FreeBSD 4.6.2-RELEASE ???? - PowerPoint PPT Presentation

About This Presentation
Title:

FreeBSD 4.6.2-RELEASE ????

Description:

Title: FreeBSD 4.6.2-RELEASE Author: Last modified by: kjm Created Date: 10/15/2002 1:30:50 PM Document presentation format – PowerPoint PPT presentation

Number of Views:71
Avg rating:3.0/5.0
Slides: 25
Provided by: 6649384
Category:

less

Transcript and Presenter's Notes

Title: FreeBSD 4.6.2-RELEASE ????


1
FreeBSD 4.6.2-RELEASE ????
  • ???????? ?? ?
  • kjm_at_rins.ryukoku.ac.jp
  • http//www.st.ryukoku.ac.jp/kjm/

2
FreeBSD ???????
  • Linux ?????????free ?????? UNIX ? OS
  • ??????????? Linux ????????????
  • ???????????
  • ISP ????????????????????????
  • Yahoo! ??

3
?? FreeBSD ????????
  • ????????
  • OS ????????????
  • ????????? Linux ????
  • 4.6.x-RELEASE ????????????
  • ?????????
  • OS ????????????
  • ???????????????????????? Linux ????
  • ????????????

4
?? FreeBSD ????????
  • source ???
  • source ???
  • make ??
  • source tree
  • ports
  • ?? -)

5
???
  • ??(????) OS ????
  • 3 ?????????????
  • ???????? security fix ?????
  • ???4.4-RELEASE ????
  • ????????????? Red Hat Linux ????
  • ??????????????????
  • ??????????????
  • source ????binary only ???????????fix package ?
    rpm ?????????????? Linux ??????

6
??????
  • ?FreeBSD ???? ??? ?????????
  • X Window ????????????
  • ???????????????????????(??????)
  • X Window ?????? packages/ports ???????????????????
    ??????????????

7
????????????????
  • kernel ??????
  • ??
  • cd /usr/src/sys/i386/conf
  • cp GENERIC MyConf
  • vi MyConf
  • config MyConf
  • cd ../../compile/MyConf
  • make depend
  • make
  • make install
  • ????????????(/etc/rc.conf ??)

8
kernel ??????
  • ??????????????????
  • CPU
  • network device
  • SCSI device
  • RAID device
  • ????????
  • IPv6
  • BPF
  • ?????????
  • ???????????????????????
  • ????????????????????
  • ??(GENERIC)????????????????????

9
??????(?????)
  • CPUcpu I366_CPUcpu I486_CPUcpu I586_CPU
  • optionsoptions MATH_EMULATEoptions INET6
  • devicedevice fd1device atapistdevice
    ahbdevice adv0 at isa?device asrdevice
    sio2device ppc0device de
  • pseudo-devicepseudo-device bpfpseudo-device sl 1

10
????????????
  • /etc/rc.conf ???????
  • /etc/default/rc.conf ?????????????????????????????
    ?????????????????
  • /etc/rc.conf ??????????????????/etc/rc.conf.local
    ?????????????????
  • /etc/sysctl.conf ???????
  • ???????????????????????????????????
  • ?? daemon (????????)??????????
  • daemon ????

11
/etc/rc.conf ???????
  • ???????? ??tcp_drop_synfinYES SYNFIN
    ???icmp_drop_redirectNO ICMP redirect
    ???icmp_log_redirectNO ICMP redirect
    ???ipfilter_enableYES ip filter
    ????ipmon_enableYES ipmon
    ????firewall_enableYES ipfw????firewall_typ
    esimple ipfw ??simple?????
  • ????accounting_enableNO ????????????inetd_fl
    ags-wWl ?????? -wW
  • kernel securelevel ??kernel_securelevel_enableY
    ES kernel securelevel????kern_securelevel1 ??
    ???? -1

12
/etc/sysctl.conf ???
  • ??????kernel.ipc.somaxconn1024kern.ipc.maxsocke
    ts16384kern.ipc.nmbclusters65535
  • blackhole(4) (??????! traceroute ????????)0 RST
    ??? 1 SYN ???????? 2 ??????net.inet.tcp.blackho
    le2net.inet.tcp.blackhole1
  • squid ??????????(?)kern.maxfiles32767kern.maxfi
    lesperproc16424net.inet.ip.portrange.first8192
    net.inet.ip.portrange.last65535

