• 66777论码堂 | 66777论码堂【唯一官网】》》》》》》

  • 发布时间:2016-01-20 19:47 | 作者:yc | 来源:互联网 | 浏览:1200 次
  • 66777论码堂 | 66777论码堂【唯一官网】》》》》》》

    per_source某个ip最多能建议几个毗连到主机上来,及并发毗连数

    only_from后的地址类型:

    收集地址 (192.168.1.0)

    收集名 (from /etc/networks)

    ip地址/子网掩码 (192.168.0.0/24)

    vim /etc/xinetd.d/tftp

    service tftp

    {

    disable = no

    socket_type= dgram

    protocol= udp

    wait= yes

    user= root

    server= /usr/sbin/in.tftpd

    server_args= -s /tftpboot

    per_source= 11

    cps= 100 2

    flags= IPv4

    }

    2.)非自力关照进程

    chkconfig SERVICE on/off 增添某项效劳

    servicexinetdrestart

    奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫**

    在telnet前,需求断定/etc/sysconfig/network和/etc/hosts中的姓名合营

    Telnet 效劳器软件的装配

    Telnet 选用明文传输用户名和暗码,因而对体系的安然造成了很大年夜的威胁,在一些

    主要的体系中,平日不实用telnet进行长途治理

    telnet 装配

    客户端yum -y install telnet

    效劳器端yum -y install telnet telnet-serverxine

    selinux :

    iptables :iptables-I INPUT -p tcp --dport 23 -j ACCEPT

    默许root 不能长途拜访mv /etc/securetty /etc/securetty.back

    若将/etc/xinetd.d/telnet中增添127.0.0.1,则无法telnet,只准许本机登录(把稳:telnet不支持root用户登录,通俗用户登录后可切换到root用户)

    bind=172.0.0.1

    5. 1)自力关照进程是颠末/etc/xinetd.conf(默许设置设备摆设文件)/etc/xinetd.d/services运转的,在默许文件规矩过的,在/etc/xinetd.d/services中仍能指定,若矛盾时,以/etc/xinetd.d/services中规矩的为准

    /etc/xinetd.conf的默许设置设备摆设:

    defaults

    {

    # The next two items are intended to be a quick access place to

    # temporarily enable or disable services.

    #

    #enabled=

    #disabled=

    # Define general logging characteristics.

    log_type= SYSLOG daemon info

    log_on_failure= HOST

    log_on_success= PID HOST DURATION EXIT

    # Define access restriction defaults

    #

    #no_access=

    #only_from=

    #max_load= 0

    cps= 50 10

    instances= 50

    per_source= 10

    cps 单位时候内并发拜访数,相称于软约束约束时默许期待10秒钟,每秒的最大年夜毗连数为50

    instance界说某个效劳最多准许的并发毗连数,相称于硬约束,跨越了则禁绝许其余用户再拜访

    比如:【1.】若将/etc/xinetd.d/telnet中增添127.0.0.1,则无法telnet,只准许本机登录(把稳:telnet不支持root用户登录,通俗用户登录后可切换到root用户)

    yum install telnet-server

    会在/etc/xinet.d/下出现telnet

    chkconfig telnet on

    service xinetd restart

    奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫*

    chkconfig xinetd on(有需要洞开)

    chkconfig --level 35 xinetd on

    telnet 192.168.0.116

    Red Hat Enterprise Linux Server release 5.4 (Tikanga)

    Kernel 2.6.18-164.el5 on an i686

    login: zhuying

    Password:

    Last login: Tue Feb 23 22:47:46 from server19

    若将/etc/xinetd.d/telnet中增添bind =127.0.0.1,即只准许本地登录

    vim /etc/xinetd.d/telnet

    # default: on

    # description: The telnet server serves telnet sessions; it uses /

    # unencrypted username/password pairs for authentication.

    service telnet

    {

    disable = no

    flags= REUSE

    socket_type= stream

    wait= no

    user= root

    server= /usr/sbin/in.telnetd

    log_on_failure+= USERID

    bind=127.0.0.1

    }

    Service xinetd restart(重启效劳)

