{"id":273,"date":"2015-12-07T15:07:22","date_gmt":"2015-12-07T06:07:22","guid":{"rendered":"http:\/\/www.kinryo.net\/?p=273"},"modified":"2021-07-09T06:25:45","modified_gmt":"2021-07-08T21:25:45","slug":"%ef%bc%92%ef%bc%9a%e4%bb%96%e3%81%ae%e3%83%97%e3%83%ad%e3%82%b0%e3%83%a9%e3%83%a0%e3%81%ae%e3%82%a4%e3%83%b3%e3%82%b9%e3%83%88%e3%83%bc%e3%83%ab","status":"publish","type":"post","link":"https:\/\/www.kinryo.net\/?p=273","title":{"rendered":"\uff12\uff1a\u4ed6\u306e\u30d7\u30ed\u30b0\u30e9\u30e0\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb"},"content":{"rendered":"

\u57fa\u672c\u7684\u306b\u3053\u308c\u3089\u306e\u8a2d\u5b9a\u306f http:\/\/centossrv.com<\/a> \u306e\u69d8\u306b\u8a2d\u5b9a\u3057\u305f\u3002\u82e5\u5e72\u306e\u88dc\u8db3\u306e\u307f\u3092\u8a18\u5165\u3002
\n\u307e\u305a\u306f tripwire \u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3002
\n\u4eca\u306f\u3001tripwire-2.4.2.2-src.tar.bz2 \u306b\u306a\u3063\u3066\u3044\u308b\u306e\u3067\u3001\u8aad\u307f\u66ff\u3048\u3066\u4e0b\u3055\u3044\u3002
\n\u79c1\u306e\u5834\u5408\u306f C \u30b3\u30f3\u30d1\u30a4\u30e9\u304c\u306a\u304b\u3063\u305f\u307f\u305f\u3044\u3067\u3001\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306e\u6240\u3067
\nconfigure: error: no acceptable C compiler found in $PATH
\n\u3068\u51fa\u305f\u306e\u3067
\n#<\/span> yum install gcc<\/span>
\n\u3068\u3057\u305f\u3089
\nconfigure: error: C++ preprocessor “\/lib\/cpp” fails sanity check
\n\u3068\u307e\u305f\u30a8\u30e9\u30fc\u304c\u51fa\u305f\u3002C\uff0b\uff0b\u306f\uff47\uff43\uff43\u306b\u542b\u307e\u308c\u3066\u3044\u306a\u3044\u898b\u305f\u3044\u306a\u306e\u3067
\n#<\/span> yum -y install gcc-c++<\/span>
\n\u3068\u3057\u3001\u3084\u3063\u3068\u51fa\u6765\u305f\u3002<\/p>\n

\u3064\u304e\u306f chkrootkit \u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb
\nRPMforge\u306b\u306fchkrootkit\u306f\u7121\u304b\u3063\u305f\u3002EPEL\u30ea\u30dd\u30b8\u30c8\u30ea\u30fc\u3082\u8ffd\u52a0\u3059\u308b\u3002
\nEPEL\u30ea\u30dd\u30b8\u30c8\u30ea\u5c0e\u5165\u306f\uff08\u79c1\u306f64bit\u74b0\u5883\uff09
\n#<\/span> rpm -ivh http:\/\/ftp-srv2.kddilabs.jp\/Linux\/distributions\/fedora\/epel\/6\/x86_64\/epel-release-6-8.noarch.rpm<\/span>
\n\u3067OK\u3002
\nepel-release-6-8.noarch.rpm\u306b\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u4e0a\u304c\u3063\u3066\u3044\u308b-2013-02-07\u8ffd\u8a18<\/span>
\n\u30a2\u30f3\u30c1\u30a6\u30a3\u30eb\u30b9\u30bd\u30d5\u30c8\u5c0e\u5165(Clam AntiVirus)\u306f\u554f\u984c\u306a\u304f\u7d42\u308f\u308b\u3002<\/p>\n

