂĝĂȂĂVXeɔQ^
  Ƃł܂.  mȂl, Â킩ȂlɃAJEg^
  ̂, Ɋ댯ȂƂł.

  4.1.  VKAJEg̍쐬

  AJEg𔭍sۂ, ̃[UsKv̂Ƃɑ΂, Kv
  ̃AJEg^Ă邱Ƃɗӂׂł.  q (10 ) ɃAJ
  Eg^̂Ȃ, [v₨G`vOɂ̓ANZXł
  , ̂̂łȂt@C폜łȂ[Uɂׂł傤.

  l Linux }Vɑ΂čIɃANZXĂ炤߂, ֗
  o܂.

  o  Kvŏ̌^Ȃ悤ɂ܂

  o  , ǂ烍OC, 邢͂ǂ烍OCׂɒ
     ӂ𕥂܂

  o  gĂȂAJEg͍폜ǂmF܂

  o  SẴRs[^ƃlbg[Nœ[U ID gƂ悢ł
     .  ɂ, AJEg̊Ǘ, Of[^̉͂eՂɂȂ
     .

  o  O[v[U ID ̍쐬͐΂ɋ֎~ׂł.  [UAJEg
     ͐ӔC݂̏炩ł, O[vAJEgł͂ł͂Ȃ
     ł.

  ZLeBjƂɎg郍[J[ŨAJEg̑, 
  邢͉NgĂȂ̂ł. NgĂȂ߂, z
  IȍU̓ɂȂĂ܂̂ł.

  4.2.  root ̃ZLeB

  Ȃ̃}Vōł~AJEg, root ([p[[U) 
  AJEgł. ̃AJEg̓}VŜɑ΂錠, lbg
  [N̑̃}Vɑ΂錠Ƃ܂.  root ̃AJE
  g͂ł邾ZԂ, ̍ƂŎgp, ȊO͈̎ʃ[
  UƂă}Vgpׂł.  root [UŃOCĂƂ
  Ƃ~XłN˂܂.  root Ă鎞Ԃ͒Z
  ΒZقǈSł.

  root Ń}V󂵂Ă܂Ȃ߂̎d|܂.

  o  GȃR}hsƂ,  globbing g(*  ? Ȃǂ̃
     ChJ[hgp)ꍇ, sĂߎSȌʂɂȂȂ@
     ŏɂƂ܂傤.  Ⴆ rm foo*.bak sꍇ, ܂
     "ls foo*.bak" s, lĂt@C悤ɂȂ
     Ă邩mF̂ł.  댯ȃR}h̑ echo g邱
     ܂.

  o  [Uɑ΂ rm R}h̃GCAXݒ肵Ă, t@C̍
     ̍ۂɊmFs悤ɂ܂.

  o  ̍ 1 s߂ root ɂȂ܂傤. , ǂ
     čƂ悤lĂ悤ȏԂƂ, root łȂ
     ΂ȂȂƂ͂肷܂ł, ʃ[Uɖ߂܂傤.

  o  root [ŨR}hpX͂ƂĂdvł.  R}hpX (܂
     PATH ϐ) ̓VFvOTfBNgw肵܂.
     root [Up̃R}hpX͂ł萧ׂł, ΂ '.'
     (́uJgfBNgvӖ܂)  PATH ̎wɓ
     ͂܂.  , ݉\ȃfBNgpXɓ
     ͂܂.  Ƃ̂, ȂĂƍU҂pX̃t@
     Cuł, Ȃ̃R}hɎg
     Ƃ root œ삳邱Ƃł邩ł.

  o  root  rlogin/rsh/rexec R}hQ ( r-[eBeB) 
     gĂ͂܂. ̃R}h͐FXȍȖΏۂƂȂ̂,
     root ̂ƂɎŝ͎Ɋ댯ł.  root [Up .rhosts
     t@C͌čĂ͂܂.

  o  /etc/securetty ɂ root OCł[̃XgĂ
     .  (Red Hat Linux )ftHgł, ɂ̓[J̉z[
     (vty) ݒ肳Ă܂.  ̃t@CɂȊO̒[ǉ
     Ƃɂ, אS̒ӂ𕥂Ă.  Kv鎞łʃ[U
     Ƃ (ł ``ssh'' ̈Í`loR) [gOC
     , ꂩ su 邱Ƃł͂Ȃ̂,  root ƂăOC
     łKv͂܂.

  o  root ł̍Ƃ, K, Tdɍs܂傤.  Ƃ̌ʂ͑
     ȉe炷܂.  R}hłޑO, ܂l
     ܂傤!

  ǂĂN (łΔɐMĂl)  root ^Kv
  ꍇɂ, ⏕c[܂.  sudo g, [U
  ̃pX[hg, ꂽR}hQ root ̌Ŏgp邱
  Ƃł܂. ɂ, Ⴆ Linux }Ṽ[oufBA
  [UɃCWFNg}Eg邯, ȊO root ͗^
  Ȃ悤ɂ邱Ƃł܂.  sudo ͐Es܂߂đSĂ sudo 
  ݂OɎ邱Ƃł̂, N̂߂ɂǂ̃R}hg
  邱Ƃł܂.  ̂, sudo ͑̃[U root 
  悤Ȋł܂p邱Ƃł܂.  ȂȂ, VXeɑ
  čsꂽύX𒲂ׂ₷Ă邩ł.

  sudo gē̃[UɓړÎ߂̓̌^邱Ƃ
  ܂, sudo ɂ͌_܂.  sudo , T[o̍ċN
  [U̐VKǉȂ, ꂽƂ̑gɑ΂Ăgׂł.  VF
  GXP[vłCӂ̃vO,  sudo ʂĎg[
  U root ^Ă܂܂.  Ⴆ, 啔̃GfB^ɊY
  ܂.  ܂, /bin/cat ̂悤ɖQȃvOłĂt@C
  ㏑ɎgƂł̂, g root j邱Ƃ
  蓾܂.  sudo ͌g킹邽߂̎iƍlׂł, root
  [USɂ邽߂ɒûƊ҂Ă͂܂.

  5.  t@Cƃt@CVXẽZLeB

  VXelbg[NɌqOɏƌvs, VXe
  ̒̃f[^̂ɖ𗧂ł傤.

  o  [Ũz[fBNg SUID/SGID vOuĎs
     闝R͑S܂.  root ȊÕ[U݉\ȃp[
     eBVɑ΂Ă /etc/fstab  nosuid IvVg܂傤.
     ܂, [Ũz[p[eBV /var ł nodev  noexec g
     ƍl邩܂.  ̃IvV̓vO̎s
     , LN^foCXEubNfoCX̍쐬֎~܂.  
     ͂ɂKv͂ł.

  o  NFS păt@CVXeGNX|[gĂꍇ͕K, AN
     ZXł茵ݒ肵Ă.  ܂ /etc/exports łł
     茵ANZXsĂ.  ̓ChJ[hg
     Ȃ, root ł̏݃ANZXȂ, ł
     ݎpŃGNX|[gƂƂł.

  o  t@C쐬 umask ł茵ݒ肵Ă.  ``umask
     ̐ݒ'' .

  o  NFS ̃lbg[Nt@CVXepăt@CVXe}E
     gĂȂ, K /etc/exports œK؂Ȑtݒɂ
     Ă.  ʂ `nodev', `nosuid', ꂩ瑽 `noexec' ]
     ł傤.

  o  ftHg unlimited F߂̂ł͂Ȃ, t@CVXeɐl
     ݒ肵܂傤.  \[Xs PAM W[
     /etc/pam.d/limits.conf g, [Uʂɐ䂷邱Ƃł܂.
     Ⴆ, O[v  users ͈̐ȉ̂悤ɂȂ܂:

                       @users     hard  core    0
                       @users     hard  nproc   50
                       @users     hard  rss     5000

  ̐ݒ, RAt@C̍쐬֎~, vZX̐ 50 ɐ, 
  ̎gpʂ[U 1 l 5MB ɐ̂ł.

  o  /var/log/wtmp, /var/run/utmp t@Cɂ, VXȇSẴ[U
     OCL^L^Ă܂.  ̃t@C͐΂Ȃ悤
     ɂȂĂ͂Ȃ܂.  Ƃ̂, ̃t@Cgă[U (
     邢͐N҂ł\l) , ǂVXeɓ
     ̂m邱Ƃł邩ł.  ̃t@C̃p[~bV 644
     ɂׂł.  ̐ݒ͒ʏ̃VXeɉe^܂.

  o  immutable rbgg, ȂĂ͂ȂȂt@Ĉŏ
     ㏑邱ƂhƂł܂.  ̃rbgg, N
     ̃t@Cɑ΂V{bNN쐬̂hƂł
     ܂ (V{bNN͍܂ /etc/passwd 
     /etc/shadow ̍폜܂ލU̎iƂȂĂ܂).  immutable
     rbg̏ɂĂ, IC}jA chattr(1) QƂ
     .

  o  SUID, SGID ꂽt@CVXeɂƃZLeBɂƂĂ͐
     ݓIɊ댯Ȃ̂, ̃t@C͂ƊĎĂȂ΂Ȃ
     ܂.  ̂悤ȃvO͎s[UɓʂȌ^
     , SłȂvO΂ɃCXg[Ȃ悤ɂKv
     ܂.  NbJ[DŎggbNƂ, root  SUID 
     ꂽvO, ̃ZLeBz[ǂĂɎg
     闠Ƃ, SUID ꂽvOcĂ@܂.

     VXe SUID/SGID ꂽvOSČ, 炪ǂ
     ȂĂ邩Ď܂.  N҂̉\̃t@C̕
     ɒӂĂ.  VXe SUID/SGID ꂽvOS
     Čɂ͈ȉ̃R}hg܂:

                       root#  find / -type f \( -perm -04000 -o -perm -02000 \)

  Debian fBXgr[V, SUID ꂽt@C݂邩ǂ
  𒲂ׂWu𖈔ӎs܂.  , ӂ̎sʂƔr
  ܂.  ̃O /var/log/setuid* ŎQƂł܂.

  vO chmod g SUID  SGID ̃p[~bV
  Ƃł܂.  ǂĂKvƎvɂ̓p[~bV
  Ƃł܂.

  o  SẴ[U[݉\ȃt@C(ɃVXet@C), N
     bJ[Ȃ̃VXeɃANZX, C邱ƂɂZL
     eBz[ƂȂ肦܂. , N߂fBNgƂ
     ̂, NbJ[RɃt@C̒ǉE폜ł邽ߊ댯
     .  VXeɂ邱̂悤ȃt@C̈ʒu肷ɂ, ȉ
     R}hg܂:

                       root# find / -perm -2 ! -type l -ls

  ꂩ, ǂẴt@C݉\ɂȂ̂m߂
  .  ʂɑ삵Ăꍇł, /dev ̂̃t@CV
  {bNN܂߂, Nł߂t@C܂.
  , ! -type l p,  find R}ȟʂ炱
  菜Ă.

  o

     L҂̂Ȃt@CN҂VXeɃANZX\
     ܂.  L҂Ȃt@C, ǂ̃O[vɂĂȂt@C
     , ȉ̃R}hŌ邱Ƃł܂:

                       root# find / -nouser -o -nogroup -print

  o  .rhosts t@C邱Ƃ, VXeǗ҂̓Ɩ̈ꕔ
     .  ̃t@CVXeɐݒû͋ׂłȂł.
     NbJ[lbg[NŜɃANZX\𓾂邽߂ɂ, 
     SłȂAJEg 1 ΗǂƂƂYȂł
     .  VXȇSĂ .rhosts t@C͈ȉ̃R}hŌ
     Ƃł܂:

                 root# find /home -name .rhosts -print

  o

     ŌɂȂ܂, VXet@C̃p[~bV̕ύX, 悤
     ƂĂ邱ƂKĂɂĂ.  𓮂߂
     yȕ@Ƃ, t@C̃p[~bVςĂ͂܂
     .  p[~bVςOɂ, t@C̃p[~bV
     ȂĂ闝RKĂ.

  5.1.  umask ̐ݒ

  umask R}hg, VXẽftHg̃t@C[h
  邱Ƃł܂.  umask l͐ݒ肵t@C[h 8 ił̕␔
  ɂȂ܂.  p[~bVɊւws킸Ƀt@C𐶐
  , p[~bV^ׂłȂ҂ɑ΂ēǂݏ̃p[~b
  VӐ}ɗ^Ă܂܂.  ʏ umask l̐ݒ
  022, 027, 077 ł. 077 ͍łݒł. ʏ umask l
  /etc/profile Őݒ肳, VXȇS[UɓKp܂.  t@C
  }XN, 777 ]̒lZ邱ƂɂČvZ邱Ƃł
  ܂.  , umask l 777 ł, Vt@C
  ͒Nɑ΂ĂǂݏƎs̃p[~bV܂. }XN 666
  Ȃ, Vt@C̃[h 111 ƂȂ܂.  Ⴆ, 
  ̂悤ȍsݒł܂:

                       # Set the user's default umask
                       umask 033

  , root [U umask l͕K 077 ɂĂ.  Ă
  , chmod gĖIɕςȂ, ̃[U̓ǂݏƎs͖
  ɂȂ܂.  umask l 033 ݒ肵ꍇɂ, VfB
  Ng̃p[~bV 744 ɂȂ܂.  ̒l 777  033 
  ēꂽ̂ł.  umask l 033 pĐVt@C
  p[~bV 644 ܂.

  Red Hat gĂ, Red Hat ̃[U ID, O[v ID ̍쐬@
  (User Private Groups) ɏ]ꍇ, umask ɂ 002 ݒ肵ĂΏ\
  ł.  ̗R, ftHg̐ݒ 1 O[v 1 [U
  ߂ł.

  5.2.  t@C̃p[~bV

  VXeǗsׂłȂ[UO[v̌ł̓VXet@C
  ύXłȂ悤ɂĂ̂͏dvȂƂł.

  UNIX  t@CƃfBNg̃ANZX 3 ̓ (L, O
  [v, S)ɕĂ܂.  ɈlwL, Cӂ̐l
  wO[v, ĂȊȎSł.

  ȉ UNIX ̃p[~bVȒPɐ܂:

  L (ownership) - m[h₻̐em[h̃p[~bVݒ
  ̃[U, O[vsƂł̂܂.

  p[~bV(permissions) - t@Cɑ΂čsƂłANZX
  ̎ނ߂rbg.  gł, fBNg̃p[~bV
  ̓t@C̃p[~bVƂ͈ӖقȂ邱Ƃ܂.

  ǂݏo(read):

  o  t@C̓e邱Ƃł

  o  fBNg̓e邱Ƃł

  (write):

  o  t@C̓e̒ǉ, Cł

  o  fBNg̃t@C̏t@Cړł

  s(execute):

  o  oCĩvOVFXNvgsł

  o  ǂݏõp[~bVƑgݍ킹, fBNg𒲂ׂ邱
     ł

     eLXgۑ: (fBNgp)
        fBNgɓKpꍇ, usticky rbgv̈Ӗ̓t@C
        KpꍇƈقȂ܂.  sticky rbgfBNgɐݒ肳
        Ăꍇɍ폜łt@C, ̃fBNgւ̏݌
        ƂĂ, LĂt@CIɏ
        ^Ăt@Cł.  ̃rbg /tmp ̂悤
        ȃfBNĝ߂ɗpӂꂽ̂ł.  ̂悤ȃfBNg
        ͒Nł݂͂ł܂, NłRɃt@CF߂
        ͖̂]܂܂.  fBNgڍו\, sticky
        rbg t ŕ\܂.

     SUID : (t@Cp)
        ̓t@Cւ SUID p[~bV܂.  [U ID 
        ANZX[hL҂̃p[~bVŐݒ肳Ă, 
        ̃t@Cs\ł, svZX, vZX
        N[Uł͂Ȃ, t@CLĂ郆[UɊÂ
        VXẽ\[XɃANZXł܂.  ͊e 'buffer
        overflow' ǓƂȂ܂.

     SGID : (t@Cp)
        O[ṽp[~bVŐݒ肳Ă, ̃rbg̓t@C
        ́uO[v ID ݒvԂ𐧌䂵܂.   SUID Ɠ悤
        ɓ삵܂, [Uł͂ȂO[ve󂯂_قȂ
        .  ̃rbgɌʂ邽߂ɂ, ͂t@C͎s
        \łȂ΂܂.

     SGID : (fBNgp)
        (chmod g+s directory s) fBNg SGID rbgݒ
        ꍇ, ̃fBNgɍꂽt@C̓fBNg̃O
        [vɐݒ肳ꂽO[v܂.

  Ȃ       - t@C̏L

  O[v     - ȂO[v

  S         - L҂łO[ṽołȂ, VXȇS

  t@C̗:

               -rw-r--r--  1 kevin  users         114 Aug 28  1997 .zlogin
               1Ԗڂ̃rbg - fBNg?        (no)
                2Ԗڂ̃rbg - L҂ǂݏo邩?  (yes, [U kevin \)
                 3Ԗڂ̃rbg - L҂߂邩?  (yes, [U kevin \)
                  4Ԗڂ̃rbg - L҂sł邩?  (no)
                   5Ԗڂ̃rbg - O[v͓ǂݏo邩 (yes, users O[v\)
                    6Ԗڂ̃rbg - O[v͏߂邩? (no)
                     7Ԗڂ̃rbg - O[v͎sł邩? (no)
                      8Ԗڂ̃rbg - Nłǂݏo邩?     (yes, Nł\)
                       9Ԗڂ̃rbg - Nł߂邩?     (no)
                        10Ԗڂ̃rbg- Nłsł邩?     (no)

  ȉ̍s, ANZX̐ɕKvȍŏ̃p[~bVW߂
  .  ۂɂ, Ɏȏ̃p[~bV^邱ƂKv
  ܂, ̃t@CɊւŏ̃p[~bVӖ
  Ƃ͎̂悤Ȃ̂ł:

       -r--------  L҂ɓǂݍ݃ANZX܂
       --w-------  L҂Ƀt@C̏Cƍ폜܂
                   (̃t@CĂfBNg̏݃p[~bV
                    [U, t@C̏㏑폜sƂł܂)
       ---x------  ̃vO̎s܂. VFXNvg̏ꍇ
                   ꂾł͑肸, ɓǂݍ݃p[~bVKvł.
       ---s------  u[U ID = LҁvƂĎss܂
       -------s--  uO[v ID = O[vvƂĎss܂
       -rw------T  uŏIXVvXV܂. ʏ̓Xbvt@C
                   Ɏg܂.
       ---t------  Ӗł(ȑO sticky rbĝł).

  fBNg̗:

               drwxr-xr-x  3 kevin  users         512 Sep 19 13:47 .public_html/
               1Ԗڂ̃rbg - fBNg?        (yes, ̃t@C)
                2Ԗڂ̃rbg - L҂͓ǂݏo邩?  (yes, [U kevin \)
                 3Ԗڂ̃rbg - L҂͏߂邩?  (yes, [U kevin \)
                  4Ԗڂ̃rbg - L҂͎sł邩?  (yes, [U kevin \)
                   5Ԗڂ̃rbg - O[v͓ǂݏo邩?(yes, users O[v\)
                    6Ԗڂ̃rbg - O[v͏߂邩?(no)
                     7Ԗڂ̃rbg - O[v͎sł邩?(yes, users O[v\)
                      8Ԗڂ̃rbg - Nłǂݏoł邩?(yes, Nł\)
                       9Ԗڂ̃rbg - Nł߂邩?    (no)
                        10Ԗڂ̃rbg- Nłsł邩?    (yes, Nł\)

  ȉ̍s, ANZX̐ɕKvȍŏ̃p[~bVW߂
  .  ̈ȊOɂ̃p[~bVKvƎv܂
  , ͂̃t@Cɑ΂ŏ̃p[~bVŋLqł
  ͂ł:

  dr--------  e͕\ł܂, t@C͓̑ǂݏo܂
  d--x------  fBNgɓ, sɐ΃pẌꕔƂĎgƂ
              ł܂.
  dr-x------  L҂t@CǂݏoƂł܂
  d-wx------  JgfBNgłȂĂ, t@C̐/폜s
              ܂
  d------x-t  ݋Ăl̓t@CƂ֎~܂.
              /tmp Ŏg܂.
  d---s--s--  Ӗł.

  VXeݒt@C (ʂ /etc ɂ܂) ͒ʏ, [h 640
  (-rw-r-----) , root L҂ł.  ̓TCgɂZLeB
  ̗vɂĒ邱Ƃł܂.  VXet@C̓O[v
  ̃o[Ȃ͖lɏ߂悤ɂĂĂ͂܂.  ꕔ
  t@C (/etc/shadow )  root ɂǂ߂ȂԂłȂ΂Ȃ܂
  , ȂƂ /etc ɂfBNg͂̑̃[UANZX
  Ă͂܂.

     SUID ꂽVFXNvg
        SUID ꂽVFXNvg̓ZLeBɏdȊ댯yڂ
        , J[l͂𖳎܂. ̃VFXNvgǂꂾ
        SƎvĂĂ, NbJ[ root ̃VFDĂ܂
        \܂.

  5.3.  VXẽ`FbN

  [J (ălbg[N) VXeɑ΂U𔭌
  ʂ̗ǂ@, Tripwire, Aide, Osiris ̂悤, VXe
  ĂȂǂ`FbNvOs邱Ƃł.  
  dvȃoCiݒt@CSẴ`FbNT, QƒlƂĐ
  ƂĂȑO̒l̃f[^x[XƔr܂.  ,
  ̃t@C̕ύX͑SĒm邱Ƃł܂.

  ̎̃vOtbs[fBXNɃCXg[, ̃tbs[
  𕨗Iɏ݋֎~ɂĂƂ悢ł傤.  Ă, N
  ҂ɂ̓VXe`FbNvOf[^x[X₂邱Ƃs
  \ɂȂ܂.  񂱂̎̂̂ݒ肵, ʏ̃ZL
  eBǗƂ̈ꕔƂĎs, ύXȂĂȂ`FbN
  Ƃ悢ł傤.

   tbs[fBXÑ`FbNvOs, ɂ̌ʂ
  [ő悤 crontab ݒ肷邱Ƃł܂.  ݒ͈ȉ̂悤
  ɂȂ܂.

                       # set mailto
                       MAILTO=kevin
                       # run Tripwire
                       15 05 * * * root /usr/local/adm/tcheck/tripwire

  sʂ͌ߑO 5  15 Ƀ[ő܂.

  `FbNvO, ƂȂĂCÂOɐN҂𔭌
  V̔z܂ɂȂ蓾܂.  ʓIȃVXeł͑̃t@CύX
  ܂̂, NbJ[̓, gsƂɒӂĂȂ
  ͂Ȃ܂񂩂.

  Tripwire ̃I[v\[Xȃo[W
  http://www.tripwiresecurity.comɂ܂. ł.  }jAƃT
  |[g͗Lœ肷邱Ƃł܂.

  Aide  http://www.cs.tut.fi/~rammer/aide.html ɂ܂.

  Osiris  http://www.shmoo.com/osiris/ ǂ.

  5.4.  gC̖ؔn

  ugC̖ؔn (Trojan Horse)v̓z[X̃C[AXɏĂ
  LȌvɗR閼Oł. {Iȍl, ֗ȃvO
  oCipӂĂ, 𑼐lɃ_E[h root [UƂ
  ĎsƂ̂ł.  ɂ, 肪CÂȂɃVX
  ep邱Ƃł܂.  ɓꂽoCidĂ (
  Ă𗧂Ă邩܂) ƎvĂԂ, ̃oCi
  ZLeBjĂ܂̂ł.

  , }VɃvOCXg[鎞ɂ͒ӂKvł.
  Red Hat  MD5 `FbNT PGP { RPM t@C񋟂,
  [U{̃pbP[W肵Ă̂ǂ`FbNł悤
  Ă܂.  ̃fBXgr[Vɂl̎dg݂܂.  f
  mꂸ, \[X񋟂ĂȂoCi root ŎsĂ͂
  ܂!  Nł悤ȃ\[XR[hJU҂͂قƂ
  ǂ܂.

  Ԃ͂邩܂, vÕ\[XR[h͂̐̌J
  TCg肷ׂł.  vO root ŎsȂ,
  Ȃ, ȂMĂl\[XR[h, ׂł.

  5.5.  pX[h̃ZLeBƈÍ

  ݗpĂZLeB@\̂łdvȂ̂̂ЂƂpX
  [hł. ȂƂȂ̃}Ṽ[U̗, pX[hS
  ɂ̂ɂĂƂ厖ł.  ŋ߂ Linux fBXg
  r[V̂قƂǂɂ, ȒPɐłpX[h͐ݒłȂ
  ɂȂĂ passwd vOĂ܂. passwd vO
  V̂̂, ̂悤ȋ@\Ă邩ǂm߂Ă܂傤.

  ÍɂĂ̓˂񂾋c_͖{͈̔͂zĂ܂܂, 
  xȂΗǂł傤. Í͑ϕ֗ł, Ԃ񍡓ł͕K{Ƃ
  ł傤.  ɑ̎ނ̃f[^Í̕@܂, 
  ꂼꂪĂ܂.

  قƂǂ UNIX(Linux Oł͂܂), DES (Data Encryption
  Standard) ƌĂ΂ЁÍASYɎgăpX[h
  ÍĂ܂.  ÍꂽpX[h()/etc/passwd  (
  ʓIłȂł) /etc/shadow ɕۑ܂.  [UOC
  Ƃ, ͂pX[h͍ĂшÍ, pX[hi[Ă
  t@C̊YڂƔr܂.  炪v΃pX[h͓
  ͂Ȃ̂, OC܂.  DES ͑öÍASY
   (L[^, Íł)Ȃ̂ł, قƂ
   UNIX gĂ̂ DES ̈ŕЕ̃ASYł.  
  , /etc/passwd (܂ /etc/shadow) ̓epX[h𓾂邽߂
  Íǂ邱Ƃ͕s\Ȃ͂ł.

  pX[h\Ƀ_łȂꍇ, "Crack"  "John the Ripper"
  (``'' ͂Q)̂悤ȗ͔C̍UłpX[h𐄑ł܂.  PAM
  W[ (q) 𗘗p, ʂ̈Í[` (MD5 Ȃ) gp
  ܂.  Crack ɂǂg܂.  pX[hf[^x[Xɑ΂
  ĒI Crack s, SłȂpX[h̂ł.  
  Ė̂郆[UƘb, pX[hς悤Ɏw܂.

  ǂpX[ȟߕɊւɂĂ
  http://consult.cern.ch/writeup/security/security_3.html QƂĂ
  .

  5.6.  PGP yьJÍ

  PGP ɎgĂJÍ, 錮ÍɎg, ʂ̌𕜍
  ɎgÍł.  ]̈Í, ÍƕɓgĂ܂.
  ̌͒ʐM̗mĂȂ΂Ȃ炸, 炩̈Sȕ@ő
  Ȃ΂Ȃ܂ł.

  ÍɎgSɓ]Kv𖳂, JÍł 2 
  ̕ʁX̌(JƔ閧)p܂.  eĂJ͒Nł
  gƂł, Í͂gčs܂.  , e͎̔閧
  Ă, JgĈÍꂽbZ[W͂g
  ĕ܂.

  JgÍɂ閧gÍɂ_͂܂.  ̈Ⴂ
  ɂĂ, ̃ZNV̍ŌɎ the RSA Cryptography FAQ
  <http://www.rsa.com/rsalabs/newfaq/> ɐ܂.

  PGP (Pretty Good Privacy)  Linux łƃT|[gĂ܂.
  o[W 2.62  5.0 ̓삪mFĂ܂.  PGP ւ̓g
  ɂĂ, PGP FAQ Ɨǂł傤.
  http://www.pgp.com/service/export/faq/55faq.cgi

  K, Ȃ̍ŗpło[WgĂ.  ̓A
  JO{ɂAô߂ł, ͂ȈÍdqIɍO֓]
  邱Ƃ֎~Ă邩ł.

  ݂͗Ao̊Ǘ EAR(Export Administration Regulations)sĂ
  .  ͂ ITAR (: International Traffic in Arms Regulations ̗
  ) ł͊ǗĂ܂.

  Linux ł PGP ̐ݒɊւXebvoCXebṽKCh
  http://mercury.chem.pitt.edu/~angel/LinuxFocus/English/November1997/article7.html
  ɂ܂.  PGP ̍ۃo[Wpɏꂽ̂ł, A
  JOo[WɂȒPɓKpł܂.  ŐVo[W Linux ̈
  ł̓pb`KvɂȂ邱Ƃ܂.  ̃pb`
  ftp://metalab.unc.edu/pub/Linux/apps/crypto œł܂.

  PGP I[v\[XŃt[ɎƂĂvWFNg
  ܂.  GnuPG  PGP ɒu邱Ƃł, ɊĂt[
  vOł.  GnuPG  IDEA  RSA gĂȂ̂, Ɏg
  p邱Ƃł܂.  GnuPG  OpenPGP ɂقڏĂ܂.  ڂ
   GNU Privacy Guard  WWW y[W (http://www.gnupg.org/) 
  .

   (̈Ӗ):

  o  IDEA: International Data Encryption Algorithm ̗.  128 rbg̔
     pÍASY, XCX Ascom-Tech Ђ
     Ă܂.

  o  RSA: JpÍ, dqɎgĂASY, 
     ̂ 3 l̊J(Rivest, Shamir, Adleman)̓ƂĂ
     .  čł 1983 Nɓ̔F󂯂Ă܂.

  ÍɊւڂ RSA cryptography FAQ ɏĂ܂.  
   http://www.rsa.com/rsalabs/newfaq/ ł܂.  ̃hL
  gɂ "Diffie-Hellman @", "JÍ", "dqF" Ƃp
  ւ񂪍ڂĂ܂.

  : { http://www.rsa-japan.co.jp/faq/index.html ɂ܂.