13
?? daemon ???????
  • ssh (/etc/ssh/sshd_config)
  • UsePrivilegeSeparation yes
  • inetd (/etc/inetd.conf)
  • ftpd l l
  • login (/etc/login.conf)
  • minpasswordlen12

14
???????????????
  • ?????(???)?????????
  • http//www.sans.org/dosstep/index.htm
  • ????????????(IP option ??????????????)ip filter
    ???block in log quick from any to any with
    ipoptsblock in log quick proto tcp from any to
    any with shortblock in log quick proto icmp from
    any to any icmp-type redirblock in log quick
    proto icmp from any to any icmp-type
    routeradblock in log quick proto icmp from any
    to any icmp-type routersol
  • ???????????
  • /etc/rc.firewall(ipfw ??????)????????????simple??
    ??????????

15
IP filter v.s. IP firewall (ipfw)
  • IP filter ???????????????
  • IP firewall FreeBSD ??
  • ???????
  • FreeBSD ipfw
  • NetBSD ip filter
  • OpenBSD pf (packet filter)
  • BSD/OS - ?
  • Mac OS X ipfw
  • Linux ipchains / iptables
  • HP-UX ip filter (?)
  • FreeBSD ???????????ipfw ? simple
    ???????????????????????????

16
OS ??????
  • CVSup ??????????
  • cvsup g supfile
  • supfile ???default hostcvsup.jp.freebsd.orgde
    fault base/usrdefault prefix/usrdefault
    releasecvs tagRELENG_4_6default delete
    use-rel-suffix compresssrc-all
  • ??? FreeBSD ????????????? CVSup ????????????
    CVSup ??????
  • ports ? net/cvsup-mirror ??????????????
  • ???????????
  • ?????????????make buildworld make installworld
    ??????????????? DNS resolver ???

17
???????
  • FreeBSD ?????? FreeBSD-announce-jp ML ????????
  • http//www.jp.freebsd.org/
  • ???? ??????????
  • ?????????? CVSup ?? source ??????
  • ?????? FreeBSD-users-jp ML ????
  • ???????????????????????? ML ????
  • ???????????????

18
ports/packages ??
  • ports - /usr/ports/
  • 3rd party ????????????(port)??????????????????????
    ???
  • ??????????????????????????????????????????????????
    ??????????????????????????
  • ????? security/sudo ??
  • cd /usr/ports/security/sudo
  • make
  • make install
  • OS ???????? ports ??????????????????????? OS
    ????????

19
??? ports
  • ??? ports (ports-current)? CVSup ????????
  • supfile ???default hostcvsup.jp.freebsd.orgde
    fault base/usrdefault prefix/usrdefault
    releasecvs tag.default delete use-rel-suffix
    compressports-all
  • ports-current ? FreeBSD ???(-current)????(-stable
    )???????????????
  • ?????????????????????????? RELEASE ????????
  • ports-current ??????? RELEASE ???????????

20
ports ?????
  • net/
  • bsdproxy ?? proxy ???
  • stone
  • ethereal ????????????
  • honeyd for honeyports
  • iplog TCP/IP ????
  • netcat ??????
  • ngrep ?????? grep
  • ntop ?????? top
  • socks5 NEC socks5
  • dante

21
ports ?????
  • security/
  • snort ?????? IDS
  • acid, snort-snarf
  • amavis-perl ??????? ???????
  • amavisd, amavisd-new, inflex
  • arirang web ????
  • nessus, saint, whisker
  • bcwipe ???? / ?????????
  • ca-roots CA ??????? (old!)
  • chkrootkit rootkit ???? ?
  • dsniff ???????????

22
ports ?????
  • security/
  • fragrouter IDS ??????
  • hping
  • gnupg GNU OpenPGP
  • pgp5, pgp6
  • john ???????????
  • crack
  • nmap ????????
  • portscanner, strobe
  • portsentry ????????????
  • pscan ???????????
  • its4, rats

23
ports ?????
  • security/
  • openssh OpenSSH
  • openssh-portable, ssh2, lsh
  • sudo ?
  • super
  • swatch simple watcher
  • logcheck
  • tripwire ?????????????
  • aide, integrit
  • www/
  • squid www proxy
  • tinyproxy, transproxy

24
???
  • ???
  • ?? - http//www.freebsd.org
  • FreeBSD ??? - http//www.jp.freebsd.org
  • ?? ML
  • ??
  • FreeBSD Press
  • BSD magazine
  • ??????????????????????
Write a Comment
User Comments (0)
About PowerShow.com