iptables\u306e\u8a2d\u5b9a
\n\u3053\u306e\u30db\u30b9\u30c8\u306f\u7279\u306b\u30b5\u30fc\u30d0\u30fc\u3092\u8d70\u3089\u305b\u306a\u3044\u306e\u3067\u3001SSH\u4ee5\u5916\u306f\u9589\u3058\u3066\u304a\u304f\u3002
\niptables.sh \u3092\u8d70\u3089\u3059\u3068\u30a8\u30e9\u30fc\u304c\u51fa\u305f
\niptables v1.4.7: invalid mask `’ specified
\nTry `iptables -h’ or ‘iptables –help’ for more information.
\n\u3053\u308c\u306fbr0\u3092\u4f5c\u3063\u305f\u306e\u3067eth0\u306b\u306fIP\u304c\u5272\u308a\u5f53\u3066\u3089\u308c\u3066\u3044\u306a\u3044\u306e\u304c\u539f\u56e0\u3002
\n# \u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u540d\u5b9a\u7fa9\u306e LAN=eth0 \u306e\u4e0b\u306b
\nBR=br0
\n\u3092\u8ffd\u8a18\u3002# \u5185\u90e8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e\u30cd\u30c3\u30c8\u30de\u30b9\u30af\u53d6\u5f97\u306e\u6240\u3092
\nLOCALNET_MASK=`ifconfig $BR|sed -e ‘s\/^.*Mask:\\([^ ]*\\)$\/\\1\/p’ -e d`\u3000\u2190$LAN\u306e\u4ee3\u308f\u308a\u306b $BR
\n# \u5185\u90e8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a2\u30c9\u30ec\u30b9\u53d6\u5f97\u306e\u6240\u3092
\nLOCALNET_ADDR=`netstat -rn|grep ” “$BR|grep $LOCALNET_MASK|cut -f1 -d’ ‘`\u3000\u2190$LAN\u306e\u4ee3\u308f\u308a\u306b ” “$BR\u3001$BR\u3060\u3051\u3060\u3068 virbr0 \u3082\u8a72\u5f53\u3059\u308b\u3002
\n\u305d\u308c\u3068\u3053\u306e\u30db\u30b9\u30c8\u3067\u306f\u7c21\u6613DNS\u30b5\u30fc\u30d0\u30fc\u3092\u8d70\u3089\u3059\u304c\u3001DNS\u30b5\u30fc\u30d0\u30fc\u306f\u30ed\u30fc\u30ab\u30eb\u30cd\u30c3\u30c8\u4ee5\u5916\u306b\u516c\u958b\u3057\u306a\u3044\u306e\u3067\uff15\uff13\u756a\u306f\u958b\u3051\u3066\u3044\u306a\u3044\u3002\uff08\u30ed\u30fc\u30ab\u30eb\u304b\u3089\u306eRQ\u306f\u3059\u3079\u3066OK\u306b\u3057\u3066\u3044\u308b\uff09
\n\u3053\u308c\u3067OK\u306b\u306a\u3063\u305f\u304c\u3001\u7d42\u308f\u308b\u307e\u3067\u3082\u306e\u3059\u3054\u304f\u6642\u9593\u304c\u639b\u304b\u308b\u3002<\/p>\n

NTP\u30b5\u30fc\u30d0\u30fc\u69cb\u7bc9(ntpd)
\nntp\u306f\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u3044\u305f\u3002\u7121\u3051\u308c\u3070yum\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb
\n\/etc\/ntp.conf \u306e\u8a2d\u5b9a\uff08\u629c\u7c8b\uff09<\/p>\n

\n
restrict 192.168.xx.0 mask 255.255.255.0 nomodify notrap \u2190\u30b3\u30e1\u30f3\u30c8\u3092\u5916\u3057\u3001\u30ed\u30fc\u30ab\u30ebIP\u306b\u5408\u308f\u305b\u3066\u8a2d\u5b9a\r\nserver 133.243.238.163\r\nserver 210.173.160.27\r\nserver 202.224.32.4<\/code><\/span><\/pre>\n<\/div>\n
\u540c\u671f\u5148\u30b5\u30fc\u30d0\u30fc\u306e\u8a2d\u5b9a\u3002IP\u306b\u306a\u3063\u3066\u3044\u308b\u306e\u306fDNS\u3092\u5f15\u304b\u306a\u3044\u5206\u65e9\u3044\u305d\u3046\u3060\u3002\u3061\u306a\u307f\u306b\u4e0a\u304b\u3089ntp.nict.jp, ntp.jst.mfeed.ad.jp, ntp.asahi-net.or.jp\u3067\u6700\u5f8c\u306f\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u306eNTP\u30b5\u30fc\u30d0\u30fc\u3002
\n\u624b\u52d5\u3067\u6642\u523b\u3092\u5408\u308f\u305b\u308b\u3002
\n#<\/span> ntpdate 133.243.238.163<\/span>
\n28 Aug 11:46:47 ntpdate[5288]: adjust time server 133.243.238.163 offset -0.002803 sec<\/span>
\n#<\/span> service ntpd start<\/span>
\nntpd \u3092\u8d77\u52d5\u4e2d: [ OK ]<\/span>
\n#<\/span> chkconfig ntpd on<\/span>
\n#<\/span> chkconfig –list ntpd<\/span>
\nntpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"
\u57fa\u672c\u7684\u306b\u3053\u308c\u3089\u306e\u8a2d\u5b9a\u306f http:\/\/centossrv.com \u306e\u69d8\u306b\u8a2d\u5b9a\u3057\u305f\u3002\u82e5\u5e72\u306e\u88dc\u8db3\u306e\u307f\u3092\u8a18\u5165\u3002 \u307e\u305a\u306f tripwire \u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3002 \u4eca\u306f\u3001tripwire-2.4.2.2-src.tar.bz2 \u306b\u306a\u3063 … \u7d9a\u304d\u3092\u8aad\u3080 →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"vkexunit_cta_each_option":"","footnotes":""},"categories":[7],"tags":[],"class_list":["post-273","post","type-post","status-publish","format-standard","hentry","category-centos6"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts\/273","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=273"}],"version-history":[{"count":3,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts\/273\/revisions"}],"predecessor-version":[{"id":2441,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts\/273\/revisions\/2441"}],"wp:attachment":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=273"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}