ºô¸ô»P¸ê°T¦w¥þ

½Òµ{»¡©ú¡G

²Ä¤@¶g¡GWindows ªº¤@¯ë«OÅ@¡G
  1. ¸ê°T¦w¥þªº¥Øªº¦bºûÅ@¸ê°Tªº¡G«O±K©Ê¡B§¹¾ã©Ê¡B¥i¥Î©Ê¤TºØ¡F

  2. ¯}Ãa¸ê¦wªº¥D­n«Â¯Ù¡G
  3. ¤@¯ë§ðÀ»¡G
  4. ³nÅé®zÂIªº§Q¥Î¡G¤£¤@©w¬O³nÅ骺¿ù»~¡A¥i¯à¬OÂǥѬY¨Ç³nÅ骺¥\¯à©ÎªÌ¬O¦X¨Ö¼ÆºØ¥\¯à¡A¨Ó¹F¨ì§ðÀ»ªº¥Øªº¡C ¨Ò¦p SQL injection ¡A¥¨¶°¯f¬r¡B¹q¤l¶l¥óªºªþÀɧ¨±a¥\¯à¡B¹q¤l¶l¥óªº³q°T¿ýµo«H¥\¯àµ¥¡C

  5. ´c·Nµ{¦¡ªººØÃþ¡G
  6. «ç»ò¨¾¤î´c·Nµ{¦¡¡G
  7. ºô¸ô§ðÀ»ªº¤âªk¡G
    1. °»¹î¡G°e¥X°»´ú«Ê¥]¨Ó¦¬¶°§A¥D¾÷¤W­±ªº¸ê°T (¥]¬A WWW ªº³nÅ骩¥»µ¥)
    2. ´ú¸Õ¡G¨Ì¾Ú³o¨Ç¦^À³ªº¸ê°T¡A¨Ó¤ÀªR¥i¯à¥i¥H§ðÀ»ªº³nÅé
    3. «I¤J¡G¶}©l¹Á¸Õ¦UºØ³nÅé§ðÀ»¡A³Ì²×¯à°÷´x´¤§Aªº¨¾¤õÀð©Î´Ó¤J¤ì°¨
    4. ±±¨î¡G¦w´¡«áªùµ{¦¡¡A«Ø¥ß¤@­Ó±±¨î¤J¤f
    5. §Q¥Î¡G§Q¥Î©p¥D¾÷¤W­±ªº¦UºØ¸ê·½ (¤×¨ä¬Oºô¸ôÀW¼e)
    6. Âà¾Ô¡G·í§@¸õªO§ðÀ»§O¤H (»ø«Í¹q¸£)

  8. ³Ì±`¨Ï¥Îªº³nÅé¡GÂsÄý¾¹ªº¬ÛÃö¥\¯à¤ÀªR¡G
  9. ±j¤Æ­Ó¤H¹q¸£ Windows ¨t²Î¡G
    1. ±j¤Æ Windows §@·~¨t²Î¥»¨­¡G
      • ³z¹L Windows Live Update ¥h§ó·s¡I
      • ³z¹L¤u§@ºÞ²z­û¥hºÊ¬Ý CPU, RAM, ºÏºÐ¾÷ªº¹B§@
      • ³z¹L¨Æ¥óÀ˵ø¾¹¥hÆ[¹î¨t²Î¹B§@ªº¸ê®Æ

    2. ±j¤Æºô¸ô¦w¥þ¡G
      • ºô¸ô¨ó©w»P NetBEUI¡GNetBIOS ©Î³\¥i¥HÃö³¬¡I½Ð¦Û¦æÀˬd¦³µL±Ò°Ê port 139 ¡H
      • ³z¹L netstat »PºÞ²z¤¶­±¥h±±¨î¬ÛÃöªºªA°È¥\¯à¡C

    3. ±j¤ÆÀ³¥Îµ{¦¡¡G
    4. ³Æ¥÷ Windows ªº­«­n¸ê®Æ¡G§Q¥Î Cwrsync ªº¶W±j³Æ¥÷¥\¯à («ö³o¸Ì¤U¸ü)

    5. ÂsÄý¾¹¥\¯àªº­«·s­q©w¡G
      • ¦b IE ¤W­±¨î­q¡G(1)ºô»Úºô¸ô¦w¥þ©Ê­«·s½Õ¾ã¬°¤¤/°ª¦w¥þ©Ê¡F (2)±N±X¤s»P¬ÛÃöªººô¯¸¥[¤J«H¥ôºô¯¸¡F (3)±N cookies ³B²z¬°¡yÂмg¦Û°Ê cookie ³B²z¡A¨Ã©ó¡y²Ä¤@¤è cookies, ²Ä¤T¤è cookies ¡z¿ï¾Ü¡y´£¥Ü¡z¥\¯à¡F (4)¦b¤u¨ã/ºô»Úºô¸ô¿ï¶µ/¶i¶¥¤¤¡A½Õ¾ã¦h´CÅ骺¨¾Å@¾÷¨î¡A¨ú®ø¼½©ñÁn­µ»P¼v¹³¥\¯à¡C
      • ¦b Firefox ¤W­±¨î­q¡G(1)¤Ä¿ï¡y¦bºô¯¸¸Õ¹Ï¦w¸Ëªþ¥[¤¸¥ó®É³qª¾§Ú¡z (2)«Øij¨ú®ø Java µ{¦¡¿ï¶µ¡F (3)¦b¡y²M²zÁô¨p¸ê®Æ¡z¤¤¡A¶}±Ò¿ï¶µ¡A¥i²¾°£±Ó·Pªº¸ê°T¡C


²Ä¤G¡B¤T¶g¡G¥D¾÷ªº¦w¥þ¨¾Å@¤Jªù (½Ò¥»²Ä¤@¡B¤G³¹¤º®e)
  1. ¶i¦æ¦w¥þ©Ê¬ÛÃö¤è®×ªº«Ø¥ß¡A§Ú­Ì»Ý­n¦Ò¶qªº¶µ¥Ø¥D­n¦³¡G
  2. ¸ê²£¤¤¯S©w¶µ¥Øªº«OÅ@¥D­n¤À¬°¡G(1)«O±K©Ê¸ê®Æ¨Ò¦p¤@¨Ç°Ó·~§Þ³N»P (2)¥i¥Î©Ê¸ê®Æ¨Ò¦p¹q¤l¶l¥óªA°È

  3. ¸ê²£ªº­·ÀI¥D­n¦³¡G(1)¦ÛµM¨a®`ªºµo¥Í (2)¸ê²£ÀݥΪº­·ÀI (3)¥Î¤á¥»¨­ªº¿ù»~ (4)µê°²ªº°T®§¸ê°T (5)¤õ¨a»P¤ô¨aªºµo¥Í¡C

  4. ³q°T¤ÀªRªk¡G
  5. ±`¨£ªº§ðÀ»¤âªk¡G
  6. ±`¨£ªººô¸ô¦w¥þ«Â¯Ù¡G
  7. ¤TºØ´U¤l¡G
  8. «Ø¸m¦øªA¾¹®É©Ò»Ý­n¦Ò¶qªº¬ÛÃö¦]¯À¡G
  9. ¥D¾÷ªº¦w¥þ¨¾Å@¨BÆJ¡G
  10. ¥»¶g²ßÃD»P¹ê§@¡G
    1. »¡©ú RAID 0, RAID 1, RAID 5 ªº®e¶q¡B®Ä¯à¡B®e¿ùµ¥¾÷¨î

    2. ¦b§Aªº Linux ¤W­±·s«Ø¤@­Ó Software RAID ¡Aµ¥¯Å¬° 5 ¡A¨Ï¥Î 3 ­Ó partition ºc¦¨¡A¥B«O¯d¤@­Ó spare-disk
      • ¨Ï¥Î fdisk -l Æ[¹î§Aªº¨t²ÎºÏºÐ¤À³Îªí¡F
      • ¨Ï¥Î fdisk /dev/sda ¶}©l¶i¦æ¤À³Î¡A¨C­Ó¤À³Î¨Ï¥Î 1000MB ¡F
      • ¨Ï¥Î partprobe ©Î reboot ¾ã²z¦n§Aªº¤À³Îªí
      • ¨Ï¥Î mdadm --create /dev/md0 --level=5 --raid-devices=3 --spare-devices=1 /dev/sda... «Ø¸m /dev/md0
      • ¨Ï¥Î mdadm --detail /dev/md0 Æ[¹îºÏºÐ°}¦C
      • ¨Ï¥Î /etc/mdadm.conf «Ø¸m§Aªº³]©wÀÉ
      • ¨Ï¥Î mkfs -t ext3 /dev/md0 ®æ¦¡¤Æ§AªººÏºÐ°}¦C
      • ½s¿è vim /etc/fstab ±N /dev/md0 ±¾¸ü¦b§Aªº /raid ¥Ø¿ý¤¤ (¦¹¥Ø¿ý½Ð¦Û¦æ«Ø¥ß)
      • ¨Ï¥Î mount -a ¨Ã·f°t df ´ú¸Õ±¾¸ü»PÆ[¹î

