美麗與智慧並重英 | 請問一下TCP_Wrappers這個東東,allow和deny哪估比較大呢? 我看了鳥哥的文章 [root @test /root]# vi /etc/hosts.allow # 先寫關於 telnet, ftp 及 sshd 開放的資料 in.telnetd: 192.168.1.2, 192.168.1.10, 192.168.1.20 : allow in.ftpd: 192.168.1.2, 192.168.1.10, 102.168.1.20 : allow sshd: 192.168.1.0/255.255.255.0, xxx.yyy.zzz.qqq : allow [root @test /root]# vi /etc/hosts.deny # 將上面的三個服務都關掉啦! in.telnetd: ALL : deny in.ftpd: ALL : deny sshd: ALL : deny 我的設定如下 [root @test /root]# vi /etc/hosts.allow sshd: 192.168.1.100/255.255.255.0 : allow [root @test /root]# vi /etc/hosts.deny sshd: ALL : deny 這樣設是不是 『拒絕所有,開放特定(192.168.1.100)』 呢? 但是我的192.168.1.100的電腦進不去也? 但是我把host.deny改成如下就可以進去了 [root @test /root]# vi /etc/hosts.deny #sshd: ALL : deny 是不是我的hosts.allow那裡有設錯,還是他的 原理是權限 hosts.allow < hosts.deny呢? |
回覆 |
進階會員 | 用tcpdmatch 檢查一下rule man tcpdmatch DESCRIPTION tcpdmatch predicts how the tcp wrapper would handle a spe? cific request for service. Examples are given below. The program examines the tcpd access control tables (default /etc/hosts.allow and /etc/hosts.deny) and prints its conclusion. For maximal accuracy, it extracts addi tional information from your inetd or tlid network config uration file. When tcpdmatch finds a match in the access control tables, it identifies the matched rule. In addition, it displays the optional shell commands or options in a pretty-printed format; this makes it easier for you to spot any discrep ancies between what you want and what the program under stands. 使用範例 EXAMPLES To predict how tcpd would handle a telnet request from the local system: tcpdmatch in.telnetd localhost The same request, pretending that hostname lookup failed: tcpdmatch in.telnetd 127.0.0.1 To predict what tcpd would do when the client name does not match the client address: tcpdmatch in.telnetd paranoid example:我自己機器上的 home.repsol.com:repsol/#tcpdmatch sshd 168.95.192.1 warning: sshd: no such process name in /etc/inetd.conf client: address 168.95.192.1 server: process sshd matched: /etc/hosts.deny line 4 access: denied home.repsol.com:repsol/#tcpdmatch sshd 192.168.222.222 warning: sshd: no such process name in /etc/inetd.conf client: address 192.168.222.222 server: process sshd matched: /etc/hosts.allow line 10 access: granted hosts.allow 和 hosts.deny 這兩個檢查的順序 The access control software consults two files. The search stops at the first match: First match 之後停止 check 掌握這個原則即可... |
回覆 |
美麗與智慧並重英 | 感謝高手的指導! 我試試看 |
回覆 |
|
XML | RSS 2.0 | RSS |
本論壇所有文章僅代表留言者個人意見,並不代表本站之立場,討論區以「即時留言」方式運作,故無法完全監察所有即時留言,若您發現文章可能有異議,請 email :[email protected] 處理。