| = ! °ü¸®¹æ¾î °ø°£ 51-56 |
| = |
| = \TableOfContents0 |
| = |
| = !! level 51 |
| = |
| = + Ç®ÀÌ ¹æ¹ý |
| = # ½ÇÁ¦ Ç®ÀÌ ¹æ¹ý È®ÀÎ;; |
| = |
| = - ½ÇÁ¦ Ç®ÀÌ |
| = {{{ |
| = sysctl -w net.ipv4.icmp_echo_ignore_all=1 |
| = |
| = sysctl -w net.ipv4.conf.default.accept_source_route=0 |
| = sysctl -w net.ipv4.conf.all.accept_source_route=0 |
| = sysctl -w net.ipv4.conf.eth0.accept_source_route=0 |
| = sysctl -w net.ipv4.conf.lo.accept_source_route=0 |
| = |
| = sysctl -w net.ipv4.tcp_syncookies=1 |
| = |
| = sysctl -w net.ipv4.conf.default.accept_redirects=0 |
| = sysctl -w net.ipv4.conf.all.accept_redirects=0 |
| = sysctl -w net.ipv4.conf.lo.accept_redirects=0 |
| = sysctl -w net.ipv4.conf.eth0.accept_redirects=0 |
| = |
| = sysctl -w net.ipv4.conf.all.log_martians=1 |
| = sysctl -w net.ipv4.conf.lo.log_martians=1 |
| = sysctl -w net.ipv4.conf.eth0.log_martians=1 |
| = sysctl -w net.ipv4.conf.default.log_martians=1 |
| = |
| = sysctl -w net.ipv4.ip_forward=0 |
| = }}} |
| = |
| = > pass = <font color=red></font> |
| = |
| = !! level 52 |
| = |
| = + Ç®ÀÌ ¹æ¹ý |
| = # /etc/sudoers ÆÄÀÏ ÆíÁý |
| = |
| = - ½ÇÁ¦ Ç®ÀÌ |
| = {{{ |
| = # vi /etc/sudoers |
| = |
| = # sudoers file. |
| = # |
| = # This file MUST be edited with the 'visudo' command as root. |
| = # |
| = # See the sudoers man page for the details on how to write a sudoers file. |
| = # |
| = # Host alias specification |
| = # User alias specification |
| = # Cmnd alias specification |
| = # Defaults specification |
| = # User privilege specification |
| = root ALL=(ALL) ALL |
| = # Uncomment to allow people in group wheel to run all commands |
| = # %wheel ALL=(ALL) ALL |
| = # Same thing without a password |
| = # %wheel ALL=(ALL) NOPASSWD: ALL |
| = # Samples |
| = # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom |
| = # %users localhost=/sbin/shutdown -h now |
| = |
| = user_admin ALL=/usr/sbin/useradd // Ãß°¡ ºÎºÐ |
| = |
| = "/etc/sudoers" 31 lines, 615 characters written |
| = # finish |
| = Success |
| = |
| = ¡Ø ¿ø·¡´Â visudo¸í·É¾î¸¦ ÅëÇؼ /etc/sudoers ¸¦ ÆíÁýÇØ¾ß ÇÑ´Ù°í ÇÔ |
| = |
| = }}} |
| = |
| = > pass = <font color=red>oksudoers</font> |
| = |
| = !! level 53 |
| = |
| = + Ç®ÀÌ ¹æ¹ý |
| = # /etc/mail/sendmail.cf ÆÄÀÏ SmtpGreetingMessage ³»¿ë »èÁ¦ |
| = # /etc/mail/helpfile »èÁ¦ |
| = # /etc/mail/sendmail.cf ÆÄÀÏ Local and Program Mailer specification ºÎºÐ º¯°æ |
| = # /etc/mail/sendmail.cf ÆÄÀÏ MaxMessageSize º¯°æ |
| = # /etc/mail/sendmail.cf ÆÄÀÏ MaxRecipientsPerMessage º¯°æ |
| = |
| = - ½ÇÁ¦ Ç®ÀÌ |
| = {{{ |
| = # rm /etc/mail/helpfile |
| = # vi sendmail.cf |
| = # SMTP initial login message (old $e macro) |
| = O SmtpGreetingMessage= |
| = |
| = Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=10/30, |
| = R=20/40,M=5000000, T=DNS/RFC822/X-Unix, A=procmail -Y -a $h -d $u |
| = |
| = # maximum message size |
| = O MaxMessageSize=5000000 |
| = |
| = # maximum number of recipients per SMTP envelope |
| = O MaxRecipientsPerMessage=20 |
| = # |
| = # ps |
| = PID TTY TIME CMD |
| = 15227 pts/11 0:00 bash |
| = 15230 pts/11 0:00 sendmail |
| = 15492 pts/11 0:00 ps |
| = # kill -1 15230 |
| = # finish |
| = Success. |
| = }}} |
| = |
| = > pass = <font color=red>sendmailhelpno</font> |
| = |
| = !! level 54 |
| = |
| = + Ç®ÀÌ ¹æ¹ý |
| = # __ssh-keygen__ ¸í·É¾î »ç¿ë ºñ¹ÐÅ° °ø°³Å°¸¦ ÀÛ¼º |
| = # scp ÅëÇؼ °ø°³Å° authorized_key »ý¼º |
| = |
| = - ½ÇÁ¦ Ç®ÀÌ |
| = {{{ |
| = # ssh-keygen -t rsa |
| = Generating public/private rsa key pair. |
| = Enter file in which to save the key (/.ssh/id_rsa):/.ssh/id_rsa |
| = Enter passphrase (empty for no passphrase): |
| = Enter same passphrase again: |
| = Your identification has been saved in /.ssh/id_rsa. |
| = Your public key has been saved in /.ssh/id_rsa.pub. |
| = The key fingerprint is: |
| = 8a:de:60:ff:20:6c:47:98:60:a1:55:61:e4:42:63:df root@mdsol |
| = # |
| = # ls -la |
| = ÃÑ 1002 |
| = drwxr-xr-x 2 root other 512 9¿ù 16ÀÏ 18:57 -p |
| = drwxr-xr-x 22 root root 512 9¿ù 17ÀÏ 21:02 . |
| = drwxr-xr-x 22 root root 512 9¿ù 17ÀÏ 21:02 .. |
| = -rw-r--r-- 1 root other 307 9¿ù 17ÀÏ 21:02 .profile |
| = d--------- 2 root other 512 9¿ù 14ÀÏ 17:44 .rhosts |
| = drwxrwxrwx 2 root other 512 9¿ù 17ÀÏ 21:03 .ssh |
| = drwxr-xr-x 2 root other 512 4¿ù 21ÀÏ 21:15 aa |
| = drwxr-xr-x 3 root other 512 4¿ù 27ÀÏ 11:49 backup |
| = drwxr-xr-x 3 root other 512 2004³â 1¿ù 31ÀÏ vsh |
| = # scp .ssh/id_rsa.pub pascal@PubHome:.ssh/authorized_keys |
| = Enter password: // Æнº¿öµå cobol ÀÔ·Â |
| = # |
| = # finish |
| = success |
| = }}} |
| = |
| = > pass = <font color=red>opensshkeygenok</font> |
| = |
| = !! level 55 |
| = |
| = + Ç®ÀÌ ¹æ¹ý |
| = # find ¿É¼Ç -perm , -nouser , -type |
| = # rediection »ç¿ë ÆÄÀÏ »ý¼º |
| = |
| = - ½ÇÁ¦ Ç®ÀÌ |
| = {{{ |
| = # find / -perm 20 -o -print > /tmp/write.txt |
| = # find / -nouser > /tmp/no_own.txt |
| = # find / -type f \( -perm -004000 -o -perm -002000 \) > /tmp/suid.txt |
| = # finish |
| = please wait while the program checks your answer. This may take several minutes. |
| = checking write.txt |
| = checking no_own.txt |
| = checking suid.txt |
| = Success. |
| = }}} |
| = |
| = > pass = <font color=red>permissioncheckok</font> |
| = |
| = !! level 56 |
| = |
| = + Ç®ÀÌ ¹æ¹ý |
| - # |
| + # 0089(hex°ª)ÀÇ ¿ø·¡°ªÀ» ã±â.. |
| + # access-list ·Î Â÷´Ü.. |
| = |
| = - ½ÇÁ¦ Ç®ÀÌ |
| = {{{ |
| + conf t |
| + access-list 101 deny tcp any any eq 137 |
| + access-list 101 permit ip any any |
| + access-list 111 deny tcp any any eq 137 |
| + access-list 111 permit ip any any |
| + interface serial0 |
| + ip access-group 101 in |
| + ip access-group 111 out |
| + exit |
| + exit |
| + write |
| + }}} |
| = |
| - }}} |
| - |
| - > pass = <font color=red></font> |
| + > pass = <font color=red>netflowmonitorok</font> |
