Rechercher une page de manuel
hosts_access
Langue: ja
Version: 55027 (openSuse - 09/10/07)
Section: 5 (Format de fichier)
Sommaire
- NAME
- DESCRIPTION
- ACCESS CONTROL FILES
- ACCESS CONTROL RULES
- PATTERNS
- WILDCARDS
- OPERATORS
- SHELL COMMANDS
- % EXPANSIONS
- SERVER ENDPOINT PATTERNS
- CLIENT USERNAME LOOKUP
- DETECTING ADDRESS SPOOFING ATTACKS
- EXAMPLES
- MOSTLY CLOSED (¤Û¤ÜÊĺ¿)
- MOSTLY OPEN (¤Û¤Ü²òÊü)
- BOOBY TRAPS (¤Ò¤Ã¤«¤±æ«)
- DIAGNOSTICS
- FILES
- SEE ALSO
- BUGS
- AUTHOR
- ËÝÌõ¼Ô
NAME
hosts_access - ¥Û¥¹¥È¥¢¥¯¥»¥¹¥³¥ó¥È¥í¡¼¥ë¥Õ¥¡¥¤¥ë¤Î½ñ¼°DESCRIPTION
¤³¤Î¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤Ï¡¢¥¯¥é¥¤¥¢¥ó¥È (¥Û¥¹¥È¥Í¡¼¥à/¥¢¥É¥ì¥¹¡¢¥æ¡¼ ¥¶¡¼Ì¾) ¥µ¡¼¥Ð¡¼ (¥×¥í¥»¥¹Ì¾¡¢¥Û¥¹¥È¥Í¡¼¥à/¥¢¥É¥ì¥¹) ´Ö¤Îñ½ã¤Ê ¥¢¥¯¥»¥¹À©¸æ¤Îµ½ÒË¡¤ò²òÀ⤹¤ë¤â¤Î¤Ç¤¢¤ë¡£¶ñÂÎŪ¤ÊÀßÄêÎã¤ÏËöÈø¤Ë ¼¨¤¹¤Î¤Ç¡¢¤Æ¤Ã¤È¤ê¤Ð¤ä¤¤ÀßÄê¤ò˾¤à¤»¤Ã¤«¤Á¤ÊÆɼԤϡ¢"ÀßÄêÎã" ¤Î ¥»¥¯¥·¥ç¥ó¤Ø¤È¿Ê¤ó¤ÇÍߤ·¤¤¡£¥¢¥¯¥»¥¹¥³¥ó¥È¥í¡¼¥ë½ñË¡¤Î³ÈÄ¥¤µ¤ì¤¿Éôʬ¤Ë´Ø¤·¤Æ¤Ï¡¢ hosts_options(5) ¤Îʸ½ñ¤Ç²òÀ⤹¤ë¡£¤³¤Î³ÈÄ¥¤Ï¡¢¥×¥í¥°¥é¥à ¤¬ -DPROCESS_OPTIONS ¤ò»ØÄꤷ¤ÆºîÀ®¤µ¤ì¤¿¤«¤É¤¦¤«¤Ëº¸±¦¤µ¤ì¤ë¡£
°Ê²¼¤Îʸ¾Ï¤Ç¤Ï¡¢daemon ¤È¤Ï¥Í¥Ã¥È¥ï¡¼¥¯¥Ç¡¼¥â¥ó¤Î¥×¥í¥»¥¹ ̾¤ò°ÕÌ£¤·¡¢client ¤È¤Ï¡¢¥µ¡¼¥Ó¥¹¤òÍ׵᤹¤ë¥Û¥¹¥È¤Î̾Á°¡¢ ¤â¤·¤¯¤Ï¥Û¥¹¥È¤Î¥¢¥É¥ì¥¹¤ò°ÕÌ£¤·¤Æ¤¤¤ë¡£¥Í¥Ã¥È¥ï¡¼¥¯¥Ç¡¼¥â¥ó¤Î¥× ¥í¥»¥¹Ì¾¤Ï¡¢inetd ¤ÎÀßÄê¥Õ¥¡¥¤¥ëÃæ¤ËÌÀ¼¨¤µ¤ì¤Æ¤¤¤ë¡£
ACCESS CONTROL FILES
¥¢¥¯¥»¥¹¥³¥ó¥È¥í¡¼¥ë¤Î¥½¥Õ¥È¥¦¥§¥¢¤Ï¡¢Æó¤Ä¤Î¥Õ¥¡¥¤¥ë¤ò»²¾È¤¹¤ë¡£ ºÇ½é¤Ë°ìÃפ·¤¿»þÅÀ¤Ç¸¡º÷¤Ï½ªÎ»¤¹¤ë¡£- *
- (daemon,client) ¤ÎÁȹ礻¤¬ /etc/hosts.allow ¥Õ¥¡¥¤¥ë¤ÎÃæ¤Î ¥¨¥ó¥È¥ê¤È°ìÃפ¹¤ë¾ì¹ç¡¢¥¢¥¯¥»¥¹¤Ï¾µÂú¤µ¤ì¤ë¡£
- *
- ¤â¤·¤¯¤Ï¡¢(daemon,client) ¤ÎÁȹ礻¤¬ /etc/hosts.deny ¥Õ¥¡ ¥¤¥ë¤ÎÃæ¤Î¥¨¥ó¥È¥ê¤È°ìÃפ¹¤ë¾ì¹ç¡¢¥¢¥¯¥»¥¹¤ÏµñÈݤµ¤ì¤ë¡£
- *
- ¤½¤ì°Ê³°¤Î¾ì¹ç¡¢¥¢¥¯¥»¥¹¤Ï¾µÂú¤µ¤ì¤ë¡£
¥¢¥¯¥»¥¹¥³¥ó¥È¥í¡¼¥ë¤Î¥Õ¥¡¥¤¥ë¤¬Â¸ºß¤·¤Ê¤¤¾ì¹ç¤Ï¡¢¤½¤ì¤é¤Î¥Õ¥¡¥¤ ¥ë¤¬¶õ¤Ç¤¢¤Ã¤¿¤È¤ß¤Ê¤µ¤ì¤ë¡£¤·¤¿¤¬¤Ã¤Æ¡¢¥¢¥¯¥»¥¹¥³¥ó¥È¥í¡¼¥ë¤Ï¡¢ ¥¢¥¯¥»¥¹¥³¥ó¥È¥í¡¼¥ë¥Õ¥¡¥¤¥ë¤ò½àÈ÷¤·¤Ê¤¤»ö¤Ë¤è¤Ã¤ÆÄä»ß¤¹¤ë»ö¤¬¤Ç ¤¤ë¡£
ACCESS CONTROL RULES