  5.7.  SSL, S-HTTP, HTTPS, S/MIME

  [U͊eZLeBƈÍvgR̈Ⴂ, ̎gɂ
  Ă悭₵Ă܂.  ̃hLg͈ÍɊւ̂ł͂Ȃ
  ̂ł, evgR̓eȒPɐ, ̂肩ЉĂ
  ̂ȂƎv܂.

  o  SSL: - SSL (邢 Secure Sockets Layer) Netscape J
     @, C^[lbgŃZLeB񋟂܂.  SSL ͂
     ̈قȂÍvgRƃNCAgƃT[o̔F؎@
     ܂.  SSL ̓gX|[gw𑀍삵, f[^̈SȈÍ`l
     𐶐̂, ef[^V[XɈÍ邱Ƃł܂.
     SSL  Communicator ňSȃTCgɍs, SȃIChL
     gɃANZXɌ܂.  ̂ Netscape
     Communicator ̃f[^ÍƓl,  Communicator g
     SȒʐM̊{ƂėpӂĂ܂.  ڂ
     http://www.consensus.com/security/ssl-talk-faq.html ɂ܂.
     Netscape ̑̃ZLeB@\̎, ̃vgR̎
     ɂĂ, http://home.netscape.com/info/security-doc.html œ
     ł܂.

  o  S-HTTP: - S-HTTP ̓C^[lbgł̈SȃT[rX񋟂ʂ
     vgRł. ̃vgR, @ (confidentiality), F
     (authentication), S (integrity), ۔Fh~ [ ̒NƊԈႤ
     Ƃ蓾Ȃ] ^邽߂ɐ݌vĂ, ܂, eg
     UNVɂʐMƂ̃IvṼlSVG[Vʂ,
     ̌Ǘ@\ƈÍASYT|[g܂.  S-HTTP ,
     Ẵ\tgEFAłg܂. ܂, ꂼ
     ̃bZ[WƗɈÍ܂.  [ RSA Cryptography FAQ  138
     y[W]

  o  S/MIME: - S/MIME (Ȃ킿 Secure Multipurpose Internet Mail
     Extension), Ídq[₻̑̎ނ̃C^[lbg
     bZ[WŎgÍ̕Wł.  RSA JI[v
     ȕWȂ̂, Linux p̂̂Ԃ߂ɓoꂷł傤.
     S/MIME Ɋւڂ
     http://home.netscape.com/assist/security/smime/overview.html ɂ
     ܂.

  5.8.  Linux ɂ IPSEC ̎

  CIPE ⑼̌`̃f[^ÍƂƂ, Linux p IPSEC ̎
  ܂.  IPSEC  IETF Ki, ÍꂽSȒʐMoH
  IP lbg[Nxō, ܂F, S, ANZX, @
  񋟂܂. IPSEC ̏ƃC^[lbghtg
  http://www.ietf.org/html.charters/ipsec-charter.html ɂ܂.  
  ܂߂đ̃vgRւ̃N, IPSEC ̃[OXgA[JC
  u܂.

  University of Arizona ŊJꂽ x-kernel Linux Ƃ, Iu
  WFNgx[X̃t[[Ng x-kernel ƌĂ΂lbg[N
  vgRĂ܂. 
  http://www.cs.arizona.edu/xkernel/hpcc-blue/linux.html ɂ܂.  
  GcɌ, x-kernel ̓J[lxł̃bZ[WpbVO̎@
  ł, ɂeՂɂȂĂ܂.

  Ƃ͕ʂ̃t[ɗpł IPSEC ̎ Linux FreeS/WAN IPSEC 
  .   WWW y[Wp

  ũT[rXp, MłȂlbg[NɈ
  Sȃgl\z邱Ƃł܂.  MłȂlbg
  [Nʂf[^͑S IPSEC Q[gEFC}VɂÍ
  , ̔΂̒[̃Q[gEFCɂĕ܂.
  ɂ艼zvCx[glbg[N (Virtual Private Net-
  work, VPN) ł܂. , SłȂC^[lbgŐ
  ꂽقȂ镡̃TCg܂łĂ, IɃvCx[
  gȃlbg[Nłv

  Ƃ̂Ƃł.

   http://www.xs4all.nl/~freeswan/ œ肷邱Ƃł܂.  
  hLg̎Mɂ傤ǃo[W 1.0 ɂȂ܂.  ̌`
  ÍƓlɗAoĂ邽, ftHgł̓J[lƋɔzz
  Ă܂.

  5.9.  ssh  (Secure Shell)  stelnet

  ssh  stelnet , [g̃VXeɃOC, Íꂽڑ
  s߂̃vOQł.

  openssh  rlogin, rsh, rcp ̈SȑpiƂĎgvOQ
  .  ssh  2 ̃zXgԂ̒ʐMƃ[UF؂JÍgĈÍ
  ܂.  ssh gƈSɃ[gzXgɃOC, zXgԂ
  f[^SɃRs[肷邱Ƃł, 荞ݍU(ZbṼn
  CWbN) DNS ̂hƂł܂.  ssh ͐ڑŃf[^k
  s, zXgԂł̈S X11 ̒ʐMs܂.

  ܂ł, ssh ɂ͉ނ̎܂.  Data Fellows ЂɂI
  Wȉp̎ The ssh home page http://www.datafellows.com ɂ
  ܂.

  The excellent Openssh ̑f炵 Data Fellows  ssh ̏
  o[Wɂ, Ɋւ镔LȂȂ悤Ɋ
  Sɍ蒼܂. t[, BSD CZX̌ɂ܂.
  http://www.openssh.com ɂ܂.

  "psst..." ƂO, ssh ꂩĎ悤ƂI[v\[X
  vWFNg܂.  ڂ http://www.net.lut.ac.uk/psst/ 
  .

  ssh  Windows PC  Linux  ssh T[oɑ΂ĎgƂł܂.
  Windows p̃NCAg̎͂܂.  1 
  http://guardian.htu.tuwien.ac.at/therapy/ssh/ ł, DataFellows ɂ
  鏤p̎ http://www.datafellows.com ɂ܂.

  SSLeay  Netscape  Secure Sockets Layer vgR̃t[̎
  .  ɂ Secure telnet, Apache p̃W[, ̃f[^
  x[X̃AvP[V܂܂Ă, DES, IDEA, Blowfish
  ̃ASY܂܂Ă܂.

  ̃Cug, telnet ڑ̃f[^Í telnet ̈
  SȑփvO܂.  SSH ƈقȂ, stelnet  Netscape
  J SSL (Secure Sockets Layer) vgRg܂.  Secure
  telnet  Secure FTP  SSLeay FAQ 炽ǂČ邱Ƃł܂.
   FAQ  http://www.psy.uq.oz.au/~ftp/Crypto/ ɂ܂.

  : {
  http://www.infoscience.co.jp/technical/crypto/ssleay_jp.html ɂ
  .

  SRP ͕ʂ̈S telnet/ftp ̎ł.  WWW y[Wp

       uSRP vWFNg͐EŃt[ɗpłSȃC^[
       lbg\tgEFAJĂ܂.  SɈS telnet 
       ftp ̔zzn߂Ƃ, X͎アlbg[NF؂, ZL
       eB̂߂Ƀ[UC^tF[X]ɂȂ͂Ȃ̂
       uƍlĂ܂.  ZLeBIvVȂ
       ƂłȂ!  ZLeB̓ftHgłȂ΂Ȃ܂
       v

  Ƃ̂Ƃł.

  ڂɂĂ http://srp.stanford.edu/srp Ă.

  5.10.  PAM - \ȔF؃W[

  ŋ߂̃o[W Red Hat Linux fBXgr[Vł, "PAM" 
  Ă΂铝ꂳꂽFؕ@gĂ܂.  PAM g, VXe
  삳܂܂ŔF؂̕@vύX邱Ƃƃ[J̔Fؕ@J
  vZ邱Ƃ\ɂȂ܂. oCi͈؍ăRpCKv
  ܂.  PAM ̐ݒ͖{͈̔͂z܂, K PAM ̃EFuTC
  g, ڂĂĂ.
  http://www.kernel.org/pub/linux/libs/pam/index.html

  PAM ŉ\ɂȂ邱Ƃق̏񋓂܂.

  o  pX[h DES ȊÖÍp. (͔C̉ǂȂ܂)

  o  T[rXWQUsłȂ邽, SẴ[Uɑ΂ă\[
     X (vZX, ̑傫) ̐.

  o  VXe𓮍삳܂, VhEpX[h(q)𗘗p\ɂ.

  o  ̃[Uɂ, ̉񐔂̂, ̏ꏊ烍OC
     .

  VXẽCXg[ƐݒsԂ̊Ԃ, ۂɍU󂯂O
  ̍U\hĂƂł܂.  Ⴆ PAM g, z[
  fBNg .rhosts t@C̎gpVXeŜŖɂ邱Ƃ
  ł܂.  ݒ /etc/pam.d/rlogin Ɉȉ̂悤ȍsǉ܂:

                       #
                       # Disable rsh/rlogin/rexec for users
                       #
                       login auth required pam_rhosts_auth.so no_rhosts

  5.11.  Íɂ IP ̃JvZ (Cryptographic IP Encapsulation,
  CIPE)

  ̃\tgEFÅ{IȖړI, C^[lbĝ悤ȈSłȂp
  Pbglbg[NʂS (gtBbN, UbZ[W
  ޓɑ΂) Tulbg[NԐڑ񋟂邱Ƃł.

  CIPE ̓f[^lbg[NxňÍ܂.  ܂, lbg[N
  ̃zXgԂ]pPbgÍ܂.  ÍGW̓p
  Pbg𑗎MhCő߂ɔzu܂.

  CIPE , ڑƂɃ\PbgxŃf[^Í SSH Ƃ͈قȂ
  .  قȂzXgŎsĂvOԂ̘_IȐڑÍ
  ܂.
  CIPE ͉zvCx[glbg[N (Virtual Private Network) \z
  邽߂, glOŎgƂł܂. ჌ẍÍɂ, Av
  P[V\tgEFAύXȂĂ, VPN ɐڑĂ 2 
  lbg[NԂœߓIɓ삳邱ƂłƂ_܂.

  CIPE ̃hLg̗vł:

       IPSEC W, Íꂽ VPN \z邽 (ɂ
       ) ɎgƂłvgRQ`Ă܂.  
       , IPSEC ̓IvV񂠂rIdĕGȃvg
       RQ, vgRQ̊SȎ͂܂قƂǎgĂ
       , ꕔ̖ (ǗȂ) ͂܂Sɂ͉Ă܂
       .  CIPE ͔rIȒPȃAv[`Ă, CIPE ɂ
       ăp[^ł邱Ƃ̑ (ۂɎgÍASY
       ̑IȂ), CXg[ɑÎɌŒ肳܂.
       ͏_𐧌܂, ȒP (, I
       ŃfobO₷) Ȃ܂.

  ڂ http://www.inka.de/~bigred/devel/cipe.html ɂ܂.

  ̈ÍƓl̗Aô, CIPE ̓J[lƈꏏɂ͔zz
  ܂.

  5.12.  Kerberos

  Kerberos  MIT  Athena Project ŊJꂽF؃VXeł.  [
  UOC, Kerberos (pX[hp)[UF؂,
  lbg[NɕUĂ鑼̃T[ozXgɑ΂ă[U̐g
  邽߂̕@񋟂܂.

  ꂩ, ̔F؏ rlogin ̂悤ȃvOg, [UpX
  [hő̃zXgɃOC邱Ƃ邽߂Ɏg܂
  (.rhosts t@C̑). ̔Fؕ@[VXeŎg, [
  ɔzBꂽƂ̕ۏ؂, M҂Ăʂ
  ̃[Uł邱Ƃ̕ۏ؂s܂.

  Kerberos тɕtĂvO, 郆[U, 
  ̃[UłƃVXeɎv킹úvIɕs\ɂ܂.
  Kerberos ̃CXg[͎cOȂVXeɐ[̂ɂȂ
  ̂, {IȃvOCꊷ肵Ȃ΂Ȃ
  ܂.

  Kerberos Ɋւڂ the kerberos FAQ ɂ, R[h
  http://nii.isi.edu/info/kerberos/ ɂ܂.

  [Ql: Stein, Jennifer G., Clifford Neuman, and Jeffrey L. Schiller.
  "Kerberos: An Authentication Service for Open Network Systems." USENIX
  Conference Proceedings, Dallas, Texas, Winter 1998.]

  Kerberos ̓zXg̃ZLeB̂߂Ɏׂŏ̃Xebvł
  ܂.  Kerberos ͔ɕGł, Ⴆ SSH قǎgĂ
  킯ł܂.

  5.13.  VhEpX[h

  VhEpX[h, ÍꂽpX[hʃ[UB
  @ł.  Red Hat  Debian ̗Ƃ, ŋ߂̃o[Wł̓ftHg
  ŃVhEpX[hg悤ɂȂĂ܂, ق̃VXeł, 
  ꂽpX[h͕, Nłǂ߂ /etc/passwd Ɋi[Ă
  .  , NłpX[hvOsăpX[h
  悤Ǝ݂邱Ƃł܂.  VhEpX[hł, ̏
  ͓[Uǂ߂Ȃ /etc/shadow t@CɊi[܂.  Vh
  EpX[h𗘗p邽߂ɂ, pX[hփANZXKv
  [eBeBSăVhEpX[hΉɍăRpCKv
  ܂.  (q) PAM gĂ, VhEW[gp邾
  悭, st@CăRpCKv͂܂.  KvȂ
  Shadow-Password HOWTO QƂďڂ𒲂ׂĂ.  ̃h
  Lg http://linuxdoc.org/HOWTO/Shadow-Password-HOWTO.html ɂ
  ܂. ̃hLg݂͌͑ÂȂĂ܂, PAM T|[g
  ĂfBXgr[Vł͂Ԃsvł傤.

  : a http://www.linux.or.jp/JF/JFdocs/Shadow-Password-
  HOWTO.html ɂ܂.

  5.14.  "Crack"  "John the Ripper"

  ɂpX[h邱Ƃ passwd vOɂċ
  ƂłȂꍇ, pX[hNbLOvOs,
  [ŨpX[hSǂmFƂ悢ł傤.

  pX[hNbÑvO, PȍlɊÂē삵܂.  
  ܂, ɍڂĂPƂ̒P̕ω`Ɏ̂ł.  
  ꂼÍ, ÍꂽpX[hƔׂ܂.  炪
  v, pX[h킩܂.

  ̂悤ȃvO͂񂠂܂, ̒ł "Crack"  "John
  the Ripper" (http://www.false.com/security/john/index.html)  2 
  Lł.   CPU p[ʂɏ܂, \߂s
  Ƃ, U҂̃c[gĐN邱Ƃł邩ǂ
  m邱Ƃł, ƎȃpX[hgĂ郆[Uɒӂ邱Ƃł
  ܂.  U҂̓pX[ht@C (UNIX ł /etc/passwd) 肷邽
  ߂, ܂̃ZLeBz[˂Ȃ΂Ȃ܂, ͓ǎ
  ̊F񂪍lĂӂĂ̂ł邱Ƃ͒mĂĂ
  .

  łアzXg̋Ŝ̃ZLeB̋ɂȂĂ܂܂.  
  , lbg[N Windows }Vꍇɂ L0phtCrack 
  ׂׂƂƂ͌yĂlł傤.   Crack 
  Windows p̎ł.   http://www.l0pht.com œł܂.

  5.15.  CFS (Ít@CVXe) TCFS (ߓIÍt@CVXe
  )

  CFS ̓fBNgc[ŜÍ@, ̃c[ɈÍ
  t@CuƂł܂.  ̓[J}V NFS T[o
  삳܂.  RPM  http://www.zedz.net/redhat/ œ\ł, 
  Ɋւ ftp://ftp.research.att.com/dist/mab/ œ܂.

  TCFS  CFS ǂ̂, t@CVXeƂ̓i߂
  ł.  , [U͓ߓIɈÍt@CVXe𗘗p邱
  Ƃł܂.  ڂ http://edu-gw.dia.unisa.it/tcfs/ œ
  ܂.

  TCFS ͕Kt@CVXeŜŎgKv͂܂.  fB
  Ngc[Ŏgp邱Ƃł܂.

  5.16.  X11, SVGA, fBXvCɊւZLeB

  5.16.1.  X11

  OtBbNfBXvCSɂĂ, U҂͂pX[h
  D, ʂŌĂhLgǂ񂾂, ZLeBz[
  ˂ root DłȂ悤ɂĂƂ͏dvł.  X
  AvP[Vlbg[NzɃ[gœ삳邱Ƃ, [
  g̃VXeƂ̂ƂSĂ܂댯𔺂Ƃ
  .