    3. ¼ÒÀÀ§Aªº¬Y­Ó partition µo¥Í¿ù»~¡A¨ÃÆ[¹î¿ù»~±¡ªp¡A¥B¼ö©Þ´¡¦³°ÝÃDªººÏºÐ
      • ¨Ï¥Î mdadm --detail /dev/md0 Æ[¹îºÏºÐ°}¦C¡A¨Ã¼ÒÀÀ¬Y­ÓºÏºÐµo¥Í¿ù»~¡A°²³]¬° /dev/sdaX
      • ¨Ï¥Î mdadm --fail /dev/md0 /dev/sdaX ¡A¦A¨Ï¥Î mdadm --detail /dev/md0 Æ[¹î¿ù»~µo¥Í
      • ¨Ï¥Î mdadm --remove /dev/md0 /dev/sdaX ¨ú¥X¿ù»~ªººÏºÐ¡A¦AÆ[¹î /dev/md0
      • ¨Ï¥Î mdadm --add /dev/md0 /dev/sdaX ¦A´¡¤J·sªººÏºÐ¡A¨ÃÆ[¹î /dev/md0

    4. ¦b§A­Ì®aªº¹q¸£¥D¾÷¤W­±¡A§ä¨ì BIOS ±K½X³]©w¶µ¥Ø¨Ã¹Á¸Õ³]©w±K½X¦b¤WÀY

    5. Àɮרt²Îªº¦w¥þ©Ê¡G¦p¦ó«Ø¸m±MÃD¤p²Õªº¦@¨É¥Ø¿ý
      • §Q¥Î useradd / groupadd µ¥«ü¥O¡A«Ø¥ß dicgroup ¸s²Õ¡A¥H¤Î¦b¦¹¸s²Õ¤ºªº dicuser1, dicuser2, dicuser3
      • «Ø¥ß¦@¨Éªº /srv/dicgroup ¸s²Õ¡Aª`·NÅv­­¥\¯à
      • ±N /etc/shadow ½Æ»s¨ì /srv/dicgroup ¡A¥B»Ý­nÅý dicgroup ªº¤H­Ì¥i¥H¶i¦æŪ¼g°Ê§@

    6. Àɮרt²Îªº¯S®íÅv­­³]©w¡G ACL (Access Crontrol List) ¥\¯à
      • ¥Î¹w³]­È«Ø¥ß dicteacher ±b¸¹
      • ¤W­z±b¸¹¦b /srv/dicgroup ¤º¶È¯àŪ¨ú¡A¤£¥i¼g¤J»P­×§ï

    7. Æ[¹î§A¥Ø«e¨t²Î¤W­±ªºªA°È¸ê®Æ¡G
      • ¦³¨S¦³¦w¸Ë httpd ³o¤äµ{¦¡¡H
      • ³o¤äµ{¦¡¹w³]¦³¨S¦³¶}¾÷±Ò°Ê¡H
      • ¦p¦ó¥ß§Y±Ò°Ê¡H
      • ¦p¦óÆ[¹î³q°T°ð¤f¡H
      • ¦p¦óÆ[¹îµ{§Ç (PID) ¡H

    8. §R°£±¼¤£»Ý­nªºªA°È§a¡I¨Ì¾Ú¦Ñ®v¦b¥Õª©¤W­±ªº³]©w­È¡A±N§AªºªA°È¶i¦æ³B²z¡C


²Ä¥|¶g¡G¥[±Kºtºâ»P¾ÌÃҨϥΠ(½Ò¥»²Ä¤T³¹¤º®e)
  1. ¥[±K»P¸Ñ±K¡G
  2. ¹ïºÙ¦¡ª÷Æ_ºtºâªk¡G
  3. «D¹ïºÙ¦¡ª÷Æ_¨t²Î¡G
  4. Âø´êºtºâªk (hash algorithm)
  5. ¨Ï¥ÎªÌªº±K½X«OÅ@¡G
  6. ¾ÌÃÒªº¨Ï¥Î¡G
  7. ¦w¥þ³s½u¾÷¨î¡G
  8. ¥»¶g²ßÃD»P¹ê§@¡G
    1. ³z¹L mkpasswd ¥H¤Î md5sum ÀË´ú§Aªº¨t²Î«ü¯¾¸ê®Æ¡F

    2. ³z¹L ssh ªº¦¨¹ïª÷Æ_¾÷¨î¡A«Ø¥ß§K±K½Xªº¥iµn¤J¥\¯à¡G
      1. ¦b¥Î¤áºÝ«Ø¥ß¦¨¹ïªºª÷Æ_¡G ssh-keygen¡F
      2. ¦b¨Ï¥ÎªÌªº ~/.ssh/ ¤º¡A±N .pub ªº¤½Æ_¤W¶Ç¨ì¦øªA¾¹¤W¡A¨Ã¥B§ó¦W¡F
      3. ³s½u¦Ü¦øªA¾¹¤W¡A±N¸ÓÀÉ®×Âà¦s¦¨¬° ~/.ssh/authorized_keys ¡F
      4. .ssh/ ¥²¶·¬O 700¡A¦Ó authorized_keys ¥²¶·­n¬O 644 ¡C

    3. §Q¥Î rsync °t¦X ssh ³s½u³q¹D¡A±N§A¥D¾÷¤W­±ªº¸ê®Æ¬M®g¨ì 192.168.42.41 ¨º³¡¥D¾÷¥h¡C¨Ã½Ð¯d·N¡G
      • §A±o­n¨Ï¥Î siteXX (XX ¥Nªí§Aªº¥D¾÷¸¹½X) §@¬°±b¸¹¡Aµn¤J¨ì¸Ó¾÷¾¹¤¤¡F
      • ¨Ï¥Î siteXX ±b¸¹®É¡A¤£»Ý­n¥Î¨ì±K½X (siteXX ªº±K½X»P±b¸¹¬Û¦P)¡F
      • ±N§Aªº /etc ½Æ»s¨ì»·ºÝ¥D¾÷ªº ~siteXX/backup/etc ¥h¡F
      • ¨C¶g¤é­â±á 1:15 ¶i¦æ¦¹¶µ§@·~¡C


²Ä¤­¶g¡G¨¾¤õÀð«Ø¸m»P¦w¸Ë (½Ò¥»²Ä¥|¡B¤­¡B¤»¡B¤C¡B¤K³¹¤º®e)
  1. Æ[¹î°ð¤fªº«ü¥O¡G netstat ¡A±`¥Î¿ï¶µ¦³¡G
  2. °ð¤f±½ºË«ü¥O¡G nmap ¡A²©ö¨Ï¥Î¤è¦¡¡G¡ynmap localhsot¡z«á­±¥[¤W IP ©Î¥D¾÷¦WºÙ´N¬O¤F¡I
  3. °ò¥»ªº¨¾¤õÀðÃþ«¬¡G
  4. TCP Wrappers ªº¨¾¤õÀð¾÷¨î¡G
  5. «Ê¥]¹LÂo¦¡ªº¨¾¤õÀð³q±`¥i¥HºÞ²zªº¸ê®Æ¦³¡G
  6. iptables ªº³W«hÆ[¹î¡Giptables-save

  7. iptables ¤¤¡A°w¹ï¥»¾÷©Ò»Ý­n³q¹Lªº±`¨£Ãì (ÄÝ©ó filter ªí®æ)
  8. iptables ªº°ò¥»»yªk - ²M°£³W«h¡G
  9. iptables ªº°ò¥»»yªk - ­q©w¬Fµ¦¡G
  10. iptables ªº°ò¥»»yªk - ³Ì°ò¦»yªk²¤¶¡G
  11. iptables ªº°ò¥»»yªk - ­«­nªº¼Ò²Õ¡G
  12. §Q¥Îµ{¦¡±±¨î§@¬°¨¾¤õÀð¡A¥H¥N²z¦øªA¾¹ proxy ¬°¨Ò¡G
  13. Ãö©ó NAT (Network Address Translation, NAT) ¡G
  14. ¥»¶g²ßÃD»P¹ê§@¡G
    1. Æ[¹î¸ô¥Ñªí¡A§ä¨ì¸ô¥Ñ¾¹¡A¨ÃÀË´ú¤@¤U¡A¸Ó¸ô¥Ñ¾¹¦³±Ò°Ê¤°»ò TCP »P UDP ªº°ð¤f¡H

    2. dovecot ¬°¦¬«H¥\¯àªº³nÅé¡A°²³]§Ú­Ì¤µ¤Ñ·Q­n±Ò°Ê pop3 ³oºØ¦¬«H¾÷¨î¡G
      1. Àˬd¦³µL¦w¸Ë dovecot ¡A­YµL¦w¸Ë½Ð¦w¸Ë¥L¡F
      2. ½s¿è /etc/dovecot.conf ¡A§ä´M protocol ¡A½Ð±Ò°Ê pop3 ¾÷¨î§Y¥i¡F
      3. ±Ò°Ê dovecot ¡A¨Ã¥B·|¶}¾÷·|¦Û°Ê±Ò°Ê
      4. Æ[¹î pop3 ªº°ð¤f¦³¨S¦³±Ò°Ê¡F
      5. Àˬd dovecot ¦³¨S¦³¤ä´© TCP Wrappers ¡H
      6. ²{¦b­nÅý 172.25.0.0/16 ¨S¦³¿ìªk¨Ï¥Î POP3 ¡A¸Ó¦p¦ó³B²z¡H

    3. ¨Ì¾Ú©³¤U¦æ¬°¡A»s§@§Aªº¨¾¤õÀð¸}¥»¡A¨Ã±N¨¾¤õÀð¸}¥»Âмg¦Ü¥¿½Tªº³W«h¨î­qÀɤ¤
      1. ²M°£©Ò¦³³W«h
      2. INPUT ¬° DROP ¨ä¾l¬° ACCEPT
      3. lo ¬°«H¥ô¸Ë¸m
      4. ¨Ó¦Û eth0 ¥B¬° 192.168.42.0/24 ªº«Ê¥]¡A§¡¬O«H¥ôºô°ì
      5. ¥u­n¬O¦Û¤vµo¥Xªº¦^À³«Ê¥]¡A³q³q¤©¥H±µ¨ü
      6. ¨Ó¦Û 172.16.0.0/16 ªº¨Ó·½¡A§¡¥i¨Ï¥Î§Aªº POP3 ªA°È¡F
      7. ¨Ó¦Û 172.17.0.0/16 ªº¨Ó·½¡A§¡¥i¨Ï¥Î§Aªº SSH ¥\¯à¡F
      8. §Aªº http ¦³¹ï¥þ¥@¬É¶}©ñ¡F
      9. §Aªº FTP ¥u¹ï 172.18.0.0/16 ªº¨Ó·½¶}©ñªA°È
      10. °õ¦æ¸}¥»¡AÆ[¹î¤§¡A­Y¨S¦³°ÝÃD¡A½ÐÂмg¨ì¥¿½Tªº³W«hÀɤ¤

    4. ³]©w¥N²z¦øªA¾¹ squid
      1. ¦w¸Ë¦n squid ¨Ã¥B±Ò°Ê squid ¡A¥B³]©w¬°¨C¦¸¶}¾÷§¡±Ò°Ê
      2. ³]©w squid ªº±Ò°Ê°ð¤f¬° 8080
      3. ³]©w cache_dir ¹w³]­È­×§ï¤@¤U¡A°²³]¨Ï¥Î¤F 500MB ªº®e¶q¡F
      4. Åý 192.168.42.0/24 ¥H¤Î 192.168.1.0/24 §¡¥i¨Ï¥Î§Aªº proxy
      5. Åý§Aªº¥Î¤á¤£¥i¥H¨Ï¥Î www.bing.com ³o­Óºô°ì
      6. Åý§Aªº¥Î¤á¤£¥i¥H¨Ï¥Î .sexy.com ³o­Óºô°ì
      7. ³]©w¥Î¤áºÝÂsÄý¾¹¡A«ü©w³o­Ó proxy ¡A¨Ã¥B¶i¦æ´ú¸Õ
      8. Àˬdµn¿ýÀÉ¡A¬Ý¬Ý¬O§_¦³¥¿½Tªºµ¹¤©°O¿ý¸ê®Æ¡H

    5. ¹ê§@ squid ªº¨­¥÷»{ÃÒ¡I¤£»Ý­n¥[¤J IP ºô¬qªº«H¥ô­È¡Aª½±µµ¹¤©±b¸¹/±K½X§Y¥i¨Ï¥Î§Aªº Proxy ¡C
      1. ¦b squid.conf ¤º¥[¤J¦p¤Uªº°Ñ¼Æ¡G
        • ±K½X©Ò¦bÀɮסGauth_param digest program /usr/lib/squid/digest_pw_auth /etc/squid/proxy_passwd
        • ±Ò°Êµ{§Ç¼Æ¶q¡Gauth_param digest children 5
        • Åã¥Ü¦bµøµ¡¦r¡Gauth_param digest realm This is squid web proxy
        • ²MªÅ¼È¦s®É¶¡¡Gauth_param digest nonce_garbage_interval 5 minutes
        • ÅçÃÒ¦^À³®É¶¡¡Gauth_param digest nonce_max_duration 30 minutes
        • ³Ì¦h¹Á¸Õ¦¸¼Æ¡Gauth_param digest nonce_max_count 50
        • ¤¹³\ÅçÃÒacl ¡Gacl allowed_users proxy_auth REQUIRED
        • ¤¹³\ÅçÃÒ³q¹L¡Ghttp_access allow allowed_users
      2. ±N /etc/squid/proxy_passwd ¤º¥[¤J±b¸¹±K½Xªº¬ÛÃö¸ê°T¡A¨Ò¦p¡G
        • dic:itisdic
        • qdd:iamqdd
      3. ³Ì«á±o­n­«·s±Ò°Ê /etc/init.d/squid restart
      4. ³Ì²×¦A´ú¸Õ¬Ý¬Ý¡A±Ò°Ê§AªºÂsÄý¾¹³]©w¸Õ¬Ý¬Ý¡C(§A¥i¯àÁÙ±o­n±N¦Û¤vªº Intranet IP ¨ú®ø¦b squid.conf ¤º¤~¦æ¡I)


²Ä¤»¶g¡G¤J«I°»´ú¨t²Î (½Ò¥»²Ä¤E³¹)
  1. ¤J«I°»´ú (Intrusion Detection) ¡A³z¹L¤@¨Ç¥D¾÷°O¿ýªºÃÒ¾Ú¨Ó¬dÅç¬O§_³Q§ðÀ»ªº±¡¹Ò

  2. ºô¸ôºÊ±±¨t²Î¡G tcpdump ¯Â¤å¦r¤¶­±

  3. ºô¸ôºÊ±±¨t²Î¡G³z¹L ntop ³nÅé¥\¯à

  4. ³Ì²³æ¤è«Kªº¤J«I°»´úÀË´ú¨t²Î¡G rootkit hunter
  5. »s§@¨t²Îªº«ü¯¾½X¡G Tripwire ³nÅé

²Ä¤C¶g¡G­«­nªA°Èªº¸ê®Æ¥[±K¥\¯à
  1. ftp ªº chroot ¥\¯à¡G
  2. ftp Âର ftps ªº¥\¯à¡G(http://www.brennan.id.au/14-FTP_Server.html)
    1. «Ø¥ß SSL ªº¾ÌÃÒÀÉ¡G
      #cd /etc/pki/tls/certs
      # make vsftpd.pem
    2. ­×§ï vsftpd.conf ªº¤º®e¡G
      ssl_enable=YES
      allow_anon_ssl=NO
      force_local_data_ssl=NO
      force_local_logins_ssl=YES

      ssl_tlsv1=YES
      ssl_sslv2=NO
      ssl_sslv3=NO

      rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem
  3. apache ªº SSL ¥\¯à
  4. apache ªº­«­n¸ê®Æ»{ÃÒ¥\¯à (.htaccess)
  5. ftp / apache ªº¨Ï¥ÎªÌ±b¸¹ºÏºÐ°tÃB (quota) ¥\¯à

²Ä¤K¶g¡G´Á¥½¦ÒÃDÁ`¾ã²z
  1. §A¨t²Îªº SELinux ½Ð±N¥L½Õ¾ã¦¨ Permissive ªº¼Ò¦¡¡F

  2. §Ú·Q­nÅý§Aªº¨t²Î§ó¥[¦w¥þ¡A©Ò¥H³nÅ骺§ó·s¬O«Ü­«­nªº¡C½Ð¨Ì§Ç¶i¦æ¡G
    1. ¥ý­×§ï yum ³]©wÀÉ¡AÅý§A«e©¹ http://ftp.ksu.edu.tw/ ¨ú±o os ¤Î updates ³o¨â­Ó repository
    2. ½Ð¶i¦æ¥þ¨t²Îªº§ó·s¡A¥B¦b§ó·s§¹²¦«á¡A¨Ï¥Î·sªº®Ö¤ß¶}¾÷¡F
    3. ³]©w¨C¤Ñªº­â±á 3:10 ¶i¦æ¤@¦¸¥þ¨t²Î§ó·s¡C

  3. §Ú·QÅý¨t²Î¨ã¦³°ò¥»ªº¨¾¤õÀð¡A¦]¦¹½Ð¨Ì¾Ú¦p¤Uªº³W«h¶¶§Ç¡A³]©w¦n§Aªº¨¾¤õÀð³W«h¡G

    ¬Fµ¦µ¹¤©¤è­±¡G
    1. ²M°£©Ò¦³³W«h (¥]¬A filter »P nat ªí®æ)
    2. INPUT ¬° DROP ¨ä¾l¬° ACCEPT

    ³W«h¶¶§Ç¤è­±¡G
    1. lo ¬°«H¥ô¸Ë¸m
    2. ¨Ó¦Û eth0 ¥B¬° 192.168.42.0/24 ªº«Ê¥]¡A§¡¬O«H¥ôºô°ì
    3. ¥u­n¬O¦Û¤vµo¥Xªº¦^À³«Ê¥]¡A³q³q¤©¥H±µ¨ü
    4. ©ñ¦æ©Ò¦³ªº icmp «Ê¥]
    5. ¨Ó¦Û 172.16.0.0/16 ªº¨Ó·½¡A§¡¥i¨Ï¥Î§Aªº POP3 ªA°È¡F
    6. ¨Ó¦Û 172.17.0.0/16 ªº¨Ó·½¡A§¡¥i¨Ï¥Î§Aªº SSH ¥\¯à¡F
    7. §Aªº http ¦³¹ï¥þ¥@¬É¶}©ñ¡F
    8. §Aªº FTP ¹ï¥þ¥@¬É¶}©ñ

    °õ¦æ¸}¥»¡AÆ[¹î¤§¡A­Y¨S¦³°ÝÃD¡A½ÐÂмg¨ì¥¿½Tªº³W«hÀɤ¤

  4. «Ø¥ß¤@­Ó Software RAID ¡A©Ò»Ý­nªº°Ñ¼Æ¦p¤U¡G
    1. ½T»{ /dev/sda8 ¥H«eªº partition ¥²¶·­n«O¯d¡A©³¤U·s¼W /dev/sda9 ¥H«á¤À³Î¼Ñ
    2. ¦@¦³ 5 ­Ó¬Û¦P®e¶qªº¸Ë¸m¡A¨C­Ó¸Ë¸m 1.2GB (partition ªº¤j¤p)¡F
    3. ¥|­Ó¤@²Õ«Ø¸m¦¨¬°¤@­Ó level 5 ªº³nÅéºÏºÐ°}¦C¡A¥BÃB¥~§t¦³¤@­Ó spare disk ¡A©Ò¥HÁ`¦@ªá¶O 5 ­Ó¸Ë¸m¤§·N¡F
    4. ³o­ÓºÏºÐ°}¦C³Q®æ¦¡¤Æ¦¨¬° ext3 ªºÀɮרt²Î¡F
    5. ³o­Ó·sªººÏºÐ°}¦C³Q±¾¸ü¨ì /home ³o­Ó¥Ø¿ý¤U¡A¥B¥[¤J acl ±±¨î°Ñ¼Æ¡F
    6. ³o­Ó·sªºÀɮרt²Î¦b¨C¦¸¶}¾÷«á³£·|¦Û°Ê±¾¸ü (/etc/fstab)

  5. ±b¸¹«Ø¸m¡A§Ú»Ý­nªº±b¸¹¦p¤U¡A½Ð¨Ì§ÇÀ°§Ú«Ø¥ß¥L¡G
    1. «Ø¥ß¤@­Ó¸s²Õ¡A¦WºÙ¬° examgroup
    2. «Ø¥ß¤T­Ó±b¸¹¡A³o¤T­Ó±b¸¹ªº¦³¥[¤J examgroup ¸s²Õ¡A¤T­Ó±b¸¹¦WºÙ¬°¡G examuser1, examuser2, examuser3
    3. ³o¤T­Ó±b¸¹ªº±K½X§¡¬° password
    4. ³o¤T­Ó±b¸¹ªº¦@¨É¥Ø¿ý³]©w¦b /home/examdir/ ¤¤¡A½Ð¦Û¦æ³B²z¥¿½TªºÅv­­³á¡I

  6. ±b¸¹«Ø¸m¡A§Ú»Ý­nªº¯S®í±b¸¹»P¥\¯à¦p¤U¡G
    1. «Ø¥ß¤@­Ó¿W¥ßªº±b¸¹¡A¦WºÙ¬° examcheck¡A±K½X¬° password ¡A¤£ÄÝ©ó examgroup ¸s²Õ¡F
    2. ³o­Ó±b¸¹­n¯à°÷¶i¤J»P¹î¬Ý /home/examdir/ (»Ý¦³ r,x Åv­­)¡C

  7. ±b¸¹±±ºÞ¡A§Ú»Ý­n±N©Ò¦³±b¸¹ªººÏºÐ°tÃB³]­p¦¨¬°¦p¤U¼Ò¼Ë¡G
    1. ¥D­n±±¨î /home ³o­Ó filesystem ªººÏºÐ°tÃB (½Ð³B²z /etc/fstab µ¥°Ê§@)
    2. examuser1, examuser2, examuser3 ªººÏºÐ°tÃB¡AºÞ¨îªº¬O®e¶q¡A¥B soft ¬° 100MB ¡Ahard ¬° 200MB
    3. examcheck ªººÏºÐ°tÃB«h¬° soft 50MB, hard 100MB

  8. ²§¦a³Æ´©¡A§A»Ý­nªº¬O rsync ³o­Ó«ü¥O¡A¥B§A¦³¤@­Ó±b¸¹¦WºÙ¬° guestXX ¦b 192.168.42.42 ¨º³¡¥D¾÷¤W¡AµM«á¡G
    1. §A»Ý­n¥i¥H¦Û°Êªº¨Ï¥Î ssh ¥H guestXX ±b¸¹µn¤J¸Ó¨t²Î¡A¤£»Ý­n±K½X
    2. §A»Ý­n±N§Aªº /home, /etc ³Æ¥÷¨ì 192.168.42.41:/home/guestXX/backup/ ·í¤¤ (³z¹L rsync)
    3. §A»Ý­n¨C¤Ñ­â±á 5:10am ¶i¦æ¤W­z°Ê§@¡C

  9. §A»Ý­n±Ò°Ê¥N²z¦øªA¾¹¡A±Ò°Êªº­«ÂI¦p¤U¡G
    1. §A»Ý­n±Ò°Ê proxy °ð¤f¬° 3128
    2. ³o³¡ proxy ¥i¥H´£¨Ñ 192.168.42.0/24 ¨Ó¨Ï¥Î¥N²z¦øªA¾¹ªº¥\¯à¡C

  10. ¨t²Î°»´ú¥\¯à¡G§A»Ý­n¨C¤Ñ 3:30am ¶i¦æ rootkit hunter ªº¦Û°Ê°»´ú¥\¯à³á¡I(¤£¥Î¶i¦æ)

  11. examuser1 µ¥¤H§¡¥i¨Ï¥Î ftp ¡A¦ý¨C­Ó¥Î¤á³£¹w³]³QÂê¦í¦b®a¥Ø¿ý¤º (chroot)

  12. ·í¦³¤H¨Ï¥Î http://§AªºIP/secure/ ®É¡A¿Ã¹õ·|¥X²{»Ý­n¿é¤J±b¸¹±K½Xªº¸ê°T¡A¥B¥u­n¿é¤J±b¸¹¬° exam ¡A±K½X¬° password ¡A ¥L´N·|¬Ý¨ì¿Ã¹õ¥X²{¡G¡y You can access this directory ¡zªº¦r¼Ë¤F¡I