    C:/>telnet 192.168.0.116

    正在毗连到192.168.0.116...不能翻开到主机的毗连, 在端口 23: 毗连掉利

    【2.】根据ip地址拒绝拜访

    only_from=192.168.0.0/24

    no_access=192.168.0.111

    vim /etc/xinetd.d/telnet

    # default: on

    # description: The telnet server serves telnet sessions; it uses /

    #unencrypted username/password pairs for authentication.

    service telnet

    {

    disable = no

    flags= REUSE

    socket_type= stream

    wait= no

    user= root

    server= /usr/sbin/in.telnetd

    log_on_failure+= USERID

    only_from=192.168.0.0/24

    no_access=192.168.0.111

    }

    ~

    Service xinetd restart(每次修正以后,重启效劳)

    (完成最好匹配,拒绝192.168.0.111)

    显现登录掉利的信息:

    [zhuying@station30 ~]$ telnet 192.168.0.116

    Trying 192.168.0.116...

    66777论码堂 | 66777论码堂【唯一官网】》》》》》》

    telnet: connect to address 192.168.0.116: Connection refused

    telnet: Unable to connect to remote host: Connection refused

    [zhuying@station30 ~]$

    【3.】根据拜访时候拒绝效劳

    若不在这个时候段内,则被拒绝拜访

    vim /etc/xinetd.d/telnet

    # default: on

    # description: The telnet server serves telnet sessions; it uses /

    #unencrypted username/password pairs for authentication.

    service telnet

    {

    disable = no

    flags= REUSE

    socket_type= stream

    wait= no

    user= root

    server= /usr/sbin/in.telnetd

    log_on_failure+= USERID

    access_times=9:00-12:00

    }

    Service xinetd restart(每次修正以后,不要忘了重启效劳)

    显现登录掉利的信息:

    [zhuying@station30 ~]$ telnet 192.168.0.116

    Trying 192.168.0.116...

    telnet: connect to address 192.168.0.116: Connection refused

    telnet: Unable to connect to remote host: Connection refused

    [zhuying@station30 ~]$

    【4.】根据并发毗连数

    instance=2(该效劳的并发毗连数最多为2)

    per_source=1(在某台主机上只能翻开一个终端拜访长途主机)

    vim /etc/xinetd.d/telnet

    # default: on

    # description: The telnet server serves telnet sessions; it uswww.3366.com-es /

    #unencrypted username/password pairs for authentication.

    service telnet

    {

    disable = no

    flags= REUSE

    socket_type= stream

    wait= no

    user= root

    server= /usr/sbin/in.telnetd

    log_on_failure+= USERID

    instances=2

    per_source=1

    }

    Service xinetd restart(每次修正以后,不要忘了重启效劳)

    当在station30上第一次长途登录时,登录成功

    [zhuying@station30 ~]$ telnet 192.168.0.116

    Trying 192.168.0.116...

    Connected to server16.example.com (192.168.0.116).

    Escape character is '^]'.

    Red Hat Enterprise Linux Server release 5.4 (Tikanga)

    Kernel 2.6.18-164.el5 on an i686

    login: zhuying

    Password:

    Last login: Tue Feb 23 23:35:41 from server11

    [zhuying@station116 ~]$

    在不封闭第一个窗口的环境下再其余翻开一个窗口,这时将会被拒绝

    [root@station30 ~]# telnet 192.168.0.116

    Trying 192.168.0.116...

    Connected to server16.example.com (192.168.0.116).

    Escape character is '^]'.

    Connection closed by foreign host.

    [root@station30 ~]#

    [root@station30 ~]#

    【5.】banner:当登录时,将某个文件的内容显现给用户

    cd /usr/share

    vim telnet.banner

    奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫**

    Welcome to my station!!!

    Hoho,bye...

    奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫**

    保存退出~.

    vim /etc/xinetd.d/telnet

    # default: on

    # description: The telnet server serves telnet sessions; it uses /

    #unencrypted username/password pairs for authentication.

    service telnet

    {

    disable = no

    flags= REUSE

    socket_type= stream

    wait= no

    user= root

    server= /usr/sbin/in.telnetd

    log_on_failure+= USERID

    banner=/usr/share/telnet.banner

    }

    ~

    Service xinetd restart(每次修正以后,不要忘了重启效劳)

    [root@station30 ~]# telnet 192.168.0.116

    Trying 192.168.0.116...

    Connected to server16.example.com (192.168.0.116).

    Escape character is '^]'.

    奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫**

    Welcome to my station!!!

    Hoho,bye...

    奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫**

    Red Hat Enterprise Linux Server release 5.4 (Tikanga)login: zhuying

    Password:

    Last login: Wed Feb 24 00:02:06 from server11

    [zhuying@station116 ~]$

    6.TCP_Wrapper

    语律例矩:daemon_list: client_list [:opt1 :opt2...]

    颠末操控某些规矩来约束主机的拜访

    准许规矩:/etc/hosts.allow

    拒绝规矩:/etc/hosts.deny

    IP address (192.168.0.1, 10.0.0.)

    name (www.redhat.com, .example.com)

    netmask (192.168.0.0/255.255.255.0)

    network name

    比如:

    【1.】分手在两个文件中界说规矩,平日会先去匹配/etc/hosts.allow中的内容,若不匹配再去匹配/etc/hosts.deny中的内容

    vim /etc/hosts.allow

    #

    # hosts.allowThis file describes the names of the hosts which are

    #allowed to use the local INET services, as decided

    #by the '/usr/sbin/tcpd' server.

    #

    in.telnetd:192.168.0.0/255.255.255.0 EXCEPT 192.168.0.111

    vim /etc/hosts.deny

    #

    # hosts.denyThis file describes the names of the hosts which are

    #*not* allowed to use the local INET services, as decided

    #by the '/usr/sbin/tcpd' server.

    #

    # The portmap line is redundant, but it is left to remind you that

    # the new secure portmap uses hosts.deny and hosts.allow.In particular

    # you should know that NFS uses portmap!

    in.telnetd:ALL

    service xinetd restart(重启效劳)

    登录将被拒绝:

    [root@station30 ~]# telnet 192.168.0.116

    Trying 192.168.0.116...

    Connected to server16.example.com (192.168.0.116).

    Escape character is '^]'.

    奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫**

    Welcome to my station!!!

    Hoho,bye...

    奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫**

    Connection closed by foreign host.

    [root@station30 ~]#

    若将/etc/hosts.allow中的规矩调换成:

    in.telnetd:ALL EXCEPT 192.168.0.0/255.255.255.0 EXCEPT 192.168.0.111

    /etc/hosts.deny中的规矩不变,则192.168.0.111则能登录,其余除了192.168.0.0网段的其余统统主机也都能登录成功

    【2.】发送邮件:

    vim /etc/hosts.allow

    #

    # hosts.allowThis file describes the names of the hosts which are

    #allowed to use the local INET services, as decided

    #by the '/usr/sbin/tcpd' server.

    #

    in.telnetd:192.168.0.0/255.255.255.0:spawn /bin/echo `date` %c %d | bin/mail -s "Somebody has telnetd our server." root

    vim /etc/hosts.deny

    # hosts.denyThis file describes the names of the hosts which are

    #*not* allowed to use the local INET services, as decided

    #by the '/usr/sbin/tcpd' server.

    #

    # The portmap line is redundant, but it is left to remind you that

    # the new secure portmap uses hosts.deny and hosts.allow.In particular

    # you should know that NFS uses portmap!

    in.telnetd:ALL:spawn /bin/echo `date` %c %d | /bin/mail -s "Somebody has telnetd our server." root

    service xinetd restart(重启效劳)

    此刻192.168.0.网段内的主机都能登录成功:

    [root@station30 ~]# telnet 192.168.0.116

    Trying 192.168.0.116...

