SUSE Linux 技术小贴士 - 201404
2014-04-02 11:05
375 查看
1.最近有新的ntp漏洞造成攻击伪造地址问题,除了升级最新ntp,可以采取如下的方法规避:
This can be fixed by adjusting /etc/ntp.conf file by adding lines:
restrict default kod nomodify notrap nopeer noquery --拒绝IPV4用户
restrict -6 default kod nomodify notrap nopeer noquery --拒绝ipv6用户
下面这行是可以指定那些IP可以访问:
restrict 192.168.1.200
--放行192.168.1.200进入NTP服务器
2.对于ftp工作模式中独立模式和托管模式修改比较麻烦,这里有使用命令行修改的步骤:
1)停止vsftpd自启动,包括vsftpd独立模式和xinetd管理模式:
# chkconfig vsftpd off
2)设置vsftpd独立模式自启动:
# chkconfig vsftpd on
3)设置xinetd管理模式vsftpd自启动:
# chkconfig vsftpd xinetd
3.由于应用的需要,要基于源地址发包,比如说有两个网卡,需求源地址是第一个网卡的必须从这个网卡出去,源地址是第二个网卡从第二个网卡出去,实现方法:
1)Edit /etc/iproute2/rt_tables.
2)At the bottom, please type 100 SECONDPOA.
Replace SECONDPOA with any other string.
3)Save the file.
4)Please type ip rule add from s.s.s.s table SECONDPOA where s.s.s.s is the IP Address of the eth1.
5) Please type ip route add default via y.y.y.y dev eth1 table SECONDPOA and press Enter where y.y.y.y is the IP Address of the next hop for packets originating from eth1.
6)To test it, please type
traceroute www.novell.com -S p.p.p.p where p.p.p.p is the IP Address of eth0 and notice the next hop. This should be x.x.x.x
traceroute www.novell.com -S s.s.s.s where s.s.s.s is the IP Address of eth1 and notice the next hop. This should be y.y.y.y
7)Once the above test is successful, please follow the sub steps below to make ip rule statement persistent across reboot.
Create a file /etc/rc.d/rclocal .
Paste the following in the file. Modify the ip rule statement accordingly.
#!/bin/bash
### BEGIN INIT INFO
# Provides: rclocal
# Required-Start: $local_fs $remote_fs $network
# X-UnitedLinux-Should-Start: $ALL
# Required-Stop:
# X-UnitedLinux-Should-Stop:
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Simulates rc.local
# Description: Simulates redhat's rc.local: contains
# commands to execute after system has booted (all services are already
# available)
### END INIT INFO
case "$1" in
start)
ip rule add from s.s.s.s table SECONDPOA
;;
*)
exit 0
;;
esac
Save the file
Type "chmod +x rclocal" without quotes and press Enter.
Type "chkconfig rclocal on" without quotes and press Enter.
8) Once the above test is successful, please make the ip route statement persistent. Please edit /etc/sysconfig/network/routes and type
default y.y.y.y - eth1 table SECONDPOA
where y.y.y.y is the next hop that packets originating from eth1 needs to take.
This can be fixed by adjusting /etc/ntp.conf file by adding lines:
restrict default kod nomodify notrap nopeer noquery --拒绝IPV4用户
restrict -6 default kod nomodify notrap nopeer noquery --拒绝ipv6用户
下面这行是可以指定那些IP可以访问:
restrict 192.168.1.200
--放行192.168.1.200进入NTP服务器
2.对于ftp工作模式中独立模式和托管模式修改比较麻烦,这里有使用命令行修改的步骤:
1)停止vsftpd自启动,包括vsftpd独立模式和xinetd管理模式:
# chkconfig vsftpd off
2)设置vsftpd独立模式自启动:
# chkconfig vsftpd on
3)设置xinetd管理模式vsftpd自启动:
# chkconfig vsftpd xinetd
3.由于应用的需要,要基于源地址发包,比如说有两个网卡,需求源地址是第一个网卡的必须从这个网卡出去,源地址是第二个网卡从第二个网卡出去,实现方法:
1)Edit /etc/iproute2/rt_tables.
2)At the bottom, please type 100 SECONDPOA.
Replace SECONDPOA with any other string.
3)Save the file.
4)Please type ip rule add from s.s.s.s table SECONDPOA where s.s.s.s is the IP Address of the eth1.
5) Please type ip route add default via y.y.y.y dev eth1 table SECONDPOA and press Enter where y.y.y.y is the IP Address of the next hop for packets originating from eth1.
6)To test it, please type
traceroute www.novell.com -S p.p.p.p where p.p.p.p is the IP Address of eth0 and notice the next hop. This should be x.x.x.x
traceroute www.novell.com -S s.s.s.s where s.s.s.s is the IP Address of eth1 and notice the next hop. This should be y.y.y.y
7)Once the above test is successful, please follow the sub steps below to make ip rule statement persistent across reboot.
Create a file /etc/rc.d/rclocal .
Paste the following in the file. Modify the ip rule statement accordingly.
#!/bin/bash
### BEGIN INIT INFO
# Provides: rclocal
# Required-Start: $local_fs $remote_fs $network
# X-UnitedLinux-Should-Start: $ALL
# Required-Stop:
# X-UnitedLinux-Should-Stop:
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Simulates rc.local
# Description: Simulates redhat's rc.local: contains
# commands to execute after system has booted (all services are already
# available)
### END INIT INFO
case "$1" in
start)
ip rule add from s.s.s.s table SECONDPOA
;;
*)
exit 0
;;
esac
Save the file
Type "chmod +x rclocal" without quotes and press Enter.
Type "chkconfig rclocal on" without quotes and press Enter.
8) Once the above test is successful, please make the ip route statement persistent. Please edit /etc/sysconfig/network/routes and type
default y.y.y.y - eth1 table SECONDPOA
where y.y.y.y is the next hop that packets originating from eth1 needs to take.
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- SUSE Linux企业版12发布,提供Docker技术预览
- 微软技术通 1.0 beta 使用小贴士1
- javascript 技术小贴士
- SUSE Linux企业版12发布,提供Docker技术预览
- 微软技术通 1.0 beta 使用小贴士1
- BS开发中常用的javascript技术
- 【技术评网】说说豆瓣的URL设计
- 我们到底该怎么学技术?如何成为一个优秀的技术人员? 推荐
- 软件开发技术问答
- Web服务器识别技术揭秘
- 使用java技术将Excel表格内容导入mysql数据库
- VMware NIC Teaming技术探讨
- 我的技术我的路
- 使用面向对象的技术创建高级 Web 应用程序
- 企业级系统架构设计技术与互联网应用技术结合主题一 - 大规模并发性能问题探讨
- IT程序员技术提高练级的终极攻略
- PHP服务端推送技术Long Polling
- 读《SOA之道思想,技术,过程与实践》有感
- 标准C++类string的Copy-On-Write技术(一)
- 技术连接收藏