  X ɂ̓ANZX@\܂.  ̒ōłȒPȂ̂̓z
  XgɊÂ̂ł.  xhost R}hp, fBXvCւ̃AN
  ZXzXgwł܂.  , ̋@\͔Ɋ댯
  .  }VɃANZXłl, xhost + s, eՂɐN邱
  ł܂.  , MłȂzXg̃ANZXȂ΂
  Ȃꍇɂ, ̃zXgɃOCĂ郆[U͒NłfBXvC
  ɕsANZX邱Ƃł܂.

  OĈ߂ xdm (X fBXvC}l[W) gĂꍇ, 
  ƗǂANZX@ł MIT-MAGIC-COOKIE-1 g܂傤.  ̋@\
   128rbǵuNbL[v𐶐, [Ũz[fBNg
  .Xauthority t@CɊi[܂.  [g̃}VɃfBXvCւ
  ANZXɂ, xauth R}h .Xauthority t@C̏
  g, ̐ڑ悤ɂ܂.  Remote-X-Apps mini-
  howto .  http://linuxdoc.org/HOWTO/mini/Remote-X-
  Apps.html œł܂.

  : Remote-X-Apps ̘a ܂.

  X ̐ڑSɍs߂ ssh (Oq ``'' ̍QƂ̂) g
  Ƃł܂.  ssh ɂ, [UߓIɈƂł, уlb
  g[NɈÍĂȂf[^Ȃ, Ƃ 2 ̗_
  ܂.

  X ̃ZLeBɂĂ̏ڂɂĂ, IC}jA
  Xsecurity QƂĂ. SȍƂĂ, R\[ɃOC
  Ƃɂ xdm g, [g̃TCg X ̃vOs
   ssh gƂł.

  5.16.2.  SVGA

  SVGAlib gvO̓rfI֌W̃n[hEFA𑀍삷邽, 
   root  setuid ܂. ͔Ɋ댯ł.  vONb
  Vꍇ, ʂ̓R\[ɖ߂߃}VċNȂĂ͂
  ȂȂĂ܂܂.  ̂悤ȃvOɂĂ, mɐM
  邱, 邢͏ȂƂ͐Mpł邱Ƃm߂Ă.
  ł, gȂ̂ǂł傤.

  5.16.3.  GGI (Generic Graphics Interface project)

  Linux GGI vWFNg Linux ̃rfIC^tF[X̖ɂĂ
  Ƃ̉Ă悤Ƃ鎎݂ł.  GGI ł Linux ̃J[lɏ
  rfI֌W̃R[h, ărfIփANZX܂.  ܂, GGI
  g΂łR\[𐳏ȏԂɖ߂Ƃł܂.  ܂,
  secure attention key gƂł, R\[ŃgC̖ؔn
   login vOĝh܂.
  http://synergy.caltech.edu/~ggi/

  6.  J[l̃ZLeB

  ł̓ZLeBɊ֘AJ[lݒIvV̐, 
  gɊւs܂.

  J[l̓Rs[^̃lbg[N𐧌䂷̂, J[l̏
  SɂĂƂ, J[l̂̂jȂ悤ɂ邱Ƃ͏d
  vł. ŋߏolbg[NÛh߂, J[l
  o[W͍ŐVɕۂ悤ɂׂł. VJ[l
  <ftp://ftp.kernel.org> ܂͂g̃fBXgr[Ṽx_
  ł܂.
  {Ƃ Linux J[lpɂЂƂɓꂽÍpb`񋟂Ă
  ۓIȃO[v܂.  ̃pb`, eÍTuVXeAo
  ̂߂ɖ{Ƃ̃J[lɊ܂܂ĂȂ@\񋟂܂. ڂ
  ɂĂ̓O[v WWW y[W http://www.kerneli.org .

  6.1.  o[W 2.0 ̃J[l̃RpCIvV

  2.0.x J[lł͈ȉ̃IvVY܂.  J[lݒ肷
  ɂ̃IvVmF邱ƂɂȂł傤.  ɋR
  g̑ ./linux/Documentation/Configure.help Ă܂.  
  ̃Rg, J[l̃RpCmake config  Help @\ŎQƂ
  hLgƓ̂ł.

  o  Network Firewalls (CONFIG_FIREWALL)

     ̃IvV Linux }VŃt@CAEH[\zۂ IP }
     XJ[hsۂɗLɂׂł.  Pɕʂ̃NCAg}V
     ɂȂ no Ɛݒ肷̂Sł傤.

  o  IP: forwarding/gatewaying (CONFIG_IP_FORWARD)

     IP forwarding Lɂ, Linux }V͖{IɃ[^ɂȂ
     .  ̃}Vlbg[NɌqĂ, lbg[N
     ʂ̃lbg[NɃf[^]Ă邩ꂸ, NȂ
     ߂ɐݒuĂhΕǂԂ󂵂Ă܂.  ʏ̃_CAAbv
     [U͂𖳌ɂƎvł傤, ̃[U͂s
     Ƃ̃ZLeBIȈӖǂlׂł.  hΕǂ̃}V͂
     Lɂ, hΕǂ̃\tgEFAƑgݍ킹Ďgƍl
     傤.

     IP forwarding ͈ȉ̃R}hœIɗLɂ邱Ƃł܂:

               root#  echo 1 > /proc/sys/net/ipv4/ip_forward

  ܂̃R}hŖɂ邱Ƃł܂:

               root#  echo 0 > /proc/sys/net/ipv4/ip_forward

  /proc ɂt@ĆuzIvȃt@Cł, \t@C
  傫, oĂf[^̗ʂ𔽉fĂȂƂ͊oĂ
  .

  o  IP: syn cookies (CONFIG_SYN_COOKIES)

     uSYN Uv̓T[rXWQ(DoS)ÛЂƂł.  }Ṽ\[X
     Sċ򂢒ׂĂ܂, u[g͂߂ɒǂ݂܂.  ̃Iv
     VLɂĂȂR͕ʂ͍l܂.  2.2.x n
     J[lł, ̐ݒIvV͒P syn cookie 邾,
     Lɂ͂܂.  Lɂɂ͈ȉ̃R}hsKv
     ܂:

                  root# echo 1 > /proc/sys/net/ipv4/tcp_syncookies <P>

  o  IP: Firewalling (CONFIG_IP_FIREWALL)

     ̃IvVKvɂȂ̂, }VhΕǂƂĐݒ肷鎞,
     IP }XJ[hs PPP ̃_CAAbvC^tF[XoR
     ҂_CAAbv}VɓĂ̂hł.

  o  IP: firewall packet logging (CONFIG_IP_FIREWALL_VERBOSE)

     ̃IvVg, M, M, |[g̖hΕǂ󂯎
     pPbgɊւ񂪋L^܂.

  o  IP: Drop source routed frames (CONFIG_IP_NOSR)

     ̃IvV͗Lɂׂł. n_ŌoHݒ肳ꂽt[
     (source routed frames) , I_܂ł̑Ŝ̃pXpPbgɎ
     ܂.  ܂, pPbgʂ郋[^̓pPbgKv
     , Pɓ]΂悢ƂƂł.  ͊댯ł邩Ȃ
     f[^VXeɓ\܂.

  o  IP: masquerading (CONFIG_IP_MASQUERADE)

     Linux }VhΕǂƂē삵Ăꍇ, ̃[Jlbg[
     ÑRs[^̂ЂƂOɐڑ悤Ƃ, Linux }V
     ̃zXǵuʂvƂł܂.  ܂, Linux }V
     [Jlbg[Ñ}Vz肵ĂI_AhXփg
     tBbN]܂, ̃gtBbNhΕǂ̃}V痈
     Ɍ܂.  ڂɂĂ
     http://www.indyramp.com/masq .

  o  IP: ICMP masquerading (CONFIG_IP_MASQUERADE_ICMP)

     ÕIvV TCP gtBbN UDP gtBbÑ}XJ[
     fBOs܂, ̃IvV ICMP ̃}XJ[fB
     Os悤ɂ܂.

  o  IP: transparent proxy support (CONFIG_IP_TRANSPARENT_PROXY)

     ̃IvV, Linux }V̖hΕǂ̓ߓI_CNg@\L
     ɂ܂.  ܂, [Jlbg[Nn_ł, I_
     [gzXgł悤ȔCӂ̃lbg[NgtBbN[J
     T[o (uߓIvLVT[ov) Ƀ_CNg܂.
     ɂ, [J̃Rs[^Ƀ[gƒʐMĂƎv
     Ȃ, ۂɂ̓[J̃vLVƐڑԂɂ܂. ڂ
      IP-Masquerading HOWTO  http://www.indyramp.com/masq 
     .

  o  IP: always defragment (CONFIG_IP_ALWAYS_DEFRAG)

     ʂ͂̃IvV͖ɂȂĂ܂, hΕǂ IP }XJ[
     hszXg\zꍇɂ, ̃IvVLɂȂ
     ͂ł.  zXgʂ̃zXg܂Ńf[^鎞, f[^
     KPƂ̃f[^pPbgő킯ł͂Ȃ, ̃p
     Pbgɕ܂. ̖̂_, |[gԍ͍ŏ̃p
     Pbgɂi[ĂȂƂł.  ܂, ҂ĂȂ
     ͂̏̐ڑ̎c̃pPbgɓ邱Ƃ\Ȃ̂ł.  
     ̃IvV, teardrop Uɑ΂pb`𓖂ĂĂȂzXg
     ɑ΂ teardrop UhƂł͂ł.

  o  Packet Signatures (CONFIG_NCPFS_PACKET_SIGNING)

     ̃IvV 2.2.x ñJ[lŗp\ȃIvV, Z
     LeBłɂ邽߂ NCP pPbgɏ悤ɂ܂.
     ʏ͖ɂĂč\܂, KvȂ΂ǂ.

  o  IP: Firewall packet netlink device (CONFIG_IP_FIREWALL_NETLINK)

     ͎ɕ֗ȃIvV, [UԃvÕpPbg̐擪
      128 oCg͂, ɊÂẴpPbgۂ
     ߂悤ɂł܂.

  6.2.  o[W 2.2 ̃J[l̃RpCIvV

  2.2.x J[lł̃IvV͓ł, VIvV
  JĂ܂. ɋRg̑
  ./linux/Documentation/Configure.help Ă܂.  ̃Rg
  , J[l̃RpC make config  Help @\ŎQƂłh
  LgƓ̂ł.  ȉł͐VǉꂽIvV
  ܂.  Kvȑ̃IvVɂĂ, 2.0 p̐QƂĂ
  .  2.2 J[lɂő̕ύX_, IP firewalling ̃R[hł.
  2.2 J[l, IP firewalling sɂ, ipchains g悤ɂ
  ܂.  2.0 J[lŎgĂ ipfwadm ͎g܂.

  o  Socket Filtering (CONFIG_FILTER)

     ̐lɂƂĂ, ̃IvV no ݒ肵Ă̂Sł.
     ̃IvVg, [UԂ̃tB^Cӂ̃\Pbgɐڑ
     , pPbg󂯎邩ۂ邩߂邱Ƃł܂.  ǂ
     ĂKv, tB^̂悤ȃvOg߂Ȃ̂Ȃ, ̃Iv
     Vɂ no ݒ肷ׂł. { HOWTO ̎M_ł, TCP 
     SẴvgRT|[gĂ܂.

  o  Port Forwarding |[g] (Port Forwarding)  IP }XJ[hւ
     ǉ@\ł, w肳ꂽ|[gɂꕔ̃pPbgɂ, h
     Εǂ̊Oւ̓]܂.  ̃IvV𗧂
     , Ⴆ WWW T[ohΕǂ̒ IP }XJ[hszXǧ
     Ŏs, O̐EANZXł悤ɂꍇł.
     ÕNCAghΕǂ 80 ԃ|[gɃNGXg𑗂, h
     ǂ͂̃NGXg WWW T[oɓ]܂.  WWW T[o̓NGX
     g, ̌ʂhΕǌoRŌ̃NCAgɑ܂.  N
     CAgɂƂĂ, hΕǂ̃}V WWW T[oĂ悤Ɍ
     ܂.  ̋@\, hΕǂ̌ɑS\ WWW T[o
     ꍇɕג (load balancing) s߂ɂg܂.

     ̋@\Ɋւ
     http://www.monmouth.demon.co.uk/ipsubs/portforwarding.html ɂ
      (WWW ɂ, C^[lbgɐڑĂ,  lynx 
     Netscape ̂悤ȃvOg}VKvł). ʓIȏ
     ɂĂ ftp://ftp.compsoc.net/users/steve/ipportfw/linux21/ 
     .

  o  Socket Filtering (CONFIG_FILTER) ̃IvVg, [U
     vO͔Cӂ̃\PbgɃtB^t邱Ƃł, ̎
     ̃f[^\PbgoRŎ擾ۂɋ邩ۂ邩J[l
     Ɏw邱Ƃł܂.  Linux ̃\PbgtB^O, 
     TCP SĂ̎ނ̃\Pbgœ삵܂.  ڂ̓eLXgt@C
      ./linux/Documentation/networking/filter.txt .

     : J[l̃\[XɊ܂܂ĂeLXgt@ĈƂł.

  o  IP: Masquerading J[l 2.2  IP }XJ[h͉ǂĂ܂.
     ȃvgR̃}XJ[fBÕT|[gǉĂ܂.
     ڂ IP Chains HOWTO .

  6.3.  J[lfoCX

  Linux ɂ, ZLeB̌ɂgubNfoCXLN^f
  oCX܂.

  /dev/random  /dev/urandom Ƃ, ł_ȃf[^o
   2 ̃foCXJ[lɗpӂĂ܂.

  /dev/random  /dev/urandom ͂ǂSł, PGP ̌ ssh 
  `W̐, _ȐKvƂ鑼̃AvP[V
  ŗpł͂ł.  ͂ƂĐ̏V[PX^
  , U҂̐\邱Ƃ͕s\Ȃ͂ł.  ̓͂
  ӖɂČtʂ胉_ł邱Ƃۏ؂邽
  , ςȓw͂sĂ܂.

  2 ̃foCX̗B̈Ⴂ, /dev/random ̓_ȃoCgSĎg
  _, vZs߂̃[Ȗ҂Ԃ蒷_ł.  ꕔ̃VX
  eł, [UGgs[VXeɓ̂҂,
  ubNĂ܂ƂɒӂĂ.  , /dev/random
  gOɂ͋CtKv܂.  (̗p̍ŗǂ̏ʂ͂
  , @L[͏𐶐鎞, [UɁu͂, \łvƕ\
  ܂ŃL[{[hJԂ@Ă炤ꍇł)

  /dev/random ͔ɍĩGgs[, 荞݊Ԃ̎ԓ̑
  l琶Ă܂. ̃foCX͏\ȃrbg̃_f[^
  p\ɂȂ܂ŃubN܂.

  /dev/urandom lł, Ggs[̕ێʂȂȂ, ݕ
  Ăl̈ÍwIɋnbVlԂ܂.   /dev/random
  قǈSł͂܂, قƂǂ̖ړIɑ΂Ă͂ŏ\ł.

  ̃foCX͈ȉ̂悤ɂēǂݏoƂł܂:

               root#  head -c 6 /dev/urandom | mmencode
               root#  head -c 6 /dev/urandom | mimencode

  ̓R\[ 8 ̃_ȕo͂܂.  pX[h
  ǂɂ悢ł傤.  mimeencode  metamail pbP[WɓĂ܂.

  ASY̐ɂĂ, /usr/src/linux/drivers/char/random.c 
  QƂĂ.

  ɂĕM(Dave)ɋĂ, Theodore Y. Ts'o , Jon
  Lewis 񑼂 Linux-kernel ML ̊FɊӂ܂.

  7.  lbg[ÑZLeB

  lbg[Nɐڑ鎞ԂΒق, lbg[ÑZL
  eBdvɂȂĂ܂.  lbg[ÑZLeBj邱Ƃ, 
  I邢̓[J̃ZLeBjȒPȂƂ, 肠
  ӂꂽƂł.

  lbg[ÑZLeBmۂx邽߂̗ǂc[͂
  , ̑ Linux ̊efBXgr[VɂtĂ܂.

  7.1.  pPbg

  N҂lbg[Nł葽̃VXẽANZX𓾂邽߂ɂ悭
  g@̈, ɈpĂzXgŃpPbgvOg
  Ƃł. ́uvOv, C[Tlbg̃pPbgXg[
   passwd, login, su ̂悤Ȃ̂Ď, ̌̃gtBbN
  OɎc܂. ̂悤ɂ, N҂͔j낤ƂƂĂȂVXe
  ̃pX[hĂ܂܂. (ÍĂȂ)pX[h,
  ̂悤ȍUɑ΂ĔɐƎł.

  : zXg A ͊ɔjĂ܂. U҂̓pPbgvOC
  Xg[܂. zXg C zXg B ւ̊Ǘ҂̃OCEo
  ܂. ܂Ǘ҂ B ɃOCƂ, l̃pX[h肵
  . ꂩ, Ǘ҂͉邽߂ su s܂. ̂
  , zXg B  root ̃pX[hł܂. , Ǘ҂N
  𑼂̃TCg̃zXg Z  telnet ܂. , U҂̓zXg Z
   password/login 肷邱Ƃł܂.

  ł, U҂͂̍Us߂ɃVXejKvȂǂ܂
  .  m[gp\RɎ, lbg[NɌqł܂΂
  ̂ł.

  ̍Uhɂ, ssh ̃pX[hF؂Í܂. POP ̏ꍇ
   APOP gƂ, ̍UhƂł܂. (ʏ POP ,
  pX[hÍɃlbg[Nɗ̂, ̍Uɑ΂Ĕ
  ɐƎł. )

  7.2.  VXeT[rX tcp_wrappers

  ǂȃlbg[Nł, Linux VXeڑOɂ܂mFׂ
  Ƃ, ǂ̃T[rX񋟂邩ł. 񋟂KvT[rX͖
  ׂł, 邱Ƃ Sz̎炷Ƃł, U
  ZLeBz[T]n܂.

  Linux ŃT[rX𖳌ɂ邽߂̕@͐FX܂.  /etc/inetd.conf
  t@C, inetd oRŒ񋟂ĂT[rXmF邱Ƃ
  ܂. Kv̖T[rX, RgAEg(s̐擪 # }
  ܂), inetd ̃vZX SIGHUP 𑗂邱ƂŖɂ邱Ƃł܂.

  /etc/services t@C̃T[rX폜 (܂̓RgAEg) 
  @܂.  ɂ胍[J̃NCAgT[rX
  ȂȂ܂ (Ⴆ ftp ̍폜, ̃}V烊[gTCg
  ftp , "unknown service" ƂG[ɂȂł傤).  ,
  T[rX̍폜ɔguɌ̉l͂Ȃł傤.  Ƃ
  ̂, /etc/services T[rX폜ĂZLeBシ킯
  ł͂Ȃł.  /etc/services  ftp ̍ڂRgAEgĂ
  , [J̃[U ftp g, FTP ̈ʓIȃ|[gԍ
  gNCAgpӂ΂Ɠ삷̂ł.

  LȂ܂܎cĂƂ悢T[rXɂ͈ȉ̂悤Ȃ̂܂:

  o  ftp

  o  telnet (or ssh)

  o  mail, such as pop-3 or imap

  o  identd

  ̃pbP[WgȂƂĂȂ, ̃pbP[WS
  폜@܂. Red Hat fBXgr[Vł, rpm -e
  pbP[W ƂR}hpbP[WŜ폜R}hł.
  Debian ̏ꍇ, dpkg --remove R}hœl̂Ƃsł܂.

  , rsh/rlogin/rcp [eBeB(/etc/inetd.conf  login
  (rlogin gp), shell(rcp gp), exec (rsh gp)̍ڂ܂)
  /etc/inetd.conf N̂𖳌ɂƎvƂł傤. 
  ̃vgR͔Ɋ댯ł, ߋɂU󂯂錴ƂȂĂ
  .

  /etc/rc.d/rc[0-9].d (Red Hat ̏ꍇ. Debian ł /etc/rc[0-9].d) fB
  Ng`FbN, svȃT[oNĂȂǂmF
  傤.  fBNg̃t@C͎ۂɂ /etc/rc.d/init.d
  fBNg (Red Hat ̏ꍇ. Debian ł /etc/init.d) ̃t@C
  ̃V{bNNł.  init.d fBNg̃t@C̖OύX
  , ̃t@Cɑ΂V{bNN𖳌ɂ邱Ƃł
  .  ̃x̃T[rX𖳌ɂꍇ, ̃T[rX
  ɑΉV{bNN̑啶 'S'  's' ɖ̕ύX
  . ͈ȉ̂悤ɍs܂:

              root#  cd /etc/rc6.d
              root#  mv S45dhcpd s45dhcpd

  BSD X^C rc t@C̃VXȅꍇɂ, svȃvO
  /etc/rc* T܂.

  قƂǂ Linux fBXgr[Vɂ, SĂ TCP T[rX
  ubsO()v tcp_wrappers tĂ܂.
  tcp_wrapper(tcpd), inetd ۂ̃T[ȏɌĂяo܂. tcpd
  ̓T[rXvzXg`FbN, T[őNANZXۂs
  ܂. /etc/hosts.allow t@C, ̃}ṼT[rX󂯂
  Kv}Vw肵܂傤.

  Ƃ_CAAbvڑĂ郆[U, SĂۂݒ߂
  ܂.  tcpd ̓T[rXւ̃ANZXsL^邱Ƃł̂, U
  󂯂ۂɂ͌x󂯂邱Ƃł܂.  VT[rXǉ
  ɂ, ꂪ TCP x[X̂̂Ȃ, K tcp_wrappers gݒɂ
  ł.  ႦΒʏ̃_CAAbv[U͊O̐ڑ֎~邱
  Ƃł܂, ̏Ԃł[̎擾C^[lbgւ̃lbg[
  Nڑ͂ł܂.  sɂ, /etc/hosts.allow Ɉȉ̐ݒǉ
  Ă:

  ALL: 127

  ܂, RȂ /etc/hosts.deny ֌W܂.

  ALL: ALL

  ɂ, O炠Ȃ̃}Vւ̐ڑ͑Sċ֎~܂, 
  C^[lbg̃T[oւ̐ڑ͋܂.

  tcp_wrappers ̂ inetd sT[rXł, I
  ]n͂قƂǂȂƂoĂĂ.  T[rX͑ɂ
  sĂ邩܂.  netstat -ta s, g
  ̃}VōsĂT[rXSĕ\邱Ƃł܂.

  7.3.  DNS ̊mF

  ̃lbg[N̑SẴzXgɊւčŐV DNS ۂƂ,
  ZLeB̌Ɍq܂. ĂȂzXglbg[N
  qꂽۂɂ, ̃zXg DNS GgȂƂ环ʂ邱
  Ƃł܂. T[rX̑͐ DNS GgȂ}V
  ̐ڑ󂯕tȂ悤ɐݒ肷邱Ƃł܂.

  7.4.  identd

  identd ͈ʓI inetd ̑ƂȂ鏬ȃvOł. identd 
  ǂ̃[Uǂ TCP T[rX󂯂Ă邩ɊĎ, vɉ
  ̌ʂ񍐂܂.

  ̐l identd ̗LvĂ, identd 𖳌ɂ, O
  TCg identd ւ̃NGXgubN肵Ă܂. identd
  ̓[gTCg邽߂ɂ̂ł͂܂. [g identd
  瓾f[^ǂmp͂܂. identd ̃NGX
  g͔F؂s܂.

  ł, ǂ identd ĝł傤? ͓ǎ҂̊F
  Ă邩ł, ǐՒ̍ۂ̃f[^ɂȂ邩ł.  identd p
  ĂȂ, [gTCg TCP T[rX󂯂[U⃆[
  UID m点邱Ƃł܂. [gTCg̊Ǘ҂߂ĂĔނ
  ̃TCgUĂƌĂꍇ, ȒPɂ̃[Uɑ΂čs
  NƂł܂.  identd ĂȂ, ʂ̃O
  , ̎ɒNׂ̂Ȃ΂Ȃ܂, ̃[U˂~
  邱Ƃ͈ʂɂƂĂԂƂł.

  قƂǂ̃fBXgr[VɕtĂ identd ͈ʂɎv
  ׂݒ肪\ł. ̃[Uɂ identd 𖳌ɂ
  邱Ƃł܂(.noident t@C܂), identd NGXg̃
  OSĎcƂł܂(̐ݒ߂܂), [Ȗ
  Ƀ[UID  NO-USER Ԃ悤ɂ邱Ƃł܂.

  7.5.  SATAN, ISS ̑̃lbg[NTvO

  }Vlbg[Ñ|[gT[rX̒Ts\tgEFÃpb
  P[W͂낢날܂.  SATAN  ISS, SAINT, Nessus ͂̎̃pb
  P[W̒łɗLȂ̂ł.  ̃\tgEFA͒Ώۂ̃}V
  (邢̓lbg[N̑SĂ̑Ώۃ}V) ̐ڑ\ȃ|[gSĂɐ
  , ̃|[gŒ񋟂ĂT[rXɂĒׂ悤Ƃ܂.  
  ̏ɊÂ, T[oɑ΂̍Uɑ΂ă}VƎł邩
  ǂׂ邱Ƃł܂.

  SATAN(Security Administrator's Tool for Analyzing Networks)̓EFu
  C^tF[X|[gTvOł. }V邢̓lbg[
  Nɑ΂, light, medium, strong ꂩ̃`FbNsݒ肪ł
  . SATAN 肵, ̃}Vlbg[N, 
  CƂ悢ł傤. K, SATAN  metalab
  <http://metalab.unc.edu/pub/packages/security/Satan-for-Linux/> L
  FTP/EFuTCg肵܂傤. ߋ, gC̖ؔnd܂ꂽ
  SATAN lbg[NŔzzꂽƂ邩ł.
  http://www.trouble.org/~zen/satan/satan.html. SATAN ͂΂炭XV
  ĂȂ, ̌Ő鑼̃c[̕ɗ܂.

  ISS (Internet Security Scanner) |[gvOł. ISS
   SATAN 삪ŷ, K̓lbg[NɌĂł傤.
  ,  SATAN ̕ڂ悤ł.

  Abacus , zXgx[X̃ZLeBƐNҔ̋@\c[
  . ڂɂĂ WWW ̃z[y[WĂ.
  http://www.psionic.com/abacus/

  SAINT  SATAN ̐Vo[Wł. SAINT ̓EFux[Xł,
  SATAN VǉĂ܂. ڂ
  http://www.wwdsi.com/saint Ă.

  Nessus ̓t[̃ZLeBvOł.  GTK ɂg
  ₷OtBJC^tF[XĂ܂. ܂, V|[gT
  ݒ肷邽߂̑f炵vOC@\Ă܂. ڂɂ
  Ă http://www.nessus.org Ă.

  7.5.1.  |[gT󂯂Ƃ̌o

  SATAN  ISS Ȃǂ̒TvOɂT󂯂Ƃx邽
  ɐ݌vꂽc[܂.  , tcp_wrappers ܂g
  , OIɌĂ, ̂悤ȒTƂ͂킩܂.
  Œ̐ݒł, SATAN  Red Hat ̕WVXẽOɍՂc
  .

  uȂv|[gT܂. TCP ACK rbgZbgĂp
  Pbg(mĂڑł͂ȂĂ܂)͑, pPbgtB^
  OshΕǂʉ߂ł傤. mĂZbV
  |[gԂ RST pPbg, ̃|[gĂ؋Ƃ
  󂯎邱Ƃł܂. TCP wrappers ͂ołȂƎv܂.

  7.6.  sendmail , qmail   MTA

  [Uɒ񋟂T[rX̒łɏdvȂ̂ 1 , [T[o
  ł. cOȂ, ͍UɓɎア̂ 1 ł܂. Pɂ
  ̗R, Ȃ΂ȂȂd̐Ƃ, ʂ root [U
  ̌KvƂ邩ł.

  sendmail gꍇɂ͓, KŐVo[WgƂdvł.
  sendmail ɂ̓ZLeB̖̒j܂. K
  Vo[W𓮍삳܂傤.  http://www.sendmail.org

  [𑗐M邾Ȃ sendmail sKv͂ȂƂ͒mĂ
  Ă. ƒ냆[Uł, sendmail SɎgȂĂ܂,
  [̑Mɂ͒PɃ[NCAggƂƂł܂.
  sendmail ̋Nt@C "-bd" tO폜Ăǂł傤. 
  ɂ胁[M̃NGXgɂȂ܂. , ܂ł̋N
  XNvgł͂Ȃȉ̃R}hg sendmail s΂悢
  Ƃł:

                       # /usr/lib/sendmail -q15m

  ɂ sendmail , ŏɑMƂɂ܂złȂ[
  ɂ, 15 ƂɑML[tbV܂.

  Ǘ҂̑ sendmail gȂ, ʂ̃[zG[WFgg
  悤ɂȂĂ܂. qmail ւ̏芷Ă悢ł傤. qmail
  ͓OIɃZLeBɒӂĐ݌vĂ܂.  qmail ͍
  , Sł. qmail  http://www.qmail.org œ肷邱Ƃł܂.

  : http://www.jp.qmail.org QlɂȂł傤.

  qmail ̑΍Rn "postfix" ł.   tcp_wrappers ̃ZLeB
  ֘Ac[̍҂ł Wietse Venema ꂽ̂ł.  ȑO
  vmailer ƌĂ΂, IBM ̎x󂯂Ă܂.  OIɃZL
  eBɔzďꂽ[zG[WFgł.  postfix Ɋւ
  ƏڂɂĂ http://www.postfix.org .

  7.7.  T[rXWQU

  uT[rXWQU(Denial of Service attack, DoS attack)v, \[X
  HׂƂɂ, ȃNGXgɉȂ悤ɂ, 
  ȃ[U}VɃANZXłȂ悤ɂUł.

  T[rXWQU͋ߔNƂĂĂ܂. ł, LȂ̂ŋ߂
  ̂Љ܂. V̂Ɍ̂, ͂ق
  ̈ꕔɉ߂Ȃ_ɂ͒ӂĂ. ŐV̏mɂ, Linux 
  ZLeB֘A[OXg bugtraq [OXg₱
  A[JCuǂ݂܂傤.

  o  SYN Flooding - SYN flooding ̓lbg[Nł̃T[rXWQUł.
      TCP ڑmۂ̎菇́uv𗘗p̂ł.
     V Linux J[l(2.0.30 ȍ~)ɂ, SYN flooding Uɂ胆[
     U}VT[rXɃANZXłȂȂ邱Ƃh߂̐ݒIv
     V܂. J[l̓K؂ȖhpIvVɂĂ, ``
     J[l̃ZLeB'' ̏͂QƂĂ.

  o  Pentium  "F00F" oO -͍ŋߌ̂, ̃AZu
     R[h Intel Pentium vZbTɑ, }Vu[g
     Ă܂Ƃ̂ł. ̉e, sĂ OS Ɋ֌WȂ
     Pentium vZbTςłSẴ}V󂯂܂(݊ CPU 
     Pentium Pro, Pentium II ł͖肠܂). Linux 2.0.32 ȍ~ɂ,
     ̃oOɑ΂ΏĂ̂, }V~܂Ă܂Ƃ
     ܂. J[l 2.0.33 ł̑Ώ͂ɉǂĂ, J[l
      2.0.32 ߂ł܂.  Pentium gĂ̂Ȃ,
     J[l̃o[Wɏグ܂傤!

  o  Ping Flooding - Ping flooding ͒Pȗ͔C̃T[rXWQUł.
     U҂͑ΏۂƂȂ}V ICMP pPbǵu^(flood)v𑗂
     . U鑤̃}VU󂯂鑤̃}VLoh
     Ăꍇ, U󂯂}V̓lbg[NɉȂȂ
     Ă܂܂. ̍Üł "smurfing U" ł, zXg
     ɑ΂, Ȃ̃}V IP AhXԓƂ ICMP pPbg
     𑗂, ΂Ȃ悤ɍ^𑗂܂. "smurf"  UɊւ
     http://www.quadrunner.com/~chuegen/smurf.txt ŏڂׂ邱Ƃ
     ܂.

     ping flooding U󂯂ꍇ, tcpdump Ȃǂ̃c[gĂǂ
     pPbĝ(邢͗悤Ɍ̂)𒲂, ǎ҂
     F񂪐ڑĂvoC_ɂ̃f[^ɊÂđk܂傤.
     ping flood U̓[^̃xhΕǂ̗pŊȒPɎ~߂邱Ƃ
     ܂.

  o  Ping o' Death - Ping o' Death U, ICMP ECHO REQUEST pPbg
     i[邽߂̃J[l̃f[^\̂傫 ICMP ECHO REQUEST
     pPbg𑗂̂ł. (65,510 oCg) "ping" pPbg 1 
     𑗂ő̃VXenO, NbV邱Ƃ
     邽, ̖͂̂܂ "Ping o' Death" ƂO
     . ̖͂ƑOɏCĂ̂, ݂͐Sz̕Kv͑S
     ܂.

  o  Teardrop / New Tear - ŋ߂̍U, Linux  Windows vbg
     tH[ IP tOe[ṼoO𗘗p̂ł. 
     ΂C̓J[l̃o[W 2.0.33 ōsĂ, ̏C
     Lɂ邽߂ɃRpC̃IvVIKv͂܂.
     Ƃ, Linux  'newtear' U͎󂯕tȂ悤ł.

     قƂǂ̍UɊւR[hт̃R[h̓쌴Ɋւ˂
     񂾐, http://www.rootshell.com ̌GWgĒׂ
     Ƃł܂.

  7.8.  NFS (Network File System) ̃ZLeB

  NFS ͑ύLgĂt@CLvgRł. nfsd  mountd
  삵ĂT[o}V, J[l NFS t@CVXẽT|[
  ggݍ܂Ă鑼̃}V(NFS NCAg@\T|[gĂ
   Linux łȂĂ\܂)Ƀt@CVXeŜuGNX|[gv
  邱Ƃł܂. mountd  /etc/mtab ɋL^Ă}Eg
  t@CVXeĎĂ܂. ̃t@CVXe
  showmount R}hŕ\邱Ƃł܂.

  ̃TCgł, [Ũz[fBNg񋟂邽߂ NFS p
  Ă, LAN ̂ǂ̃}VɃOCꍇɂz[fBNg
  gƂł܂.

  t@CVXeGNX|[g鎞ɂ, ZLeB
  Ƃł܂. nfsd ɂ̓[g root [U([UID = 0) 
  nobody [UƂĈ킹, GNX|[gt@CŜɂ̓ANZX
  Ȃ悤ɐݒł܂. , X̃[U͎(邢͏Ȃ
  Ƃ[U ID )t@Cɂ̓ANZXł̂, [J̃X[
  p[[U͂̃[UƂăOC邩 su s, ̃[U
  t@CSĂɃANZX邱Ƃł܂. ܂, ̕@͓ǎ҂̊F
  ̃[gt@CVXe}EgłU҂ɑ΂Ă͂Ƃ
  WQɂȂ܂.

  NFS gȂ΂ȂȂꍇ, {ɕKvȃ}VɃGNX|[g
  邱ƂOꂵ܂傤. [gfBNgȉSGNX|[g
  悤ȂƂ͐΂ɍsĂ͂Ȃ܂. GNX|[g̕KvfBN
  gGNX|[g܂傤.

  NFS ɊւڂɂĂ NFS HOWTO QƂĂ. 
  http://metalab.unc.edu/mdw/HOWTO/NFS-HOWTO.html ɂ܂.

  7.9.  NIS (Network Information service) (Ă YP)

  NIS (Ă YP) , ̃}Vɏzz邽߂̎dg݂ł.
  NIS }X^͏e[uێ,  NIS }bvt@Cɕϊ
  . ̃}bv̓lbg[Nœ邱Ƃł̂, NIS NCAg
  ̓OC, pX[h, z[fBNg, VF̏(WI
  /etc/passwd t@CɏĂSĂ̏)𓾂邱Ƃł܂. 
  ɂ, pX[hxς邾, NIS hC̑SẴ}V
  VݒLɂł܂.

  NIS ͑SSł͂܂. SɂȂ, yŕ
  ɎgƂړIł. NIS hC̖O𐄑łΒNł(lb
  g[N̂ǂł)pX[ht@C̃Rs[𓾂邱Ƃł,
  "Crack"  "John the Ripper" găpX[hj邱Ƃł܂.
  ܂, Ȃ肷܂̉gbNFX\ł. NIS gȂ΂Ȃ
  Ȃꍇɂ, ̊댯͒mĂĂ.

  NIS+ ƌĂ΂ NIS ƈSȑ֍􂪂܂. ڂ NIS
  HOWTO QƂĂ: (http://metalab.unc.edu/mdw/HOWTO/NIS-
  HOWTO.html).

  7.10.  hΕ(t@CAEH[)

  hΕǂ, [J̃lbg[Nɏoł𐧌䂷邽߂̎dg
  ݂ł.  , hΕǂɂȂzXg̓C^[lbgƃ[J LAN ɐ
  , Ȃ LAN C^[lbgւ̃ANZX͖hΕǂʂ蔲
  邵Ȃ悤ɂȂĂ܂.  ̂悤, hΕǂ̓C^[lbg
  LAN ̍s𐧌䂵܂.

  hΕǂɂ͂̎ނ, ̐ݒ@񂠂܂.  Linux
  ͂ȂǂhΕǂɂȂ܂.  hΕǂ̃R[h 2.0 ȍ~̃J[lɑg
  ݍނƂł܂.  J[l 2.0 ɂ [UԂœ삷 ipfwadm,
  J[l 2.2 ɂ ipchains Ƃc[g, lbg[N
  gtBbN̎ނVXe̓쒆ɕύX邱Ƃł܂.  
  lbg[NgtBbÑO邱Ƃł܂.

  hΕǂ̓lbg[N邽߂ɑϕ֗dvȋZpł. , h
  Εǂ邩Ƃ, ̓̃}ṼZLeBsKvȂ킯
  ͌Ă܂. ͋ɂ߂ďdȌł. hΕǂ Linux ɂ
  Ă̏ڂɂĂ, metalab ̍ŐṼA[JCuɂ Firewall-
  HOWTO ƂĂǂȂ̂, QƂĂ
  (http://metalab.unc.edu/mdw/HOWTO/Firewall-HOWTO.html).

  X IP-Masquerade mini-howto ɂ񂪂܂
  (http://metalab.unc.edu/mdw/HOWTO/mini/IP-Masquerade.html).

  ipfwadm (hΕǂ̐ݒύX邽߂̃c[) Ɋւڂ͈ȉ
  ̃z[y[Wɂ܂: http://www.xos.nl/linux/ipfwadm/

  hΕǂɊւołȂ̂, PȂZLeBjłȂ
  hΕǂ̂̂ݒ肷\ł, O'Reilly and Associates Ђ̏
  uFirewallsv܂͂̑̃IChLgKǂł.
  ̏Ђ̏ڂɂĂ http://www.ora.com/ .  
  WZp (The National Institute of Standards and Technology)
  hΕǂɊւf炵hLg܂Ƃ߂Ă܂.  t 1995
  NƂȂĂ܂, ݂łɖ𗧂܂. 
  http://csrc.nist.gov/nistpubs/800-10/main.html ɂ܂.  قɂ:

  o  The Freefire Project -- t[ɗpłhΕǗpc[̃Xg
     . http://sites.inka.de/sites/lina/freefire-l/index_en.html ɂ
     ܂.

  o  SunWorld Firewall Design -- O'Reilly ̏Ђ̒҂hL
     gł, e̖hΕǂȒPɏЉĂ܂.
     http://www.sunworld.com/swol-01-1996/swol-01-firewall.html ɂ
     .

  o  Mason -- Linux ̖hΕǎ\zc[ł.  Ȃlbg[
     Nł肽Ƃ, wKhΕǃXNvgł!  ڂ
     : http://www.pobox.com/~wstearns/mason/ ǂ.

  7.11.  IP Chains - Linux J[l 2.2.x ɂhΕǂ̍\z

  Linux  IP Firewalling Chains ̓J[l 2.0 ̖hΕǗp̃R[hJ[
  l 2.2 pɍXV̂ł.  ͈ȑO̎Ƒ̋@\
  Ă܂. ȉɗ񋓂܂:

  o  _ȃpPbg

  o  蕡GȃAJEeBO

  o  ɍׂ삪ł, ȒPȃ|V[ύX

  o  tOg̖IȃubN⋑ۂȂ

  o  pPbg̋L^

  o  ICMP/TCP/UDP ȊÕvgȐ

  , J[l 2.0  ipfwadm gł, ipfwadm ̃R}h`
   ipchains Ŏg`ɕϊXNvg܂.

  ڂ IP Chains HOWTO ǂ݂. 
  http://www.rustcorp.com/linux/ipchains/HOWTO.html ɂ܂.

  7.12.  zvCx[glbg[N(VPN, Virtual Private Network)

  VPN ͉炩̊lbg[N̏ɁuzIȁvlbg[Nm
  @ł.  ̉zlbg[N, ÍĂ, lbg[N
  Ă鉽炩̊m݂̑Ƃ̊Ԃ̃gtBbNʂȂ悤
  ȂĂ肵܂.  VPN , ƂōƂĂlƉЂ̓lbg[
  NC^[lbgoRŐڑ邽߂ɂ悭g܂.

  Linux  IP }XJ[hshΕǂgĂ,  MS  PPTP
  (Microsoft  VPN ڑ̂߂̐i) pPbgʉ߂Kv
  ɂ, s߂̃J[lpb`gĂ. ip-masq-vpn 
  .

  Linux ŗpł VPN ̃\[V͂܂:

  o  vpnd. http://sunsite.auc.dk/vpnd/ .

  o  Free S/Wan. http://www.xs4all.nl/~freeswan/ .

  o  ssh g VPN \z邱Ƃł܂. ڂ VPN mini-howto
     .

  o  vps (virtual private server). http://www.strongcrypto.com 
     .

  |C^ڂɂĂ, IPSEC ̏͂.

  8.  ZLeB̏ (lbg[NɐڑO)

  , VXẽ`FbNI, Sg₷̂ɂȂ, lbg
  [Nɐڑ鏀ł܂. ł, ۂɐNꂽꍇɔ
  Ă̏̂߂ɂׂƂ܂. sĂ, N
  ҂ɒǂ, VXe𕜋, ғ邱Ƃł܂.

  8.1.  }VŜ̃obNAbv̍쐬

  obNAbv̕@ۑ}̂ɂĂ̋c_͖{hLg͈̔͊Oł
  , obNAbvƃZLeBɂĊȒPɐGĂ܂:

  1 ̃p[eBVɓĂf[^ 650MB ȉł, CD-R 
  f[^Rs[Ɨǂł傤(₂ł, ƕۊǂ
  ԕۑł܂). e[vȂǂ̓ǂݏ\ȃfBA, obNAb
  vI莟揑݋֎~ɂ, ₂łȂ悤ɂׂł. obN
  Abv̓ICŃANZXłȂꏊɒu܂傤. ǂobNAb
  vĂ, ɃVXe̎_ɕ邱Ƃ
  ܂.

  8.2.  K؂ȃobNAbvv̌

  6 {̃e[vg񂷂ƊǗył. 4 {̃e[v𕽓Ɏg, c
  2 { 1 {jɊuTŎg܂. CN^obNAb
  vs, j̃e[v(K؂ȕ)ɂ̓tobNAbv܂.
  ɏdvȕύXVXeɂꍇ, dvȃf[^ꍇɂ,
  obNAbvŝK؂ł傤.

  8.3.  RPM t@Cf[^x[X Debian ̃t@Cf[^x[X̃obN
  Abv

  VXeɐNꂽ RPM f[^x[X tripwire Ɏg
  ł܂, ̓f[^x[X₂ĂȂƂmȏꍇ
  ł. ł, RPM f[^x[Xtbs[fBXNɃRs[Ă,
  Rs[^oĕۊǂĂ܂傤. Debian fBXg
  r[VɂĂlł.

  t@C /var/lib/rpm/fileindex.rpm  /var/lib/rpm/packages.rpm ͑
  tbs[fBXN 1 ɂ͎܂Ȃł傤.  łkΕʁX
  ̃tbs[fBXNɎ߂邱Ƃł͂ł.

  ɃVXeɐNĂ܂Ƃɂ, ̃R}hsăVXe
  ̊et@C܂:

                               root#  rpm -Va

  rpm ̃IC}jAQƂ, o͂ȂIvVɊ
  ܂. RPM ̃oCî₂ĂȂƂmF
  ł_͖YȂł.

  ̕@gꍇɂ, V RPM pbP[Wǉ邲Ƃ RPM f[
  ^x[X̃obNAbvȂ΂Ȃ܂. ̕@gǂ
  ͗_ƌ_l킹Č߂Ă.

  8.4.  VXeO̊Ď

  syslog 瓾񂪉₂Ȃ悤ɂ̂͂ƂĂdvł.  
  , /var/log ̃[UǂݏłȂ悤ɂĂ܂傤.

  Oɏo͂Ă邱,  auth ̍ڂɂ͖ڂʂ܂傤. Ⴆ
  OCsĂ, ͐N݂̎̍Ղ܂.

  Oǂɂ邩 fBXgr[VɂĈقȂ܂. Red Hat
  ̂悤 "Linux Filesystem Standard" ɏĂVXeł,
  /var/log  messages t@C mail.log ͂ł.

  gĂfBXgr[VǂɃOo͂Ă̂
  , /etc/syslog.conf t@C΂킩܂.  syslogd (VX
  ẽO邽߂̃f[), bZ[W̏o͂̎dw
  t@Cł.

  OȂ߂Ȃ悤ɂ, ₷邽߂, O[
  e[gXNvgf[ݒ肷邱Ƃł܂. ŋ߂ Red
  Hat fBXgr[Vł logrotate pbP[W𒲂ׂĂ݂܂傤.
  ̃fBXgr[Vɂl̎dg݂͂ł.

  Ot@C₂Ă܂Ă, , ǂȎނ̉₂sꂽ
  𒲂ׂ܂傤. ԋL^ĂȂڂ͂܂? (
  Ȃ)obNAbṽe[v, ₂ĂȂO`FbN邱
  ł܂.

  N̍Ղ, N҂͈ʓIɃOt@C₂܂, 
  łvʂƂŃ`FbNɈ邱Ƃ܂.  
  ƂĂ, root 𓾂邽߃vOsgp悤ƂĂ
  N҂ɋCÂ܂.  N҂O₂O, O
  ܂傤.

  su ɂ郆[UύX⃍OC̎ݓ̃[UAJEg܂ auth
  ̍ڂ, ̃O番ׂł傤.

  \Ȃ, dvȃf[^̃Rs[SȃVXeɑ悤 syslog 
  ݒ肵܂傤. ɂ, login/su/ftp ̋L^ĐN҂
  Ă܂Ƃh܂. syslog.conf ̃IC}jA @
  IvVQƂĂ.

  @\ł syslogd ܂. Ⴆ http://www.core-
  sdi.com/ssyslog/ ɂ Secure Syslog . Secure Syslog 
  g syslog ̃GgÍĒN₂łȂ悤ɂ܂.

  ʂ̍@\ syslogd ƂĂ syslog-ng ܂.  pƃO
  ̋L^_ɍsƂł, ܂[g syslog ̃Xg[
  ₂łȂ悤ɂ܂.

  ŌɂȂ܂, NǂłȂ悤ȃO͖ɗ܂. KɊ
  uăOǂ, ͂ǂȊł̂oIɒmĂ
  ܂傤. Ă, ُ킪ꍇɂɌ邱Ƃł
  .

  8.5.  VXeXVpbP[W̓Kp

  قƂǂ̃[U Linux  CD-ROM CXg[܂. , Z
  LeB̂߂̃VXeC͑y[XōsĂ̂, V (
  Cς݂)vOɃ[XĂ܂. }Vlbg[N
  ɐڑOɂ, g̃fBXgr[V FTP TCg`Fb
  N, CXg[Ɏg CD-ROM VpbP[WSĎɓ
  傤. ̃pbP[Wɂ̓ZLeB֘ȀdvȏCĂ
  Ƃ̂, CXg[̂͗ǂlł.

  9.  VXeɐNꂽꍇ⌻ݐNĂꍇ̑Ή

  {hLg(邢͑)̃AhoCXɏ]Ă, VXeւ̐N
  𔭌ꍇɂ͂ǂׂł傤? ܂ŏɂׂƂ, Â
  ۂƂł. Ăčs, N҂ɂߎSȂƂɂ
  邩܂.

  9.1.  ZLeBjĂŒ

  ZLeBjĂŒł邱ƂɋCÂ, ْd
  邱ƂɂȂł傤. Ȃǂ̂悤ɑΏ邩, dȈӖ
  邩ł.

  ꂪIȍUł̂Ȃ, Ȃ͉Ƃ, ɉ҂N
  ƂɋCÂƂƂȂ̂ł傤. ܂, ̂Ƃ̏ꏊ̐
  C҂ɒm点ׂł. Ȃ, NP[XJ悤ƂĂ
  , }Vu[g悤ƂĂ̂̂܂. 
  ꍇɂ, Ȃ̌ƐE菇ɊÂ, ~߂邩xɘA
  邱ƂɂȂł傤.

  [J̃[UZLeBj낤ƂĂ̂ꍇɂ,
  ܂͖{ɂ̖{lȂ̂ǂmF܂傤. ̐lOCĂ
  Ă錳̃TCg𒲂ׂ܂傤. ̃TCg͂̐liOCĂ
  Ƃł? Ⴄ̂Ȃ, lbg[NIȎiŘA܂
  . Ⴆ, ̐l̃ItBXƂɓdb蒼ڕĂb̂
  . ̐lƂF߂, 悤ƂĂ̂
  , ߂悤ɓ`܂. ĂȂƂ, SgɊo
  ƌꂽꍇɂ, ͍̎XɒKvł傤. sO
  ɂ, ܂𒲂ׂđ̏W߂܂傤.
  lbg[Nł̍Uꍇɂ, ܂(\Ȃ)lbg[N
  ւ̐ڑ؂藣܂.  fڑȂ΃fP[u𔲂, C[T
  lbgڑȂ΃C[TlbgP[u𔲂܂傤.  ɂ, 
  傫ȔQhƂł܂, 葤ɂɋCÂ, lbg
  [N̖肾Ǝv킹邱Ƃł邩܂.

  lbg[Nڑ؂藣Ȃꍇ(ZTCg, }V𕨗Iɑ
  łȂꍇ)ɂ, P̍Ƃ, tcp_wrappers  ipfwadm ̂悤
  c[gĐN҂̃TCg̃ANZXۂ܂傤.

  N҂ƓTCg̃[USċۂ邱ƂłȂꍇ, [UA
  JEgbNׂł.  [UAJEgbN̂͗eՂł
  Ƃɂ͒ӂĂ.  .rhosts t@C, FTP ł̃ANZX, 
  ɂȂ蓾zXgɂ͋CtĂ.

  ȏ̏u(lbg[N̐ؒf, U҂̃TCg̃ANZX, AJ
  Eg̒~)̌, ̃[ŨvZXSĎ~, OAEg
  ܂.

  U҂͖߂Ă悤Ƃł傤, ̌サ΂炭͎̃TCg
  Ďׂł. 炭, ʂ̃AJEgʂ̃lbg[NAhX
  gĂł傤.

  9.2.  ɃZLeBjĂ܂ꍇ

  ɃVXeɐNĂ܂ƂɋCÂꍇ, NɋCÂ (
  킭)N҂VXeǂoꍇɂ͂ǂ΂ł傤
  ?

  9.2.1.  ZLeB̌ǂ

  U҂VXeɐN@𒲂ׂ邱Ƃł, x͂̌
  Ȃ΂Ȃ܂. Ⴆ, ̃[UOC钼Oɂ
  FTP ̃GgƂ܂. ̏ꍇɂ FTP ̃T[rX~,
  Vo[W̃T[ooĂȂ, 邢̓ZLeB֌W̃[
  OXgɏC@eĂȂ𒲂ׂ܂傤.

  SẴOt@C𒲂, ZLeB֌W̃[OXgEFu
  y[W𒲂, C\ȐVʓIȎ_oĂȂׂ܂.
  Caldela ̃ZLeBC http://www.caldera.com/tech-ref/security/
  ɂ܂. Red Hat ͂܂ZLeBCƃoOC𕪗Ă܂
  , fBXgr[V̒ http://www.redhat.com/errata ɂ
  ܂.

  Debian ɂ̓ZLeB̂߂̃[OXg WWW y[W
  .  ڂ http://www.debian.org/security/ Ă.

  x_ZLeBXVpbP[W[XĂ, قڊm
   Linux x_ZLeBXVpbP[WoĂł傤.

  ݂̓ZLeBčsvWFNg܂. ̃vWFNg
  , [UԂœ삷郆[eBeBgDIɑSČ, ZL
  eBIȎ_I[o[t[̉\镔TƂsĂ
  .  ̃vWFNgɂAiEXȉɈp܂:

       uX Linux ֘Ã\[XR[h̑gDIȊčs
       OpenBSD Ɠ炢Sɂ悤ƂĂ܂. X͊ɂ
       ̖𖾂炩ɂ (ďC)܂, ܂܂
       ͂Kvł. ̃[OXg͒Nłeł܂,
       ZLeB֘ÄʓIȋc_ɂ𗧂\[Xł. 
       [OXg̃AhX security-audit@fer-
       ret.lmh.ox.ac.uk ł. wǂɂ security-audit-sub-
       scribe@ferret.lmh.ox.ac.uk ɋ󃁁[𑗂Ăv
  U҂ߏoȂ, ނ͂܂߂Ăł傤. Ȃ̃}V
  ɖ߂Ă邾łȂ,  LAN ɂ鑼̃}Vɂ邩܂
  . ނ炪pPbgvOsĂ, , ̃}Vɂ
  ANZXł悤ɂȂĂ邱Ƃł傤.

  9.2.2.  Q̌ς

  ܂Q̌ςs܂. 󂳂ꂽ̂ł傤?  Tripwire ̂悤
  ȃVXe̊S`FbNvOsĂ, Ȃɂ
  ꂽׂ̂鏕ƂȂ͂ł.  Ȃ, dvȃf[^SČ
  ɊmFȂ΂ȂȂł傤.

  ŋ߂ Linux ̃VXẽCXg[ȒPɂȂ̂, ݒt@C
  ۑĂĂfBXNtH[}bg, ăCXg[, [
  Ũt@CƐݒt@C߂Ƃ菇lĂ݂Ă悢ł
  .  , VĂꂢȃVXeł邱Ƃۏ؂ł܂.  j
  ꂽVXet@C̃obNAbvsȂ΂ȂȂꍇ,
  oCi߂ɂ͓ɒӂ܂傤.  N҂gC̖ؔnu
  Ă邩Ȃł.

  N҂ root Dꂽꍇɂ, ăCXg[K{ƍlĂ
  . , ؋cĂƎvł傤, \̃fBXN
  ɂɕۊǂĂƂʂł͂Ȃ܂.

  ̌, ǂꂾOɂꂽ̂, ĉ󂳂ꂽʂ̓obNAbv
  Ă̂ǂSzȂ΂Ȃ܂. ł邾VobN
  Abvg܂傤.

  9.2.3.  obNAbv, obNAbv, obNAbv!

  ZLeB̖ɂ, IȃobNAbv͑ϋMdȂ̂ł.
  VXej󂳂ꂽꍇ, Kvȃf[^obNAbv珑߂Ƃ
  ł܂. U҂ɂƂĉl̂f[^܂, ނ
  f[^j󂷂邾łȂ, ł܂܂. łŒ
  瑤Ƀf[^͎c܂.

  ₂ꂽt@CobNAbv珑߂Oɂ, ߋɘiĕ
  obNAbvKׂ܂傤.  N҂ƑOt@C󂵂
  邩Ȃ, 󂳂ꂽt@C̐obNAbvĂ邩
  ܂!

  , obNAbvɂ܂ZLeB̖񂠂܂.
  obNAbv͈Sȏꏊɕۊǂ܂傤. NobNAbvɐĜ
  mĂ܂傤. (U҂obNAbvɓĂ܂,
  mȂɂȂ̎SẴf[^ɃANZXĂ܂܂. )

  9.2.4.  N҂˂~߂

  , N҂ߏo, VXe𕜋܂, ܂SĂ͏I
  Ă܂. N҂߂܂邱Ƃ͂܂܂, U󂯂Ƃ͕
  Ăׂł.

  Ȃ̃VXeɍUsU҂̃TCg̊Ǘ҂̘A, U
  󂯂Ƃ񍐂܂傤. ̘A whois R}h, InterNIC 
  f[^x[XŒׂ邱Ƃł܂.  K؂ȃÕGgƓ𑊎
  Ƀ[ő܂傤.  ɂ킩ĂN҂̓, 
  m点܂傤.  [𑗂 (CɂȂȂ) dbׂł.
  ̊Ǘ҂Ȃ̃TCgւ̍U҂ɋCÂ, x͂̊Ǘ҂,
  U҂ĂĂTCg̊Ǘ҂ɘbł邩܂.

  r̗NbJ[, NbNVXeԂɂōU
  邱Ƃ悭܂. ̌oHɂ͎BVXejꂽƂ
  mȂTCg()܂. ł, NbJ[̖{nǐ
  ē˂~߂邱Ƃ͍ł. bǗ҂ɗȂĂ, ̕
  ̔zĂ܂傤.

  ܂, ĂZLeB֘Ac(CERT
  <http://www.cert.org/> ), g Linux VXẽx_ɂ
  ׂł.

  10.  ZLeB֌W̏

  UNIX ʂ̃ZLeB Linux ̃ZLeB̂ɂĂ,
  ǂTCg񂠂܂. ZLeBɊւ郁[OXg 1
  (邢͂ȏ)wǂ, ZLeBɊւCɍŐV̏Ԃ
  ĂƂdvł. ȉɋ郊Xg͗ʂȂł, ƂĂ
  LvȂ̂ł.

  10.1.  FTP TCg

  CERT  Computer Emergency Response Team ̗ł. CERT ͍ŐV̍U
  ̑ΏɂĂ̌x𔭍sĂ܂. ڂ cert.org Ă
  .

  ZEDZ ( Replay ƌĂ΂Ă܂) (http://www.zedz.net) ɂ̓ZL
  eB֘AvȎ傫ȃA[JCu܂.  ̃TCg̓A
  JOɂ͂܂̂, AJ̔nÍKɏ]Kv
  ܂.

  Matt Blaze  CFS ̍҂ł, ZLeB̑Ƃł. Matt 
  A[JCu ftp://ftp.research.att.com/pub/mab
  <ftp://ftp.research.att.com/pub/mab> ɂ܂.

  tue.nl ̓I_ɂ傫ȃZLeB֌W FTP TCgł.
  ftp.win.tue.nl

  10.2.  EFuTCg

  o  The Hacker FAQ ̓nbJ[Ɋւ FAQ ł: The Hacker FAQ

  o  COAST A[JCuɂ UNIX ̃ZLeB֘AvOƏ񂪂
     񂠂܂: COAST

  o  SuSe ɂZLeB̃y[W: http://www.suse.de/security/

  o  Rootshell.com ̓VXe̖m̂ɑϖ𗧂TCg, ݂
     NbJ[ɂgĂ܂: http://www.rootshell.com/

  o  BUGTRAQ ̓ZLeBɊւ銩𔭍sĂ܂: BUGTRAQ
     archives

  o  CERT (the Computer Emergency Response Team)  UNIX ɑ΂ʓI
     ȍUɊւ銩𔭍sĂ܂: CERT ̃z[y[W

     : {ł JPCERT (Rs[^ً}ΉZ^[) Ă
     .

  o  Dan Farmer  SATAN ̃ZLeB֘Ac[̍҂ł. 
     z[y[Wɂ̓ZLeBɊւ鋻[ʂZLeB
     ֘Ac[܂: Dan Farmers trouble.org

  o  The linux security WWW  Linux ̃ZLeB𒲂ׂ̂ɕ֗
     ȃTCgł: Linux Security WWW

  o  Infilsec ɂ͓̃vbgtH[̃ZLeBIȎ_𒲂ׂ邱
     Ƃł錟GW(vulnerability engine)܂:
     http://www.infilsec.com/vulnerabilities/

  o  CIAC ͈ʓIȖɂĒIɃZLeB bulitin 𑗂Ă
     ܂: http://ciac.llnl.gov/cgi-bin/index/bulletins

  o  Linux Pluggable Authentication Modules(ւ\ȔF؃W[
     )̗ǂ傪 http://www.kernel.org/pub/linux/libs/pam/ ɂ
     .

  o  Debian vWFNgɂ̓ZLeB֌W̏CpbP[WƏڂ
      WWW y[W܂ (http://www.debian.org/security/).

  o  WWW Security FAQ:  Lincoln Stein ꂽ, WWW ̃Z
     LeBɊւf炵Qlł.
     http://www.w3.org/Security/Faq/www-security-faq.html 
     .

