leopit's blog

syslog.conf

로그파일의 종류

#!/bin/sh
count=`netstat -an -f inet | egrep SYN_RCVD |wc -l `
if [ $count -gt 50 ] ; then
echo "This server may be under a SYN attack. Please check current connections!"
fi

At first, customize /etc/ssh/sshd_config, /etc/ssh/ssh_config

[root@wowsecurity ~/work]# su - sist

:: 키 생성
[sist@wowsecurity ~]$ ssh-keygen -t rsa1 -N "sist1234"
Generating public/private rsa1 key pair.
Enter file in which to save the key (/home/sist/.ssh/identity):
Your identification has been saved in /home/sist/.ssh/identity.
Your public key has been saved in /home/sist/.ssh/identity.pub.
The key fingerprint is:
30:b3:fe:c2:3f:b1:47:58:4e:9d:46:c0:84:06:c9:45 sist@wowsecurity.net

[sist@wowsecurity ~]$ chmod 755 .ssh
[sist@wowsecurity ~]$ cd .ssh
[sist@wowsecurity ~/.ssh]$ ls
identity identity.pub known_hosts

:: 공개키를 접속할 서버로 전송한다.
[sist@wowsecurity ~/.ssh]$ scp identity.pub sist@211.63.89.93:.ssh/authorized_key;
sist@211.63.89.93's password:
identity.pub 100% 339 0.3KB/s 00:00

:: 접속
[sist@wowsecurity ~/.ssh]$ ssh -1 sist@211.63.89.93

:: 사용법

[root@wowsecurity /var/www/html]# ab -n 100 -c 10 http://www.wowsecurity.net/

This is ApacheBench, Version 2.0.41-dev <$Revision: 1.121.2.12 $> apache-2.0
Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/

Benchmarking www.wowsecurity.net (be patient).....done


Server Software: Apache
Server Hostname: www.wowsecurity.net
Server Port: 80

Document Path: /
Document Length: 6 bytes

Concurrency Level: 10
Time taken for tests: 0.61983 seconds
Complete requests: 100
Failed requests: 0
Write errors: 0
Total transferred: 19074 bytes
HTML transferred: 612 bytes
Requests per second: 1613.35 [#/sec] (mean)
Time per request: 6.198 [ms] (mean)
Time per request: 0.620 [ms] (mean, across all concurrent requests)
Transfer rate: 290.40 [Kbytes/sec] received

Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.2 0 1
Processing: 1 5 3.9 3 20
Waiting: 1 4 3.8 3 20
Total: 1 5 3.9 4 20

Percentage of the requests served within a certain time (ms)
50% 4
66% 6
75% 7
80% 7
90% 13
95% 15
98% 18
99% 20
100% 20 (longest request)


:: 사용법
ab [ -k ] [ -i ] [ -n 요청수 ] [ -t 시간제한 ] [ -c 동시접속 ] [ -p
POST file ] [ -A 인증 유저이름:패스워드 ] [ -P 프락시인증 유저이름:패스
워 드 ] [ -H Custom header ] [ -C Cookie name=value ] [ -T content-type
] [ -v verbosity ] ] [ -w HTML 출력 ] ] [ -x 속성 ] ] [ -y 
속성 ] ] [ -z

# 유저생성
useradd sbsuser
su - sbsuser
vi /etc/httpd/conf/httpd.conf

# httpd.conf 설정
# Own Page

ServerAdmin leopit@wowsecurity.net
DocumentRoot /var/www/html
ServerName wowsecurity.net
ServerAlias www.wowsecurity.net
UserDir public_html
ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access_log common


# leopit

ServerAdmin leopit@wowsecurity.net
DocumentRoot /home/leopit/public_html
ServerName leopit.wowsecurity.net
ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access_log common


# sbs

ServerAdmin sbs@sbs.co.kr
DocumentRoot /www/sbs
ServerName www.sbs.co.kr
UserDir sbshome
ErrorLog /www/sbs/sbs_error_log
CustomLog /www/sbs/sbs_access_log common


# kbs

ServerAdmin kbs@kbs.co.kr
DocumentRoot /www/kbs
ServerName www.kbs.co.kr
UserDir kbshome
ErrorLog /www/kbs/kbs_error_log
CustomLog /www/kbs/kbs_access_log common

# imbc

ServerAdmin imbc@imbc.com
DocumentRoot /www/imbc
ServerName www.imbc.com
UserDir imbchome
ErrorLog /www/imbc/imbc_error_log
CustomLog /www/imbc/imbc_access_log common


# error

ServerAdmin leopit@wowsecurity.net
DocumentRoot /www/error
ServerName error.wowsecurity.net
ServerAlias *.wowsecurity.net
ServerAlias *.sbs.co.kr
ServerAlias *.kbs.co.kr
ServerAlias *.imbc.com


service httpd restart
su - sbsuser

위와같이 설정한 후 sbsuser 홈 디렉토리에 sbshome imbchome kbshome을 생성한후 index 페이지를 만든다

TESTING..

+ 메일 릴레이 기능 

다른 네트워크 대역에서 우리 서버를 통해 메일을 날리려 하는 경우

vi /etc/mail/access
211.5.6 RELAY
211.5.6.7 REJECT
sapm@sapm.net 550 You Spammer .. A're you ~

적용
> makemap hash /etc/mail/access < /etc/mail/access

이것은 적어준다. 하지만.. 사용자가 동적 IP를 쓰고 있는데 .. 어찌 그걸 다 적으랴?
해결책 : 동적 릴레이 (Dynamic Relay)
동적 릴레이는 pop3처럼 사용자의 인증을 통하여 접근을 제어한다. 

+ 동적 릴레이 설정
여기서는 SASL을 활용해 보도록 한다. 
SASL(simple authentication and Security Layer) 은 smtp, imap에 인증을 지원한다.

- Cyus SASL 설치 (PRM)
cyrus-sasl-2.1.10-4 
cyrus-sasl-plain-2.1.10-4
cyrus-sasl-devel-2.1.10-4
cyrus-sasl-gssapi-2.1.10-4
cyrus-sasl-md5-2.1.10-4

- sendmail.conf 생성
sendmail 의 인증이 진행 될 수 있도록, sendmail.conf 파일을 생성한다. 
>vi /usr/lib/sasl2/Sendmail.conf
pwcheck_method:saslauthd

- etc/pam.d/smtp 생성
>vi /etc/pam.d/smtp
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth

- site.config.m4 파일 생성
새로 sendmail (타볼)을 받는다.
적당히 푼 다음 /devtools/Site/site.config.m4파일을 생성

sendmail-8.12.* > vi /devtools/Site/site.config.m4
APPENDDEF(`confENVDEF', `-DSASL')
APPENDDEF(`conf_sendmail_LIBS', `-lsasl2')
APPENDDEF(`confLIBDIRS', `-L/usr/lib/sas12') 

- Build 실행 및 설치
sendmail-8.12.* > ./Build
sendmail-8.12.* > mkdir -p /usr/man/man1
sendmail-8.12.* > mkdir /usr/man/man8
sendmail-8.12.* > sh Build install

- 컴파일된 sendmail binary 파일 /usr/sbun에 복사 
sendmail-8.12.* > cp obj.Linux.2.4.20-31.9.i686/sendmail/sendmail /usr/sbin/

- sasl 탑재 검사 
sendmail-8.12.* > sendmail -d0.1 -dv root

Version 8.12.10
Compiled with: DNSMAP LOG MATCHGECOS MIME7TO8 MIME8TO7 NAMED_BIND
NETINET NETUNIX NEWDB PIPELINING SASLv2 SCANF USERDB XDEBUG

============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = AAA
(canonical domain name) $j = AAA.com
(subdomain name) $m = com
(node name) $k = AAA.com
========================================================
위와 같이 나오면 정상

- 설정파일 복사 
sendmail.cf 를 /etc/mail/ 에 복사 
sendmail.init 파일을 /etc/init.d/sendmail 로 복사 
/etc/init.d/sendmail 파일에 755 

* sendmail.cf , sendmail.init 은 본 문서와 첨부 
sendmail-8.12.* > cp sendmail.cf / etc/mail/
sendmail-8.12.* > cp sendmail.init / etc/init.d/sendmail
sendmail-8.12.* > chmod 755 /etc/init.d/sendmail

- 센드메일 실행
sendmail-8.12.* > /etc/init.d/sendmail restart 
sendmail-8.12.* > /etc/init.d/saslauthd restart

- 25 port smtp 인증 여부 확인 
sendmail-8.12.* > telnet localhost 25

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 AAA.com ESMTP Sendmail 8.12.10/8.12.9; Thu, 3 Jun 2004 12:53:45 +0900
ehlo sendmail <- 사용자 입력
250-AAA.com Hello AAA.com [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE 10000000
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN <- 인증이 된 것임 
250-DELIVERBY
250 HELP

- 아웃룩에서 사용
1. 보내는 메일 서버에 도메인 입력 
2. 보내는 메일 서버에 [인증필요]를 클릭, 보내는 메일 서버에 로그인 정보 부분에 
"받는 메일 서버와 동일한 설정 사용"에 체크, 확인

- 이제 웹메일이 아닌, 아웃룩으로 메일을 보낼 수 있게 되었다.

named.conf에 recursion no 해주면
자신이 가지고 있는 정보에 대해서만 네임서버 조회가 가능하다

# vi /etc/named.conf

options {
directory "/var/named";
pid-file "named.pid";
recursion no;
};

[root@s92 /var/named/chroot/var/named]# dig @ns.s92.sist.co.kr www.s92.sist.co.kr

; <<>> DiG 9.3.0 <<>> @ns.s92.sist.co.kr www.s92.sist.co.kr
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63508
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;www.s92.sist.co.kr. IN A

;; ANSWER SECTION:
www.s92.sist.co.kr. 2 IN A 211.63.89.92

;; AUTHORITY SECTION:
s92.sist.co.kr. 2 IN NS ns.s92.sist.co.kr.

;; ADDITIONAL SECTION:
ns.s92.sist.co.kr. 2 IN A 211.63.89.92

;; Query time: 0 msec
;; SERVER: 211.63.89.92#53(ns.s92.sist.co.kr)
;; WHEN: Tue Dec 6 09:33:31 2005
;; MSG SIZE rcvd: 85

[root@s92 /var/named/chroot/var/named]# dig @ns.s92.sist.co.kr www.tland.co.kr

; <<>> DiG 9.3.0 <<>> @ns.s92.sist.co.kr www.tland.co.kr
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17697
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADDITIONAL: 0

;; QUESTION SECTION:
;www.tland.co.kr. IN A

;; AUTHORITY SECTION:
kr. 172299 IN NS F.DNS.kr.
kr. 172299 IN NS G.DNS.kr.
kr. 172299 IN NS A.DNS.kr.
kr. 172299 IN NS B.DNS.kr.
kr. 172299 IN NS C.DNS.kr.
kr. 172299 IN NS D.DNS.kr.
kr. 172299 IN NS E.DNS.kr.

;; Query time: 0 msec
;; SERVER: 211.63.89.92#53(ns.s92.sist.co.kr)
;; WHEN: Tue Dec 6 09:33:50 2005
;; MSG SIZE rcvd: 149

[root@s92 ~/INSTALL]# vi /etc/named.conf

zone "s92.sist.co.kr" IN { // FORWARD
type master; // hint, master, slave
file "db.s92"; // 사용할 DB파일 /var/named/에 위치함
allow-update { none; };
};

zone "89.63.211.in-addr.arpa" IN { // REVERSE
type master;
file "db.89";
allow-update { none; };
};

[root@s92 /var/named]# cd /var/named/chroot/var/named
[root@s92 /var/named/chroot/var/named]# ll
합계 80
drwxr-x--- 2 named named 4096 11월 25 10:49 data
-rw-r--r-- 1 named named 198 11월 25 10:49 localdomain.zone
-rw-r--r-- 1 named named 195 11월 25 10:49 localhost.zone
-rw-r--r-- 1 named named 415 11월 25 10:49 named.broadcast
-rw-r--r-- 1 named named 2518 11월 25 10:49 named.ca
-rw-r--r-- 1 named named 432 11월 25 10:49 named.ip6.local
-rw-r--r-- 1 named named 433 11월 25 10:49 named.local
-rw-r--r-- 1 named named 5 12월 5 10:58 named.pid
-rw-r--r-- 1 named named 416 11월 25 10:49 named.zero
drwxr-x--- 2 named named 4096 11월 25 10:49 slaves

# DB 생성
[root@s92 /var/named/chroot/var/named]# vi db.s92

$TTL 2
@ IN SOA ns.s92.sist.co.kr. root.localhost. (1 4 2 7D 2)
IN NS ns.s92.sist.co.kr.
IN MX 10 mail
ns IN A 211.63.89.92
mail IN A 211.63.89.92
www IN A 211.63.89.92
ttl IN CNAME ns

:: 위 셋팅 내용 설명
$TTL 2 = Time to live 2 second
@ = 내가 사용할 기본 도메인
IN = internet
SOA = start of authority
root.localhost = 메일주소
A = address
CNAME = ns의 다른이름

[root@s92 /var/named/chroot/var/named]# vi db.89

$TTL 2
@ IN SOA ns.s92.sist.co.kr. root.localhost. (1 4 2 7D 2)
IN NS ns.s92.sist.co.kr.
92 IN PTR ns.s92.sist.co.kr.

:: 위 셋팅 내용 설명
s92 = 아이피 끝자리

[root@s92 /var/named/chroot/etc]# killall named
[root@s92 /var/named/chroot/etc]# service named start
named (을)를 시작합니다: [ 확인 ]

[root@s92 /var/named/chroot/etc]# nslookup -sil
> www.s92.sist.co.kr
Server: 211.63.89.92
Address: 211.63.89.92#53

Name: www.s92.sist.co.kr
Address: 211.63.89.92

vi /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 s92 localhost.localdomain localhost
211.63.89.91 s91.sist.co.kr s91
211.63.89.93 s93.sist.co.kr s93
211.63.89.110 s110.sist.co.kr s110
211.63.89.92 s92.sist.co.kr s92
211.63.89.92 sist.co.kr
211.63.89.92 aa.com
211.63.89.92 bb.co.kr
211.63.89.92 cc.net
211.218.150.200 naver.com a
220.95.223.8 empas.com b
211.109.6.249 korea.com c

:: 네임서버 설정
vi /etc/resolv.conf
#system's default domain
domain sist.co.kr

#hostname search sequence
search sist.co.kr naver.com empas.com daum.net
nameserver 211.63.89.92
nameserver 211.63.64.11
nameserver 168.126.63.1

:: 이메일 로컬호스트 도메인
vi /etc/mail/local-host-names
# local-host-names - include all aliases for your machine here.
sist.co.kr
aa.com
bb.co.kr
cc.net

:: 포워딩
vi /etc/mail/virtusertable
webmaster@sist.co.kr blue10
webmaster@aa.com blue9
webmaster@bb.co.kr blue8
webmaster@cc.net blue7

[root@s92 /etc/mail]# makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable

:: sendmail.cf가 초기화 되어 있지 않으면 아래와 같이 설정
[root@s92 /etc/mail]# m4 sendmail.mc > sendmail.cf

:: 중계
[root@s92 /etc/mail]# vi access
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
sist.co.kr RELAY
aa.com OK
#아래것들은 중계안함
bb.co.kr REJECT
cc.net DISCARD

[root@s92 /etc/mail]# makemap hash /etc/mail/access.db < /etc/mail/access

nslookup 옵션 활용.. 까막지 말자는 용도로..

[root@s92 etc]# nslookup

> www.ttl.co.kr
Server: 211.63.64.11 우리꺼 네임서버
Address: 211.63.64.11#53 (포트)

Non-authoritative answer:
Name: www.ttl.co.kr
Address: 203.236.17.23

> set querytype=ns
> www.ttl.co.kr
Server: 211.63.64.11
Address: 211.63.64.11#53

Non-authoritative answer:
ttl.co.kr nameserver = gate.sktelecom.com.
ttl.co.kr nameserver = gate2.sktelecom.com.

Authoritative answers can be found from:
gate.sktelecom.com internet address = 203.236.1.12
gate2.sktelecom.com internet address = 203.236.20.11
>

> set querytype=mx
> ttl.co.kr
Server: 211.63.64.11
Address: 211.63.64.11#53

Non-authoritative answer:
ttl.co.kr mail exchanger = 100 mail.ttl.co.kr.

Authoritative answers can be found from:
ttl.co.kr nameserver = gate.sktelecom.com.
ttl.co.kr nameserver = gate2.sktelecom.com.
mail.ttl.co.kr internet address = 203.236.1.25
gate.sktelecom.com internet address = 203.236.1.12
gate2.sktelecom.com internet address = 203.236.20.11
>

> set querytype=ay
unknown query type: ay
> setquerytpye=ay
Server: 211.63.64.11
Address: 211.63.64.11#53

** server can't find setquerytpye=ay: NXDOMAIN
> naver.com
Server: 211.63.64.11
Address: 211.63.64.11#53

Non-authoritative answer:
naver.com mail exchanger = 10 rcvmail4.naver.com.
naver.com mail exchanger = 10 rcvmail5.naver.com.
naver.com mail exchanger = 10 rcvmail1.naver.com.
naver.com mail exchanger = 10 rcvmail2.naver.com.
naver.com mail exchanger = 10 rcvmail3.naver.com.

Authoritative answers can be found from:
naver.com nameserver = ns1.naver.com.
naver.com nameserver = ns2.naver.com.
rcvmail4.naver.com internet address = 220.73.146.166
rcvmail5.naver.com internet address = 211.218.150.164
rcvmail1.naver.com internet address = 211.218.150.166
rcvmail2.naver.com internet address = 220.73.146.164
rcvmail3.naver.com internet address = 220.73.146.165
ns1.naver.com internet address = 211.218.150.38
ns2.naver.com internet address = 211.218.150.37

[root@s92 etc]# nslookup -type=any sist.co.kr
Server: 211.63.64.11
Address: 211.63.64.11#53

Non-authoritative answer:
sist.co.kr nameserver = ns.sist.co.kr.
Name: sist.co.kr
Address: 211.238.132.91
sist.co.kr mail exchanger = 10 211.238.132.91.sist.co.kr.

Authoritative answers can be found from:
sist.co.kr nameserver = ns.sist.co.kr.

[root@s92 etc]# host -v -t ns naver.com
Trying "naver.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59820
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;naver.com. IN NS

;; ANSWER SECTION:
naver.com. 2191 IN NS ns2.naver.com.
naver.com. 2191 IN NS ns1.naver.com.

;; ADDITIONAL SECTION:
ns2.naver.com. 171391 IN A 211.218.150.37
ns1.naver.com. 171391 IN A 211.218.150.38

Received 95 bytes from 211.63.64.11#53 in 158 ms
[root@s92 etc]#

:: dig - 내가 사용할 네임서버를 지정해야함)
[root@s92 etc]# dig @ns.bora.net kldp.org A

; <<>> DiG 9.2.4 <<>> @ns.bora.net kldp.org A
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13148
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;kldp.org. IN A

;; ANSWER SECTION:
kldp.org. 60 IN A 210.118.94.78

;; AUTHORITY SECTION:
kldp.org. 60 IN NS ns.kldp.org.

;; Query time: 123 msec
;; SERVER: 164.124.101.2#53(ns.bora.net) - 내가 지정한 네임서버
;; WHEN: Fri Nov 25 10:46:01 2005
;; MSG SIZE rcvd: 59

[root@s92 etc]#