Linux系统中网络配置详解（三）

网络的安全设置

安全的策略是禁止所有不需要的服务.　　(1)./etc/ftpusers ftp限定了不允许通过ftp当一个ftp如果用户名在/etc/ftpusers将不会允许该用户继续连接.在linux我们可以在/etc/securetty所有其他没有写入文件中的终端都不允许root的控制登录文件/etc/hosts.allow服务进程中,中的访问控制规则来控制外部对linux　　service-list : hosts-list [ : command]
可选,地址,ALL表示当ip匹配该项.

网段202.112.13.0/24主机202.117.13.196主机202.117.48.33本机自身可以访问所有网络服务.
　　#/etc/hosts.deny
中,选项允许linux在我们的例子中,linux的邮件,和deny和/etc/issue.net

我们常常可以看到我们linux许多黑客首先要收集目标系统的信息,系统中一般要把这些信息隐藏起来./etc/issue我们可以修改这些文件来隐藏版本信息.

重新启动的时候,文件的范例如下:
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

if [ -f /etc/redhat-release ]; then
R=$(cat /etc/redhat-release)

arch=$(uname -m)
a="a"
case "_$arch" in
_a*) a="an";;
_i*) a="an";;
esac

NUMPROC=`egrep -c "^cpu[0-9]+" /proc/stat`
if [ "$NUMPROC" -gt "1" ]; then
SMP="$NUMPROC-processor "
if [ "$NUMPROC" = "8" -o "$NUMPROC" = "11" ]; then
a="an"
else
a="a"
fi
fi

# This will overwrite /etc/issue at every boot. So, make any changes you
# want to make to /etc/issue here or you will lose them when you reboot.
#echo "" > /etc/issue
#echo "$R" >> /etc/issue
# echo "Kernel $(uname -r) on $a $SMP$(uname -m)" >> /etc/issue

cp -f /etc/issue /etc/issue.net
echo >> /etc/issue

　　(5)都可以通过ctl+alt+del所以要在/etc/inittab　　#ca::ctrlaltdel:/sbin/shutdown -t3 -r now