¤É¤Á¤é¤Î¥¢¥¯¥»¥¹¥³¥ó¥È¥í¡¼¥ë¥Õ¥¡¥¤¥ë¤â¡¢0 ¹Ô°Ê¾å¤Î¥Æ¥¥¹¥È¤Ç¹½À® ¤µ¤ì¤Æ¤¤¤ë¡£¤³¤ì¤é¤Î¹Ô¤Ï½Ð¸½½ç¤Ë½èÍý¤µ¤ì¤ë¡£¸¡º÷¤Ï¥Þ¥Ã¥Á¤¹¤ë¹Ô¤¬ ¸½¤ì¤¿»þÅÀ¤Ç½ªÎ»¤È¤Ê¤ë¡£- *
- ²þ¹Ôʸ»ú¤Ï¡¢¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥å¤¬Á°¤ËÃÖ¤«¤ì¤¿¾ì¹ç¤Ï̵»ë¤µ¤ì¤ë¡£¤³¤ì ¤Ë¤è¤Ã¤Æ¡¢³Ú¤ËÊÔ½¸¤¹¤ë¤¿¤á¤ËŤ¤¹Ô¤òʬ³ä¤¹¤ë¤³¤È¤¬µö¤µ¤ì¤Æ¤¤¤ë¡£
- *
- ¶õ¹Ô¡¢¤Þ¤¿¤Ï `#' ¤Ç»Ï¤Þ¤ë¹Ô¤Ï̵»ë¤µ¤ì¤ë¡£¤·¤¿¤¬¤Ã¤Æ¡¢¥³¥á¥ó¥È¤ò ÁÞÆþ¤·¤¿¤ê¡¢¥Û¥ï¥¤¥È¥¹¥Ú¡¼¥¹¤òÆþ¤ì¤ÆÆɤߤ䤹¤¯À°¤¨¤ë»ö¤¬µö¤µ¤ì¤Æ ¤¤¤ë¡£
- *
- ¤½¤ì°Ê³°¤Î¹Ô¤Ï¡¢¼¡¤Ë¼¨¤¹¥Õ¥©¡¼¥Þ¥Ã¥È¤Ë½¾¤ï¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£¤¿¤À ¤· [] ¤Ç°Ï¤Þ¤ì¤ëÉôʬ¤ÏǤ°Õ¤Ç¤¢¤ë:
daemon_list : client_list [ : shell_command ]
daemon_list ¤Ï¡¢¤Ò¤È¤Ä°Ê¾å¤Î¥Ç¡¼¥â¥ó¥×¥í¥»¥¹Ì¾ (argv[0] ¤ÎÃÍ) ¤Þ¤¿¤Ï¡¢¥ï¥¤¥ë¥É¥«¡¼¥É (¸å½Ò) ¤ò»È¤Ã¤¿¥ê¥¹¥È¤Ç¤¢¤ë¡£
client_list ¤Ï¡¢¤Ò¤È¤Ä°Ê¾å¤Î¡¢¥Û¥¹¥È̾¡¢¥Û¥¹¥È¥¢¥É¥ì¥¹¡¢¤Þ ¤¿¤Ï¡¢¥ï¥¤¥ë¥É¥«¡¼¥É (¸å½Ò) ¤ò»È¤Ã¤¿¡¢¥¯¥é¥¤¥¢¥ó¥È¤Î¥Û¥¹¥È̾¤«¥¢ ¥É¥ì¥¹¤Ë¥Þ¥Ã¥Á¤¹¤ë¥Ñ¥¿¡¼¥ó¤Î¥ê¥¹¥È¤Ç¤¢¤ë¡£
Ê£¹ç²½¤µ¤ì¤¿ daemon@host ¤ä user@host ¤È¤¤¤¦·Á¼°¤Ï¡¢ ¤½¤ì¤¾¤ì SERVER ENDPOINT PATTERNS ¤ª¤è¤Ó CLIENT USERNAME LOOKUP ¤Î¥»¥¯¥·¥ç¥ó¤Ç²òÀ⤹¤ë¡£
¥ê¥¹¥È¤Î³ÆÍ×ÁǤ϶õÇò¡¢¤Þ¤¿¤Ï¥«¥ó¥Þ¤Çʬ¤±¤Ê¤±¤ì¤Ð¤¤¤±¤Ê¤¤¡£
NIS (¤«¤Ä¤Æ¤Î YP) ¤Î netgroup Ì䤤¹ç¤ï¤»¤È¤¤¤¦Îã³°¤ò½ü¤¤¤Æ¤Ï¡¢ Á´¤Æ¤Î¥¢¥¯¥»¥¹¥³¥ó¥È¥í¡¼¥ë¤Î¥Á¥§¥Ã¥¯¤ÏÂçʸ»ú¾®Ê¸»ú¤òƱ°ì»ë¤·¤Æ¹Ô ¤Ê¤ï¤ì¤ë¡£
PATTERNS
¥¢¥¯¥»¥¹¥³¥ó¥È¥í¡¼¥ë¤Î½ñ¼°¤Ï°Ê²¼¤Î¤è¤¦¤Ê¥Ñ¥¿¡¼¥ó¤òËþ¤¿¤¹¤â¤Î¤Ç¤¢ ¤ë¡£- *
- `.' ¤Ç»Ï¤Þ¤ë¸ì¡£¤â¤·¡¢¥Û¥¹¥È̾¤Î¸å¤í¤ÎÉôʬ¤¬¤³¤Î½ñ¼°¤Ç»ØÄꤵ¤ì ¤¿¥Ñ¥¿¡¼¥ó¤È°ìÃפ¹¤ë¤È¡¢¤½¤ì¤Ï¥Þ¥Ã¥Á¤È¤Ê¤ë¡£Î㤨¤Ð¡¢`.tue.nl' ¤È¤¤¤¦¥Ñ¥¿¡¼¥ó¤Ï¡¢`wzv.win.tue.nl'. ¤È¤¤¤¦¥Û¥¹¥È̾¤È¥Þ¥Ã¥Á¤·¤Æ ¤¤¤ë¡£
- *
- `.' ¤Ç½ª¤ï¤ë¸ì¡£¤â¤·¡¢¥Û¥¹¥È¥¢¥É¥ì¥¹¤ÎÁ°Éô¤Î¿ôÃÍ¥Õ¥£¡¼¥ë¥É¤¬¡¢ ¤³¤Î¸ì¤È°ìÃפ¹¤ë¤Ê¤é¡¢¤½¤ì¤Ï¥Þ¥Ã¥Á¤·¤Æ¤¤¤ë¡£Î㤨¤Ð¡¢`131.155.' ¤È¤¤¤¦¥Ñ¥¿¡¼¥ó¤Ï¡¢Eindhoven University network (131.155.x.x)¤Ë °¤¹¤ë (¤Û¤Ü)Á´¤Æ¤Î¥Û¥¹¥È¤Î¥¢¥É¥ì¥¹¤Ë¥Þ¥Ã¥Á¤·¤Æ¤¤¤ë¡£
- *
- `@' ¤Ç»Ï¤Þ¤ë¸ì¤Ï¡¢NIS (¤«¤Ä¤Æ¤Î YP) ¤Î¥Í¥Ã¥È¥°¥ë¡¼¥×̾¤È¤·¤Æ°· ¤ï¤ì¤ë¡£¤â¤·¡¢¥Û¥¹¥È¤¬¤½¤³¤ÇÌÀ¼¨¤µ¤ì¤¿¥Í¥Ã¥È¥°¥ë¡¼¥×̾¤Î¥á¥ó¥Ð¡¼ ¤Ç¤¢¤ë¾ì¹ç¤Ï°ìÃפ·¤¿¤â¤Î¤È¤Ê¤ë¡£¤³¤Î¥Í¥Ã¥È¥°¥ë¡¼¥×¤Î¥Þ¥Ã¥Á¤Ï¡¢¥Ç¡¼ ¥â¥ó¥×¥í¥»¥¹Ì¾¤ä¥¯¥é¥¤¥¢¥ó¥È¥æ¡¼¥¶¡¼Ì¾¤Î¤¿¤á¤Ë¤Ï¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤ ¤Ê¤¤¡£
- *
- `n.n.n.n/m.m.m.m' ¤È¤¤¤¦·Á¼°¤Ï`net/mask' ¤Î°ìÂФȤ·¤Æ²ò¼á¤µ¤ì ¤ë¡£¥Û¥¹¥È¥¢¥É¥ì¥¹¤Ï¡¢`net' ¤«¤é¸«¤ÆÀµ¥Ó¥Ã¥ÈÊý¸þ¤Ë¤¢¤ê¡¢¤«¤Ä `mask' ¤Ç¥Þ¥¹¥¯¤µ¤ì¤¿ÈÏ°ÏÆâ¤Ë¤¢¤ë¾ì¹ç¤Ë°ìÃפ¹¤ë¡£¤¿¤È¤¨¤Ð¡¢ net/mask ¤¬ `131.155.72.0/255.255.254.0'¤È¤Ê¤ë¥Ñ¥¿¡¼¥ó¤Ï¡¢ `131.155.72.0' ¤«¤é `131.155.73.255'¤Þ¤Ç¤ÎÈϰϤˤ¢¤ëÁ´¤Æ¤Î¥¢¥É ¥ì¥¹¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
WILDCARDS
¥¢¥¯¥»¥¹¥³¥ó¥È¥í¡¼¥ë¤Î½ñ¼°¤Ï¡¢Ê¿°×¤Ê¥ï¡¼¥ë¥É¥«¡¼¥É·²¤ò¥µ¥Ý¡¼¥È¤· ¤Æ¤¤¤ë:- ALL
- ¤¹¤Ù¤Æ¤Ë¹çÃפ¹¤ëËüǽ¤Ê¥ï¥¤¥ë¥É¥«¡¼¥É¡£
- LOCAL
- ¥É¥Ã¥Èʸ»ú¤ò»ý¤¿¤Ê¤¤Á´¤Æ¤Î¥Û¥¹¥È¤Ë¥Þ¥Ã¥Á¡£
- UNKNOWN
- ̾Á°¤ÎÌÀ¤é¤«¤Ç¤Ê¤¤¥æ¡¼¥¶¡¼¤Ë¥Þ¥Ã¥Á¡£¤½¤·¤Æ̾Á° ¤Þ¤¿¤Ï ¥¢¥É ¥ì¥¹¤¬ÉÔÌÀ¤ÊÁ´¤Æ¤Î¥Û¥¹¥È¤Ë¥Þ¥Ã¥Á¡£
¤³¤Î·Á¼°¤ÏÃí°Õ¤ò»ý¤Ã¤Æ»ÈÍѤ¹¤Ù¤¤Ç¤¢¤ë:¥Û¥¹¥È̾¤Ï¡¢°ì»þŪ¤Ê¥Í¡¼ ¥à¥µ¡¼¥Ð¡¼¤ÎÌäÂê¤Ë¤è¤ê¡¢»È¤¨¤Ê¤¤¾ì¹ç¤¬¤¢¤ê¤¦¤ë¡£¤Þ¤¿¡¢¥Í¥Ã¥È¥ï¡¼ ¥¯¥¢¥É¥ì¥¹¤Ï¡¢¥½¥Õ¥È¥¦¥§¥¢¤«¤é¸«¤Æ¡¢¤É¤ó¤Ê¥¿¥¤¥×¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤È ²ñÏ䷤Ƥ¤¤ë¤Î¤«¡¢ÆÃÄê¤Ç¤¤Ê¤¤¾ì¹ç¤ÏÍøÍѤǤ¤Ê¤¯¤Ê¤ë¡£
- KNOWN
- ̾Á°¤ÎÌÀ¤é¤«¤Ê¥æ¡¼¥¶¡¼¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£¤µ¤é¤Ë¡¢Ì¾Á° ¤È ¥¢¥É¥ì ¥¹¤ÎÌÀ¤é¤«¤Ê¥Û¥¹¥È¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
¤³¤Î·Á¼°¤ÏÃí°Õ¤ò»ý¤Ã¤Æ»ÈÍѤ¹¤Ù¤¤Ç¤¢¤ë:¥Û¥¹¥È̾¤Ï¡¢°ì»þŪ¤Ê¥Í¡¼ ¥à¥µ¡¼¥Ð¡¼¤ÎÌäÂê¤Ë¤è¤ê¡¢»È¤¨¤Ê¤¤¾ì¹ç¤¬¤¢¤ê¤¦¤ë¡£¤Þ¤¿¡¢¥Í¥Ã¥È¥ï¡¼ ¥¯¥¢¥É¥ì¥¹¤Ï¡¢¥½¥Õ¥È¥¦¥§¥¢¤«¤é¸«¤Æ¡¢¤É¤ó¤Ê¥¿¥¤¥×¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤È ²ñÏ䷤Ƥ¤¤ë¤Î¤«¡¢ÆÃÄê¤Ç¤¤Ê¤¤¾ì¹ç¤ÏÍøÍѤǤ¤Ê¤¯¤Ê¤ë¡£
- PARANOID
- ̾Á°¤È¥¢¥É¥ì¥¹¤Î°ìÃפ·¤Ê¤¤Á´¤Æ¤Î¥Û¥¹¥È¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£¤â¤· tcpd ¤¬ -DPARANOID (¤³¤ì¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¤¢¤ë) ¤ÇºîÀ®¤µ¤ì¤Æ¤¤¤ë¤Ê¤é¡¢¥¢¥¯¥» ¥¹¥³¥ó¥È¥í¡¼¥ë¥Æ¡¼¥Ö¥ë¤¬»²¾È¤µ¤ì¤ë¤è¤êÁ°¤Ë¡¢¤½¤Î¤è¤¦¤Ê¥¯¥é¥¤¥¢¥ó ¥È¤«¤é¤ÎÍ×µá¤ÏÍî¤È¤µ¤ì¤Æ¤·¤Þ¤¦¡£¤½¤Î¤è¤¦¤ÊÍ×µá¤ò¡¢¤µ¤é¤Ë¥³¥ó¥È¥í¡¼ ¥ë¤·¤¿¤¤¾ì¹ç¤Ï -DPARANOID ¤ò³°¤·¤Æ tcpd ¤ò¹½ÃÛ¤¹¤ë»ö¡£
OPERATORS
- EXCEPT
- ´ðËÜŪ¤Ë¤Ï¡¢¼¡¤Ë¼¨¤¹¤è¤¦¤Ê·Á¼°¤Ç»ÈÍѤ¹¤ë: `list_1 EXCEPT list_2';¤³¤ì¤Ï list_2 ¤Ë¥Þ¥Ã¥Á¤¹¤ë¤â¤Î¤ò½ü¤¯¡¢ list_1 ¤Ë¥Þ¥Ã¥Á¤¹¤ë¤â¤ÎÁ´¤Æ¡¢¤Ë¹çÃפ¹¤ë¡£¤³¤Î EXCEPT ±é»» »Ò¤Ï¡¢daemon_lists ¤È client_lists ¤ÎÃæ¤Ç¤â»ÈÍѤǤ¤ë¡£EXCEPT ±é »»»Ò¤Ï¡¢¥Í¥¹¥È(Æþ¤ì»Ò¤Ë)¤·¤Æ»È¤¦»ö¤â¤Ç¤¤ë: ¤â¤·¥³¥ó¥È¥í¡¼¥ë½ñ¼° ¤¬´Ý³ç¸Ì¤ò»È¤¦»ö¤òµö²Ä¤·¤Æ¤¤¤¿¤Ê¤é¡¢`a EXCEPT b EXCEPT c'¤Ï¡¢ `(a EXCEPT (b EXCEPT c))' ¤È²ò¼á¤µ¤ì¤ë¤Ç¤¢¤í¤¦¡£
SHELL COMMANDS
¤â¤·¡¢ºÇ½é¤Ë¥Þ¥Ã¥Á¤·¤¿¥¢¥¯¥»¥¹¥³¥ó¥È¥í¡¼¥ë¤Î¥ë¡¼¥ë¤¬¥·¥§¥ë¥³¥Þ¥ó ¥É¤ò´Þ¤ó¤Ç¤¤¤ë¤Ê¤é¡¢¤½¤Î¥³¥Þ¥ó¥É¤Ï¡¢%<letter> ¤ÎÃÖ¤´¹¤¨(¼¡¤Î¥» ¥¯¥·¥ç¥ó¤ò»²¾È) ¤¬¤¢¤ë¤È²¾Äꤵ¤ì¤ë¡£¤½¤Î·ë²Ì¡¢/bin/sh ¤Î»Ò ¥×¥í¥»¥¹¤¬É¸½àÆþÎϤòȼ¤Ã¤Æ¼Â¹Ô¤µ¤ì¡¢½ÐÎϤȥ¨¥é¡¼¤Ï /dev/null ¤ØÁ÷¤é¤ì¤ë¡£¤â¤·¡¢¤½¤Î¥×¥í¥»¥¹¤¬½ªÎ»¤¹¤ë¤Þ¤ÇÂÔ¤Á ¤¿¤¯¤Ê¤¤¾ì¹ç¤Ë¤Ï¡¢¥³¥Þ¥ó¥É¤ÎËöÈø¤Ë `&' ¤¬ÌÀ¼¨¤¹¤ë¤³¤È¡£¥·¥§¥ë¥³¥Þ¥ó¥É¤Ï¡¢inetd ¤Î PATH ÀßÄê¤È´ØÏ¢¤µ¤»¤Æ¤Ï¤¤¤±¤Ê¤¤¡£Âå¤ï ¤ê¤ËÀäÂХѥ¹¤òÍѤ¤¤ë¤«¡¢ËÁƬ¤ÇÌÀ¼¨Åª¤Ë PATH=whatever ¤òÀë¸À¤¹¤ë ¤Ù¤¤Ç¤¢¤ë¡£
hosts_options(5) ¤Îʸ½ñ¤Ç¤Ï¡¢¸ß´¹À¤Î¤Ê¤¤°Û¤Ê¤ëÊýË¡¤Ç¥·¥§ ¥ë¥³¥Þ¥ó¥É¤Î¥Õ¥£¡¼¥ë¥É¤ò»È¤¦¤¿¤á¤Î¡¢¤â¤¦¤Ò¤È¤Ä¤Î½ñ¼°¤ò²òÀ⤷¤Æ¤¤ ¤ë¡£
% EXPANSIONS
¥·¥§¥ë¥³¥Þ¥ó¥É¤ÎÃæ¤Ç¤Ï²¼µ¤Î³Èĥɽµ¤¬ÍøÍѤǤ¤ë:- %a (%A)
- ¥¯¥é¥¤¥¢¥ó¥È (¥µ¡¼¥Ð¡¼) ¥Û¥¹¥È¤Î¥¢¥É¥ì¥¹¡£
- %c
- ¥¯¥é¥¤¥¢¥ó¥È¤Î¾ðÊó: user@host, user@address. ¥Û¥¹¥È̾¤«Ã±¤Ë¥¢¥É ¥ì¥¹¤«¤Ï¡¢ÍøÍѤǤ¤ë¾ðÊó¤Ë°Í¸¤¹¤ë¡£
- %d
- ¥Ç¡¼¥â¥ó¥×¥í¥»¥¹Ì¾ (argv[0] ¤ÎÃÍ)¡£
- %h (%H)
- ¥¯¥é¥¤¥¢¥ó¥È (¥µ¡¼¥Ð¡¼) ¥Û¥¹¥È¤Î̾Á°¡¢¤â¤·¥Û¥¹¥È̾¤¬ÍøÍѤǤ¤Ê¤¤ ¾ì¹ç¤Ë¤Ï¡¢¤½¤Î¥¢¥É¥ì¥¹¡£
- %n (%N)
- ¥¯¥é¥¤¥¢¥ó¥È (¥µ¡¼¥Ð¡¼) ¥Û¥¹¥È¤Î̾Á° (¤â¤·¤¯¤Ï¡¢"unknown" ¤¢¤ë¤¤ ¤Ï "paranoid")¡£
- %p
- ¥Ç¡¼¥â¥ó¥×¥í¥»¥¹¤Î id¡£
- %s
- ¥µ¡¼¥Ð¡¼¤Î¾ðÊó: daemon@host, daemon@address, ¤¢¤ë¤¤¤Ïñ¤Ë¥Ç¡¼¥â ¥ó¤Î̾Á°¡£¤³¤ì¤ÏÍøÍѤǤ¤ë¾ðÊó¤Ë°Í¸¤¹¤ë¡£
- %u
- ¥¯¥é¥¤¥¢¥ó¥È¤Î¥æ¡¼¥¶¡¼Ì¾ (¤â¤·¤¯¤Ï¡¢"unknown")¡£
- %%
- ʸ»ú `%' ¤ØŸ³«¤µ¤ì¤ë¡£
% ¤ÎŸ³«¤¬¹Ô¤Ê¤ï¤ì¤ë¤³¤È¤Ë¤è¤Ã¤Æ¡¢¥·¥§¥ë¤òº®Í𤵤»¤ë²ÄǽÀ¤Î¤¢¤ë ʸ»ú·²¤Ï¡¢¥¢¥ó¥À¡¼¥¹¥³¥¢¤Ø¤ÈÃÖ¤´¹¤¨¤é¤ì¤ë¡£
SERVER ENDPOINT PATTERNS
Àܳ¤µ¤ì¤Æ¤¤¤ë¥Í¥Ã¥È¥ï¡¼¥¯¥¢¥É¥ì¥¹¤Ë¤è¤Ã¤Æ¡¢¥¯¥é¥¤¥¢¥ó¥È¤ò¸·Ì©¤Ë ¶èÊ̤¹¤ë¤¿¤á¤Ë¤Ï¡¢°Ê²¼¤Î·Á¼°¤Ç¥Ñ¥¿¡¼¥ó¤òµ½Ò¤¹¤ë:
process_name@host_pattern : client_list ...