  10.3.  [OXg

  Bugtraq: Bugtraq wǂɂ, listserv@netspace.org ɖ{

  subscribe bugtraq

  ([OXg̃A[JCuɂĂ, Oq̃NQƂĂ
  )

  CIAC: majordomo@tholia.llnl.gov , {(TuWFNgł͂܂)
  

  subscribe ciac-bulletin

  Red Hat ͂̃[OXg^cĂ܂, ̒ł
  dvȂ̂ redhat-announce [OXgł.  ZLeB (, 
  ̑) ̏CpbP[WɊւ񂪏oƂɂɓe܂.
  Subject 

  Subscribe

  redhat-announce-list-request@redhat.com ɑĂ.  ڂ
  L̃A[JCuɂĂ http://www.redhat.com/mailing-
  lists/redhat-announce-list/ .

  Debian vWFNgZLeBXVpbP[W[OXg
  ^cĂ܂. ڂ http://www.debian.org/security/ 
  .

  10.4.  

  ZLeB֌W̗Ǐ͂񂠂܂. ̏͂ł͂̈ꕔЉ
  . ZLeB̖{ɉ, VXeǗ̖{̑łZLeB
  ̘bĂ܂.

  : ̖{̘a󂪂΂Ђm点.

  Building Internet Firewalls By D. Brent Chapman & Elizabeth D. Zwicky

  1st Edition September 1995

  ISBN: 1-56592-124-0

  : a

  ̑aĖut@CAEH[̍\z `C^[lbgZLeB`v

  ЃIC[Wp, 1996

  ISBN: 4-900900-03-6

  Љy[W: http://www.oreilly.co.jp/BOOK/firewall/

  ł.

  Practical UNIX & Internet Security, 2nd Edition By Simson Garfinkel &
  Gene Spafford

  2nd Edition April 1996

  ISBN: 1-56592-148-8

  : a

  RpĖuUNIX & C^[lbgZLeBv

  ЃIC[Wp, 1998

  ISBN: 4-900900-38-9

  Љy[W: http://www.oreilly.co.jp/BOOK/puis/

  ł.

  Computer Security Basics By Deborah Russell & G.T. Gangemi, Sr.

  1st Edition July 1991

  ISBN: 0-937175-71-4

  Linux Network Administrator's Guide By Olaf Kirch

  1st Edition January 1995

  ISBN: 1-56592-087-2

  PGP: Pretty Good Privacy By Simson Garfinkel

  1st Edition December 1994

  ISBN: 1-56592-098-8

  : a

  R{aFĖuPGP Í[Ɠdqv

  ЃIC[Wp, 1996

  ISBN: 4-900900-02-8

  ł.

  Computer Crime A Crimefighter's Handbook By David Icove, Karl Seger &
  William VonStorch (Consulting Editor Eugene H. Spafford)

  1st Edition August 1995

  ISBN: 1-56592-086-4

  Linux Security By John S. Flowers

  New Riders;

  ISBN: 0735700354

  March 1999

  Maximum Linux Security : A Hacker's Guide to Protecting Your Linux
  Server and Network

  Anonymous

  Paperback - 829 pages

  Sams;

  ISBN: 0672313413

  July 1999

  : a

  gbvX^WIuLinux NbJ[}SKChv

  ЃCvX, 2000

  ISBN: 4844313606

  ł.

  Intrusion Detection By Terry Escamilla

  Paperback - 416 pages (September 1998)

  John Wiley and Sons;

  ISBN: 0471290009

  Fighting Computer Crime

  Donn Parker

  Paperback - 526 pages (September 1998)

  John Wiley and Sons;

  ISBN: 0471163783

  11.  p

  o  F(authentication): 󂯎f[^ꂽ̂Ɠǂ
     ׂߒ, f[^̑傪{Ɏۂɖ{lł邩ǂmF
     邱.

  o  vǃzXg(bastion host):ʏ̓C^[lbgɐڑ, lb
     g[NŃ[UANZX钆SzXg. ȂVXe
     Uɑ΂ĐƎł邽, xɈSɂȂ΂ȂȂ. ̖
     O͒̏Ԃ̊Oǂ̍xȖhHɗR. vǂ̊ē͎
     vł, ʏ͊ȕǂ, R̋l, U҂ނ
     邽߂̖M鉱.

  o  obt@I[o[t[(buffer overflow): ʏ̃vȌ
     , u\obt@vmۂꂸ, obt@̃I[o[t[
     `FbNsȂƂ. ̂悤ȃobt@I[o[t[
     , vO(f[ setuid ꂽvO)𓮍쒆ɑ
     ̖ړIɈp邱Ƃ\ł. ʓI, ̓X^bN̊֐
     ̖߂𑼂̏ꏊɏ㏑邱Ƃōs.

  o  T[rXWQU(denial of service): T[rXWQU, U҂{
     ̖ړIƂ͈قȂgŃRs[^̎Hׂ, ʏ̃lb
     g[N̗pWQUł.

  o  dual-homed host: ȂƂ 2 ̃lbg[NC^tF[X,
     ėp̃Rs[^VXe.

  o  hΕ(firewall): ی삳ꂽlbg[NƃC^[lbg, 邢
     ͈قȂlbg[Nm̊Ԃ̃ANZX𐧌R|[lg
     ̓R|[lg̏W.

  o  zXg(host): lbg[NɐڑꂽRs[^

  o  IP (IP spoofing): IP ͕̗̂vfȂ, ZpIɕGȍU
     ł. M֌WɊÂvZ@̗p؂Ăɂ, Ȃ͖{
     ɂȂȂ̂? Ƃ^SËSɒǂނƂZLeBUƂ
     .  daemon9, route, infinity ɂďꂽڂy[p[
     Phrack Magazine   7 ,  48 ɂ.

  o  ۔Fh~(non-repudiation): 傪f[^𑗂Ƃォے
     悤ƂĂ, ̑傪ۂɃf[^𑗂Ƃf[^
     ؖłƂ.

  o  pPbg(packet): C^[lbgɂʐM̊{P.

  o  pPbgtB^O(packet filtering:) lbg[No肷
     f[^̗IIɐ䂷邱. pPbgtB^, ʏ͊O
     lbg[NƂ̊Ԃ̃[eBO̎, pPbg̒ʍs邢
     ͋֎~(ʂ̓C^[lbgƓlbg[N̊). pPbg
     tB^Os߂ɂ, ܂͋֎~pPbg̎(
      IP 邢̓|[gŎw)w肷郋[ݒ肷Kv.

  o  Elbg[N(perimeter network): ZLeB̑wǉ邽
     , ی삳ꂽlbg[NƊOlbg[NƂ̊Ԃɍlbg[
     N. Elbg[N͔񕐑n(DMZ, demilitarized zone)ƌĂ΂
     Ƃ.

  o  㗝T[o(proxy server): NCAgɊOT[oփANZX
     邽߂̃vO. NCAg͑㗝T[oɃANZX, 㗝
     T[o, NCAg̋NGXgۂ̃T[oɒp,
     ̉NCAgɒp.

  o  [p[[U(superuser): root ̒ʏ.

  12.  悭鎿

  1. hCoJ[lɒڑgݍނ̂, W[Ƃč쐬̂
     , ǂ炪Sł傤?

     : W[pfoCXhCõ[h@\͖ɂĂ
     ǂƂӌ̐l܂. Ƃ̂, N҂gC̖ؔn
     d񂾃W[VXẽZLeBɉe^郂W[
     [h邩Ȃł.

     , W[ǂݍނ߂ɂ root ɂȂȂĂ͂Ȃ܂.
     W[̃IuWFNgt@C邱Ƃł̂ root
     ł. ܂, N҂W[gݍނ߂ɂ, root 
     Kvł. tɐN҂ root 𓾂Ă܂, W[[
     h邩ǂƂƂ, Ɛ[ȎԂɂȂ܂.

     W[͂܂pɂɎgpȂfoCX𓮓Iɓǂݍނ
     ̎dg݂ł. Ⴆ΃T[o}VhΕǂȂǂł, Ƃ͂
     ܂N܂. ], T[oƂē}Vł, J[l
     ڃhCogݍޕǂł傤. ܂, W[gƒ
     ڃJ[lɑgݍޏꍇ삪xȂ܂.

  2. [g̃}V root ŃOCł܂.

     : ``root ̃ZLeB''̏͂ǂ݂܂傤.  ̓[g
     [U telnet  root ƂăOC悤Ƃ̂h, 
     ƂĂ̂ł.  root Ƃ telnet ŃOĈ̓Z
     LeBIɔɊ댯ȂƂł.  [g̃pX[ĥ܂
     (Íꂸ) lbg[NɑoĂ܂ł傤.  N҂
     Ȃ\l͏ɂȂ̂΂ɂ, pX[h𓐂ނ
     ̃vOIɓĂ邱ƂYĂ͂Ȃ܂.

  3. Red Hat Linux 4.2, 5.x ŃVhEpX[hgɂ͂ǂΗǂ
     ł傤?

     :

     VhEpX[hLɂɂ, root  pwconv s܂.
     /etc/shadow ݂, AvP[VɑΉĂȂ΂
     ܂.  Red Hat 4.2 ȍ~pȂ, ɕύX邱ƂȂ, PAM
     W[Iɕʂ /etc/passwd VhEpX[hւ̈
     sɒǏ]Ă܂.

     wi: VhEpX[h, W /etc/passwd t@CȊO
     t@CɃpX[hi[@\ł. ɂ͂̗_
     ܂. ŏ̗_, VhEt@C /etc/shadow ͒Nłǂ߂Ȃ
     ΂ȂȂ /etc/passwd t@CƈقȂ, root ǂݏoȂ_
     ł. ʂ̗_, Ǘ҂Ƃ, ̃[UAJEg̏ԂNɂ
     m点Ȃ܂, AJEgL܂͖ɂł邱Ƃł.

     VhEpX[hgĂĂ, [UO[v̊i[ɂ
     /etc/passwd t@Cg܂. ̃t@C, /bin/ls ̃v
     OfBNg\̍ۂɃ[U ID K؂ȃ[Uɕϊ
     ߂Ɏg܂.

     /etc/shadow t@Cɂ, [UƃpX[hƃAJEg̗L
     Ȃǂ̃AJEg񂾂܂܂Ă܂.
     VhEpX[hLɂ邽߂ɂ, root ɂȂ pwconv R}
     hs܂.  /etc/shadow t@C, AvP[V
     Ɏg悤ɂȂ܂. Red Hat 4.2 ȍ~ł, ʏ
     /etc/passwd t@CVhEpX[hւ̕ύXւ̓K PAM 
     W[Iɍs܂. ̕ύX͑SKv܂.

     pX[ḧSlĂ, ԂpX[hŏǂ
     낤Ǝvł傤. s߂ PAM ̈ꕔł
     `pam_cracklib' W[pł܂. ̓pX[hɑ΂
     Crack CuKp, pX[hNbLOvOɂ
     ȒPɐȂǂׂ邱Ƃł܂.

  4. Apache  SSL g͂ǂėLɂ̂ł?

     :

     a. o[W 0.8.0 ȍ~ SSLeay 
        <ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL> 肵܂

     b. RpC, eXg, ăCXg[܂

     c. Apache 1.2.5 ̃\[X肵܂

        
        <ftp://ftp.ox.ac.uk/pub/crypto/SSL/apache_1.2.5+ssl_1.13.tar.gz>
         Apache SSLeay g肵܂

     d.  Apache 1.2.5 ̃\[XfBNgœWJ, README ɏ]
        ăpb`𓖂Ă܂

     e. ݒƃRpCs܂

     ZEDZ net eoCipbP[W肷邱Ƃł܂.  
     ̓AJOɂ܂.

  5. ZLeBmۂ܂܂, [UAJEgɂ͂ǂ
     Ηǂł傤?

     : Red Hat fBXgr[V,  Red Hat 5.0 ɂ, [U
     AJEg̏ԂύXc[Ă܂.

     o  VhEpX[hƔVhEpX[h𑊌ݕϊ pwconv 
        unpwconv

     o  passwd t@C group t@C̍\ǂ
        pwck  grpck

     o  [UAJEg̒ǉ, 폜, ύXs useradd, usermod,
        userdel. O[vɂēl̍Ƃs߂ groupadd,
        gropumod, groupdel

     o  O[vɃpX[hݒ肷 gpasswd

     ̃vO͑SāuVhEΉvł. ܂, VhEpX
     [hLł, /etc/shadow ̃pX[hQƂ, L
     Ȃ΂̃t@C͎QƂ܂.

     ڂ, ꂼ̃R}h̃IC}jAQƂĂ
     .

  6. Apache œ HTML pX[hŕی삷ɂ͂ǂ΂悢ł
     ?

     http://www.apacheweek.org ̂ƂȂł傤?

     [UF؂ɂĂ, http://www.apacheweek.com/features/userauth
     ɏ񂪂܂, EFuT[oɊւ邻̑̃qg
     http://www.apache.org/docs/misc/security_tips.html ɂ܂.

  13.  ܂Ƃ

  ZLeBɊւx郁[OXgwǂ邱Ƃ, ŐV
  ̃\tgEFAgƂɂ, ZLeB啝Ɍコ邱Ƃ
  ł܂. Ot@Cɒӂ𕥂, tripwire ̂悤ȃvO
  IɎs΂Ɨǂł傤.

  ƒ̃}VǗ镪ɂ, \ȃx̃ZLeBł͂
  ܂. dɎg}Vł͂Ȃw͂Kvł傤, Linux ͂Ȃ
  SȃvbgtH[ł. Linux ̊J̓ɂ, ZLeB֘A
  ̏Cp OS ƑƂX, ̂ Linux ̓Z
  LeBKvȏꍇɂ͗zIȃvbgtH[ɂȂĂ܂.

  14.  ӎ

  {hLg̏͂낢ȏW߂̂ł. ځEԐړIɍv
  Ăȉ̕XɊӂ܂:

       Rob Riggs  rob@DevilsThumb.com

       S. Coffin  scoffin@netcom.com

       Viktor Przebinda  viktor@CRYSTAL.MATH.ou.edu

       Roelof Osinga  roelof@eboa.com

       Kyle Hasselbacher  kyle@carefree.quux.soltc.net

       David S. Jackson  dsj@dsj.net

       Todd G. Ruskell  ruskell@boulder.nist.gov

       Rogier Wolff  R.E.Wolff@BitWizard.nl

       Antonomasia  ant@notatla.demon.co.uk

       Nic Bellamy  sky@wibble.net

       Eric Hanchrow  offby1@blarg.net

       Robert J. Berger rberger@ibd.com

       Ulrich Alpers  lurchi@cdrom.uni-stuttgart.de

       David Noha  dave@c-c-s.com

       Pavel Epifanov  epv@ibm.net

       Joe Germuska  joe@germuska.com

  Franklin S. Werren  fswerren@bagpipes.net

  Paul Rusty Russell  <Paul.Russell@rustcorp.com.au>

  Christine Gaunt  <cgaunt@umich.edu>

  lin  bhewitt@refmntutl01.afsc.noaa.gov

  A. Steinmetz  astmail@yahoo.com

  X{ ~ <morimoto@xantia.citroen.org>

  Xiaotian Sun  sunx@newton.me.berkeley.edu

  Eric Hanchrow  offby1@blarg.net

  ȉ̕X͂ HOWTO FXȌtɖ|󂵂Ă܂!

  Linux ̌tL߂`ĂSĂ̕Xɐ[ӂ܂.

  |[h: Ziemek Borowski  ziembor@FAQ-bot.ZiemBor.Waw.PL

  {: P fjwr@mtj.biglobe.ne.jp

  ChlVA: Tedi Heriyanto  22941219@students.ukdw.ac.id

  ؍: Bume Chang  Boxcar0001@aol.com

  XyC: Juan Carlos Fernandez  piwiman@visionnetware.com

  I_: R. Ekkebus  reggy@zeelandnet.nl

