模板
教程
环境
性能
功能
管理
solairs系统方法手册
发表于:2007-06-08来源:作者:点击数:
标签:
破烂solaris!sun公司成天推销他们的防火墙诸如SPFX00、EFSX00, 可是就是舍不得把solaris做得 安全 一些,一定要用户买他们的防火墙 来配他们的solaris吗?一定要用户装第三方本地防火墙吗?我呸! solaris是目前被黑的最多的OS!!! *************************
破烂solaris ! sun公司成天推销他们的防火墙诸如SPF X00、EFS X00,可是就是舍不得把solaris做得安全一些,一定要用户买他们的防火墙
来配他们的solaris吗?一定要用户装第三方本地防火墙吗?我呸!
solaris是目前被黑的最多的OS!!!
*********************************************************
* solaris,可能是世界上最差劲的unix *
*********************************************************
我们只好自己勤快些自己动手了,第三方的东东,算了,用自己的吧。。。
主要就是te.net嘛,先把相关的rsh,rlogin,rexec都关了,省了麻烦,
然后开始设置telnet的本地防火墙。
需求:
1.加入文件/etc/telnet.allow,里面包含允许telnet的IP地址
和网段(为简单起见,网段格式只支持XXX.XXX.XXX.0)
telnet.allow格式如下:
172.18.85.0 (网段)
172.18.89.22
...
2.加入文件/etc/telnet.log,记录位授权IP失败的telnet记录,
包括时间和IP。
好,开始动手。。。
首先改inetd.conf,用自己的程序接管in.telnetd,该程序定名为
in.telnetd.firewall,比较长呵呵。
相应inetd.conf中telnet那一行变为:
telnet stream tcp nowait root /usr/sbin/in.telnetd.firewall
in.telnetd.firewall
然后写in.telnetd.firewall.c,原理:先初始化授权地址表(函数InitAuthIP),
然后检查对方地址(函数getpeername)是否与表中地址匹配(函数IPIsAuthed),
若不匹配记下时间和对方地址并警告对方,否则将处理移交(系统调用execl)给
真实服务进程,即/usr/bin/in.telnetd。
# include
# include
# include
# include
# include
# include
# include
# define TRUE 0
# define FALSE -1
main( )
{
struct sockaddr_in it;
int itlen;
itlen = sizeof(struct sockaddr_in);
InitAuthIP("/etc/telnet.allow"); /* read authorized IPs */
/* check the source ip */
if (getpeername(0, (struct sockaddr *)&it, &itlen) < 0) {
perror("getpeername");
exit(-1);
}
if (IPIsAuthed(it.sin_addr.s_addr) == FALSE) {
InitLog("/etc/telnet.log");
PrLog("%s", inet_ntoa(it.sin_addr));
EndLog( );
}
if (IPIsAuthed(it.sin_addr.s_addr) == FALSE) {
InitLog("/etc/telnet.log");
PrLog("%s", inet_ntoa(it.sin_addr));
printf("Not on console, u have been loged, xixi...;)\n");
close(0);
exit(0);
}
execl("/usr/sbin/in.telnetd", "in.telnetd", (char *)0);
}
防火墙模块:ipauth.c
/************************************************************************/
/* ipauth.c, by digger */
/* ipauth read the file that include all IPs that authorized to aclearcase/" target="_blank" >ccess */
/* some services of localhost, the format is just like: */
/************************************************************************/
/* # this is one comments line begin with "#" */
/* 172.18.85.0 # allow subnet
/* 172.18.86.146 */
/* 172.18.86.145 */
/* ... */
/************************************************************************/
/* function InitAuthIP read the authorized IP into memory array, and */
/* function IPIsAuthed check if the given IP is authorized */
/************************************************************************/
# include
# include
# include
# include
# include
# include
# define MAXHOSTS 32
# define TRUE 0
# define FALSE -1
u_long AuthedIP[MAXHOSTS]; /* authorized IPs */
int AuthedIPNum; /* number of authorized IPs */
void InitAuthIP(char *file) /* read IP from file into memory array */
{
FILE *fp;
char sBuf[64];
char *tmp;
char *s;
u_long IP;
if ((fp = fopen(file,"r")) == NULL) {
fprintf(stderr, "fopen %s error, terminated\n", file);
exit(-1);
}
AuthedIPNum = 0;
while (AuthedIPNum < MAXHOSTS && !feof(fp) && fgets(sBuf, 64, fp)) {
tmp = sBuf;
s = strtok(tmp, " \t\r\n");
if (s == NULL) continue; /* ignore empty line */
if (s[0] == ‘#‘) continue; /* ignore commits line */
if ((IP = inet_addr(s)) != -1) {
AuthedIP[AuthedIPNum ++] = IP;
}
}
if (AuthedIPNum == 0) { /* default Authorized IP */
AuthedIP[0] = inet_addr("127.0.0.1");
AuthedIPNum ++ ;
}
fclose(fp);
}
int IPIsAuthed(u_long IP)
{
int i;
for (i = 0;i < AuthedIPNum;i ++) {
if ((AuthedIP[i] & (u_long)255) == 0) { /* subnet */
if ((AuthedIP[i] & IP) == AuthedIP[i])
break;
} else if (AuthedIP[i] == IP) { /* ip */
break;
}
}
if (i == AuthedIPNum) return FALSE;
else return TRUE;
}
记录模块:log.c
#include
#include
#include
char logFileName[32];
FILE *fp;
void InitLog(char * sFileName)
{
sprintf(logFileName, sFileName);
if ((fp = fopen(logFileName,"a")) == NULL) {
fprintf(stderr,"open log file error\n");
exit(-1);
}
}
}
void EndLog( void )
{
fclose(fp);
}
void PrLog(char *fmt,...)
{ time_t T;
char logtime[32];
char buf[512];
va_list va;
va_start(va, fmt);
vsprintf(buf, fmt, va);
va_end(va);;
time(&T);
ctime_r(&T, logtime, 32);
logtime[24] = ‘\0‘; /* eliminate char ‘\n‘ */
fprintf(fp,"[%s] %s\n", logtime, buf);
fflush(fp);
}
#Makefile
start: in.telnetd.firewall
in.telnetd.firewall: in.telnetd.firewall.c ipauth.c log.c
cc -o in.telnetd.firewall in.telnetd.firewall.c ipauth.c log.c -lsocket
-lnsl
make ok !
然后kill掉inetd进程,重起inetd
实验,由非授权IP登陆偶们的机器结果如下:
#telnet our.dear.hacked.host
Trying our.dear.hacked.host...
Connected to our.dear.hacked.host.
Escape character is ‘^]‘.
Not on console, u have been loged, xixi...;)
Connection closed by foreign host.
#
/etc/telnet.log成功记录了我们实验用的IP,好,开始捉鬼。。。
偶们耐心等待,trap is waiting for u ... 终于。。。
$ cat /etc/telnet.log
[Fri Jul 22 23:49:36 1998] XXX.XXX.XXX.XXX
[Fri Jul 23 00:31:42 1998] YYY.YYY.YYY.YYY
$