    Connect百利宫娱乐官网ed to server16.example.com (192.168.0.116).

    Escape character is '^]'.

    奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫**

    Welcome to my station!!!

    Hoho,bye...

    奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫**

    Red Hat Enterprise Linux Server release 5.4 (Tikanga)

    Kernel 2.6.18-164.el5 on an i686

    login: zhuying

    Password:

    Last login: Wed Feb 24 02:01:49 from server11

    登录上后还能够切换到root用户,看是不是有邮件:

    [zhuying@station116 ~]$ su -

    Password:

    [root@station116 ~]# mail

    Mail version 8.1 6/6/93.Type ? for help.

    "/var/spool/mail/root": 1 message 1 new

    >N1 Feb 24 02:1216/733"Somebody has telnetd "

    & 1

    Message 1:

    From Feb 24 02:12:25 2010

    Date: Wed, 24 Feb 2010 02:12:25 +0800

    From: root

    To:

    Subject: Somebody has telnetd our server.

    Wed Feb 24 02:12:25 CST 2010 192.168.0.111 in.telnetd

    &

    【3.】在一个文件中改动,完成拜访操控:

    1.)vim /etc/hosts.allow

    #

    # hosts.allowThis file describes the names of the hosts which are

    #allowed to use the local INET services, as decided

    #by the '/usr/sbin/tcpd' server.

    #

    in.telnetd:192.168.0.111:spawn /bin/echo `date` %c to %s is denied by %A > /var/log/tcpwrapper.log:DENY

    in.telnet:192.168.0. 192.168.1. :ALLOW

    service xinetd restart(重启效劳)

    此刻,192.168.0.111登录掉利:

    [root@station30 ~]# telnet 192.168.0.116

    Trying 192.168.0.116...

    Connected to server16.example.com (192.168.0.116).

    Escape character is '^]'.

    奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫**

    Welcome to my station!!!

    Hoho,bye...

    奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫**

    Connection closed by foreign host.

    [root@station30 ~]#

    2.)twist的效果:偷梁换柱,将会被拒绝登录

    vim /etc/hosts.allow

    #

    # hosts.allowThis file describes the names of the hosts which are

    #allowed to use the local INET services, as decided

    #by the '/usr/sbin/tcpd' server.

    #

    in.telnetd:192.168.0.0/255.255.255.0:twist /bin/echo `date` connection refused by %s

    service xinetd restart(重启效劳)

    [root@station30 ~]# telnet 192.168.0.116

    Trying 192.168.0.116...

    Connected to server16.example.com (192.168.0.116).

    Escape character is '^]'.

    奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫**

    Welcome to my station!!!

    Hoho,bye...

    奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫**

    Wed Feb 24 02:47:36 CST 2010 connection refused by

    Connection closed by foreign host.

    [root@station30 ~]#

    3.)联系上面两个比如:

    vim /etc/hosts.allow

    #

    # hosts.allowThis file describes the names of the hosts which are

    #allowed to use the local INET services, as decided

    #by the '/usr/sbin/tcpd' server.

    #

    in.telnetd:192.168.0.111:pawn /bin/echo `date` %c to %s is denied.>> /var/log/tcpwrapper.log ;twist /bin/echo `date` Attemp log to %s failed.

    in.telnetd:192.168.0. 192.168.1.:ALLOW

    service xinetd restart(重启效劳)

    此刻,192.168.0.111登录掉利:

    [root@station30 ~]# telnet 192.168.0.116

    Trying 192.168.0.116...

    Connected to server16.example.com (192.168.0.116).

    Escape character is '^]'.

    奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫**

    Welcome to my station!!!

    Hoho,bye...

    奸淫奸淫奸淫奸淫奸淫奸淫奸淫奸淫**

    Connection closed by foreign host.

    [root@station30 ~]

    这篇文章出自 “IT网管运维” 博客,请必须保存此出处http://.blog.51cto.com//

  • 相关内容

友情链接: