SUSE Linux 技术小贴士 - 201404
来源:互联网 发布:vmware mac os 10.11 编辑:程序博客网 时间:2024/04/30 13:13
1.最近有新的ntp漏洞造成攻击伪造地址问题,除了升级最新ntp,可以采取如下的方法规避:
This can be fixed by adjusting /etc/ntp.conf file by adding lines:
restrict default kod nomodify notrap nopeer noquery --拒绝IPV4用户
restrict -6 default kod nomodify notrap nopeer noquery --拒绝ipv6用户
下面这行是可以指定那些IP可以访问:
restrict 192.168.1.200
--放行192.168.1.200进入NTP服务器
2.对于ftp工作模式中独立模式和托管模式修改比较麻烦,这里有使用命令行修改的步骤:
1)停止vsftpd自启动,包括vsftpd独立模式和xinetd管理模式:
# chkconfig vsftpd off
2)设置vsftpd独立模式自启动:
# chkconfig vsftpd on
3)设置xinetd管理模式vsftpd自启动:
# chkconfig vsftpd xinetd
3.由于应用的需要,要基于源地址发包,比如说有两个网卡,需求源地址是第一个网卡的必须从这个网卡出去,源地址是第二个网卡从第二个网卡出去,实现方法:
1)Edit /etc/iproute2/rt_tables.
2)At the bottom, please type 100 SECONDPOA.
Replace SECONDPOA with any other string.
3)Save the file.
4)Please type ip rule add from s.s.s.s table SECONDPOA where s.s.s.s is the IP Address of the eth1.
5) Please type ip route add default via y.y.y.y dev eth1 table SECONDPOA and press Enter where y.y.y.y is the IP Address of the next hop for packets originating from eth1.
6)To test it, please type
traceroute www.novell.com -S p.p.p.p where p.p.p.p is the IP Address of eth0 and notice the next hop. This should be x.x.x.x
traceroute www.novell.com -S s.s.s.s where s.s.s.s is the IP Address of eth1 and notice the next hop. This should be y.y.y.y
7)Once the above test is successful, please follow the sub steps below to make ip rule statement persistent across reboot.
Create a file /etc/rc.d/rclocal .
Paste the following in the file. Modify the ip rule statement accordingly.
#!/bin/bash
### BEGIN INIT INFO
# Provides: rclocal
# Required-Start: $local_fs $remote_fs $network
# X-UnitedLinux-Should-Start: $ALL
# Required-Stop:
# X-UnitedLinux-Should-Stop:
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Simulates rc.local
# Description: Simulates redhat's rc.local: contains
# commands to execute after system has booted (all services are already
# available)
### END INIT INFO
case "$1" in
start)
ip rule add from s.s.s.s table SECONDPOA
;;
*)
exit 0
;;
esac
Save the file
Type "chmod +x rclocal" without quotes and press Enter.
Type "chkconfig rclocal on" without quotes and press Enter.
8) Once the above test is successful, please make the ip route statement persistent. Please edit /etc/sysconfig/network/routes and type
default y.y.y.y - eth1 table SECONDPOA
where y.y.y.y is the next hop that packets originating from eth1 needs to take.
This can be fixed by adjusting /etc/ntp.conf file by adding lines:
restrict default kod nomodify notrap nopeer noquery --拒绝IPV4用户
restrict -6 default kod nomodify notrap nopeer noquery --拒绝ipv6用户
下面这行是可以指定那些IP可以访问:
restrict 192.168.1.200
--放行192.168.1.200进入NTP服务器
2.对于ftp工作模式中独立模式和托管模式修改比较麻烦,这里有使用命令行修改的步骤:
1)停止vsftpd自启动,包括vsftpd独立模式和xinetd管理模式:
# chkconfig vsftpd off
2)设置vsftpd独立模式自启动:
# chkconfig vsftpd on
3)设置xinetd管理模式vsftpd自启动:
# chkconfig vsftpd xinetd
3.由于应用的需要,要基于源地址发包,比如说有两个网卡,需求源地址是第一个网卡的必须从这个网卡出去,源地址是第二个网卡从第二个网卡出去,实现方法:
1)Edit /etc/iproute2/rt_tables.
2)At the bottom, please type 100 SECONDPOA.
Replace SECONDPOA with any other string.
3)Save the file.
4)Please type ip rule add from s.s.s.s table SECONDPOA where s.s.s.s is the IP Address of the eth1.
5) Please type ip route add default via y.y.y.y dev eth1 table SECONDPOA and press Enter where y.y.y.y is the IP Address of the next hop for packets originating from eth1.
6)To test it, please type
traceroute www.novell.com -S p.p.p.p where p.p.p.p is the IP Address of eth0 and notice the next hop. This should be x.x.x.x
traceroute www.novell.com -S s.s.s.s where s.s.s.s is the IP Address of eth1 and notice the next hop. This should be y.y.y.y
7)Once the above test is successful, please follow the sub steps below to make ip rule statement persistent across reboot.
Create a file /etc/rc.d/rclocal .
Paste the following in the file. Modify the ip rule statement accordingly.
#!/bin/bash
### BEGIN INIT INFO
# Provides: rclocal
# Required-Start: $local_fs $remote_fs $network
# X-UnitedLinux-Should-Start: $ALL
# Required-Stop:
# X-UnitedLinux-Should-Stop:
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: Simulates rc.local
# Description: Simulates redhat's rc.local: contains
# commands to execute after system has booted (all services are already
# available)
### END INIT INFO
case "$1" in
start)
ip rule add from s.s.s.s table SECONDPOA
;;
*)
exit 0
;;
esac
Save the file
Type "chmod +x rclocal" without quotes and press Enter.
Type "chkconfig rclocal on" without quotes and press Enter.
8) Once the above test is successful, please make the ip route statement persistent. Please edit /etc/sysconfig/network/routes and type
default y.y.y.y - eth1 table SECONDPOA
where y.y.y.y is the next hop that packets originating from eth1 needs to take.
0 0
- SUSE Linux 技术小贴士 - 201404
- Linux技术-为SUSE制作ISO源
- SUSE Linux
- SUSE Linux
- SUSE Linux
- suse linux
- suse linux
- SUSE LINUX Documentation
- SuSE Linux 10.1发布!
- 升级Suse Linux内核
- SUSE Linux 10 Bible
- Suse Linux启动顺序
- suse linux 常用命令
- suse linux 命令
- suse linux ps简介
- SuSE安装MySQL-LINUX
- suse linux网络配置
- SUSE Linux 启动顺序
- Oracle CHAR,VARCHAR,VARCHAR2,nvarchar类型的区别与使用
- ubuntu操作系统学习笔记之获取帮助信息
- cocos2d-x多点触摸以及ios模拟器模拟多点触摸
- 物流系统车辆仓库定位的实现——基于RFID定位的实现方法
- 基于servlet的四位数的验证码
- SUSE Linux 技术小贴士 - 201404
- static class 静态类(Java)
- 一些iOS资源分享
- 优秀手机应用设计需要遵循的8大原则
- [1] Unit 2 Can you spell it?
- 用C语言实现一个revert函数,它的功能是将输入的字符串在原串上倒序后返回
- Unity 用户手册构建场景 (Building Scenes)运用检视器 (Inspector)检视器选项
- 使用TF-IDF进行文档分类
- UVA: The 3n + 1 problem