zoukankan      html  css  js  c++  java
  • RH253读书笔记(2)-Lab 2 System Resource Access Controls

    Lab 2 System Resource Access Controls

    Goal: To become familiar with system resource access controls.

    Sequence 1: Controlling access to certain hosts

    Scenario: For security reasons, you have chosen to restrict your system so that it allows interactive logins only from machines on your local subnet. Some of the systems are only configured with telnet clients and the decision has been made that they will be allowed to use telnet for now, Access to certain xinetd managed services must also have access controls configured.

    Deliverable: Use TCP wrappers and xinetd to control access to certain services.

    Instructions:

    1. Configure your system to fulfill the following criteria (you will need to work with a couple of other partners for testing). Note: you will need to install the telnet-server and openssh-server packages if you have not already done so, and start each of those services.

    a. localhost.localdomain (127.0.0.1) should be allowed access to all TCPwrapped services.

    • Add the following line to /etc/hosts.allow:

    ALL: 127.0.0.1

    • Add the following line to /etc/hosts.deny:

    ALL: ALL

    b. ssh should be available to every host in the local subnet, but no other networks.

    • Add the following line to /etc/hosts.allow (it doesn't matter where):

    in.telnetd, sshd: 192.168.0.

    c. telnet should be available to exactly three of your neighbors, but no one else.

    • Install and enable the telner server:

    # yum -y install telnet-server
    # chkconfig telnet on

    • Add the following line to /etc/xinetd.d/telnet. Use the station numbers of three of your classmates for A, B and C:

    only_from = 192.168.0.A 192.168.0.B 192.168.0.C

    d. No xinetd managed services are accessible from the IP address range for the domain cracker.org. (How might you find the appropriate IP address range?)

    • Try doing a reverse lookup on a couple of cracker.org hostnames:

    # host server1.cracker.org
    server1.cracker.org has address 192.168.1.254
    # host station5.cracker.org
    station5.cracker.org has address 192.168.1.5

    It looks like cracker.org uses the 192.168.1.0/24 network. If you wanted to be even more sure, you could run host -l cracker.org to list every IP in the domain, but keep in mind that this will not work with most real-world domains because most DNS servers will not allow it.

    • Add the following line to /etc/xinetd.conf:

    no_access = 192.168.1.0/24

  • 相关阅读:
    MySQL协议分析(2)
    MySQL协议分析(1)
    《汇编语言》知识重点总结
    opencv学习(1.2)
    CentOS 6下OpenCV的安装与配置
    python2与python3之间的主要区别
    python-PEP8编码规范
    解决windows 10无法打开.hlp帮助文件的问题
    将windows server 2016改造为像windows 10一样适合个人使用的系统
    系统分析师成长之路
  • 原文地址:https://www.cnblogs.com/thlzhf/p/3477234.html
Copyright © 2011-2022 走看看