¤³¤Î¤è¤¦¤Ê¥Ñ¥¿¡¼¥ó¤Ï¡¢¥Þ¥·¥ó¤¬Ê£¿ô¤Î°Û¤Ê¤ë¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤Î¥Û¥¹¥È ̾¤È¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤Î¥¢¥É¥ì¥¹¤ò»ý¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ë»ÈÍѤ¹¤ë¡£¥µ¡¼¥Ó¥¹ ¥×¥í¥Ð¥¤¥À¤Ï¡¢°Û¤Ê¤ëÁÈ¿¥¤Ë°¤¹¤ë¤è¤¦¤Ê¥¤¥ó¥¿¡¼¥Í¥Ã¥È¾å¤Î̾Á°¤ò»ý ¤ÄFTP, GOPHER ¤¢¤ë¤¤¤Ï WWW ¤òÄ󶡤¹¤ë¤¿¤á¤Ë¡¢¤³¤Îµ¡Ç½¤òÍøÍѤǤ ¤ë¡£hosts_options(5) ʸ½ñ¤ÎÃæ¤Î `twist' ¤Î¥ª¥×¥·¥ç¥ó¤â»²¾È¤¹¤ë»ö¡£ ¤¢¤ë¥·¥¹¥Æ¥à (Solaris, FreeBSD) ¤Ç¤Ï¡¢¤Ò¤È¤Ä¤ÎʪÍýŪ¤Ê¥¤¥ó¥¿¡¼¥Õ¥§¡¼ ¥¹¤¬¡¢Ê£¿ô¤Î¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥¢¥É¥ì¥¹¤ò»ý¤Ä»ö¤¬¤Ç¤¤ë(¤½¤ì°Ê³°¤Î¥· ¥¹¥Æ¥à¤Ç¤Ï¡¢ÀìÍѤΥͥåȥ¥¯¥¢¥É¥ì¥¹¶õ´Ö¤Ë¤¢¤ëSLIP ¤ä PPP ¤Ê¤É ¤Îµ¿»÷¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤Î½õ¤±¤ò¼Ú¤ê¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¤À¤í¤¦ )¡£
host_pattern ¤Ï¡¢client_lists ¤Î²òÀâʸ¤Ë¤¢¤Ã¤¿¡¢¥Û¥¹¥È̾¤È¥¢¥É¥ì ¥¹¤Î¤è¤¦¤Ê¡¢¤¤¤¯¤Ä¤«¤Îʸˡ¤Ë½¾¤¦¤³¤È¤Ë¤Ê¤ë¡£°ìÈÌŪ¤Ë¤Ï¡¢server endpoint information (¥µ¡¼¥Ð¡¼Â¦Ëöü¤Ç¤Î¾ðÊó)¤Ï¡¢ connection-oriented serveices (¥³¥Í¥¯¥·¥ç¥ó»Ø¸þ¤Î¹â¤¤¥µ¡¼¥Ó¥¹)¤Ç ¤Î¤ßÍøÍѤ¹¤ë»ö¤¬¤Ç¤¤ë¡£
CLIENT USERNAME LOOKUP
¥¯¥é¥¤¥¢¥ó¥È¥Û¥¹¥È¤¬ RFC 931 ¤«¡¢¤½¤³¤«¤éÇÉÀ¸¤·¤¿¥×¥í¥È¥³¥ë(TAP, IDENT, RFC 1413) ¤Î¤É¤ì¤«¤ò¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ë¾ì¹ç¡¢¥é¥Ã¥Ñ¡¼¥×¥í¥° ¥é¥à¤ÏÀܳ¤Î»ý¤Á¼ç¤Ë´Ø¤¹¤ë¡¢ÄɲäξðÊó¤ò°ú¤½Ð¤¹»ö¤¬²Äǽ¤Ç¤¢¤ë¡£ ¥¯¥é¥¤¥¢¥ó¥È¥æ¡¼¥¶¡¼Ì¾¤Î¾ðÊó¤¬ÍøÍѲÄǽ¤Ç¤¢¤ë¤Ê¤é¡¢¤½¤ì¤Ï¥¯¥é¥¤¥¢ ¥ó¥È¤Î¥Û¥¹¥È̾¤È¤È¤â¤ËµÏ¿¤µ¤ì¡¢¼¡¤Î¤è¤¦¤Ê¥Ñ¥¿¡¼¥ó¤Ë¥Þ¥Ã¥Á¤µ¤»¤ë ¤¿¤á¤Ë»È¤¦»ö¤¬¤Ç¤¤ë:
daemon_list : ... user_pattern@host_pattern ...
¥Ç¡¼¥â¥ó¥é¥Ã¥Ñ¡¼¤Ï¡¢¥ë¡¼¥ë¤Ë½¾¤¦·Á¤Ç¥æ¡¼¥¶¡¼Ì¾¤òõºº¤¹¤ë¤è¤¦¤Ë¿¶ Éñ¤¦¤«(¥Ç¥Õ¥©¥ë¥È)¡¢¤¢¤ë¤¤¤Ï¾ï¤Ë¥¯¥é¥¤¥¢¥ó¥È¥Û¥¹¥È¤ËÌ䤤¹ç¤ï¤»¤ë ¤Î¤«¡¢¥³¥ó¥Ñ¥¤¥ë»þ¤ËÀßÄê²Äǽ¤È¤Ê¤Ã¤Æ¤¤¤ë¡£¥ë¡¼¥ë¤Ë½¾¤¦·Á¼°¤Ç¥æ¡¼ ¥¶¡¼Ì¾¤Îõºº¤ò¹Ô¤Ê¤¦¾ì¹ç¤Ë¤Ï¡¢¾å¤Îµ½Ò¥ë¡¼¥ë¤Ï daemon_list ¤È host_pattern ¤ÎξÊý¤¬¥Þ¥Ã¥Á¤·¤¿¾ì¹ç¤Ë¤Î¤ß¡¢¥æ¡¼¥¶¡¼Ì¾¤Î õºº¤ò¹Ô¤Ê¤¦¤Ç¤¢¤í¤¦¡£
user_pattern ¤Ï¡¢¥Ç¡¼¥â¥ó¥×¥í¥»¥¹¤Î¥Ñ¥¿¡¼¥ó¤ÈƱ¤¸Ê¸Ë¡¤Ç¤¢¤ê¡¢¤¹ ¤Ê¤ï¤ÁƱ¤¸¥ï¥¤¥ë¥É¥«¡¼¥É·²¤¬Å¬ÍѤµ¤ì¤ë(¤¿¤À¤·¥Í¥Ã¥È¥°¥ë¡¼¥×¤Î¥á ¥ó¥Ð¡¼¥·¥Ã¥×¤Ï¥µ¥Ý¡¼¥È¤µ¤ì¤Ê¤¤)¡£¤·¤«¤·¤Ê¤¬¤é¡¢¤³¤ì¤Ï¥æ¡¼¥¶¡¼Ì¾ ¤Îõºº¤ËÆÈÀꤵ¤ì¤ë¤Ù¤¤Ç¤Ï¤Ê¤¤¡£
- *
- ¥¯¥é¥¤¥¢¥ó¥È¤Î¥æ¡¼¥¶¡¼Ì¾¤Ë´Ø¤¹¤ë¾ðÊó¤Ï¡¢Î㤨¤Ð¥¯¥é¥¤¥¢¥ó¥È¥·¥¹¥Æ ¥à¤¬¿®ÍѤ¹¤ë¤Ë¤ê¤Ê¤¤¤â¤Î¤È¤Ê¤Ã¤Æ¤¤¤ë»þ¤Ë¤Ï¡¢¿®Íꤹ¤ë»ö¤Ï¤Ç¤¤Ê ¤¤¡£°ìÈÌŪ¤Ë¤Ï¡¢ALL ¤È (UN)KNOWN ¤Ï°ÕÌ£¤Î¤¢¤ë¥æ¡¼¥¶¡¼Ì¾¤Î¥Ñ¥¿¡¼ ¥ó¤Î¤¿¤á¤Ë¤¢¤ë¡£
- *
- ¥æ¡¼¥¶¡¼Ì¾¤Îõºº¤Ï TCP ¥Ù¡¼¥¹¤Î¥µ¡¼¥Ó¥¹¤Ç¡¢¤½¤·¤Æ¡¢¥¯¥é¥¤¥¢¥ó¥È ¥Û¥¹¥È¤¬Å¬Àڤʥǡ¼¥â¥ó¤òµ¯Æ°¤·¤Æ¤¤¤ë¾ì¹ç¤Ë¤Î¤ß²Äǽ¤Ç¤¢¤ë¡£¤½¤·¤Æ¡¢ ¤½¤ì°Ê³°¤Î¥±¡¼¥¹¤Ï "unknown" ¤Î·ë²Ì¤òÆÀ¤ë»ö¤Ë¤Ê¤ë¡£
- *
- ¥æ¡¼¥¶¡¼Ì¾¤Îõºº¤¬¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤Ë¤è¤Ã¤ÆÁˤޤ줿¾ì¹ç¡¢Í̾¤Ê UNIX ¥«¡¼¥Í¥ë¤Î¥Ð¥°¤¬¥µ¡¼¥Ó¥¹¤Ë»³²¤ò¤â¤¿¤é¤¹¤«¤â¤·¤ì¤Ê¤¤¡£ wrapper ¤Î README ʸ½ñ¤Ë¤Ï¡¢¤¢¤Ê¤¿¤Î¥«¡¼¥Í¥ë¤Ë¡¢¤³¤Î¥Ð¥°¤¬Â¸ºß¤¹ ¤ë¤«¤É¤¦¤«¤òÄ´¤Ù¤ë¼ê½ç¤¬¾Ò²ð¤µ¤ì¤Æ¤¤¤ë¡£
- *
- ¥æ¡¼¥¶¡¼Ì¾¤Îõºº¤Ï¡¢non-UNIX ¥æ¡¼¥¶¡¼¤ËÂФ·¤Æ¹Ô¤Ê¤ï¤ì¤¿¾ì¹ç¡¢Ãø ¤·¤¯ÃÙ¤¯¤Ê¤ë¤«¤âÃΤì¤Ê¤¤¡£¥æ¡¼¥¶¡¼Ì¾¤Îõºº¤¬¥¿¥¤¥à¥¢¥¦¥È¤Ç½ªÎ»¤¹ ¤ë¤Þ¤Ç¤Î´ûÄêÃͤÏ10 ÉäȤʤäƤ¤¤ë: ¤³¤ì¤ÏÃÙ¤¤¥Í¥Ã¥È¥ï¡¼¥¯¤Ë¤È¤Ã ¤Æ¤Ïû¤¹¤®¤ë¤¬¡¢PC ¥æ¡¼¥¶¡¼¤ò¤¸¤é¤¹¤Ë¤Ï½¼Ê¬¤¹¤®¤ë¡£
¥æ¡¼¥¶¡¼Ì¾¤Îõºº¤òÁªÂò²Äǽ¤È¤¹¤ë¤³¤È¤Ë¤è¤ê¡¢ºÇ¸å¤ÎÌäÂê¤ò·Ú¸º¤¹¤ë ¤³¤È¤¬¤Ç¤¤ë¡£¤¿¤È¤¨¤Ð¡¢¤³¤ó¤Ê¥ë¡¼¥ë:
daemon_list : @pcnetgroup ALL@ALL
¤³¤ì¤Ï¥æ¡¼¥¶¡¼Ì¾¤Îõºº¤ò¹Ô¤Ê¤ï¤Ê¤¤ PC ¥Í¥Ã¥È¥°¥ë¡¼¥×¤Î¥á¥ó¥Ð¡¼¤Ë ¤â¥Þ¥Ã¥Á¤¹¤ë¤À¤í¤¦¤·¡¢¤½¤ì°Ê³°¤Î¥·¥¹¥Æ¥à¤ËÂФ·¤Æ¤Ï¥æ¡¼¥¶¡¼Ì¾¤Îõ ºº¤ò¹Ô¤Ê¤¦¤À¤í¤¦¡£
DETECTING ADDRESS SPOOFING ATTACKS
¿¤¯¤Î TCP/IP ¤Î¼ÂÁõ¤Ë¸«¤é¤ì¤ë sequence number generator Ãæ¤Î·ç ´Ù¤Ï¡¢¿¯Æþ¼Ô¤¬¿®Íê¤Ç¤¤ë¥Û¥¹¥È¤Ç¤¢¤ë¤³¤È¤ò´Êñ¤ËÁõ¤¤¡¢Î㤨¤Ð¥ê¥â¡¼ ¥È¥·¥§¥ë¥µ¡¼¥Ó¥¹¤òÄ̤·¤Æ²¡¤·Æþ¤ë¤³¤È¤òµö¤·¤Æ¤·¤Þ¤¦¡£IDENT (RFC931 ¤Û¤«) ¥µ¡¼¥Ó¥¹¤Ï¤½¤Î¤è¤¦¤Ê¥Û¥¹¥È¥¢¥É¥ì¥¹¤Î¥Ú¥Æ¥ó¤Ë¤è¤ë¹¶ ·â¤ò»¡ÃΤ¹¤ë¤¿¤á¤Ë»È¤¦»ö¤¬¤Ç¤¤ë¡£¥¯¥é¥¤¥¢¥ó¥È¤ÎÍ×µá¤ËÅú¤¨¤ëÁ°¤Ë¡¢TCP ¥é¥Ã¥Ñ¡¼·²¤ÏËÜÅö¤Î¥¯¥é¥¤¥¢¥ó ¥È¤¬¼ÂºÝ¤Ë¤ÏÁ´¤¯Í×µá¤òÁ÷¤Ã¤ÆÍè¤Æ¤¤¤Ê¤«¤Ã¤¿¤³¤È¤òȯ¸«¤¹¤ëÌÜŪ¤Ç¡¢ IDENT ¥µ¡¼¥Ó¥¹¤ò»È¤¦»ö¤¬¤Ç¤¤ë¡£
¥¯¥é¥¤¥¢¥ó¥È¥Û¥¹¥È¤¬ IDENT ¥µ¡¼¥Ó¥¹¤òÍÑ°Õ¤·¤Æ¤¤¤ë¤Ê¤é¡¢IDENT ¤Î Ì䤤¹ç¤ï¤»¤ò¤·¤Æ¡¢Ê֤äÆÍ褿·ë²Ì¤¬ÈÝÄêŪ(¥¯¥é¥¤¥¢¥ó¥È¥Þ¥·¥ó¤¬ `UNKNOWN@host') ¤Ç¤¢¤ì¤Ð¡¢¤½¤ì¤Ï¥Ú¥Æ¥ó¹¶·â¤Î³Î¸Ç¤¿¤ë¾Úµò¤È¤Ê¤ë¡£
¹ÎÄêŪ¤Ê IDENT ¤ÎÌ䤤¹ç¤ï¤»·ë²Ì (¥¯¥é¥¤¥¢¥ó¥È¥Þ¥·¥ó¤Ï `KNOWN@host')¤Ç¤â¡¢½¼Ê¬¤Ë¿®Íê¤Ç¤¤ë¤È¤Ï¸À¤¤ÀÚ¤ì¤Ê¤¤¡£Ã±¤Ë¥¯¥é¥¤ ¥¢¥ó¥È¤Î¥³¥Í¥¯¥·¥ç¥ó¤ò¸íËâ²½¤¹¤è¤ê¤ÏÆñ¤·¤¤¤¬¡¢¤½¤ì¤Ç¤â¿¯Æþ¼Ô¤Ï¥¯ ¥é¥¤¥¢¥ó¥È¤Î¥³¥Í¥¯¥·¥ç¥ó¤È¡¢IDENT ¤ÎÌ䤤¹ç¤ï¤»¤ÎξÊý¤òµ¶¤Ã¤Æ¤¤¤ë ²ÄǽÀ¤¬¤¢¤ë¡£¤µ¤é¤Ë¤Ï¡¢¥¯¥é¥¤¥¢¥ó¥È¤Î IDENT ¥µ¡¼¥Ð¡¼¤½¤Î¤â¤Î¤¬ ±³¤ò¤Ä¤¤¤Æ¤¤¤ë¤³¤È¤µ¤¨¹Í¤¨¤é¤ì¤ë¡£
Note: IDENT ¤ÎÌ䤤¹ç¤ï¤»¤Ï UDP ¥µ¡¼¥Ó¥¹¤È¶¦Â¸¤·¤ÆÆ°ºî¤¹¤ë»ö¤Ï¤Ç¤¤Ê¤¤¡£
EXAMPLES
ʸˡ¤ÏºÇ¾®¸Â¤Î¶ìÏ«¤Ç¡¢¤µ¤Þ¤¶¤Þ¤Ê¥¿¥¤¥×¤Î¥¢¥¯¥»¥¹¥³¥ó¥È¥í¡¼¥ë¤¬É½ ¸½²Äǽ¤Ê¡¢½ÀÆð¤Ê¤â¤Î¤Ç¤¢¤ë¡£¤³¤Îʸˡ¤ÏÆó¤Ä¤Î¥¢¥¯¥»¥¹¥³¥ó¥È¥í¡¼¥ë ¤Î¥ê¥¹¥È¤¬É¬ÍפʤΤÀ¤¬¡¢¿È¤â¥Õ¥¿¤â¤Ê¤¤Êýºö¤È¤·¤Æ¤Ï¡¢ÊÒÊý¤Î¥ê¥¹¥È ¤ò¶Ë¤á¤Æñ½ã¤Ê¤â¤Î¤È¤¹¤ë¤«¡¢¶õ¤Ë¤·¤Æ¤ª¤¯¤³¤È¤¬µó¤²¤é¤ì¤ë¡£°Ê²¼¤Îµ½ÒÎã¤òÆɤà¤Ë¤¢¤¿¤Ã¤Æ¤Ï¡¢allow ¤Îµ½Ò¤Ï deny ¤Îµ½Ò¤è¤êÀè ¤Ë¸¡º÷¤µ¤ì¡¢¤½¤Î¸¡º÷¤ÏºÇ½é¤Ë¥Þ¥Ã¥Á¤·¤¿¤â¤Î¤Ç½ªÎ»¤È¤Ê¤ê¡¢¥Þ¥Ã¥Á¤· ¤¿¤â¤Î¤¬Á´¤¯¸«¤Ä¤«¤é¤Ê¤¤¾ì¹ç¤Ë¤Ï¡¢¥¢¥¯¥»¥¹¤Ï¾µÇ§¤µ¤ì¤ë¡¢¤È¤¤¤¦¤³ ¤È¤ò¤Ï¤Ã¤¤ê¤ÈÍý²ò¤·¤Æ¤ª¤¯¤³¤È¤¬½ÅÍפǤ¢¤ë¡£
µ½ÒÎã¤Ï¥Û¥¹¥È¤È¥É¥á¥¤¥ó¤Î̾Á°¤ò»È¤¦¡£¥Í¡¼¥à¥µ¡¼¥Ð¡¼¤Ø¤ÎÌ䤤¹ç¤ï ¤»¤¬°ì»þŪ¤Ë¼ºÇÔ¤·¤¿¾ì¹ç¤Î±Æ¶Á¤ò·Ú¸º¤¹¤ë¤¿¤á¤Ë¤Ï¡¢¤³¤ì¤é¤Ë¥¢¥É¥ì ¥¹¡¢¤«¤Ä¡¢¤¢¤ë¤¤¤Ï network/netmask ¤Î¾ðÊó¤ò´Þ¤á¤ë¤³¤È¤Ç¡¢²þÁ±¤¹ ¤ë»ö¤¬¤Ç¤¤ë¡£
MOSTLY CLOSED (¤Û¤ÜÊĺ¿)
¤³¤Î¾ì¹ç¡¢¥¢¥¯¥»¥¹¤Ï¥Ç¥Õ¥©¥ë¥È¤ÇµñÀ䤵¤ì¤ë¡£ÌÀ¼¨Åª¤Ë¸¢¸Â¤ò¼ø¤±¤é ¤ì¤¿¥Û¥¹¥È¤Î¤ß¤¬¥¢¥¯¥»¥¹¤òµö¤µ¤ì¤ë¡£¥Ç¥Õ¥©¥ë¥È¤Î¥Ý¥ê¥·¡¼(no access)¤Ï¡¢Ã±¤Ë deny file ¤ÎÃæ¤Çµ½Ò¤µ¤ì ¤ë:
/etc/hosts.deny: ALL: ALL
¤³¤ì¤Ë¤è¤Ã¤Æ¡¢allow file ¤ÎÃæ¤Î¥¨¥ó¥È¥ê¤Ç¥¢¥¯¥»¥¹¤¬µö²Ä¤µ¤ì¤Ê¤¤ ¸Â¤ê¡¢Á´¤Æ¤Î¥Û¥¹¥È¤Ø¤Î¥µ¡¼¥Ó¥¹¤ÏµñÈݤȤʤ롣
ÌÀ¼¨Åª¤Ë¸¢¸Â¤ò¼ø¤±¤ë¥Û¥¹¥È¤Ï¡¢allow file ¤ÎÃæ¤Ç¥ê¥¹¥È¤µ¤ì¤ë¡£µ ½ÒÎã:
/etc/hosts.allow: ALL: LOCAL @some_netgroup
ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
ºÇ½é¤Î¥ë¡¼¥ë¤Ç¤Ï¡¢¥í¡¼¥«¥ë¥É¥á¥¤¥ó(¥Û¥¹¥È̾¤Ë `.'¤òɬÍפȤ·¤Ê¤¤) ¤È¡¢some_netgroup ¤Ë°¤¹¤ë¥Û¥¹¥È¤«¤é¤Î¥¢¥¯¥»¥¹¤¬µö²Ä¤µ¤ì¤Æ ¤¤¤ë¡£ÆóÈÖÌܤΥ롼¥ë¤Ç¤Ï¡¢terminalserver.foobar.edu. ¤ò½ü ¤¯foobar.edu ¥É¥á¥¤¥ó(¥É¥Ã¥È¤Ç»Ï¤Þ¤ë¤³¤È¤¬Àë¸À¤µ¤ì¤Æ¤¤¤ë) ¤Î¡¢Á´¤Æ¤Î¥Û¥¹¥È¤«¤é¤Î¥¢¥¯¥»¥¹¤¬µö²Ä¤µ¤ì¤Æ¤¤¤ë¡£
MOSTLY OPEN (¤Û¤Ü²òÊü)
ÌÀ¼¨Åª¤Ë¥µ¡¼¥Ó¥¹¤òµñÈݤ¹¤ë¥Û¥¹¥È¤ò½ü¤¡¢¥¢¥¯¥»¥¹¤Ï¥Ç¥Õ¥©¥ë¥È¤Çµö ²Ä¤È¤Ê¤ë¡£¥Ç¥Õ¥©¥ë¥È¤Î¥Ý¥ê¥·¡¼(access granted) ¤Ë½¾¤¨¤Ð¡¢¤É¤ó¤Ê allow file ¤Ç¤â¡¢¤Þ¤Ã¤¿¤¯¾Êά²Äǽ¤Ê¤Û¤É¾éĹ¤Ê¤â¤Î¤È¤Ê¤ë¡£ÌÀ¼¨Åª¤Ë¸¢¸Â¤òÍ¿¤¨ ¤Ê¤¤¥Û¥¹¥È¤Ï¡¢deny file ¤Ë¥ê¥¹¥È¤¹¤ë¡£µ½ÒÎã:
/etc/hosts.deny: ALL: some.host.name, .some.domain
ALL EXCEPT in.fingerd: other.host.name, .other.domain
ºÇ½é¤Î¥ë¡¼¥ë¤Ç¤Ï¡¢¤¤¤¯¤Ä¤«¤Î¥Û¥¹¥È¤È¡¢¥É¥á¥¤¥ó¤Ø¤ÎÁ´¤Æ¤Î¥µ¡¼¥Ó¥¹ ¤¬µñÈݤµ¤ì¤ë¡£ÆóÈÖÌܤΥ롼¥ë¤Ç¤Ï¡¢¤½¤ì°Ê³°¤Î¥Û¥¹¥È¤È¥É¥á¥¤¥ó¤«¤é ¤Î finger ¥ê¥¯¥¨¥¹¥È¤Ë¸Â¤Ã¤Æµö²Ä¤¬Í¿¤¨¤é¤ì¤Æ¤¤¤ë¡£
BOOBY TRAPS (¤Ò¤Ã¤«¤±æ«)
¼¡¤Î¥µ¥ó¥×¥ë¤Ï¥í¡¼¥«¥ë¥É¥á¥¤¥ó¤Î¥Û¥¹¥È(¥É¥Ã¥È¤Ç»Ï¤Þ¤ë»ö¤¬Àë¸À¤µ ¤ì¤Æ¤¤¤ë)¤«¤é¤Î tftp ¥ê¥¯¥¨¥¹¥È¤òµö²Ä¤¹¤ë¤â¤Î¤Ç¤¢¤ë¡£¤½¤ì°Ê³°¤Î ¥Û¥¹¥È¤«¤é¤Î¥ê¥¯¥¨¥¹¥È¤ÏµñÈݤµ¤ì¤ë¡£¤½¤·¤ÆÍ׵ᤵ¤ì¤¿¥Õ¥¡¥¤¥ë¤ÎÂå ¤ï¤ê¤Ë¡¢finger ¤Îõ¤ê¿Ë¤¬¤½¤Î̵Îé¤Ê¤ë¥Û¥¹¥È¤Ø¤ÈÊü¤¿¤ì¤ë¡£·ë²Ì¤Ï ¥¹¡¼¥Ñ¡¼¥æ¡¼¥¶¡¼¤Ø¥á¥¤¥ë¤ÇÁ÷¤é¤ì¤ë¡£/etc/hosts.allow:
in.tftpd: LOCAL, .my.domain
/etc/hosts.deny:
in.tftpd: ALL: (/some/where/safe_finger -l @%h | \
/usr/ucb/mail -s %d-%h root) &
safe_finger ¥³¥Þ¥ó¥É¤Ï tcpd wrapper ¤ËÉÕ°¤·¤Æ¤ª¤ê¡¢Å¬Àڤʾì½ê¤Ë ¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ë¤Ù¤¤Ç¤¢¤ë¡£¤³¤ì¤Ï¥ê¥â¡¼¥È¤Î finger ¥µ¡¼¥Ð¡¼¤« ¤éÁ÷¤é¤ì¤Æ¤¯¤ë¥Ç¡¼¥¿¤Ë¤è¤Ã¤Æ¥À¥á¡¼¥¸¤¬Í¿¤¨¤é¤ì¤ë²ÄǽÀ¤òÀ©¸Â¤·¤Æ ¤ë¡£¤³¤ì¤Ïɸ½à¤Î finger ¥³¥Þ¥ó¥É¤è¤ê¤âÍ¥¤ì¤¿Ëɸæ¤ò¤â¤¿¤é¤¹¡£
%h (client host) ¤È %d (service name) ¤ÎŸ³«¤Ë¤Ä¤¤¤Æ¤Ï¡¢shell commands ¤Î¥»¥¯¥·¥ç¥ó¤Ç²òÀ⤵¤ì¤Æ¤¤¤ë¡£
·Ù¹ð: finger ¤Î̵¸Â¥ë¡¼¥×¤Ø¤ÎÂн褬¤Ç¤¤Ê¤¤¤Ê¤é¡¢¤¢¤Ê¤¿¼«¿È¤Î finger ¥Ç¡¼¥â¥ó¤ËÂФ·¤Æ¡¢¤³¤Î booby-trap (°ú¤Ã¤«¤±æ«) ¤ò»Å³Ý¤±¤Ê ¤¤»ö¡£
¥Í¥Ã¥È¥ï¡¼¥¯¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë¤Ë¤ª¤¤¤Æ¤Ï¡¢¤³¤Î¥È¥ê¥Ã¥¯¤Ï¤µ¤é¤ËÂç Éý¤Ë³ÈÄ¥¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£Åµ·¿Åª¤Ê¥Í¥Ã¥È¥ï¡¼¥¯¥Õ¥¡¥¤¥ä¡¼¥¦¥©¡¼¥ë ¤Ï¡¢³°Éô¤ËÂФ·¤Æ¸ÂÄꤵ¤ì¤¿¥µ¡¼¥Ó¥¹¤·¤«Ä󶡤·¤Ê¤¤¡£¤½¤ì°Ê³°¤Î¥µ¡¼ ¥Ó¥¹¤Ï¡¢¾åµ¤Î tftp ¤ÎÎã¤Î¤è¤¦¤Ë "ÅðÄ°" ¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£¤½¤Î·ë ²Ì¡¢¶Ë¤á¤ÆÍ¥¤ì¤¿Áá´ü·Ù²üÁõÃ֤Ȥʤ롣
DIAGNOSTICS
°Ê²¼¤Î¾ì¹ç¤Ë¥¨¥é¡¼¤¬Êó¹ð¤µ¤ì¤ë¡£¥Û¥¹¥È¥³¥ó¥È¥í¡¼¥ë¥Õ¥¡¥¤¥ë¤Ëʸˡ ¥¨¥é¡¼¤¬¸«¤Ä¤«¤Ã¤¿¾ì¹ç¡£¥¢¥¯¥»¥¹¥³¥ó¥È¥í¡¼¥ë¤Î¥ë¡¼¥ë¤ÎŤµ¤¬ÆâÉô ¤Î¥Ð¥Ã¥Õ¥¡¤ÎÍÆÎ̤ò±Û¤¨¤¿¾ì¹ç¡£¥¢¥¯¥»¥¹¥³¥ó¥È¥í¡¼¥ë¤Î¥ë¡¼¥ë¤¬¡¢²þ ¹Ôʸ»ú¤Ë¤è¤Ã¤Æ½ª¤ï¤Ã¤Æ¤¤¤Ê¤¤¾ì¹ç¡£%<letter> Ÿ³«¤Î·ë²Ì¡¢ÆâÉô¥Ð¥Ã ¥Õ¥¡¤¬°î¤ì¤Æ¤·¤Þ¤Ã¤¿¾ì¹ç¡£´üÂÔ¤ËÈ¿¤·¤Æ¡¢¥·¥¹¥Æ¥à¥³¡¼¥ë¤¬¼ºÇÔ¤·¤¿ ¾ì¹ç¡£¤¹¤Ù¤Æ¤ÎÌäÂê¤Ï¡¢syslog ¥Ç¡¼¥â¥ó¤òÄ̤¸¤ÆÊó¹ð¤µ¤ì¤ë¡£FILES
/etc/hosts.allow, ¥¢¥¯¥»¥¹¤òµö²Ä¤¹¤ë (daemon,client) ¤Î¥Ú¥¢¡£ /etc/hosts.deny, ¥¢¥¯¥»¥¹¤òµñÈݤ¹¤ë (daemon,client) ¤Î¥Ú¥¢¡£
SEE ALSO
tcpd(8) tcp/ip daemon wrapper ¥×¥í¥°¥é¥à tcpdchk(8), tcpdmatch(8), test programs.
BUGS
¥Í¡¼¥à¥µ¡¼¥Ð¡¼¤ÎÌ䤤¹ç¤ï¤»¤¬¥¿¥¤¥à¥¢¥¦¥È¤È¤Ê¤ë¤È¡¢¥Û¥¹¥È̾¤Ï¡¢¤¿ ¤È¤¨ÅÐÏ¿¤µ¤ì¤Æ¤¤¤Æ¤â¡¢¥¢¥¯¥»¥¹¥³¥ó¥È¥í¡¼¥ë¥½¥Õ¥È¤«¤é¤ÏÍøÍѤǤ¤Ê ¤¤¡£¥É¥á¥¤¥ó¥Í¡¼¥à¥µ¡¼¥Ð¡¼¤ÎÌ䤤¹ç¤ï¤»¤Ï¡¢Âçʸ»ú¾®Ê¸»ú¤òƱ°ì»ë¤¹¤ë¡£ °ìÊý NIS (¤«¤Ä¤Æ¤Î YP) ¤Î¥Í¥Ã¥È¥°¥ë¡¼¥×¤Ï¡¢Âçʸ»ú¾®Ê¸»ú¤ò¶èÊ̤¹ ¤ë¡£
AUTHOR
Wietse Venema (wietse@wzv.win.tue.nl) Department of Mathematics and Computing Science Eindhoven University of Technology Den Dolech 2, P.O. Box 513, 5600 MB Eindhoven, The Netherlands
ËÝÌõ¼Ô
FUKUSHIMA Osamu/Ê¡Åç±÷½¤ <fuku@amorph.rim.or.jp>
Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre