¦£¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢Linux Server Network Security - À̹οì(leeminwoo@boanin.com)¦¢ ¦¢(ÀÌ ÅؽºÆ®´Â 1024*768Çػ󵵿¡ 2009-02-26 ÀÛ¼º ¦¢ ¦¢ ÃÖÀûÈ­ µÇ¾î ÀÖ½À´Ï´Ù.) 2009-02-28 ¼öÁ¤ ¦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¥ ¦®¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¯ ¦­Linux Server Network Security ¸ñÂ÷¦­ ¦±¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦° *********************************************************************** ¢¿ APM ¼³Ä¡Çϱâ(Apache + PHP + MySQL) - P.37 ¡æ ÀÀ´äÄÚµå ¸®½ºÆ® ¡æ LogLevel Warn ¡æ URL Ư¼ö¹®ÀÚ ¡æ °£´ÜÇÑ Á¤±ÔÇ¥Çö½Ä ¡æ À¥ÇØÅ·ÀÇ Á¾·ù ¡æ À¥ ¹æÈ­º®ÀÇ Á¾·ù ¡æ MySQL ¼³Ä¡ ¡æ Apache ¼³Ä¡ ¡æ PHP ¼³Ä¡ ¢¿ Practical httpd.conf Configuration - P.89 ¡æ Directory Listing ¡æ FollowSymLinks ¡æ DirectoryIndex ¡æ ServerTokens ¡æ ServerSignature ¡æ Virtual Hosts ¡æ IP±â¹Ý °¡»óÈ£½ºÆ® (IP Address Based Virtual Host) ¡æ µµ¸ÞÀαâ¹Ý °¡»óÈ£½ºÆ® (Name Based Virtual Host) ¡æ ³×Æ®¿öÅ© ¼³Á¤(IP, Gateway, DNS¼³Á¤) ¢¿ ÀÎÁõ(Authentication) & Access Control - P.105 ¡æ Basic Authentication ¡æ Digest Authentication ¡æ Database Authentication ¡æ Á¢±Ù ¼³Á¤Çϱ⠡æ SSI (Server-Side Include) ¼­¹ö »çÀÌµå ¢¿ Apache Module - P.118 ¡æ mod_rewrite - Á¢±ÙÁ¦¾î °ü·Ã ¡æ mod_setenvif - ȯ°æ¼³Á¤ ¡æ mod_security - ¾ÆÆÄÄ¡ À¥ ¹æÈ­º® ¡æ mod_ssl - À¥ µ¥ÀÌÅÍ Åë½Å ¾Ïȣȭ ¢¿ ¼­¹ö ¸ð´ÏÅ͸µ ¹× ·Î±×°ü¸® - P.151 ¡æ Server Monitoring ¡æ acces_log ¡æ ErrorDocument ¡æ error_log ¡æ Log Rotation ¡æ Log Analysis ¢¿ Mail Server ¼³Ä¡Çϱâ - P.171 ¡æ Sendmail ¼³Ä¡ ¹× ¿î¿ë ¡æ 1-1. ucspi-tcp ¼³Ä¡ ¡æ 1-2. daemontools ¼³Ä¡ ¡æ 2. qmail ¼³Ä¡ ¡æ 3. qmail ºÎÆ® ½ºÅ©¸³Æ® ¡æ 4. vpopmail ¼³Ä¡ ¡æ 5. qmail°ú vpopmail ½ÃÀÛ ¡æ 6. ezmlm°ú qmailadmin ¼³Ä¡ ¡æ 7. yum ¼³Ä¡ ¡æ 8. courier-imap ¼³Ä¡ ¡æ 9. squirrelmail ¼³Ä¡ ¢¿ Mail Server Security - P.221 ¡æ E-mailÀ» ÀÌ¿ëÇÑ °ø°Ý ¢Ù Active Contents °ø°Ý ¢Ù Buffer Overflow °ø°Ý ¢Ù Trojan Horse °ø°Ý ¢Ù Shell Script °ø°Ý ¡æ SMTP_AUTH ¢¿ Installing Secure DNS Server - P.231 ¡æ Domain ¡æ DNS(Domain Name System) ¡æ Name ServerÀÇ Á¾·ù¿Í ¿ªÇÒ ¡æ ³×ÀÓ¼­¹öÀÇ °èÃþÀû °ü¸®±¸Á¶ ¡æ DNS Äõ¸®ÀÇ Á¾·ù ¡æ zoneÀÇ °³³ä ¡æ BINDÀÇ ÀÌÇØ ¡æ ¼³Ä¡Çϱ⠢٠1. bind ¼³Ä¡ ¢Ù 2. bind ³×ÀÓ¼­¹ö ¼³Á¤ÆÄÀÏ ¹®¹ý °Ë»ç ¢Ù 3. ³×ÀÓ¼­¹ö¸¦ ½ÃÀÛ|Á¤Áö|Àç½ÃÀÛ ¸í·É¾î ¢Ù 4. DNS¿Í vhostÀÇ ¿¬°è ¢Ù 5. ¸¶½ºÅÍ DNS ¿Í ½½·¹À̺ê DNS ±¸¼º ¢Ù 6. ¸¶½ºÅÍ DNS¿Í ½½·¹À̺ê DNSÀÇ TSIG ¼³Á¤ ¢¿ vsftpd FTP - P.271 ¡æ Active Mode ¡æ Passive Mode ¡æ Vsftpd FTP¼Ò°³ ¢¿ NFS Server Security - P.285 ¢¿ Proxy Server Security - P.299 ¢¿ SSH(Secure SHell) - P.311 ¡æ Telnet ¡æ SSH ¢¿ DHCP¼­¹ö - P.329 ¢¿ MRTG Æ®·¡Çȼ­¹ö - P.341 ¡æ MRTG(Multi Router Traffic Grapher) ¡æ SNMP(Simple Network Management Protocol) ¡æ MIB(Management Information Base) ¡æ MRTGÆ®·¡ÇÈ ¼­¹ö ¼³Ä¡ ¢Ù 1. SNMP ¼³Ä¡ ¢Ù 2. zlib ¼³Ä¡ ¢Ù 3. libpng ¼³Ä¡ ¢Ù 4. freetype ¼³Ä¡ ¢Ù 5. jpeg ¼³Ä¡Çϱ⠢٠6. gd ¼³Ä¡Çϱ⠢٠7. mrtg ¼³Ä¡Çϱâ *********************************************************************** ¦®¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¯ ¦­APM ¼³Ä¡Çϱâ(Apache + PHP + MySQL)¦­ ¦±¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦° ¦£¦¡¦¡¦¡¦¡¦¤ ¦¢°³³äÁ¤¸®¦¢ ¦¦¦¡¦¡¦¡¦¡¦¥ *********************************************************************** 1. Apache(http://www.apache.org/) : ¾ÆÆÄÄ¡´Â 1995³â ±× ´ç½Ã¿¡ °¡Àå Àαâ ÀÖ¾ú´ø À¥ ¼­¹öÁßÀÇ ÇϳªÀÎ NCSA HTTPD 1.3 ¹öÀüÀ» ±â¹ÝÀ¸·Î ź»ýÇÏ¿´´Ù. ±× ÈÄ ±âÁ¸ÀÇ NCSA À¥ ¼­¹ö¿¡ ´õ¿í Çâ»óµÈ ±â´ÉµéÀ» žÀçÇÏ¿© Apache À¥ ¼­¹ö¸¦ ¹ßÇ¥ÇÏ¿´´Ù. ÇöÀç´Â ÀÎÅÍ³Ý À¥ ¼­¹öÁß¿¡¼­ ÃÖ°íÀÇ Àα⸦ ±¸°¡ÇÏ°í ÀÖ´Â À̸¥¹Ù 'Àß ³ª°¡´Â' ¼ÒÇÁÆ®¿þ¾î ÁßÀÇ ÇϳªÀÌ´Ù. ±× ÀÌÀ¯¸¦ µéÀÚ¸é Áö¼ÓÀûÀ¸·Î ÆÐÄ¡ ÆÄÀÏÀ» Á¦°øÇÏ°í ÃÖ°íÀÇ ÆÛÆ÷¸Õ½º¸¦ ³»°í Àֱ⠶§¹®ÀÌ´Ù. ¹°·Ð ¹«·á·Î Á¦°øµÈ´Ù´Â Á¡°ú ¸¹Àº ¸¶ÄϽ¦¾îÀÇ Á¡À¯·Î ÀÎÇÏ¿© ¾ÈÁ¤¼ºÀ» ÀÎÁ¤¹Þ¾Ò´Ù´Â Á¡µµ ÇÑ ÀÌÀ¯°¡ µÈ´Ù. 2. PHP(http://www.php.net/) : PHP´Â À¥ÇÁ·Î±×·¡¹Ö ¾ð¾î Áß Çϳª´Ù. PHP´Â ¿ø·¡ 'Personal Home Page Tools'ÀÇ ¾àÀÚ¿´À¸³ª ÇöÀç °ø½ÄÀûÀ¸·Î 'PHP: Hypertext Preprocessor'¶ó´Â Àç±Í¾àÀÚ¸¦ ÀǹÌÇÑ´Ù. PHP´Â º¸Åë µ¿ÀûÀÎ À¥»çÀÌÆ®¸¦ ÀÛ¼ºÇϴµ¥ ¾²ÀÌ´Â ¼­¹ö Ãø ½ºÅ©¸³Æ® ¾ð¾îÀÌ´Ù. 3. MySQL(http://www.mysql.com/) : MySQLÀº °ü°èÇü µ¥ÀÌÅͺ£À̽ºÀÌ´Ù. ÀÌ°ÍÀº °ø°³¿ë µ¥ÀÌÅͺ£À̽º·Î¼­ ÀÏ¹Ý »ó¿ë µ¥ÀÌÅÍ º£À̽º¿Í ºñ±³ÇÏ¿© Å©°Ô µÚÁú°ÍÀÌ ¾ø´Â ¸Å¿ì ¶Ù¾î³­ °ü°èÇü µ¥ÀÌÅÍ º£À̽ºÀÌ´Ù. PHP¿Íµµ ¿¬°áÀÌ ¿ëÀÌÇÏ°í °¢Á¾ °ø°³¿ë À¥¼­¹ö¿Í ¿¬°áµµ °£ÆíÇÏ´Ù. ---------------------- °¢Á¾ ½Ã½ºÅÛÀÇ Á¶ÇÕ ---------------------- À¥¼­¹ö ¾îÇø®ÄÉÀÌ¼Ç µ¥ÀÌÅͺ£À̽º Apache PHP MySQL IIS ASP MS SQL Solaris JSP Oracle ------------------------------------------------- ÀÀ´äÄÚµå ¸®½ºÆ®(¸®´ª½º ¼­¹ö º¸¾È ±³Àç P.4, P.159) ------------------------------------------------- ¦£¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¨¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢ÀÀ´äÄÚµå ¦¢ ¼³ ¸í ¦¢ ¦§¦¡¦¡¦¡¦¡¦¡¦¡¦¨¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦«¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦© ¦¢¼º°ø(2xx) ¦¢200 OK ¦¢¿äûÀÌ ¼º°øÀûÀ¸·Î ¼öÇàµÇ¾úÀ½ ¦¢ ¦§¦¡¦¡¦¡¦¡¦¡¦¡¦«¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦«¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦© ¦¢ÀçÀü¼Û(3xx) ¦¢301 Moved Permanently ¦¢¿äûÇÑ ¸®¼Ò½º¿¡ Location field¿¡ À§Ä¡ÇÑ »õ·Î¿î ¦¢ ¦¢ ¦¢ ¦¢¿µ±¸ÀûÀÎ URLÀÌ ÁÖ¾îÁø °æ¿ì ¦¢ ¦¢ ¦§¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦«¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦© ¦¢ ¦¢302 Moved Temporarily ¦¢¿äûÇÑ ¸®¼Ò½º¿¡ Location field¿¡ À§Ä¡ÇÑ ÀÓ½ÃÀûÀ¸·Î¦¢ ¦¢ ¦¢ ¦¢»õ·Î¿î URLÀÌ ÁÖ¾îÁø °æ¿ì ¦¢ ¦§¦¡¦¡¦¡¦¡¦¡¦¡¦«¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦«¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦© ¦¢Å¬¶óÀ̾ðÆ® ¦¢400 Bad Request ¦¢Å¬¶óÀ̾ðÆ®ÀÇ ¿äûÀ» ¼­¹ö°¡ ÀÌÇØÇÏÁö ¸øÇÔ ¦¢ ¦¢¿¡·¯(4xx) ¦§¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦«¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦© ¦¢ ¦¢401 Unauthorized ¦¢¿äûÇÑ ¸®¼Ò½º¿¡ Á¢±Ù ½Ã »ç¿ëÀÚ ÀÎÁõÀÌ ÇÊ¿äÇÔ ¦¢ ¦¢ ¦§¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦«¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦© ¦¢ ¦¢403 Forbidden ¦¢¼­¹ö°¡ Ŭ¶óÀ̾ðÆ®ÀÇ ¿äû¿¡ ´ëÇÑ ÀÀ´äÀ» °ÅÀýÇÑ »óŦ¢ ¦¢ ¦¢ ¦¢ÀϹÝÀûÀ¸·Î GET¹æ½ÄÀ» »ç¿ëÇÒ¶§ ÀÌ·± ÀÀ´äÀ» ¹ÞÀ» ¼ö ¦¢ ¦¢ ¦¢ ¦¢Àִµ¥ ¾ÆÁ÷ ÀûÀº Á¤º¸¸¸ º¸¿©ÁØ´Ù. ±×·¯³ª HEAD¹æ½Ä ¦¢ ¦¢ ¦¢ ¦¢À» »ç¿ëÇϸé ÀϺΠ¼­¹ö´Â ¿Ö ÀÌ·¯ÇÑ »óÅ°¡ ¦¢ ¦¢ ¦¢ ¦¢¹ß»ýÇß´ÂÁö¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ Á¤º¸¸¦ Áֱ⵵ ÇÑ´Ù. ¦¢ ¦¢ ¦§¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦«¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦© ¦¢ ¦¢404 Not Found ¦¢¿äûÇÑ ¸®¼Ò½º°¡ ¾ø´Â °æ¿ì ¦¢ ¦§¦¡¦¡¦¡¦¡¦¡¦¡¦«¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦«¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦© ¦¢¼­¹ö ¿¡·¯ ¦¢500 Internal Server Error ¦¢¼­¹ö°¡ ¿äûÀ» ó¸®ÇÒ¶§ ³»ºÎÀûÀÎ ¿¡·¯°¡ ¹ß»ýÇÑ °æ¿ì¦¢ ¦¢(5xx) ¦§¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦«¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦© ¦¢ ¦¢501 Not Implemented ¦¢¼­¹ö°¡ ¿äûÀ» ó¸®ÇÏÁö ¸øÇÏ´Â °æ¿ì ¦¢ ¦¢ ¦§¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦«¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦© ¦¢ ¦¢502 Bad Gateway ¦¢¼­¹ö°¡ ÇÊ¿äÇÑ ¸®¼Ò½º¸¦ °¡Áö°í ÀÖ¾î ±× ¸®¼Ò½º¸¦ ¦¢ ¦¢ ¦¢ ¦¢¿äûÇÑ »óÀ§ ¼­¹ö·ÎºÎÅÍ À߸øµÈ ÀÀ´äÀ» ¹ÞÀº °æ¿ì ¦¢ ¦¢ ¦¢ ¦¢ÀÌ ÀÀ´äÀº HTTP ÇÁ¶ô½Ã¿¡ ÀÇÇØ ³ªÅ¸³­´Ù. ¦¢ ¦¢ ¦§¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦«¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦© ¦¢ ¦¢503 Service Unavailable ¦¢¼­¹ö°¡ ÀϽÃÀûÀ¸·Î °úºÎÇÏ»óÅ°¡ µÇ¾î ¿äû¿¡ ´ëÇÑ ¦¢ ¦¢ ¦¢ ¦¢ÀÀ´äÀ» ÇÒ ¼ö ¾ø´Â °æ¿ì ¦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¡¦ª¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦ª¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¥ ------------- LogLevel Warn(p.52) ------------- £ª emerg : À§±ÞÇÑ »óȲ, ½Ã½ºÅÛÀ» »ç¿ëÇÒ ¼ö ¾ø´Â »óȲ £ª alert : Áï½Ã ÇൿÀÌ ÃëÇØÁ®¾ß µÇ´Â »óȲ £ª crit : Ä¡¸íÀû £ª error : ¿¡·¯ £ª warn : °æ°í (º¸Åë ¼¼ÆõǴ °æ¿ì) £ª notice : º¸ÅëÀÌÁö¸¸ Áß¿äÇÑ »óȲ £ª info : º¸Åë¼öÁØÀÇ Á¤º¸ £ª debug : µð¹ö±× ·¹º§ ¸Þ½ÃÁö(»ç¼ÒÇÑ °Í±îÁö ·Î±×·Î ³²°Ü ½Ã½ºÅÛ ºÎÇϸ¦ ÀÏÀ¸Å³¼ö ÀÖÀ½) -------------------------- URL Ư¼ö¹®ÀÚ(p.10) -------------------------- Ư¼ö¹®ÀÚ ¼³¸í ? ÁúÀÇ ¹®ÀÚ¿­ ±¸ºÐÀÚ & ÆĶó¹ÌÅÍ ±¸ºÐÀÚ. ÁúÀÇ ¹®ÀÚ¿­¿¡¼­ À̸§=°ªÀÇ ÆĶó¹ÌÅÍ ½Ö ±¸ºÐÇϱâ À§ÇØ »ç¿ë = ÁúÀÇ ¹®ÀÚ¿­À» »ç¿ëÇÏ¿© ÆĶó¹ÌÅ͸¦ Àü´ÞÇÒ¶§ ÆĶó¹ÌÅÍ °ª ±¸ºÐ + °ø¹é¹®ÀÚ : ÇÁ·ÎÅäÄÝ ±¸ºÐÀÚ # À¥ÆäÀÌÁö ¾È¿¡¼­ ƯÁ¤ ÁöÁ¡À» Ç¥½ÃÇÒ ¶§ »ç¿ë % 16Áø¼ö·Î ÀÎÄÚµå µÈ ¹®ÀÚµéÀ» Ç¥½ÃÇϱâ À§ÇÑ Ç¥½Ã ¹®Àڷμ­ »ç¿ë @ URLÀÌ E-mail ÁÖ¼Ò¸¦ Ç¥½ÃÇÒ ¶§ mailto: Àǹ̷Π»ç¿ë ~ À¯´Ð½º¿¡¼­ »ç¿ëÀÚ È¨ µð·ºÅ丮 Ç¥½ÃÇÒ ¶§ »ç¿ë -------------------------- °£´ÜÇÑ Á¤±ÔÇ¥Çö½Ä(p.121) -------------------------- . : ´Ù¼öÀÇ Çѹ®ÀÚ ? : 0°³ ÀÌ»óÀÇ Çѹ®ÀÚ * : 0°³ ÀÌ»óÀÇ ¹®ÀÚ ¶Ç´Â ¹®ÀÚ¿­ + : 1°³ ÀÌ»óÀÇ ¹®ÀÚ ¶Ç´Â ¹®ÀÚ¿­ (chars) : (,)¾ÈÀÇ ¹®ÀÚ ¶Ç´Â ¹®ÀÚ¿­À» ±×·ìÀ¸·Î ¹­½À´Ï´Ù. ÀÌ ¹®ÀÚ ±×·ìÀº Substitution(return URL)¿¡¼­ $NÀÇ º¯¼ö·Î È°¿ë ÇÒ¼ö ÀÖ´Ù. ^ : ¹®ÀÚ¿­ÀÇ Ã¹¹®(¿­)À» ÁöÁ¤ÇÑ´Ù. $ : ¹®ÀÚ¿­ÀÇ ³¡ ¹®ÀÚ(¿­)À» ÁöÁ¤ÇÑ´Ù. / (¿ª½½·¡½¬) : Á¤±ÔÇ¥Çö½Ä¿¡¼­ Ưº°ÇÑ Àǹ̷Π»ç¿ëµÇ´Â ¹®ÀÚÀÇ Æ¯¼ö±â´ÉÀ» Á¦°ÅÇÑ´Ù.(¿¹:(,),[,],. µî) {n} : Á¤È®È÷ n¹ø ¹Ýº¹ {n, } : n¹ø ÀÌ»ó ¹Ýº¹ {n, m} : n ÀÌ»ó m ÀÌÇÏ ¹Ýº¹ [chars] : ¹®ÀÚµéÀÇ ¹üÀ§ ¶Ç´Â Ç¥ÇöÇÒ ¼ö ÀÖ´Â ¹®ÀÚµéÀ» ¼³Á¤ÇÑ´Ù. ¿¹) [a-z] : aºÎÅÍ z±îÁöÀÇ ¼Ò¹®ÀÚ, [tT]: ¼Ò¹®ÀÚ t¶Ç´Â ´ë¹®ÀÚ T ¡Ø Á¤±ÔÇ¥Çö½Ä ´ÜÃàÇ¥Çöµé [:alpha:] : ¾ËÆĺª. [a-zA-Z] ¿Í °°Àº Ç¥Çö [:alnum:] : ¾ËÆĺª°ú ¼ýÀÚ. [a-zA-Z0-9]¿Í °°Àº Ç¥Çö [:digit:] : ¼ýÀÚ [0-9]¿Í °°Àº Ç¥Çö [:upper:] : ´ë¹®ÀÚ. [A-Z]¿Í °°Àº Ç¥Çö -------------------------- ±âŸ ¾Ë¾ÆµÎ¸é ÁÁÀ» »çÇ× -------------------------- ¡Ø À¥ ÇØÅ·ÀÇ Á¾·ù £ª ºÎÀûÀýÇÑ ¿¡·¯ ó¸® (Improper Error Handling) £ª Å©·Î½º »çÀÌÆ® ½ºÅ©¸³Æà (Cross Site Scripting) £ª ¸®Äù½ºÆ® º¯Á¶ °ø°Ý (Cross Site Request Forgery) £ª µ¥ÀÌÅͺ£À̽º »ðÀÔ °ø°Ý (SQL Injection) £ª ÆÄÀÏ ¾÷·Îµù °ø°Ý (File Uploading) £ª ÆÄÀÏ ´Ù¿î·Îµù °ø°Ý (File Downloading) £ª ÆĶó¹ÌÅÍ º¯Á¶ °ø°Ý (Parameter Tampering) £ª µð·ºÅ丮 À̵¿ °ø°Ý (Directory Traversal) -> ÀÌ°ø°ÝÀº / (·çÆ®) µð·ºÅ丮·Î Á¢±Ù°¡´ÉÇÏ°Ô ../../../ ÀÌ·±½ÄÀ¸·Î »óÀ§ µð·ºÅ丮¿¡ Á¢±ÙÇÏ´Â °ø°ÝÀÓ £ª À¥ ¼¿À» ÀÌ¿ëÇÑ ÇØÅ· °ø°Ý (Web Shell) £ª ¸®¹ö½º ÅÚ³Ý °ø°Ý (Reverse Telnet) ¡Ø À¥ ¹æÈ­º®ÀÇ Á¾·ù £ª mod_security : Linux Server À¥¹æÈ­º® £ª À¥ ³ªÀÌÃ÷(WebKnight) : Windows Server À¥¹æÈ­º® *********************************************************************** ¦£¦¡¦¡¦¡¦¡¦¤ ¦¢¼³Ä¡¹æ¹ý¦¢ ¦¦¦¡¦¡¦¡¦¡¦¥ *********************************************************************** -------------------------------- ¼³Ä¡ÇÏ´Â ¸ÞÄ¿´ÏÁò -------------------------------- 1. ¼Ò½º¸¦ ´Ù¿î ¹Þ´Â´Ù. (ÁÖ·Î /usr/local/src ¸¦ ´Ù¿î·Îµå ·çÆ®·Î »ç¿ëÇÑ´Ù.) 2. ¼Ò½ºÀÇ ¾ÐÃàÀ» Ç®¾îÁØ´Ù. (# tar jxvf or tar zxvf) 3. ¼Ò½ºÄÚµåÀÇ ¾ÐÃàÀ» Ç®¾îÁØ µð·ºÅ丮·Î À̵¿ÇÑ´Ù. 4. README³ª INSTALLÀ̶ó´Â ÆÄÀÏÀ» º¸°í ¼³Ä¡ ¹æ¹ýÀ» È®ÀÎÇÑ´Ù. º¸ÆíÀûÀ¸·Î º° ´Ù¸¥ ¿É¼ÇÀÌ ¾ø´Â ÇÁ·Î±×·¥À̳ª µå¶óÀ̹ö ÀÏ °æ¿ì¿¡´Â # ./configure && make && make install À§ÀÇ ¸í·ÉÀ» »ç¿ëÇÏ¿© ¼³Ä¡ÇÑ´Ù. -------------------------------- ¼Ò½º ´Ù¿î·Îµå -------------------------------- [¾ÆÆÄÄ¡, PHP, MySQL ´Ù¿î] # cd /usr/local/src ¢Ñ ´Ù¿î·Îµå µð·ºÅ丮·Î À̵¿(´Ù¿î·Îµå ¹ÞÀ»¶§´Â ÁÖ·Î ÀÌ°÷À» ÀÌ¿ëÇÑ´Ù.) # wget http://archive.apache.org/dist/httpd/httpd-2.2.8.tar.bz2 ¢Ñ ¾ÆÆÄÄ¡ ´Ù¿î·Îµå # wget http://kr2.php.net/get/php-5.2.6.tar.bz2/from/this/mirror ¢Ñ PHP ´Ù¿î·Îµå # wget http://mirror.provenscaling.com/mysql/community/source/5.1/mysql-5.1.24-rc.tar.gz ¢Ñ MySQL ´Ù¿î·Îµå ¼³Ä¡ ¼ø¼­´Â ¾Æ·¡¿Í °°´Ù... MAP ¼ø¼­·Î mysql(µ¥ÀÌÅͺ£À̽º) -> httpd(apache)(¾ÆÆÄÄ¡ À¥¼­¹ö) -> php (À¥ ¾îÇø®ÄÉÀ̼Ç) -------------------------------- MySQL ¼³Ä¡(p.39) -------------------------------- # cd /usr/local/src # tar zxvf mysql-5.1.24-rc.tar.gz # cd mysql-5.1.24-rc # groupadd mysql # useradd -g mysql mysql # ./configure --prefix=/usr/local/mysql --with-charset=euckr # make && make install # /usr/local/mysql/bin/mysql_install_db # chown -R root /usr/local/mysql # chown -R mysql /usr/local/mysql/var # chgrp -R mysql /usr/local/mysql # vi /usr/local/mysql/share/mysql/mysql.server ============================== ÆÄÀÏÀ» ¿­¾î¼­ 330¹ø ¶óÀÎ ¼öÁ¤ 330 ¶óÀÎ ==> $bindir/mysqld_safe --datadir=$datadir --pid-file=$server_pid_file $other_args --language=korean >/dev/null 2>&1 & ============================== # chmod 755 /usr/local/mysql/share/mysql/mysql.server # cp -p /usr/local/mysql/share/mysql/mysql.server /etc/rc.d/init.d/mysqld # cp support-files/my-medium.cnf /etc/my.cnf # vi /etc/ld.so.conf (¿¤µð.¿¡½º¿À) ============================== ¸¶Áö¸· ºÎºÐ¿¡ Ãß°¡ /usr/local/lib /usr/local/mysql/lib/mysql ============================== # ldconfig -v (¿¤µðÄÜÇDZ×) # /etc/rc.d/init.d/mysqld start ============================== ¼º°ø Çϸé SUCCESS! ¶ó°í ¶á´Ù. ============================== # ps -ef | grep mysql --> mysql µ¥¸óÀÌ ½ÇÇàµÇ¾ú´ÂÁö È®ÀÎ -------------------------------- ERROR³ª FAILED°¡ ³ª¿Ã °æ¿ì -------------------------------- 1./usr/local/mysql/var : µð·ºÅ丮¿¡´Â ½ÇÁ¦ µ¥ÀÌÅͺ£À̽º ³»¿ëÀÌ ÀԷµǴ µð·ºÅ丮 ÀÌ µð·ºÅ丮ÀÇ ¼ÒÀ¯ÀÚ³ª Æ۹̼ÇÀÌ À߸øµÇ¾úÀ» °æ¿ì ¼ÒÀ¯ÀÚ´Â mysql ±×·ìµµ mysql Æ۹̼ÇÀº 700 2.¿¡·¯¸Þ¼¼Áö À§Ä¡ /usr/local/mysql/var/hostname.err 3.mysqlÀº ¼ÒÄÏ ÆÄÀÏÀ» Çϳª »ý¼º --> /tmp/mysql.sock /tmp µð·ºÅ丮¿¡ ¾²±â ±ÇÇÑÀÌ ÀÖ¾î¾ß µÇ°í Æ۹̼ÇÀº 1777(drwxrwxrwt)ÀÌ ÀÖ¾î¾ß ÇÑ´Ù. -------------------------------- ¾ÆÆÄÄ¡ ¼³Ä¡(p.41) -------------------------------- # cd /usr/local/src # tar jxvf httpd-2.2.8.tar.bz2 # cd httpd-2.2.8 # ./configure --prefix=/usr/local/httpd --enable-so --enable-authn-dbm --enable-authn-dbd --enable-auth-digest --enable-ssl --enable-rewrite --with-ssl # make && make install # vi /usr/local/httpd/conf/httpd.conf ============================================================ 65,66¶óÀÎ ¼öÁ¤ User nobody Group nobody 309¶óÀο¡ Ãß°¡ AddType application/x-httpd-php .php .php3 AddType application/x-https-php-source .phps ============================================================ -------------------------------- PHP ¼³Ä¡(p.44) -------------------------------- # cd /usr/local/src # rpm -e --nodeps libxml2 # wget ftp://xmlsoft.org/libxml2/libxml2-sources-2.6.32.tar.gz # tar zxvf libxml2-sources-2.6.32.tar.gz # cd libxml2-2.6.32 # ./configure && make && make install # cd /usr/local/src # tar jxvf php-5.2.6.tar.bz2 # cd php-5.2.6 # ./configure --prefix=/usr/local/php --with-apxs2=/usr/local/httpd/bin/apxs --with-config-file-path=/usr/local/httpd/conf --with-mysql=/usr/local/mysql --enable-sockets --with-openssl=/usr --with-dbm # cp -r /usr/kerberos/include/* /usr/include # make && make install # cp php.ini-dist /usr/local/httpd/conf/php.ini ============================================================ # grep LoadModule /usr/local/httpd/conf/httpd.conf LoadModule php5_module modules/libphp5.so --> À§¿Í °°ÀÌ ³ª¿À¸é ¼³Ä¡°¡ µÇÀÖ´Â °ÍÀÌ´Ù. ============================================================ # ls -al /usr/local/httpd/modules httpd.exp¿Í libphp5.so°¡ ÀÖ¾î¾ß ÇÑ´Ù. ============================================================ # /usr/local/httpd/bin/apachectl start ¢Ñ ¾ÆÆÄÄ¡. Áï, À¥¼­¹ö¸¦ ½ÇÇà½ÃÅ°´Â °Í # ps -ef | grep httpd ¢Ñ À¥¼­¹ö°¡ ½ÇÇàµÇ¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. --> ±âº»ÀûÀ¸·Î À¥¼­¹öÀÇ ÇÁ·Î¼¼½º´Â 5°³Á¤µµ°¡ ÇÁ·Î¼¼½ÌµÇ¾î ÀÖ´Ù. ============================================================ mysql : /usr/local/mysql/bin/mysql -> mysql client ÇÁ·Î±×·¥ /usr/local/mysql/share/mysql/mysql.server --> ¼­¹ö¸¦ ±¸µ¿Çϱâ À§ÇÑ ½ºÅ©¸³Æ® httpd : /usr/local/httpd/bin/httpd -> http server ÇÁ·Î±×·¥ /usr/local/httpd/bin/apachectl -> ¼­¹ö¸¦ ±¸µ¿Çϱâ À§ÇÑ ½ºÅ©¸³Æ® ½Ã½ºÅÛÀÌ ºÎÆõǰí /etc/rc.d/init.d/ ¹Ø¿¡ ÀÖ´Â ½ºÅ©¸³Æ®°¡ ½ÇÇà ============================================================ # cp -p /usr/local/httpd/bin/apachectl /etc/rc.d/init.d/httpd # ln -s /etc/rc.d/init.d/httpd /etc/rc.d/rc3.d/S90httpd ¢Ñ ½ÃÀÛÇÁ·Î±×·¥¿¡ µî·Ï½ÃŲ°ÍÀ̶ó°í º¸¸éµÊ # ln -s /etc/rc.d/init.d/mysqld /etc/rc.d/rc3.d/S91mysql ¢Ñ ½ÃÀÛÇÁ·Î±×·¥¿¡ µî·Ï½ÃŲ°ÍÀ̶ó°í º¸¸éµÊ --> /usr/local/httpd/bin/apachectl == /etc/rc.d/init.d/httpd --> apachectl ÆÄÀÏ°ú httpd ÆÄÀÏÀÌ °°´Ù´Â ÀǹÌÀÌ´Ù. [PAHT ¼³Á¤] # vi ~/.bash_profile PATH= :/usr/local/mysql/bin:/usr/local/httpd/bin <== Ãß°¡ÇÑ´Ù. --> PATH ´Â ¿ì¸®°¡ Àý´ë°æ·Î³ª »ó´ë°æ·Î¸¦ ¾²Áö ¾Ê¾Æµµ ÀÚµ¿ÀûÀ¸·Î °Ë»öÇÏ¿© ¸í·É¾î¸¦ ½ÇÇà½Ãų¼ö ÀÖ°Ô Àý´ë°æ·Î¸¦ ¹Ì¸® ÁöÁ¤Çϴ°Í. # shutdown -r now --> ´Ù µÇ¾ú´Ù¸é ½Ã½ºÅÛÀ» ÀçºÎÆÃÇؼ­ Àß µÇ´ÂÁö È®ÀÎÇÑ´Ù. *********************************************************************** ¦®¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¯ ¦­Practical httpd.conf Configuration(p.90)¦­ ¦±¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦° ¦£¦¡¦¡¦¡¦¡¦¤ ¦¢°³³äÁ¤¸®¦¢ ¦¦¦¡¦¡¦¡¦¡¦¥ *********************************************************************** --------------------- ¡Ø Directory Listing --------------------- À¥¼­¹öÀÇ Ã³À½ ÆäÀÌÁö´Â ÀÌ·¸°Ô º¸¿©Áø´Ù. Ŭ¶óÀ̾ðÆ®°¡ À¥¼­¹ö·Î Á¢±ÙÇßÀ»¶§, À¥¼­¹ö´Â ÀÚ½ÅÀÇ DocumentRoot¿¡¼­ À妽º ÆÄÀÏÀ» º¸¿©ÁÙ Áغñ¸¦ ÇÑ´Ù. À¥¼­¹öÀÇ È¯°æ¼³Á¤ ÆÄÀÏ¿¡ ÁöÁ¤µÈ À妽º ÆÄÀÏÀ» DocumentRoot¿¡¼­ ã´Â´Ù. ¸¸¾à¿¡ ÆÄÀÏÀÌ Á¸ÀçÇÑ´Ù¸é ±× ÆÄÀÏÀ» ¿­¾î ÆäÀÌÁö¸¦ º¸¿©ÁØ´Ù. ¸¸¾à ÆÄÀÏÀÌ Á¸ÀçÇÏÁö ¾Ê´Â´Ù¸é Options Áö½ÃÀÚ¸¦ ã¾Æ°£´Ù. Options Áö½ÃÀÚ¿¡¼­ Indexes ¿É¼ÇÀÌ ÀÖ´ÂÁö¸¦ °Ë»çÇÑ´Ù. ¸¸¾à¿¡ Indexes°¡ ÀÖ´Ù¸é µð·ºÅ丮 ¸®½ºÆÃÀ» º¸¿©ÁÖ°í, Indexes°¡ ¾ø´Ù¸é Forbidden ÆäÀÌÁö¸¦ º¸¿©ÁØ´Ù. À¥¼­¹ö ȯ°æ¼³Á¤ ÆÄÀÏ¿¡¼­ Options Áö½ÃÀÚ¿¡ Indexes¶ó´Â ¿É¼ÇÀ» Á¦°ÅÇØÁÖ¾î º¸¾È»ó µð·ºÅ丮¸®½ºÆÃÀ» ¹æÁöÇØÁִ°ÍÀÌ ÁÁ´Ù. --------------------- ¡Ø FollowSymLinks --------------------- Options Áö½ÃÀÚ¿¡¼­ ½Éº¼¸¯ ¸µÅ©¸¦ µû¶ó°¡°Ô ÇÏ´Â ¿É¼ÇÀÎ FollowSymLinks ¸¦ Á¦°ÅÇÔÀ¸·Î ¸·À»¼ö ÀÖ´Ù. µð·ºÅ丮 ¸®½ºÆÃÀÌ µÇµµ ÀÌ°ÍÀº °¡´ÉÇÏ°í µð·ºÅ丮 ¸®½ºÆÃÀÌ µÇÁö ¾Ê¾Æµµ ¸µÅ©µÈ ÆÄÀÏÀ» ½á³Ö¾î À¥ÆäÀÌÁö ¿äûÇÏ¸é ¸µÅ©¸¦ µû¶ó°¡°Ô µÈ´Ù. ¸µÅ©ÆÄÀÏÀ» Çϳª ÀÛ¼ºÇÏ¿© / ·Î ½Éº¼¸¯¸µÅ©¸¦ °É¾î ½ÇÁ¦·Î ÀÛµ¿ÇÏ´ÂÁö ½Ç½ÀÇغ¸µµ·Ï ÇÑ´Ù. µð·ºÅ丮 ¸®½ºÆðú ¹«°üÇÏ°Ô °¡´ÉÇÒ °ÍÀÌ´Ù. --------------------- ¡Ø DirectoryIndex --------------------- µð·ºÅ丮 À妽º´Â Ŭ¶óÀ̾ðÆ®°¡ ¼­¹ö¿¡ Á¢¼ÓÀ» ÇÏ¿´À»¶§ °¡Àå ¸ÕÀú º¸ÀÌ´Â ÆäÀÌÁöÀÎ À妽º ÆÄÀÏÀ» Á¤ÀÇÇÏ°í ±× ¼ø¼­¿¡ ´ëÇÑ Á¤ÀDZîÁö ´ã´çÇÏ°Ô ÇÑ´Ù. DirectoryIndex index.cgi index.shtml index.html À̶ó°í ȯ°æ¼³Á¤ ÆÄÀÏ¿¡ ¼³Á¤ÀÌ µÇ¾î ÀÖÀ» ¶§ À¥ÆäÀÌÁö ¿äûÀÌ µé¾î¿Ã °æ¿ì °¡Àå ¸ÕÀú index.cgi ÆÄÀÏÀ» ã°í ÀÖ´Ù¸é ±× ÆäÀÌÁö¸¦ º¸¿©ÁÖ°í ¾ø´Ù¸é ´ÙÀ½ index.shtmlÆÄÀÏÀ» ã¾Æ¼­ ÀÖ´Ù¸é º¸¿©ÁÖ°í ¾ø´Ù¸é ´ÙÀ½ index.htmlÆÄÀÏÀ» ã°ÔµÇ´Â °úÁ¤À» °ÅÄ£´Ù. µû¶ó¼­ ÀÌ À妽º ÆÄÀÏÀÇ ¼ø¼­µµ Àß »ý°¢ÇÏ¿© ÁöÁ¤ÇؾßÇÑ´Ù. --------------------- ¡Ø ServerTokens --------------------- Ŭ¶óÀ̾ðÆ®°¡ ¾ÆÆÄÄ¡¿¡ Á¢¼ÓÇßÀ»¶§ À¥ ¼­¹ö¿¡¼­´Â ÀÀ´ä ¸Þ½ÃÁöÀÇ Çì´õ¿¡ À¥¼­¹ö ¹öÀü, ¼³Ä¡µÈ ÀÀ¿ëÇÁ·Î±×·¥ µî°ú °°Àº Á¤º¸¸¦ Àü´ÞÇÏ°Ô µÇ´Âµ¥ ÀÌ´Â À¥ÆäÀÌÁöÀÇ bannerÇüÅ·Π¸Ó¸´¸»·Î ºÙ°Ô µÈ´Ù. °¢Á¾ ¿úµî¿¡¼­µµ ÀÌ Á¤º¸°¡ »ç¿ëµÇ¾î ¾Ç¿ëµÉ¼ö Àֱ⶧¹®¿¡ ÀÌ Á¤º¸´Â ÃÖ¼ÒÇÑÀÇ Á¤º¸¸¦ ÁÖ´øÁö ¾Æ´Ï¸é ¼û±â´Â °ÍÀÌ ¾ÈÀüÇÏ´Ù. ȯ°æ¼³Á¤ ÆÄÀÏ¿¡¼­ ServerTokens Áö½ÃÀÚÀÇ ¿É¼ÇÀ» ¹Ù²Ù¾î ÁÖ¸é µÈ´Ù. Prod ¿É¼ÇÀ» »ç¿ëÇÏ¿© Á¦ÇÑµÈ Á¤º¸¸¦ º¸¿©Áà¾ß ÇÑ´Ù. »ç¿ëÇÒ¼ö ÀÖ´Â Å°¿öµå´Â ´ÙÀ½°ú °°´Ù. Prod[uctOnly] : À¥¼­¹öÀÇ Á¾·ù Min[imal] : À¥¼­¹ö Á¾·ù + ¹öÀü OS : À¥¼­¹ö Á¾·ù + ¹öÀü + ¿î¿µÃ¼Á¦ Full : À¥¼­¹ö Á¾·ù + ¹öÀü + ¿î¿µÃ¼Á¦ + ¼³Ä¡µÈ ¸ðµâ(ÀÀ¿ëÇÁ·Î±×·¥)Á¤º¸ --------------------- ¡Ø ServerSignature --------------------- ¹®¼­ÀÇ ²¿¸´¸»À» ¼³Á¤ÇÑ´Ù. ÀÌ°ÍÀÌ ÇÊ¿äÇÑ ÀÌÀ¯´Â ÇÁ¶ô½Ã üÀÎ Çü¼º½Ã, »ç¿ëÀÚ°¡ ½ÇÁ¦·Î ¾î´À¼­¹ö°¡ ¿¡·¯¸Þ½ÃÁö¸¦ ¸®ÅÏÇß´ÂÁö¸¦ ¾Ë ¼ö ÀÖµµ·Ï Çϱâ À§Çؼ­ÀÌ´Ù. Off ·Î ¼³Á¤ÇÏ¿© ¾Æ¹«·± Á¤º¸¸¦ º¸¿©ÁÖÁö ¾Ê°Ô ÇØÁÖ´Â°Ô ÁÁ´Ù. *********************************************************************** ¦£¦¡¦¡¦¡¦¡¦¤ ¦¢È¯°æ¼³Á¤¦¢ ¦¦¦¡¦¡¦¡¦¡¦¥ *********************************************************************** # /usr/local/httpd/conf/httpd.conf ¢Ñ ¾ÆÆÄÄ¡ ¸ÞÀÎȯ°æ ¼³Á¤ ÆÄÀÏ # /usr/local/httpd/conf/extra/* ¢Ñ ¾ÆÆÄÄ¡ÀÇ È®ÀåÇü ȯ°æ¼³Á¤ ÆÄÀÏ(ÀÌ°Ç httpd.conf¿¡¼­ include ½ÃÄÑÁÖ¾î¾ß »ç¿ë°¡´ÉÇÔ) --------------------------------- 1.µð·ºÅ丮 ¸®½ºÆÃÀÌ °¡´ÉÇÏ°Ô ¼³Á¤ --------------------------------- httpd.conf : Options Indexes ¡Ø /usr/local/httpd/conf/httpd.conf (¾ÆÆÄÄ¡ ¸ÞÀÎȯ°æ¼³Á¤ ÆÄÀÏ)¿¡¼­ ============================= DirectoryIndex index.html ¢Ñ À̺κп¡ óÀ½ ÆäÀÌÁö¿­¾úÀ»¶§ ºÒ·¯µéÀ» ÆÄÀϸíÀ» Àû°ÔµÈ´Ù. ============================= ÀÌ ºÎºÐÀ» º¸¸é µð·ºÅ丮¸¦ ¿­¶§ index.html ÆÄÀÏÀÌ ÀÖ´ÂÁö È®ÀÎÈÄ¿¡ ¿­µµ·Ï ¼³Á¤ÀÌ µÇ¾î Àִµ¥ µð·ºÅ丮 ¸®½ºÆÃÀÌ µÇ·Á¸é index.html ÆÄÀÏÀÌ Document Root(/usr/local/httpd/htdocs/)¾È¿¡ Á¸ÀçÇÏÁö ¾Ê¾Æ¾ß ÇÑ´Ù. ¶Ç´Â µð·ºÅ丮 À妽º¿¡ index.html ´ë½Å index.htmÀ̶ó°í ÀÛ¼ºÇؼ­ ¹Ù²Û´Ù¸é index.htmlÀÌ Document Root¿¡ ÀÖ´õ¶óµµ ÀνÄÇÏÁö ¸øÇÑ´Ù. °í·Î DirectoryIndex¿¡ ÀÔ·ÂµÈ ÆÄÀϸí°ú Document Root ¾È¿¡ ÀÖ´Â ÆÄÀϸíÀÌ ÀÏÄ¡Çؾ߸¸ µð·ºÅ丮 ¸®½ºÆÃÀÌ ¹ß»ýÇÏÁö ¾Ê´Â´Ù. ¡Ø /usr/local/httpd/conf/httpd.conf (¾ÆÆÄÄ¡ ¸ÞÀÎȯ°æ¼³Á¤ ÆÄÀÏ)¿¡¼­ ======================================= Options Indexes FollowSymLinks ¢Ñ À̺κп¡ ¿É¼ÇÀ» ÁØ´Ù. AllowOverride None Order allow,deny Allow from all ======================================= ÀÌ ºÎºÐÀ» º»´Ù¸é Documenet Root ÀÇ Á¶°ÇÀ» ¼³Á¤ÇÏ´Â ºÎºÐÀ¸·Î ¿É¼ÇÀ¸·Î ¡®Indexes¡¯¸¦ ÁÖ¾ú±â ¶§¹®¿¡ µð·ºÅ丮 ¸®½ºÆÃÀÌ ÀϾµµ·Ï ¼³Á¤ÇÏ¿´´Ù. À̺κÐÀÇ ¡®Indexes'¸¦ Áö¿ö¹ö¸°´Ù¸é Forbidden ÆäÀÌÁö°¡ º¸¿©Áø´Ù. Á¾ÇÕÇÏ¿© º¼¶§ µð·ºÅ丮 ¸®½ºÆÃÀ» º¸±âÀ§Çؼ­´Â Document Root ¾È¿¡ index.html ÆÄÀÏÀÌ ¾ø¾î¾ß ÇÏ°í ¾ÆÆÄÄ¡ ¸ÞÀÎȯ°æ ¼³Á¤ÆÄÀÏÀÇ ¿É¼Ç¿¡ 'Indexes' ¶õ ¿É¼ÇÀÌ ÁÖ¾îÁ®¾ß¸¸ µð·ºÅ丮 ¸®½ºÆÃÀ» º¼¼ö°¡ ÀÖ´Ù. --------------------------------- 2./etc/xinetd.conf ¢Ñ ÆÄÀÏÀÌ À¥ºê¶ó¿ìÀú¿¡¼­ º¸ÀÏ ¼ö ÀÖ°Ô ¼³Á¤ --------------------------------- httpd.conf : Options Indexes FollowSymLinks # ln -s /etc/xinetd.conf /usr/local/httpd/htdocs/xinetd.conf ¡Ø FollowSymLinks ÀÌ ¹ß»ýµÇ´Â Á¶°Ç - Directory Listing À» º¼¼öÀÖ¾î¾ß ÇÑ´Ù.. (½Éº¼¸¯¸µÅ© ÆÄÀϸíÀ» ¾Ë¼ö°¡ ¾ø±â ¶§¹®¿¡) - /usr/local/httpd/conf/httpd.conf (¾ÆÆÄÄ¡ ¸ÞÀÎȯ°æ¼³Á¤ ÆÄÀÏ)¿¡¼­ ======================================= Options Indexes FollowSymLinks ¢Ñ À̺κп¡ FollowSymLinks¶ó´Â ¿É¼ÇÀ» ÁØ´Ù. AllowOverride None Order allow,deny Allow from all ======================================= - Document Root(/usr/local/httpd/htdocs/)¾È¿¡ ln -s ¸í·ÉÀ¸·Î ¸¸µé¾îÁø ½Éº¼¸¯ ¸µÅ©°¡ Á¸ÀçÇÏ¿©¾ß ÇÑ´Ù. Á¾ÇÕÇØ º¼¶§ Directory ListingÀÇ Á¶°ÇÀº ¸¸Á·ÇÏ¿©¾ß ÇÏ°í µÑ°·Î ¿É¼Ç¿¡ 'FollowSymLinks'ÀÌ ÁÖ¾îÁ®ÀÖ¾î¾ß ÇÏ¸ç ¸¶Áö¸·À¸·Î Document Root¿¡¼­ ½Éº¼¸¯¸µÅ© ÆÄÀÏÀÌ Á¸ÀçÇÏ¿©¾ß Çϸç Ãß°¡ÀûÀ¸·Î ½Éº¼¸¯¸µÅ©ÀÇ ±ÇÇÑ ¶ÇÇÑ Å¬¸¯ÇßÀ»¶§ À̵¿ÀÌ °¡´ÉÇϵµ·Ï ½ÇÇà±ÇÇÑÀÌ ÀÖ¾î¾ß ÇÒ°ÍÀÌ´Ù. --------------------------------- 3.¼­¹öÀÇ ²¿¸´¸»ÀÌ º¸ÀÌ°Ô ¼³Á¤(ServerSignature) --------------------------------- httpd.conf : Include conf/extra/httpd-default.conf /conf/extra/httpd-default.conf : ServerSignature On --------------------------------- 4.¼­¹öÀÇ ²¿¸´¸»¿¡ À¥¼­¹ö ¹öÀü±îÁö ³ª¿À°Ô ¼³Á¤ --------------------------------- httpd.conf : Include conf/extra/httpd-default.conf extra/httpd-default.conf : ServerSignature On extra/httpd-default.conf : ServerTokens Min --------------------------------- 5.ÀÚ½ÅÀÇ ¸®´ª½º ¾ÆÀÌÇǸ¦ À¥ºê¶ó¿ìÀú¿¡ ÀÔ·ÂÇßÀ» °æ¿ì default.html ÆÄÀÏÀ» ã¾Æ¼­ ÆäÀÌÁö¿¡ º¸¿©ÁÙ ¼ö ÀÖ°Ô ¼³Á¤ (´Ü, default.html ÆÄÀÏÀÌ ¾øÀ» °æ¿ì 1,2,3,4 Á¶°Ç¿¡ ¸Â°Ô²û ¼³Á¤) --------------------------------- httpd.conf : DirectoryIndex default.html *********************************************************************** ¦£¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢Virtual Hosts(p.84) ¦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** ------------ ¡Ø °³³äÁ¤¸® ------------ °¡»óÈ£½ºÆ® ¼³Á¤ ºÎºÐÀº ¿þ È£½ºÆà ¾÷üµéÀÌ ¸¹ÀÌ »ç¿ëÀ» ÇÏ°í ÀÖ´Â ¹æ½ÄÀÌ´Ù. ½Ã½ºÅÛ¿¡¼­ ¿©·¯ °³ÀÇ µµ¸ÞÀÎÀ̳ª È£½ºÆ®³×ÀÓÀ» ¼³Á¤ÇÏ¿© °ü¸®ÇÏ°íÀÚ ÇÑ´Ù¸é ºÎºÐÀ» ¼³Á¤ÇØ Áà¾ß ÇÑ´Ù. °¡»óÈ£½ºÆ®´Â ¾ÆÀÌÇÇ°¡ ¿©·¯°³À϶§ »ç¿ëÇÏ´Â IP Address Based Virtual Host ¿Í µµ¸ÞÀÎÀÌ ¿©·¯°³À϶§ »ç¿ëÇÏ´Â Name Based Virtual Host ¹æ½ÄÀÌ ÀÖ´Ù. ------------ ¡Ø ¼³Á¤Çϱâ ------------ [root@sak11 root]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:28:A7:69 inet addr:192.168.10.93 Bcast:192.168.10.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5889 errors:0 dropped:0 overruns:0 frame:0 TX packets:1560 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:640399 (625.3 Kb) TX bytes:246540 (240.7 Kb) Interrupt:5 Base address:0x2000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:10 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:700 (700.0 b) TX bytes:700 (700.0 b) --> ÃÖÃÊ¿¡ ifconfig ¸í·É¾î¸¦ Ã常é eth0ÀÌ Çϳª·Î IP°¡ 192.168.10.93À¸·Î Çϳª°¡ ÀâÈù°ÍÀ» º¼¼ö°¡ ÀÖ´Ù. [root@sak11 root]# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0 [root@sak11 root]# ls /etc/sysconfig/network-scripts/ ifcfg-eth0 ifdown-ipv6 ifup ifup-plip ifup-sl ifcfg-eth0:0 ifdown-isdn ifup-aliases ifup-plusb ifup-wireless ifcfg-lo ifdown-post ifup-ippp ifup-post init.ipv6-global ifdown ifdown-ppp ifup-ipv6 ifup-ppp network-functions ifdown-aliases ifdown-sit ifup-ipx ifup-routes network-functions-ipv6 ifdown-ippp ifdown-sl ifup-isdn ifup-sit --> cpº¹»ç ¸í·É¾î¸¦ ÅëÇØ ifcfg-eth0ÆÄÀÏÀ» ifcfg-eth0:0 ÆÄÀÏ·Î ±×´ë·Î º¹»çÇÏ¿´´Ù. --> ls¸í·É¾î·Î È®ÀÎÇغ¸¸é ifcfg-eth0¿Í µ¿ÀÏÇÑ ¼Ó¼ºÀ» °¡Áø ifcfg-eth0:0ÆÄÀÏÀ» º¼¼ö°¡ ÀÖ´Ù [root@sak11 root]# vi /etc/sysconfig/network-scripts/ifcfg-eth0:0 ============================================ 1 DEVICE=eth0 ¢Ñ À̺κÐÀÇ À̸§À» eth0:0 À¸·Î º¯°æÇÑ´Ù. 2 ONBOOT=yes 3 BOOTPROTO=static 4 IPADDR=192.168.10.93 ¢Ñ À̺κÐÀÇ IP¸¦ °¡»óIP·Î º¯°æÇÑ´Ù. 5 NETMASK=255.255.255.0 6 GATEWAY=192.168.10.1 ============================================ --> º¯°æÈÄ ¿¡´Â ¾Æ·¡¿Í °°´Ù. ============================================ 1 DEVICE=eth0:0 ¢Ñ ÀÌ ºÎºÐ À̸§À» eth0:0À¸·Î º¯°æÇß´Ù 2 ONBOOT=yes 3 BOOTPROTO=static 4 IPADDR=192.168.10.123 ¢Ñ ¾µ¼öÀÖ´Â IP´ë¿ª ³»¿¡¼­ º¯°æÇÏ¿´´Ù 5 NETMASK=255.255.255.0 6 GATEWAY=192.168.10.1 ============================================ --> ³×Æ®¿öÅ© ¼³Á¤À» º¯°æÇÏ¿´±â ¶§¹®¿¡ network µ¥¸óÀ» Àç½ÃÀÛÇØ ÁÖ¾î¾ß ÇÑ´Ù. [root@sak11 root]# /etc/rc.d/init.d/network restart Shutting down interface eth0: [ OK ] Shutting down loopback interface: [ OK ] Setting network parameters: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: [ OK ] --> ´Ù½Ã ifconfig ¸í·É¾î·Î È®ÀÎÇغ¸¸é eth0:0 À¸·Î ÁöÁ¤ÇÑ IP°¡ »õ·Î ÀâÇôÀÖÀ½À» ¾Ë¼ö°¡ ÀÖ´Ù. [root@sak11 root]# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:28:A7:69 inet addr:192.168.10.93 Bcast:192.168.10.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6441 errors:0 dropped:0 overruns:0 frame:0 TX packets:1905 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:700304 (683.8 Kb) TX bytes:294570 (287.6 Kb) Interrupt:5 Base address:0x2000 eth0:0 Link encap:Ethernet HWaddr 00:0C:29:28:A7:69 inet addr:192.168.10.123 Bcast:192.168.10.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6446 errors:0 dropped:0 overruns:0 frame:0 TX packets:1914 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:700604 (684.1 Kb) TX bytes:295940 (289.0 Kb) Interrupt:5 Base address:0x2000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:10 errors:0 dropped:0 overruns:0 frame:0 TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:700 (700.0 b) TX bytes:700 (700.0 b) --> ÀÌ·¸°Ô ¼³Á¤ÀÌ ¿Ï·áµÇ¾ú´Ù¸é À¥ ºê¶ó¿ìÀú¸¦ ¿­¾î¼­ --> 192.168.10.93 À¸·Î Á¢¼ÓÇϳª 192.168.10.123 À¸·Î Á¢¼ÓÇÏ´Â °°Àº ÆäÀÌÁö¸¦ º¼¼ö°¡ ÀÖ´Ù. --> ÀÌ·¸°Ô °¡»óÀ¸·Î ¾ÆÀÌÇǸ¦ 2°³¸¸µé¾ú´Ù¸é °¢ ¾ÆÀÌÇǸ¶´Ù Á¢¼ÓÇßÀ»¶§ º¸¿©Áö´Â ÆäÀÌÁö¸¦ ´Þ¸®ÇÒ¼öµµ ÀÖ´Ù. --> ±× ¹æ¹ýÀº ¾Æ·¡¿¡¼­ »ìÆ캸°Ú´Ù. ----------------------------------------------------- ¡Ø IP±â¹Ý °¡»óÈ£½ºÆ® (IP Address Based Virtual Host) ----------------------------------------------------- [root@sak11 root]# cd /usr/local/httpd/htdocs/ ¢Ñ ´ÙÅ¥¸àÆ® µð·ºÅ丮·Î À̵¿ÇÑ´Ù [root@sak11 htdocs]# mkdir home1 ¢Ñ 192.168.10.93 IP·Î Á¢±ÙÇßÀ»¶§ º¸¿©Áú ÆäÀÌÁöÀÇ µð·ºÅ丮ÀÌ´Ù. [root@sak11 htdocs]# mkdir home2 ¢Ñ 192.168.10.123 IP·Î Á¢±ÙÇßÀ»¶§ º¸¿©Áú ÆäÀÌÁöÀÇ µð·ºÅ丮ÀÌ´Ù. [root@sak11 htdocs]# cat > home1/index.html ¢Ñ catÀÇ ¸®´ÙÀÌ·º¼Ç ¸í·É¾î·Î index.html ÆÄÀÏÀ» »ý¼ºÇÑ´Ù

HOME 1

[root@sak11 htdocs]# cat > home2/index.html

HOME 2

[root@sak11 htdocs]# vi /usr/local/httpd/conf/httpd.conf ¢Ñ ¾ÆÆÄÄ¡ÀÇ ¸ÞÀÎȯ°æ¼³Á¤ ÆÄÀÏÀ» ¿¬´Ù ============================================== 389 # Virtual hosts 390 Include conf/extra/httpd-vhosts.conf ¢Ñ # À¸·Î ÁÖ¼®Ã³¸®µÇ¾îÀִµ¥ #À» Áö¿ö¼­ ÁÖ¼®Ã³¸®¸¦ ÇØÁ¦½ÃŲ´Ù ============================================== --> À§¿Í °°ÀÌ 390¶óÀÎ Á¤µµ¿¡ ÀÖ´Â ÁÖ¼®Ã³¸®¸¦ ÇØÁ¦ÇÏ¿© httpd-vhosts.conf ȯ°æ¼³Á¤ÆÄÀÏÀ» ÀÎŬ·çµå½ÃŲ´Ù. [root@sak11 htdocs]# vi /usr/local/httpd/conf/extra/httpd-vhosts.conf ============================================== 19 #NameVirtualHost *:80 ¢Ñ ³×ÀÓ±â¹ÝÀÌ ¾Æ´Ï±â¿¡ 19¹ø ¶óÀÎÀº ÁÖ¼®Ã³¸®½ÃŲ´Ù. 27 ¢Ñ À̺κÐÀÇ ¾ÆÀÌÇǸ¦ ÁöÁ¤ÇØÁØ´Ù. 28 ServerAdmin webmaster@dummy-host.example.com 29 DocumentRoot "/usr/local/httpd/htdocs/home1" ¢Ñ 93¹ø ¾ÆÀÌÇÇ·Î Á¢±ÙÇßÀ»¶§ÀÇ µð·ºÅ丮 °æ·Î¸¦ ½áÁØ´Ù. 30 ServerName dummy-host.example.com 31 ServerAlias www.dummy-host.example.com 32 ErrorLog "logs/dummy-host.example.com-error_log" 33 CustomLog "logs/dummy-host.example.com-access_log" common 34 35 36 ¢Ñ À̺κÐÀÇ ¾ÆÀÌÇǸ¦ ÁöÁ¤ÇØÁØ´Ù. 37 ServerAdmin webmaster@dummy-host2.example.com 38 DocumentRoot "/usr/local/httpd/htdocs/home2" ¢Ñ 123¹ø ¾ÆÀÌÇÇ·Î Á¢±ÙÇßÀ»¶§ÀÇ µð·ºÅ丮 °æ·Î¸¦ ½áÁØ´Ù. 39 ServerName dummy-host2.example.com 40 ErrorLog "logs/dummy-host2.example.com-error_log" 41 CustomLog "logs/dummy-host2.example.com-access_log" common 42 ============================================== --> ¾ÆÆÄÄ¡ ȯ°æ¼³Á¤ ÆÄÀÏÀ» ¼öÁ¤ÇßÀ¸¹Ç·Î apachectl restart ¸í·É¾î¸¦ ½á¼­ ¾ÆÆÄÄ¡¸¦ Àç½ÇÇà ÇÑ´Ù. [root@sak11 htdocs]# apachectl restart httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName --> ÀÌÁ¦ À¥ºê¶ó¿ìÀú·Î 93¹ø°ú 123¹øÀ¸·Î Á¢¼ÓÇØ º¸¸é ¼­·Î ´Ù¸¥ ÆäÀÌÁö°¡ ¿­¸®´Â °ÍÀ» º¼¼ö°¡ ÀÖ´Ù. --> À̶§ À¥ºê¶ó¿ìÀúÀÇ Ä³½Ì±â´ÉÀ¸·Î Á¦´ë·Î º¸¿©ÁöÁö¾ÊÀ»¼ö ÀÖÀ¸´Ï À¥ºê¶ó¿ìÀú¸¦ ´Ý°í Àç½ÃÀÛÇÑÈÄ ±×·¡µµ º¸¿©ÁöÁö¾Ê´Â´Ù¸é F5Å°¸¦ ÅëÇؼ­ »õ·Î°íħÀ» ¿©·¯¹ø ÇØÁÖ¸é Á¤»óÀûÀ¸·Î ÆäÀÌÁö°¡ ¿­¸®´Â °ÍÀ» º¼¼ö°¡ ÀÖ´Ù. ==> Á¾ÇÕÀûÀ¸·Î °¡»óÈ£½ºÆ® ±â´ÉÀ» ¾²Áö¾ÊÀ¸·Á¸é ¾ÆÆÄÄ¡¸ÞÀÎȯ°æ¼³Á¤ ÆÄÀÏ¿¡¼­ ÇØ´çÇÏ´Â ºÎºÐÀ» ÁÖ¼®Ã³¸®½ÃÄѼ­ ÀÎŬ·çµå¸¦ ÇØÁÖÁö ¾ÊÀ¸¸é ´Ù½Ã µÎ°³ÀÇ IP·Î Á¢¼ÓÇßÀ»¶§ ÇÑ È­¸éÀ» º¼¼ö°¡ ÀÖ´Ù. ----------------------------------------------------- ¡Ø µµ¸ÞÀαâ¹Ý °¡»óÈ£½ºÆ® (Name Based Virtual Host) ----------------------------------------------------- ¡Ø µµ¸ÞÀαâ¹ÝÀº À§ÀÇ ¾ÆÀÌÇÇ ±â¹Ý°ú µ¿ÀÏÇѵ¥ µÎ°³ÀÇ ¾ÆÀÌÇÇ·Î Á¢±ÙÇßÀ»¶§ µû·Îµû·Î ÆäÀÌÁö¸¦ º¸¿©ÁöµíÀÌ 2°³ÀÇ ¾ÆÀÌÇÇ´ç °¢°¢ µµ¸ÞÀÎÀ» ÁÖ°í³ª¼­ µ¿ÀÏÇÑ ¹æ¹ýÀ¸·Î À¥ºê¶ó¿ìÀú¿¡ 2°³ÀÇ µµ¸ÞÀÎÀ» ÀÔ·ÂÇÑ´Ù¸é °¢°¢ ´Ù¸¥ ÆäÀÌÁö¸¦ º¸¿©ÁÖ°Ô ÇÏ´Â °³³äÀÌ´Ù. ÀÚ¼¼ÇÑ°Ç ¾Æ·¡ DNS ¼³Á¤ÇÏ´Â ºÎºÐÀ» Âü°íÇÏ¸é µÈ´Ù.. ´ë·«ÀûÀ¸·Î ¼³¸íÇÏ¸é ¾Æ·¡¿Í °°´Ù. 192.168.152.129¿¡´Â http://www.domain.co.kr À̶ó´Â µµ¸ÞÀÎÀ» 192.168.152.130 ¿¡´Â http://vhost.domain.co.kr À̶ó´Â µµ¸ÞÀÎÀ» ¼³Á¤ÇÏ°íÀÚ ÇÑ´Ù¸é ³×ÀÓ¼­¹öÀÇ ¼³Á¤ ¶ÇÇÑ ¹Ù²Ù¾î ÁÖ¾î¾ß Çϴµ¥ ³×ÀÓ¼­¹öÀÇ zoneÆÄÀÏÀ» ¼öÁ¤ÇØ¾ß ÇÑ´Ù. ´ÙÀ½°ú °°ÀÌ vhostºÎºÐÀ» Ãß°¡ÇØÁÖ¸éµÈ´Ù. ========================================== www IN A 192.168.152.129 vhost IN A 192.168.152.130 ========================================== IP¿Í DNS¼³Á¤À» ¸¶ÃÆ°í À̹ø¿¡´Â httpd.confÆÄÀÏ¿¡¼­ °¡»ó È£½ºÆ® ºÎºÐÀ» ¼³Á¤ÇÒ Â÷·ÊÀÌ´Ù. [root@sak11 htdocs]# vi /usr/local/httpd/conf/extra/httpd-vhosts.conf ========================================== ¢Ñ 129¹ø ¾ÆÀÌÇÇ¿¡ ´ëÇÑ ¼³Á¤ÀÌ´Ù. ServerName www.domain.co.kr ¢Ñ µµ¸ÞÀÎ ÁÖ¼Ò¸¦ ³Ö´Â´Ù. DocumentRoot /usr/local/httpd/htdocs/domain ¢Ñ µµ¸ÞÀÎÁÖ¼Ò¸¦ ÀÔ·ÂÇßÀ»¶§ º¸¿©Áú Ȩµð·ºÅ丮 °æ·Î¸¦ Àû¾îÁØ´Ù. ¢Ñ 130¹ø ¾ÆÀÌÇÇ¿¡ ´ëÇÑ ¼³Á¤ÀÌ´Ù. ServerAdmin root@domain.co.kr ServerName vhost.domain.co.kr ¢Ñ µµ¸ÞÀÎ ÁÖ¼Ò¸¦ ³Ö´Â´Ù. DocumentRoot /usr/local/httpd/htdocs/vhost ¢Ñ µµ¸ÞÀÎÁÖ¼Ò¸¦ ÀÔ·ÂÇßÀ»¶§ º¸¿©Áú Ȩµð·ºÅ丮 °æ·Î¸¦ Àû¾îÁØ´Ù. ========================================== À§ÀÇ ¿¹Á¦´Â ¾ÆÁÖ °£´ÜÇÑ ¼³Á¤¸¸ ÇØÁÖ¾ú°í Ãß°¡ÀûÀ¸·Î ´Ù¸¥ Á¤º¸¸¦ ÀÔ·ÂÇÒ¼öµµ ÀÖ´Ù. ·Î±×³ª ¼­¹öÀÇ alias °°Àº ¼³Á¤ µîÀ» Ãß°¡ÇÒ ¼öµµ ÀÖ´Ù. ----------------------------------------- ³×Æ®¿öÅ© ¼³Á¤(IP, Gateway, DNS¼³Á¤) ----------------------------------------- ¦£¦¡¦¡¦¡¦¡¦¤ ¦¢°ü·ÃÆÄÀϦ¢ ¦¦¦¡¦¡¦¡¦¡¦¥ /etc/hosts : È£½ºÆ®ÀÇ À̸§À» °¡Áö°í ÀÖ´Â ÆÄÀÏ, È£½ºÆ®ÀÇ ½ÇÁ¦À̸§°ú alias¸¦ ¼³Á¤ /etc/host.conf : order hosts,bind ¶ó´Â ÇÑÁÙ·Î µÇ¾îÀÖ°í hostsÆÄÀÏÀ» ¸ÕÀú Âü°íÇÒÁö DNS¿¡ ¸ÕÀú ¹°¾îº¼Áö¸¦ °áÁ¤ --> ½ÇÁ¦·Î´Â /etc/nsswitch.conf ÆÄÀÏÀÇ 38¶óÀÎ files dns ¼ø¼­¿¡ µû¶ó¼­ °áÁ¤µÈ´Ù. (À̷аúÀÇ Â÷ÀÌÁ¡) /etc/resolv.conf : ³×ÀÓ¼­¹öÀÇ Á¤º¸¸¦ ´ã°í ÀÖÀ½ (KT´Â 168.126.63.1) /etc/sysconfig/network : ³×Æ®¿öÅ·À» ÇÒ °ÍÀÎÁö¿Í È£½ºÆ® ³×ÀÓÀÇ Á¤º¸°¡ µé¾îÀÖÀ½ --> È£½ºÆ®À̸§À» ¹Ù²Ù°íÀÚ ÇÑ´Ù¸é /etc/hostsÆÄÀÏ°ú À§ÀÇ networkÆÄÀÏÀÇ ¼³Á¤À» ¸ðµÎ ¹Ù²Ù¾îÁÖ¾î¾ß ÇÔ /etc/sysconfig/network-scripts/ifcfg-eth0 : ³×Æ®¿öÅ© Åë½ÅÀ» Çϱâ À§ÇÑ °¡Àå Áß¿äÇÑ ¼³Á¤ ÆÄÀÏ --> IP¿Í NetMAST, GATEWAY¸¦ ¼³Á¤ÇÒ¼ö ÀÖ´Ù. ¦£¦¡¦¡¦¡¦¡¦¤ ¦¢Àû¿ë¹æ¹ý¦¢ ¦¦¦¡¦¡¦¡¦¡¦¥ [root@sak11 root]# netconfig ¢Ñ ÀÌ ¸í·É¾î¸¦ ÀÌ¿ëÇÏ¿©¼­ ¾ÆÀÌÇÇ¿Í ³Ý¸¶½ºÅ©, DNS¼­¹öÁÖ¼Ò¸¦ º¯°æÇØÁØ´Ù. [root@sak11 root]# /etc/rc.d/init.d/network restart ¢Ñ ³×Æ®¿öÅ©¸¦ Àç½ÃÀÛÇØÁØ´Ù. --> service network restart ´Â À§ÀÇ ¸í·É¾î¿Í µ¿ÀÏÇÑ ¿ªÈ°À» ÇÏÁö¸¸ RedHat °è¿­¿¡¼­¸¸ »ç¿ëµÇ¾î ÃßõÇÏÁö¾ÊÀ½ *********************************************************************** ¦®¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¯ ¦­ÀÎÁõ(Authentication) & Access Control(p.103)¦­ ¦±¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦° ¦£¦¡¦¡¦¡¦¡¦¤ ¦¢°³³äÁ¤¸®¦¢ ¦¦¦¡¦¡¦¡¦¡¦¥ *********************************************************************** ----------------------- ¡Ø Basic Authentication ----------------------- HTTP´Â stateless(ºñ»óÅÂ)ÇÁ·ÎÅäÄÝÀ̹ǷΠ±âº»ÀûÀÎ »ç¿ëÀÚÀÎÁõ¿¡ ÀÇÇØ º¸È£µÇ´Â ÀÚ¿ø¿¡ Á¢±ÙÇϱâ À§Çؼ­´Â ¸Å¹ø »ç¿ëÀÚ À̸§°ú Æнº¿öµå¿Í °°Àº ÀÎÁõ¼­¸¦ ¼­¹ö¿¡ º¸³»¾ß¸¸ ÇÑ´Ù. ÇÏÁö¸¸ Ãʱâ ÀÎÁõÀ» °ÅÄ£ ÈÄ ´Ù¸¥ ÆäÀÌÁö¿¡ Á¢±ÙÇϱâ À§Çؼ­ ¸Å¹ø »ç¿ëÀÚ À̸§°ú Æнº¿öµå¸¦ ¼­¹ö¿¡ Àü¼ÛÇÏ´Â °ÍÀº ÀϹÝÀûÀ¸·Î Ŭ¶óÀ̾ðÆ® ¼ÒÇÁÆ®¿þ¾î³ª À¥ ºê¶ó¿ìÀú¿¡ ÀÇÇؼ­ ÀÚµ¿À¸·Î ÀÌ·ç¾îÁø´Ù. ¸¸¾à »ç¿ëÀÚ À̸§ÀÌ À¥ ¼­¹öÀÇ ¸®½ºÆ®¿¡ ÀÖ°í, Æнº¿öµå°¡ ÀÏÄ¡ÇÏ¸é º¸È£µÈ ÀÚ¿ø¿¡ Á¢±ÙÀ» Çã¶ô ¹Þ°Ô µÈ´Ù. ±âº»ÀûÀÎ ÀÎÁõ¿¡¼­´Â Æнº¿öµå°¡ ¾ÏȣȭµÇ¾î¼­ ÀúÀåµÇÁö¸¸ Ŭ¶óÀ̾ðÆ®¿¡¼­ ¼­¹ö·Î Àü¼ÛµÇ´Â µµÁß¿¡´Â ¾ÏȣȭµÇÁö ¾Ê¾Æ Á¦ 3ÀÚ¿¡ ÀÇÇؼ­ µµÃ»µÉ¼ö ÀÖ´Ù. º¸È£µÈ ÀÚ¿ø¿¡ Á¢¼ÓÇÏ´Â ¸Å ¼ø°£¸¶´Ù ID¿Í Æнº¿öµå°¡ Àü¼ÛµÇ¹Ç·Î telnet, ftpµî ÀÎÁõÀ» ÇÏ´Â ´Ù¸¥ ¼­ºñ½ºº¸´Ù ½±°Ô µµÃ»ÀÌ °¡´ÉÇÏ´Ù. »Ó¸¸ ¾Æ´Ï¶ó ¼­¹ö¿¡¼­ Ŭ¶óÀ̾ðÆ®·Î Àü¼ÛµÇ´Â ¾î¶°ÇÑ µ¥ÀÌÅÍ¿¡ ´ëÇؼ­µµ ¾Ïȣȭ°¡ Á¦°øµÇÁö ¾ÊÀ¸¹Ç·Î ³»¿ëµµ °¡·Îä±â°¡ ¿ëÀÌÇÏ´Ù. µû¶ó¼­ ±â¹Ð¼ºÀÌ Áß¿ä½ÃµÇ´Â À¥ ¼­¹ö¿¡¼­´Â ÀÌ·¯ÇÑ ÀÎÁõÀº ±ÇÀåÇÒ ¼ö ¾ø´Ù. ------------------------ ¡Ø Digest Authentication ------------------------ µÎ ¹ø° ÀÎÁõ ¹æ¹ýÀ¸·Î´Â ´ÙÀÌÁ¦½ºÆ® ÀÎÁõÀÌ Àִµ¥ ±âº»ÀûÀÎ ÀÎÁõ°úÀÇ Â÷ÀÌÁ¡Àº ³×Æ®¿öÅ© µî Àü¼Û·Î »ó¿¡¼­ Æнº¿öµå°¡ Æò¹®À¸·Î Àü¼ÛµÇÁö ¾Ê´Â´Ù´Â Á¡ÀÌ´Ù. Æнº¿öµå´Â MD5¾Ïȣȭ Çؽ¬¸¦ ½ÃŲ ÈÄ Àü¼ÛÇÑ´Ù. ´ÙÀÌÁ¦½ºÆ® ÀÎÁõÀº Æнº¿öµå¸¦ ¾ÏȣȭÇؼ­ Àü¼ÛÇÏ°í´Â ÀÖÁö¸¸ µ¥ÀÌÅÍ´Â Æò¹®À¸·Î Àü¼ÛµÇ¹Ç·Î ¹®Á¦Á¡À» °¡Áö°í ÀÖ°í, ¶ÇÇÑ ¸ðµç À¥ ºê¶ó¿ìÀú°¡ ´ÙÀÌÁ¦½ºÆ® ÀÎÁõÀ» Áö¿øÇÏÁö´Â ¾Ê´Â´Ù´Â ¹®Á¦Á¡ÀÌ ÀÖ´Ù. -------------------------- ¡Ø Database Authentication -------------------------- DBÀÎÁõ ¸ðµâÀº »ç¿ëÀÚ À̸§°ú Æнº¿öµå¸¦ º¸´Ù ½Å¼ÓÇÏ°Ô È®ÀÎ ÇÒ ¼ö ÀÖµµ·Ï ÇÑ´Ù. ¼­¹ö¿¡ ´Ù¼öÀÇ »ç¿ëÀÚ À̸§°ú Æнº¿öµå°¡ ÀúÀåµÇ¾î ÀÖÀ» °æ¿ì »ç¿ëÀÚ°¡ µ¥ÀÌÅÍ¿¡ Á¢±ÙÇϱâ À§ÇÑ ÀÎÁõ°úÁ¤¿¡ ¸¹Àº ½Ã°£ÀÌ ¼Ò¸ðµÉ ¼ö ÀÖ´Ù. ÀÏ¹Ý ÆÄÀÏ ½Ã½ºÅÛÀÌ ¾Æ´Ñ DB¸¦ ÀÌ¿ëÇÒ °æ¿ì »ç¿ëÀÚ À̸§°ú Æнº¿öµå È®ÀÎ ½Ã°£À» ´ë´ÜÈ÷ ´ÜÃàÇÒ ¼ö ÀÖ´Ù. *********************************************************************** ¦£¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢Basic Authentication(p.105) ¦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** # htpasswd -c /usr/local/.passwd admin ¢Ñ -c ¿É¼ÇÀº ÃÖÃÊ »ý¼º¿¡¼­¸¸ »ç¿ëÇÑ´Ù # htpasswd /usr/local/.passwd test ¢Ñ »ç¿ëÀÚ Ãß°¡ÀÇ °æ¿ì´Â -c ¿É¼Ç »ç¿ë¾ÈÇÔ # chmod 640 /usr/local/.passwd # chgrp nobody /usr/local/.passwd # ls -al /usr/local/.passwd -rw-r----- 1 root nobody 43 May 30 14:01 /usr/local/.passwd # cd /usr/local/httpd/htdocs # mkdir basic # cat > basic/index.html

Basic Authentication

¢Ñ »óȲ¿¡¼­ ºüÁ®³ª¿À±â À§Çؼ­´Â Ctrl + D ¸¦ ´­·¯ÁØ´Ù. # vi /usr/local/httpd/conf/httpd.conf ============================================== AuthType Basic AuthName "Welcome to HTB Server" AuthUserFile /usr/local/.passwd Require valid-user ============================================== # apachectl restart --> ¾ÆÆÄÄ¡±îÁö Àç½ÃÀÛÇßÀ¸¸é ¸ðµç ¼³Á¤Àº ³¡³µ´Ù. --> À©µµ¿ì·Î ³Ñ¾î¿Í À¥ºê¶ó¿ìÀú¸¦ ½ÇÇà½ÃÄÑ http://³»¾ÆÀÌÇÇ/basic À¸·Î Á¢¼ÓÇϸé ÀÎÁõâÀÌ ¶ß°ÔµÈ´Ù. *********************************************************************** ¦£¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢Digest Authentication(p.108)¦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** # cd /usr/local/httpd/htdocs # mkdir digest # cat > digest/index.html

Digest Authentication

¢Ñ ¿©±â¿¡¼­ ºüÁ®³ª¿À±â À§Çؼ­´Â Ctrl + D ¸¦ ´­·¯ÁØ´Ù. # htdigest -c /usr/local/.digest tutor admin Adding password for admin in realm tutor. New password: Re-type new password: # htdigest /usr/local/.digest tutor test Adding user test in realm tutor New password: Re-type new password: # htdigest /usr/local/.digest student admin Adding user admin in realm student New password: Re-type new password: # htdigest /usr/local/.digest student test Adding user test in realm student New password: # chmod 640 /usr/local/.digest # chgrp nobody /usr/local/.digest # vi /usr/local/httpd/conf/httpd.conf ============================================== AuthType Digest AuthName "tutor" AuthDigestProvider file AuthUserFile /usr/local/.digest Require valid-user ============================================== # apachectl restart £ª¸¸¾à Á¢±ÙÀ» Çߴµ¥ Internal Server Error °¡ ³­´Ù¸é --> /usr/local/httpd/logs/error_log ¢Ñ ¿¡·¯·Î±×¸¦ È®ÀÎÇؼ­ »ìÆ캼°Í. *********************************************************************** ¦£¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢Á¢±Ù ¼³Á¤Çϱâ(p.112)¦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** ------------------------------------------ ¡Ø ƯÁ¤ IP(´ë¿ª)¸¦ »ç¿ëÇϴ ȣ½ºÆ® Â÷´ÜÇϱâ ------------------------------------------ # vi /usr/local/httpd/conf/httpd.conf ==================================== ¢Ñ ...../htdocs¶ó´Â µð·ºÅ丮¿¡ ´ëÇÑ È¯°æ¼³Á¤À» ÁÖ´Â ºÎºÐÀÌ´Ù. Order Allow,Deny ¢Ñ ÀÌ°÷¿¡ Àд ¼ø¼­¸¦ Á¤ÇÑ´Ù. µÚ¿¡¼­ ºÎÅÍ Àд´Ù. DenyºÎÅÍ Àаí Allow¸¦ Àд´Ù. Deny from 192.168.1 ¢Ñ 192.168.1.xxx IP´ë¿ªÀº ±âº»ÀûÀ¸·Î Á¢±ÙÇÏÁö ¸øÇÏ°Ô ÇÏ¿´´Ù. Allow from all ¢Ñ ±×¿ÜÀÇ IP ´ë¿ªÀº ¸ðµÎ Á¢±ÙÀ» Çã¿ëÇÏ¿´´Ù. ==================================== --> À§ ¼³Á¤Àº 192.168.1.0~254 IP¸¦ »ç¿ëÇϴ ȣ½ºÆ®µéÀº ±âº» DocumentRootÀÎ htdocs ¿¡ Á¢±ÙÇÏÁö ¸øÇÑ´Ù. --> Àд ¼ø¼­°¡ Deny, AllowÀ̱⶧¹®¿¡ ¸ÕÀú DenyÀÇ Á¶°Ç¹®À» »ìÆ캸°í ±×¿¡ ¸Â´Ù¸é ·çƾÀ» ºüÁ®³ª°¡°Ô µÈ´Ù. --> ¸¸¾à ù¹ø° Á¶°ÇÀÎ DenyÀÇ Á¶°ÇÀÌ ¸ÂÁö ¾Ê´Â´Ù¸é ±×´ÙÀ½ Á¶°Ç¹®ÀÎ Allow¸¦ º¸°í Á¶°ÇÀ» ¼öÇàÇÑ´Ù. ------------------------------------------ ¡Ø SSI (Server-Side Include) ¼­¹ö »çÀ̵å¶õ? ------------------------------------------ °£´ÜÇÏ°Ô "À¥ ¼­¹öÃø¿¡¼­ ÇÏ´Â ÀÛ¾÷µé"À̶ó°í ¸»ÇÒ ¼ö ÀÖ´Ù. ¿©±â¼­ ¸»ÇÏ´Â ÀÛ¾÷À̶õ ±¸Ã¼ÀûÀ¸·Î À¥ºê¶ó¿ìÀú(Ŭ¶óÀ̾ðÆ®)¿¡¼­ ³Ñ¾î¿Â ÀڷḦ µ¥ÀÌÅͺ£À̽º¿¡ ÀúÀåÇÑ´ÙµçÁö ¾î¶² ¼öÇÐÀûÀÎ °è»êÀ» ÇÏ¿© °á°ú¸¦ ¸¸µé¾î ³½´Ù´Â °ÍÀ» ÀǹÌÇÑ´Ù. ÀÌ·± ÀÛ¾÷À» ´ã´çÇÏ´Â °ÍÀÌ À¥ ÇÁ·Î±×·¥ÀÌ´Ù. À¥ ÇÁ·Î±×·¥ÀÇ Á¾·ù´Â PHP, ASP, JSP, Perl µîµî.. ÀÌ Á¸ÀçÇÑ´Ù. ƯÁ¤ ÆÄÀÏ¿¡ ´ëÇؼ­µµ Á¢±ÙÀ» Çã¿ëÇϰųª ºÒÇã¿ëÇÒ ¼ö ÀÖ´Ù. ¿¹¸¦ Çϳª µé¾îº¸¸é Á¦·Îº¸µå °ü¸®ÆäÀÌÁö¸¦ µé¾î°¡±â À§Çؼ­´Â admin.php ¸¦ ÅëÇØ¾ß ÇÑ´Ù. # vi /usr/local/apache/conf/httpd.conf ===================================== ¢Ñ ÀÌ·¸°Ô µÇ¸é ÆÄÀÏ¿¡ ´ëÇÑ Á¢±Ù±ÇÇÑÀ» ÁÖ±âÀ§ÇÑ È¯°æ¼³Á¤À» ½ÃÀÛÇÏ´Â ±¸¹®ÀÌ´Ù. Order Deny,Allow ¢Ñ Á¶°ÇÀº Allow(Çã¿ë)¸ÕÀú Àаí, Deny(ºÒÇã)¸¦ Àд´Ù. Deny from all ¢Ñ ¸ðµç »ç¿ëÀÚ´Â Á¢±ÙÀ» ºÒÇã ÇÑ´Ù. Allow from 192.168.1.1 ¢Ñ 192.168.1.1 IP¿¡ ´ëÇؼ­¸¸ Á¢±ÙÀ» Çã¿ëÇÑ´Ù. ===================================== --> À§ÀÇ ¼³Á¤Àº ÇØ´ç IPÀÇ »ç¿ëÀÚ, Áï °ü¸®ÀÚ PC¿¡¼­¸¸ Á¢±ÙÀÌ °¡´ÉÇÏ°í ³ª¸ÓÁö´Â ¸ðµÎ Á¢±ÙÀ» ºÒÇãÇÑ´Ù´Â Á¶°Ç½ÄÀÌ´Ù. *********************************************************************** ¦®¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¯ ¦­Apache Module(p.118)¦­ ¦±¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦° ¦£¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢°³³äÁ¤¸® ¦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** (p.37) ¾ÆÆÄÄ¡ÀÇ ¼³Ä¡ ¹æ½ÄÀº µÎ°¡Áö°¡ ÀÖ´Ù. Çϳª´Â DSO(Dynamic Shared Object) µ¿Àû ¸ðµâÀûÀç¹æ½ÄÀÌ°í Çϳª´Â SO(Static Object) ¶ó°í ÇÏ´Â ¹æ½ÄÀÌ´Ù. DSO ¹æ½ÄÀº ¾ÆÆÄÄ¡¸¦ ¸ÕÀú ÄÄÆÄÀÏÇÏ°í ´Ù¸¥ ¸ðµâµéÀ» Ãß°¡·Î ¼³Ä¡ÇÒ¶§´Â ¾ÆÆÄÄ¡¸¦ Àç ÄÄÆÄÀÏ ÇÏÁö ¾Ê°í ÇÑ ¹ø ¼³Á¤µÇ¾î ÄÄÆÄÀÏ µÈ ¾ÆÆÄÄ¡¸¦ °è¼Ó »ç¿ëÇÏ´Â °ÍÀÌ´Ù. Áï, DSO¹æ½ÄÀº ¾ÆÆÄÄ¡¸¦ ´Ü Çѹø¸¸ ÄÄÆÄÀÏ ÇÑ´Ù´Â °ÍÀÌ´Ù. ÀÌÁ¡Àº °ü¸®, ¼³Ä¡ ¸é¿¡¼­ Ä¿´Ù¶õ ÀåÁ¡ÀÌ´Ù. Static¹æ½ÄÀº ¼³Ä¡ ¸é¿¡¼­ Ãß°¡·Î ¸ðµâÀ» ¼³Ä¡ÇÏ·Á°í ÇÏ¸é ¼³Á¤ ÇÏ·Á´Â ¸ðµâ¸¸ ¼³Á¤ÇÏ°í ÄÄÆÄÀÏ ÇÏ´Â °úÁ¤ÀÌ ÇÊ¿äÇÒ »Ó¸¸ ¾Æ´Ï¶ó ¾ÆÆÄÄ¡ ¶ÇÇÑ ±×¿¡ µû¶ó ÄÄÆÄÀÏÀ» ÇÏ¿©¾ß ÇÑ´Ù. ÀÌ´Â °ü¸®¸é¿¡¼­ ´ÜÁ¡ÀÌ µÉ¼ö ÀÖ´Ù. ¿ì¸®°¡ ¼³Ä¡ÇÒ¶§´Â DSO¹æ½ÄÀ¸·Î ¼³Ä¡¸¦ ÇÏ¿´±â¶§¹®¿¡ ÇÊ¿ä¿¡ µû¶ó¼­ ¸ðµâÀ» ÀûÀçÇÒ¼ö ÀÖ´Ù. ÀûÀçÇÒ¼ö ÀÖ´Â ¸ðµâÁß Áß¿äÇÑ 4°¡Áö¿¡ ´ëÇؼ­ ¾Ë¾Æº¸°Ú´Ù. ------------------------------ ¡Ø mod_rewrite - Á¢±ÙÁ¦¾î °ü·Ã ------------------------------ Rewrite ¼³Á¤Àº Server Config, Virtual Host, Directory, .htaccess¿¡ ¼³Á¤ÇÒ¼ö ÀÖ´Ù. Áï, Apache¼­¹ö Àüü¿¡ Global ¼³Á¤°ú ƯÁ¤ °¡»óÈ£½ºÆ®¿¡¸¸ Àû¿ëÇϵµ·Ï ÇÒ¼ö ÀÖ°í ƯÁ¤ µð·ºÅ丮¿¡¸¸ Àû¿ë½Ãų¼öµµ ÀÖ´Ù. ------------------------------ ¡Ø mod_setenvif - ȯ°æ¼³Á¤ ------------------------------ mod_setenvif¸ðµâÀº ¿äûÀÇ ¼º°ÝÀÌ Á¤±ÔÇ¥Çö½Ä¿¡ ÇØ´çÇÏ´ÂÁö ¿©ºÎ·Î ȯ°æº¯¼ö¸¦ ¼³Á¤ÇÑ´Ù. ¼­¹öÀÇ ´Ù¸¥ºÎºÐÀÌ ÇൿÀ» °áÁ¤ÇÒ ¶§ ÀÌ È¯°æº¯¼ö¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù ¼³Á¤ ÆÄÀÏ¿¡ ³ª¿À´Â ¼ø¼­´ë·Î Áö½Ã¾î¸¦ ó¸®ÇÑ´Ù. ´ÙÀ½ ¿¹Á¦¸¦ º¸¸é ºê¶ó¿ìÀú°¡ MSIE°¡ ¾Æ´Ï¶ó ¸ðÁú¶óÀÎ °æ¿ì netscape¸¦ ¼³Á¤ÇÏ¿© ¿©·¯ Áö½Ã¾î¸¦ ÇÔ²² »ç¿ëÇÒ ¼ö ÀÖ´Â °ÍÀ» º¼ ¼ö ÀÖ´Ù. ============================ BrowserMatch ^Mozilla netscape BrowserMatch MSIE !netscape ============================ ------------------------------ ¡Ø mod_security - ¾ÆÆÄÄ¡ À¥ ¹æÈ­º® ------------------------------ mod_security´Â À¥ ¼­¹ö Â÷¿øÀÇ Ä§ÀÔŽÁö ¹× Â÷´Ü ±â´ÉÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù. mod_security´Â ¸¹Àº directive¸¦ ÀÌ¿ëÇÏ¿© °ü¸®ÀÚ°¡ ¿øÇÏ´Â ±â´ÉÀ» ¼³Á¤Çϰųª Á¦¾îÇÒ ¼ö ÀÖµµ·Ï Á¦°øÇÏ°í ÀÖ´Ù ------------------------------ ¡Ø mod_ssl - À¥ µ¥ÀÌÅÍ Åë½Å ¾Ïȣȭ ------------------------------ mod_sslÀº Apache À¥ ¼­¹ö¿¡ »ç¿ëµÇ´Â º¸¾È ¸ðµâÀÌ´Ù. mod_sslÀº OpenSSL ÇÁ·ÎÁ§Æ®¿¡¼­ Á¦°øµÈ µµ±¸¸¦ »ç¿ëÇÏ¿© ApacheÀ¥ ¼­¹ö¿¡ ¸Å¿ì Áß¿äÇÑ ±â´ÉÀÎ Åë½ÅÀ» ¾Ïȣȭ ÇÏ´Â ±â´ÉÀ» Ãß°¡ÇÑ´Ù. ¹Ý¸é¿¡ ÀÏ¹Ý HTTP¸¦ »ç¿ëÇÑ ºê¶ó¿ìÀú¿Í À¥ ¼­¹ö »çÀÌÀÇ Åë½ÅÀº Æò¹®(plaintext)ÇüÅ·ΠÀü¼ÛµÇ±â ¶§¹®¿¡ ºê¶ó¿ìÀú¿Í ¼­¹ö »çÀÌ °æ·Î¿¡¼­ ´Ù¸¥ »ç¶÷ÀÌ °¡·Îä°Å³ª ÀÐÀ» °¡´É¼º ÀÌ ÀÖ´Ù. mod_sslÀÌ »ç¿ëÇÏ´Â ÇÁ·ÎÅäÄÝÀº SSL(Secure Sockets Layer)¿Í TLS(Transport Layer Security)ÀÌ´Ù. ¼³Á¤ ÆÄÀÏÀº /usr/local/httpd/conf/ssl.conf ÀÌ°í ÀÌ ÆÄÀÏÀ» À¥ ¼­¹ö°¡ ½ÇÇà µÉ¶§ Àбâ À§Çؼ­ httpd.conf ÆÄÀϾȿ¡ ´ÙÀ½°ú °°Àº ¶óÀÎÀÌ ÀÖ¾î¾ß ÇÑ´Ù. ================================ Include conf/ssl.conf ================================ ¡Ø CA·Î ºÎÅÍ ÀÎÁõ¼­¸¦ ¹ß±Þ¹Þ´Â ÀýÂ÷ (p.138) £ª ¾Ïȣȭ °³ÀÎ Å°¿Í °ø°³ Å° ½ÖÀ» »ý¼ºÇÑ´Ù. £ª °ø°³Å°¿¡ ±âÃÊÇÑ ÀÎÁõ ¿ä±¸¼­¸¦ »ý¼ºÇÕ´Ï´Ù. ÀÎÁõ¿ä±¸¼­¿¡´Â ¿©·¯ºÐÀÇ ¼­¹ö¿Í ¼­¹ö¸¦ È£½ºÆÃÇϴ ȸ»ç¿¡ ´ëÇÑ Á¤º¸¸¦ ±âÀÔÇÑ´Ù. £ª »ç¿ëÀÚÀÇ ½Å¿øÀ» ÀÔÁõÇÏ´Â ¹®¼­¿Í ÇÔ²² ÀÎÁõ ¿ä±¸¼­¸¦ CA·Î º¸³½´Ù. £ª CA¸¦ ¼±ÅÃÇÑ ÈÄ ÀÎÁõ¼­¸¦ ¹ß±Þ¹Þ±â À§ÇÏ¿© ÇØ´ç CA°¡ Á¦°øÇÏ´Â Áö½Ã »çÇ׿¡ µû¶ó ó¸®ÇÑ´Ù. £ª ½Å¿øÀ» È®ÀÎ ÈÄ CA´Â µðÁöÅÐ ÀÎÁõ¼­¸¦ º¸³»ÁØ´Ù. £ª ¹ß±Þ¹ÞÀº ÀÎÁõ¼­¸¦ º¸¾È ¼­¹ö¿¡ ¼³Ä¡ÇÏ°í ¼³Ä¡°¡ ¿Ï·áµÇ¸é º¸¾È Æ®·£Àè¼Ç(transaction)À» ½ÃÀÛÇÒ ¼ö ÀÖ´Ù. £ª CA¿¡¼­ ÀÎÁõ¼­¸¦ ¹ß±Þ¹Þ°Å³ª ÀÚü ¼­¸í ÀÎÁõ¼­¸¦ »ý¼ºÇÏ°Ç °¡Àå ¸ÕÀú ÇÒÀÏÀº Å°¸¦ »ý¼ºÇÏ´Â °ÍÀÌ´Ù *********************************************************************** ¦£¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢¼³Á¤Çϱ⠦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** ------------------------------ £ª mod_rewrite - Á¢±ÙÁ¦¾î °ü·Ã ------------------------------ (¹®Á¦) httpd.conf, access_log, error_log, /bin, /sbin, /etc ±¸¹®ÀÌ µé¾î°£ °Í¿¡ ´ëÇÑ Á¢±ÙÀ» °ÅºÎÇÏ´Â ¼³Á¤ (´ä) rewrite ¸ðµâÀ» ÀÌ¿ëÇÑ Á¦ÇÑ RewriteEngine On RewriteLog /usr/local/httpd/logs/rewrite.log RewriteLogLevel 9 RewriteRule httpd\.conf|access_log|error_log|/bin|/sbin|/etc - [F] ¸ðµâÀ» È°¼ºÈ­ ½ÃÅ°°í, ·Î±×¸¦ /usr/local/httpd/logs/rewrite.log¿¡ ³²±â°í ·Î±×ÀÇ ·¹º§Àº 9, http.conf, access_log, error_log, /bin, /sbin, /etc°¡ µé¾î°¡¸é forbidden¸Þ½ÃÁö¸¦ ¹ÝȯÇÏ°í À§¿¡ µû¸¥´Ù. ------------------------------ £ª mod_setenvif - ȯ°æ¼³Á¤ ------------------------------ SetEnvIf Request_URI "\.gif$" object ¢Ñ Á¤±ÔÇ¥Çö½Ä W. À̹ǷΠȮÀåÀÚ°¡ .gifÀÎ ÆÄÀÏÀ» ¸»ÇÔ SetEnvIf Request_URI "\.jpg$" object ¢Ñ È®ÀåÀÚ°¡ .jpgÀÎ ÆÄÀÏÀ» ¸»ÇÔ SetEnvIf Request_URI "\.bmp$" object ¢Ñ È®ÀåÀÚ°¡ .bmpÀÎ ÆÄÀÏÀ» ¸»ÇÔ SetEnvIf Request_URI "\.png$" object ¢Ñ È®ÀåÀÚ°¡ .pngÀÎ ÆÄÀÏÀ» ¸»ÇÔ CustomLog logs/access_log common env=!object ¢Ñ À§ÀÇ ¿ÀºêÁ§Æ®(°´Ã¼)µéÀÌ ¾Æ´Ò°æ¿ì ·Î±×¸¦ ³²°Ü¶ó ------------------------------ £ª mod_security - ¾ÆÆÄÄ¡ À¥ ¹æÈ­º® ------------------------------ # cd /usr/local/src ¢Ñ ´Ù¿î·Îµå µð·ºÅ丮·Î À̵¿ÇÑ´Ù # wget http://www.modsecurity.org/download/modsecurity-apache_2.1.7.tar.gz # wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.7.tar.gz # tar zxvf pcre-7.7.tar.gz # cd pcre-7.7 # ./configure && make && make install # cd /usr/local/src # tar xvfz modsecurity-apache_2.1.7.tar.gz # cd modsecurity-apache_2.1.7 # ls CHANGES LICENSE README.TXT apache2 doc modsecurity.conf-minimal rules # cd apache2/ # vi Makefile =============================== top_dir = /usr/local/httpd =============================== # make # ls # make install # ls /usr/local/httpd/modules/ httpd.exp libphp5.so mod_security2.so # vi /usr/local/httpd/conf/httpd.conf =============================== 54¹ø° ¶óÀÎ Á¤µµ¸¦ ¼öÁ¤Çϵµ·Ï ÇÑ´Ù. LoadModule security2_module modules/mod_security2.so LoadFile /usr/local/lib/libxml2.so =============================== # cp /usr/local/src/modsecurity-apache_2.1.7/modsecurity.conf-minimal /usr/local/httpd/conf/modsecurity.conf # vi /usr/local/httpd/conf/httpd.conf =============================== °¡Àå ¾Æ·¡ºÎºÐ¿¡ ¾Æ·¡ÀÇ ±¸¹®À» ³Ö¾îÁØ´Ù. ÀÌ´Â modsecurity ȯ°æ¼³Á¤ÆÄÀÏÀ» Æ÷ÇÔÇÑ´Ù´Â ³»¿ëÀÌ´Ù. Include conf/modsecurity.conf =============================== # apachectl restart ¢Ñ ´Ù µÇ¾ú´Ù¸é ÀÌ¿Í °°ÀÌ ¾ÆÆÄÄ¡¸¦ Àç½ÃÀÛÇÑ´Ù. ------------------------------ £ª mod_ssl - À¥ µ¥ÀÌÅÍ Åë½Å ¾Ïȣȭ ------------------------------ # cd /usr/share/ssl/certs # vi Makefile ================================================ 51 KEY=/usr/local/httpd/conf/ssl.key/server.key ¢Ñ °æ·Î¸¦ ¾ÆÆÄÄ¡¼³Ä¡Çß´ø °æ·Î·Î ¼öÁ¤ÇÑ´Ù. 52 CSR=/usr/local/httpd/conf/ssl.csr/server.csr ¢Ñ °æ·Î¸¦ ¾ÆÆÄÄ¡¼³Ä¡Çß´ø °æ·Î·Î ¼öÁ¤ÇÑ´Ù. 53 CRT=/usr/local/httpd/conf/ssl.crt/server.crt ¢Ñ °æ·Î¸¦ ¾ÆÆÄÄ¡¼³Ä¡Çß´ø °æ·Î·Î ¼öÁ¤ÇÑ´Ù. ================================================ # mkdir /usr/local/httpd/conf/ssl.key ¢Ñ ÀÎÁõÅ° Æú´õ »ý¼º # mkdir /usr/local/httpd/conf/ssl.csr ¢Ñ ÀÎÁõ¿ä±¸¼­ Æú´õ »ý¼º # mkdir /usr/local/httpd/conf/ssl.crt ¢Ñ ÀÎÁõ¼­ Æú´õ »ý¼º # make genkey # ls -al /usr/local/httpd/conf/ssl.key/server.key # make certreq # ls -al /usr/local/httpd/conf/ssl.csr/server.csr # make testcert # ls -al /usr/local/httpd/conf/ssl.crt/server.crt # vi /usr/local/httpd/conf/extra/httpd-ssl.conf ================================================ 99 SSLCertificateFile "/usr/local/httpd/conf/ssl.crt/server.crt" 107 SSLCertificateKeyFile "/usr/local/httpd/conf/ssl.key/server.key" ================================================ # vi /usr/local/httpd/conf/httpd.conf ================================================ 401 # Secure (SSL/TLS) connections 402 Include conf/extra/httpd-ssl.conf ¢Ñ ÀÎŬ·çµå ½ÃÄÑÁÜ, ¾ÕºÎºÐ #Ç¥½Ã »èÁ¦ ================================================ # apachectl restart ¸¸¾à ½ÇÇàÀÌ ¿Ã¹Ù¸£°Ô µÈ´Ù¸é Æнº¿öµå ±¸¹®À» ¹°¾îº¼ °ÍÀÌ´Ù. ¹°¾îº¸Áö ¾Ê´Â´Ù¸é ¿©·¯¹ø ¾ÆÆÄÄ¡¸¦ Àç½ÃÀÛÇÑ´Ù. ½ÇÇàÀÌ ¿Ã¹Ù¸£°Ô µÇ¾î Æнº¿öµå ±¸¹®À» ¹°¾îº»´Ù¸é À§¿¡¼­ ºÃ´ø make genkey ÇÒ¶§ ½è´ø Æнº¿öµå¸¦ ³Ö¾îÁØ´Ù. À¥ÆäÀÌÁö¿¡¼­ SSL Á¢¼ÓÀ» ¾Ë¾Æº¸±â À§ÇØ https://À¥¼­¹öÀÇ IP/ ÀÔ·Â SSLÀ» ¿Ã¹Ù¸£°Ô ¼³Á¤ÇÏ¿© À¥ºê¶ó¿ìÀú¿¡¼­ È®Àεµ ³¡³µ´Ù¸é ¸®´ª½º¸¦ Àç½ÃÀÛ Çغ¸ÀÚ. Àç½ÃÀÛ ÇÏ¸é ºÎÆà °úÁ¤¿¡¼­ start HTTP ¿¡¼­ Ä¿¼­°¡ ¸ØÃß¾î ´ÙÀ½ ºÎÆðúÁ¤À¸·Î ³Ñ¾î°¡Áö ¾Ê´Â°É º¼ ¼ö ÀÖ´Ù. °Å±â¼­´Â À§¿¡¼­ make genkey ¿¡¼­ Á¤ÇÑ Æнº¿öµå ±¸¹®À» ³Ö¾îÁÖ¸é ´ÙÀ½ ºÎÆðúÁ¤À¸·Î À̵¿ÇÏ°Ô µÈ´Ù. *********************************************************************** ¦®¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¯ ¦­¼­¹ö ¸ð´ÏÅ͸µ ¹× ·Î±×°ü¸®(p.151)¦­ ¦±¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦° ¦£¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢°³³äÁ¤¸® ¦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** --------------------------- ¡Ø Server Monitoring (p.151) --------------------------- ¡Ø mod_status.c - ¿äûÀ» ¼­ºñ½ºÇÏ´Â workerÀÇ °³¼ö - ½¬°í ÀÖ´Â(idle)workerÀÇ °³¼ö - °¢ workerµéÀÇ »óÅÂ, worker°¡ ó¸®ÇÑ ¿äûÀÇ °³¼ö¿Í worker°¡ ¼­ºñ½ºÇÑ Àüü ¹ÙÀÌÆ®¼ö - ÃÑ Á¢±Ù Ƚ¼ö¿Í ¼­ºñ½ºÇÑ ¹ÙÀÌÆ®¼ö - ¼­¹ö°¡ ½ÃÀÛ È¤Àº Àç½ÃÀÛÇÑ ½Ã°£°ú µ¿ÀÛÇÑ ½Ã°£ - ÃÊ´ç ¿äû¼ö Æò±Õ, ÃÊ´ç ¼­ºñ½ºÇÑ ¹ÙÀÌÆ®¼ö¿Í ¿äû´ç ¹ÙÀÌÆ® ¼ö Æò±Õ - ÇöÀç ¾ÆÆÄÄ¡ Àüü¿Í °¢ workerµéÀÇ CPUºñÀ² - ÇöÀç ó¸®ÇÏ°í Àִ ȣ½ºÆ®¿Í ¿äû --------------------------- ¡Ø acces_log (p.155) - /usr/local/httpd/logs/access_log --------------------------- À¥ ¼­¹öÀÇ Á¢¼Ó·Î±×ÀÎ access_log¿¡´Â CLF(Common Log Format) ±âº»Æ÷¸ËÀ¸·Î ³»¿ëÀÌ ÀúÀåµÇ¾î Áø´Ù. µÚ¿¡¼­ ´Ù·ç°Ô µÉ CustomLog¿¡ ÀÇÇØ µû·Î ·Î±× Æ÷¸ËÀÌ ÁöÁ¤µÇ¾î ÁöÁö ¾ÊÀ¸¸é ¹Ù·Î ÀÌ°ÍÀ» »ç¿ëÇÑ´Ù´Â °ÍÀ̸ç, ´ëºÎºÐÀÇ À¥¼­¹ö´Â ÀÌ ¹æ½ÄÀ» Ç¥ÁØÀ¸·Î »ç¿ëÇÏ°í ÀÖ´Ù. CLFÀÇ ±âº»Æ÷¸ËÀº °¢ Ŭ¶óÀ̾ðÆ® ¿äû¿¡ ÇÑ ¶óÀÎÀ¸·Î ±¸¼ºµÇ¾î ÀÖÀ¸¸ç, °¢ ¶óÀÎÀº °ø¹é¿¡ ÀÇÇØ 7°³ÀÇ ¾ÆÀÌÅÛÀ¸·Î ±¸ºÐµÇ¾î Áø´Ù. ======================================================================================================== host ident authuser date request status bytes Host Ŭ¶óÀ̾ðÆ®ÀÇ È£½ºÆ®À̸§À̳ª IP Address Ident IdentityCheck°¡ enable µÇ¾î ÀÖ°í, Ŭ¶óÀ̾ðÆ®°¡ ident¿¡ ÀÀ´äÀ» º¸³»¸é identityÁ¤º¸¸¦ ³²±â°Ô µÇ¸ç, º¸ÅëÀº "-"·Î ´ëüµÈ´Ù. Authuser ÀÎÁõÀÌ ÀÖÀ» °æ¿ì ¿©±â¿¡ »ç¿ëÀÚ À̸§ÀÌ ±â·ÏµÇ°Ô µÇ¸ç, ±×·¸Áö ¾ÊÀ» °æ¿ì "-"·Î ´ëü µÈ´Ù. Date Á¢¼ÓÇÑ ½Ã°£°ú ³¯Â¥¸¦ ³ªÅ¸³»¸ç, Æ÷¸ËÀº ´ÙÀ½°ú °°´Ù. ³¯Â¥Æ÷¸Ë = [day/month/year:hour:minute:second zone] Request Ŭ¶óÀ̾ðÆ®°¡ ¿äûÇÑ ÀÚ·á Status ¿äûÇÑ °Í¿¡ ´ëÇÑ ¼­¹öÀÇ Ã³¸®»çÇ×À¸·Î »óÅÂÄÚµå¶ó ÇÑ´Ù. Bytes Çì´õ¸¦ Á¦¿ÜÇÑ Àü¼ÛµÈ Byte ¾ç ex) 203,251.189.47 - - [03/Aug/2000:21:56:55 +0900] "GET /doc/images/sub.gif HTTP/1.1" 200 6083 ======================================================================================================== ¡Ø ErrorDocument(¿¡·¯ ´ÙÅ¥¸àÆ®) ¼³Á¤Çϱâ(º¸¾È»ó Áß¿ä) ¾ÆÆÄÄ¡ ¸ÞÀÎȯ°æ¼³Á¤ ÆÄÀÏÀ» º¯°æÇØÁØ´Ù. [root@sak11 htdocs]# vi /usr/local/httpd/conf/httpd.conf ============================================================================ 353 #ErrorDocument 500 "The server made a boo boo." ¢Ñ 500 ¿¡·¯°¡ ³¯¶§´Â ÀÌ¿Í °°Àº ¸Þ¼¼Áö¸¦ Ãâ·ÂÇ϶ó. 354 #ErrorDocument 404 /missing.html ¢Ñ ÀÀ´ä(»óÅÂ)Äڵ尡 404(¾ø´Â ÆäÀÌÁö)ÀÏ °æ¿ì /missing.htmlÀ» º¸¿©Áö°Ô Çضó. 355 #ErrorDocument 404 "/cgi-bin/missing_handler.pl" 356 #ErrorDocument 402 http://www.example.com/subscription_info.html ============================================================================ --------------------------- ¡Ø error_log (p.161) - /usr/local/httpd/logs/error_log --------------------------- Apache À¥¼­¹öÀÇ Áø´Ü Á¤º¸ ¹× ¿äû ó¸® °úÁ¤¿¡¼­ ¹ß»ýµÇ´Â °¢Á¾ ¿¡·¯¿¡ ´ëÇÑ ±â·ÏÀ» ³²±â´Â error_log´Â ErrorLog Áö½ÃÀÚ¿¡ ÀÇÇؼ­ À§Ä¡¿Í À̸§ÀÌ Á¤ÇØÁø´Ù. ºñÁ¤»óÀûÀÎ À¥¼­¹öÀÇ Á¾·áµî°ú °°Àº ¹®Á¦°¡ ¹ß»ýµÇ¾úÀ» °æ¿ì °¡Àå ¸ÕÀú error-logÀÇ ºÐ¼®ÀÌ ÇÊ¿äÇÏ´Ù. °¢Á¾ ¼³Á¤À» º¯°æÇϸ鼭 ¹ß»ýµÇ¾ú´ø ¹®Á¦µéµµ error_log¸¦ ÅëÇØ ÇØ°áÇÒ¼ö ÀÖ¾ú´Ù. ¼³Á¤À» º¯°æÇÏ¿© À¥ ¼­¹ö¸¦ Å×½ºÆ®ÇÒ¶§¿¡´Â ´ÙÀ½ ¸í·ÉÀ¸·Î error_logÀÇ ³»¿ëÀ» ½Ç½Ã°£À¸·Î ¸ð´ÏÅ͸µ ÇÒ¼ö ÀÖ´Ù. # tail -f /usr/local/httpd/logs/error_log ¢Ñ tail -f ´Â ½Ç½Ã°£À¸·Î Refrash ½ÃÄѼ­ ¿¡·¯·Î±×¸¦ Ãâ·ÂÇØÁØ´Ù --------------------------- ¡Ø Log Rotation (p.164) --------------------------- À¥ ¼­¹ö¸¦ ¿î¿µÇϸ鼭 °Þ´Â ¹®Á¦ÁßÀÇ Çϳª°¡ ¹Ù·Î °è¼Ó Áõ°¡µÇ´Â ·Î±× ÆÄÀÏÀÌ´Ù. ÇÑ ÆÄÀÏÀÇ ¿ë·®ÀÌ Ä¿Áö¸é °ü¸®ÇϱⰡ Èûµé¾îÁö°í ´õºÒ¾î µð½ºÅ©ÀÇ °ø°£ ³¶ºñ ¹× ¾ÆÆÄÄ¡ LoggingÇÁ·Î¼¼½º·Î ÀÎÇÑ ºÎÇÏÁõ°¡ µî ºñÈ¿À²ÀûÀÎ ¸éÀÌ ÀûÁö ¾Ê´Ù. ´ëºÎºÐÀÇ »ç¶÷µéÀÌ ÀÌ·¯ÇÑ ¹®Á¦¸¦ ÇØ°áÇϱâ À§ÇØ ½ÃµµÇÏ´Â °ÍÁßÀÇ Çϳª°¡ ·Î±×ÆÄÀÏÀÇ À̵¿À̳ª ¶Ç´Â »èÁ¦ÀÌ´Ù. ±×·¯³ª, ÀÌ·¯ÇÑ ÀÛ¾÷Àº Á¦´ë·Î ÀÛµ¿ÇÏÁö ¾Ê´Â´Ù. ÀÌÀ¯ÀÎÁï, ¾ÆÆÄÄ¡´Â ·Î±×ÆÄÀÏÀÌ ¿Å°ÜÁö±â Àü¿¡ °°Àº ¿ÀÇÁ¼ÂÀÇ ·Î±×ÆÄÀÏ¿¡ °è¼Ó ±â·ÏÇϱ⠶§¹®À̸ç, ´ÙÀ½°ú °°Àº ¿Ã¹Ù¸¥ ¼ø¼­¸¦ µû¶ó¾ß¸¸ ¾ÆÆÄÄ¡´Â »õ·Î¿î ·Î±×ÆÄÀÏÀ» Àç ¿ÀÇ ÇÒ °ÍÀÌ´Ù. # mv access_log access_log.old ¢Ñ ¿¢¼¼½º·Î±×ÀÇ À̸§À» .old¸¦ ºÙ¿©¼­ ¹Ù²Û´Ù. # mv error_log error_log.old ¢Ñ ¿¡·¯·Î±×ÀÇ À̸§À» .old¸¦ ºÙ¿©¼­ ¹Ù²Û´Ù # apachectl graceful ¢Ñ gracefulÀº ±âÁ¸ÀÇ Á¢¼Ó(¼¼¼Ç)À» À¯ÁöÇÑä·Î ¾ÆÆÄÄ¡ ȯ°æ¼³Á¤¸¸ ¸®·Îµå(À籸µ¿) ½ÃŲ´Ù. # sleep 600 ¢Ñ 600ÃÊ µ¿¾È Àá½Ã ´ë±â½ÃŲ´Ù. # gzip access_log.old error_log.old ¢Ñ gzip ¸í·É¾î·Î ·Î±×¸¦ ¾ÐÃàÇÑ´Ù ------------------------------ ¡Ø Log Analysis (p.167) - ·Î±×ºÐ¼® ------------------------------ À¥ »çÀÌÆ®¿¡ ¹æ¹®ÇÑ »ç¿ëÀÚµéÀÇ Á¤º¸´Â CLF(Common Log Format)¶Ç´Â »ç¿ëÀÚ¿¡ ÀÇÇØ ÁöÁ¤µÈ Æ÷¸ËÀ» ±â¹ÝÀ¸·Î ÀúÀåµÈ´Ù. ÀÌ·¯ÇÑ ·Î±×ÆÄÀϷκÎÅÍ À¯¿ëÇÑ Á¤º¸¸¦ ¾ò¾î³»±â À§Çؼ­´Â µÎ °¡ÁöÀÇ Á¢±Ù¹æ¹ýÀ» °¡Áú ¼ö ÀÖ´Ù. ù°´Â, »ç¿ëÀÚ Àڽſ¡ ÀÇÇؼ­ ·Î±×ÆÄÀÏ¿¡¼­ ÇÊ¿äÇÑ Á¤º¸¸¸À» ÃßÃâÇÏ´Â °Í°ú, »ç¶÷ÀÇ ¼Õ¿¡ ÀÇÇÑ °ÍÀÌ ¾Æ´Ñ ÀÚµ¿È­µÈ ·Î±×ºÐ¼® ÇÁ·Î±×·¥À» ÀÌ¿ëÇÏ´Â °ÍÀÌ´Ù. ·Î±×ºÐ¼®À» ÀÌÇØÇϱâ Àü¿¡ ÇÑ°¡Áö ¹Ù·Î ¾Ë°í ³Ñ¾î°¡¾ß ÇÒ °ÍÁßÀÇ Çϳª°¡ È÷Æ®(hit)¿Í ÆäÀÌÁö ºä(pageview)ÀÌ´Ù. ÀÌ°ÍÀº µÎ Àǹ̸¦ °®´Â °ÍÀ¸·Î »ý°¢ÇÒ ¼öµµ ÀÖÀ¸³ª ºÐ¸íÇÑ Â÷ÀÌÁ¡ÀÌ ÀÖ´Ù. È÷Æ®´Â À¥ ¼­¹ö¿¡¼­ ¹ÞÀº ¸ðµç ¿äû°úµµ °°´Ù. ÆäÀÌÁö »ó¿¡ Æ÷ÇÔµÈ À̹ÌÁö, »ç¿îµåÆÄÀÏ, ±×¸®°í ±âŸ ¸ðµç °ÍµéÀÌ ÇϳªÀÇ È÷Æ®·Î¼­ °£ÁֵǾîÁö¸ç, ÀÌ¿Í ´Þ¸® ÆäÀÌÁöºä´Â Á»´õ Á¤È®ÇÏ°Ô ÀüüÀÇ °¢ ºÎºÐÀÌ ¾Æ´Ï¶ó ÆäÀÌÁö Àüü¸¦ Çϳª·Î º»°ÍÀ̶ó ÀÌÇØÇÏ¸é µÈ´Ù. ·Î±×¸¦ ºÐ¼®ÇÏ´Â ÇÁ·Î±×·¥Àº ´ÙÀ½°ú °°´Ù. ¿ì¸®°¡ ½Ç½ÀÇÒ ÇÁ·Î±×·¥Àº Webalizer ÀÌ´Ù. Webalizer - http://www.webalizer.com Analog - http://www.analog.cx ReportMagic - http://www.reportmagic.org HTTP-analyze - http://www.netstor.de/Supply/http-analyze/index.html *********************************************************************** ¦£¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢¼³Á¤Çϱ⠦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** --------------------------- Server Monitoring (p.151) --------------------------- status ¸ðµâÀº ¼­¹ö °ü¸®ÀÚ¿¡°Ô ¼­¹öÀÇ »óŸ¦ º¸¿©ÁØ´Ù. À̸ðµâÀº ¾ÆÆÄÄ¡ ¼³Ä¡½Ã ±âº»ÀûÀ¸·Î ¼³Ä¡°¡ µÇ´Â ¸ðµâÀÌ´Ù. ÇöÀç ¼³Ä¡µÈ ¸ðµâ È®ÀÎÀº ´ÙÀ½°ú °°ÀÌ ÇÒ ¼ö ÀÖ´Ù. # httpd -l ÀÌ¹Ì ¸ðµâÀÌ µ¿ÀÛÇÏ°í Àֱ⠶§¹®¿¡ »ç¿ë¸¸ ÇÏ¸é µÈ´Ù. [root@sak11 certs]# vi /usr/local/httpd/conf/httpd.conf ======================================= 275 276 SetHandler server-status 277 Order Deny,Allow 278 Deny from all 279 Allow from 192.168.10.13 280 ======================================= À§¿Í °°ÀÌ Ãß°¡ÇØÁÖ°í [root@sak11 certs]# apachectl restart httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName À¥ ºê¶ó¿ìÀú¿¡¼­ http://192.168.10.93/server-status ¸¦ ÀÔ·ÂÇÏ¸é º¼¼ö°¡ ÀÖ´Ù ºê¶ó¿ìÀú°¡ Àç°»½ÅÀ» Áö¿øÇÑ´Ù¸é status ÆäÀÌÁö¸¦ ÀÚµ¿À¸·Î °»½ÅÇÒ ¼ö ÀÖ´Ù. http://192.168.10.93/server-status?refresh=N ------------------------------ Log Analysis (p.167) - ·Î±×ºÐ¼® ------------------------------ -------- ¼³Ä¡Çϱâ -------- (1) zlib-±×·¡ÇÈ ÆÄÀÏÀÇ ¾ÐÃàÀ» À§ÇÑ zlib ¼³Ä¡, ¼³Ä¡µÇ¾î ÀÖ¾úÀ½(¼³Ä¡ ¾ÈµÇ¾úÀ» °æ¿ì ½ÇÇà) # wget http://ftp.superuser.co.kr/pub/etc/zlib-1.2.1.tar.gz # tar zxf zlib-1.2.1.tar.gz # mv ./zlib-1.2.1/ /usr/local/zlib # cd /usr/local/zlib # ./configure # make && make install (2) libpng ¼³Ä¡ - zlib°¡ ¸¸µç ±×·¡ÇÈ ÆÄÀÏÀ» PNG Æ÷¸ËÀ¸·Î º¯ÇüÇÏ´Â libpng ¼³Ä¡ # wget http://netmirror.org/mirror/ghostscript/3rdparty/libpng-1.0.8.tar.gz # tar zxf libpng-1.0.8.tar.gz # mv ./libpng*/ /usr/local/libpng/ # cd /usr/local/libpng # cp scripts/makefile.std makefile # make test # make install (3) gd ¼³Ä¡ - ±×·¡ÇÈ ÆÄÀÏÀ» ¸¸µå´Â gd ¼³Ä¡ # wget http://www.boutell.com/gd/http/gd-1.8.3.tar.gz # tar zxf gd-1.8.3.tar.gz # mv ./gd*/ /usr/local/gd/ # cd /usr/local/gd # make && make install (4) webalizer ¼³Ä¡ - ±×·¡ÇÈ È¯°æÀ¸·Î ³×Æ®¿öÅ©¿Í À¥ ¼­¹öÀÇ »óŸ¦ È®ÀÎÇÒ ¼ö ÀÖ´Â ¸ð´ÏÅ͸µ Åø # wget http://ftp.superuser.co.kr/pub/weblog/webalizer/webalizer-2.01-10-src.tar.bz2 # tar jxf webalizer-2.01-10-src.tar.bz2 # cd webalizer-2.01-10 # mkdir /usr/local/man # mkdir /usr/local/man/man1 # ./configure # make && make install -------- »ç¿ëÇϱâ -------- # webalizer /usr/local/httpd/logs/access_log # mkdir /usr/local/httpd/htdocs/usage # mv /etc/webalizer.conf.sample /etc/webalizer.conf # vi /etc/webalizer.conf ===================================================== 28¶óÀÎ LogFile /usr/local/httpd/logs/access_log <- °æ·Î º¯°æ 36¶óÀÎ LogType clf <- ÁÖ¼®Á¦°Å 42¶óÀÎ OutputDir /usr/local/httpd/htdocs/usage <- °æ·Î º¯°æ 52¶óÀÎ HistoryName webalizer.hist <- ÁÖ¼®Á¦°Å 83¶óÀÎ ReportTitle Usage Statistics for <- ÁÖ¼®Á¦°Å 94¶óÀÎ HostName localhost <- ÁÖ¼®Á¦°Å ===================================================== ¸ðµÎ ¼öÁ¤ÇÏ¿´´Ù¸é ÀúÀåÇÏ°í ³ª¿Â´Ù. # webalizer -c /etc/webalizer.conf ½ÇÇà½Ã access_log ÆÄÀÏ¿¡ ³»¿ëÀÌ ½×¿© ÀÖ¾î¾ß ÇÑ´Ù. ÀÌ È­¸éÀ» º¼½Ã¿¡´Â http://À¥¼­¹öIP/usage ¸¦ ½á³ÖÀ¸¸é µÇ°í ÀÌ ·Î±×ÇöȲÀº ¾Æ¹«³ª º¸¸é ¾ÈµÇ±â ¶§¹®¿¡ ÀÎÁõ°úÁ¤°ú Á¢±ÙÁ¦¾î¸¦ °ÅÃÄ¾ß ÇÑ´Ù.(Basic,Digest) *********************************************************************** ¦®¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¯ ¦­Mail Server ¼³Ä¡Çϱâ(P.171) ¦­ ¦±¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦° ¦£¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢°³³äÁ¤¸® ¦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** ´ÙÀ½Àº ÀÎÅÍ³Ý ¸ÞÀÏ ½Ã½ºÅÛÀÇ Çٽɿä¼Òµé¿¡ ´ëÇÑ °£´ÜÇÑ ¼³¸íÀÌ´Ù. MTA(Mail Transfer Agent) - ÀÎÅÍ³Ý»ó¿¡ ÀÖ´Â ÇϳªÀÇ ÄÄÇ»ÅͷκÎÅÍ ´Ù¸¥ ÄÄÇ»ÅÍ·Î ÀüÀÚ¸ÞÀÏÀ» Àü¼ÛÇÏ´Â ¼­¹ö ÇÁ·Î±×·¥ MUA(Mail Use Agent) - »ç¿ëÀÚ°¡ ÀüÀÚ ¸ÞÀÏÀ» ¼Û¼ö½ÅÇÒ ¶§ »ç¿ëÇϴ Ŭ¶óÀ̾ðÆ® ÇÁ·Î±×·¥ MDA(Mail Delivery Agent) - ¸Þ½ÃÁö¸¦ »ç¿ëÀÚÀÇ ¿ìÆíÇÔ¿¡ ¾²±â À§ÇØ MTA°¡ »ç¿ëÇÏ´Â ÇÁ·Î±×·¥ MRA(Mail Retrieval Agent) - ¿ø°ÝÁö ¼­¹ö¿¡ ÀÖ´Â ¿ìÆíÇÔÀ¸·ÎºÎÅÍ »ç¿ëÀÚÀÇ MUA·Î ¸Þ½ÃÁö¸¦ °¡Á®¿À´Â ÇÁ·Î±×·¥ *********************************************************************** ¦£¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢¼³Ä¡Çϱ⠦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** ---------------------- Sendmail ¼³Ä¡ ¹× ¿î¿ë ---------------------- SendmailÀº ÇöÀç °¡Àå ¸¹ÀÌ »ç¿ëÇÏ´Â MTAÀÌ´Ù. ½Ã½ºÅÛ¿¡¼­ »ç¿ëµÇ´Â ¿©·¯ ÀÀ¿ëÇÁ·Î±×·¥µéÀÌ ¸ÞÀÏÀ» º¸³¾ ¶§ ÀÌ sendmailÀ» »ç¿ëÇÏ°í ÀÖ´Ù. sendmailÀº °ø°³ ¼ÒÇÁÆ®¿þ¾î·Î http://www.sendmail.org »çÀÌÆ®¿¡¼­ ´Ù¿î ¹Þ¾Æ¼­ ¼³Ä¡ÇÏ¿© »ç¿ëÇÒ¼ö ÀÖ´Ù. ---------------------------- 1-1. ucspi-tcp ¼³Ä¡ ---------------------------- [root@localhost]# cd /usr/local/src [root@localhost]# wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz [root@localhost]# tar xfz ucspi-tcp-0.88.tar.gz [root@localhost]# cd ucspi-tcp-0.88 [root@localhost]# vi error.h ================================================= #include <<<< °¡Àå À§ÂÊ¿¡ Ãß°¡ÇÑ´Ù. #ifndef ERROR_H #define ERROR_H ... ... ================================================= [root@localhost]# make [root@localhost]# make setup check ---------------------------- 1-2. daemontools ¼³Ä¡ ---------------------------- [root@localhost]# cd /usr/local/src [root@localhost]# wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz [root@localhost]# mkdir /package [root@localhost]# chmod 1755 /package [root@localhost]# tar xfz daemontools-0.76.tar.gz -C /package [root@localhost]# cd /package/admin/daemontools-0.76 [root@localhost]# vi src/error.h ================================================= /* Public domain. */ #include <<< Ãß°¡ÇÑ´Ù. #ifndef ERROR_H #define ERROR_H ... ... ================================================= [root@localhost]# package/install ¡Ø ¸¸¾à daemontools¸¦ ¼³Ä¡Çϴµ¥ ¾Æ·¡¿Í °°Àº ¿¡·¯°¡ ³ª´Â °æ¿ì°¡ ÀÖ´Ù. =============================================================================== ./compile tai64nlocal.c tai64nlocal.c: In function `main': tai64nlocal.c:54: warning: assignment makes pointer from integer without a cast tai64nlocal.c:55: dereferencing pointer to incomplete type ... =============================================================================== ÀÌ°ÍÀº tai64nlocal.cÀÇ µÎ¹ø° ÁÙ #include ¿¡¼­ ¿¡·¯°¡ ³ª´Â°ÍÀÌ´Ù. µû¶ó¼­ ÀÌ ºÎºÐÀ» #include ·Î ¼öÁ¤ÇØÁÖ¸é Á¤»óÀûÀ¸·Î ¼³Ä¡°¡ °¡´ÉÇÏ´Ù. ---------------------------- 2. qmail ¼³Ä¡ ---------------------------- [root@localhost]# cd /usr/local/src [root@localhost]# wget ftp://ftp.eu.uu.net/pub/unix/mail/qmail/qmail-1.03.tar.gz [root@localhost]# wget http://people.kldp.org/~eunjea/qmail/patch/qmail-ej-cocktail-14.tar.gz [root@localhost]# tar xfz qmail-1.03.tar.gz [root@localhost]# tar xfz qmail-ej-cocktail-14.tar.gz [root@localhost]# cd qmail-1.03 [root@localhost]# patch -p1 < ../qmail-ej-cocktail-14/cocktail.patch ============================================ patching file Makefile patching file Makefile-cert.mk patching file TARGETS patching file base64.c ... ... ============================================ [root@localhost]# vi conf-spawn ============================================ 509 <<< °¡Àå À§ÂÊ ÁÙÀ» ÀÌ¿Í°°ÀÌ ¼öÁ¤ÇÑ´Ù. This is a silent concurrency limit. You can't set it above 255. On some systems you can't set it above 125. qmail will refuse to compile if the limit is too high. ============================================ [root@localhost]# rm -f INSTALL.ids [root@localhost]# rm -f /etc/*.lock [root@localhost]# vi INSTALL.ids ============================================ groupadd -r nofiles useradd -r -g nofiles -d /var/qmail/alias alias useradd -r -g nofiles -d /var/qmail qmaild useradd -r -g nofiles -d /var/qmail qmaill useradd -r -g nofiles -d /var/qmail qmailp groupadd -r qmail useradd -r -g qmail -d /var/qmail qmailq useradd -r -g qmail -d /var/qmail qmailr useradd -r -g qmail -d /var/qmail qmails ÀúÀåÇÏ°í ³ª¿Â´Ù. ============================================ [root@localhost]# sh ./INSTALL.ids [root@localhost]# vi /etc/resolv.conf ============================================ search mail.foobar.com nameserver 168.126.63.1 nameserver 168.126.63.2 ============================================ [root@localhost]# vi /etc/hosts ============================================ # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost 192.168.0.81 mail.foobar.com mail <<< IP¸¦ ÀÚ½ÅÀÇ ¸®´ª½º IP·Î ¼öÁ¤ÇÑ´Ù. ============================================ [root@localhost]# vi /etc/sysconfig/network ============================================ HOSTNAME=mail.foobar.com ============================================ [root@localhost]# echo "mail.foobar.com" > /proc/sys/kernel/hostname [root@localhost]# make [root@localhost]# make setup check [root@localhost]# ./config ============================================ Your hostname is mail.foobar.com. Your host's fully qualified name in DNS is mail.foobar.com. Putting mail.foobar.com into control/me... Putting foobar.com into control/defaultdomain... Putting foobar.com into control/plusdomain... Checking local IP addresses: 127.0.0.1: Adding localhost to control/locals... 192.168.0.2: Adding mail.foobar.com to control/locals... If there are any other domain names that point to you, you will have to add them to /var/qmail/control/locals. You don't have to worry about aliases, i.e., domains with CNAME records. Copying /var/qmail/control/locals to /var/qmail/control/rcpthosts... Now qmail will refuse to accept SMTP messages except to those hosts. Make sure to change rcpthosts if you add hosts to locals or virtualdomains! ============================================ [root@localhost]# ls -l /var/qmail/control -rw-r--r-- 1 root root 11 6¿ù 30 11:42 defaultdomain -rw-r--r-- 1 root root 27 6¿ù 30 11:42 locals -rw-r--r-- 1 root root 17 6¿ù 30 11:42 me -rw-r--r-- 1 root root 11 6¿ù 30 11:42 plusdomain -rw-r--r-- 1 root root 27 6¿ù 30 11:42 rcpthosts [root@localhost]# vi /var/qmail/control/defaultdomain ============================================ foobar.com ============================================ [root@localhost]# vi /var/qmail/control/locals ============================================ localhost ============================================ [root@localhost]# vi /var/qmail/control/me ============================================ mail.foobar.com ============================================ [root@localhost]# vi /var/qmail/control/plusdomain ============================================ mail.foobar.com ============================================ [root@localhost]# cat /dev/null > /var/qmail/control/rcpthosts [root@localhost]# vi /var/qmail/rc ============================================ #!/bin/sh exec env - PATH="/var/qmail/bin:$PATH" \ qmail-start ./Maildir/ ============================================ [root@localhost]# chmod 755 /var/qmail/rc [root@localhost]# mkdir -p /var/qmail/supervise/qmail-send/log [root@localhost]# mkdir -p /var/qmail/supervise/qmail-smtpd/log [root@localhost]# chmod 1755 /var/qmail/supervise/qmail-send [root@localhost]# chmod 1755 /var/qmail/supervise/qmail-smtpd [root@localhost]# vi /var/qmail/supervise/qmail-send/run ============================================ #!/bin/sh exec /var/qmail/rc ============================================ [root@localhost]# vi /var/qmail/supervise/qmail-send/log/run ============================================ #!/bin/sh exec /usr/local/bin/setuidgid qmaill \ /usr/local/bin/multilog t /var/log/qmail ============================================ [root@localhost]# vi /var/qmail/supervise/qmail-smtpd/run ============================================ #!/bin/sh Q_UID=`id -u qmaild` Q_GID=`id -g qmaild` exec /usr/local/bin/softlimit -m 2000000 \ /usr/local/bin/tcpserver -vRHl 0 \ -x /etc/tcp.smtp.cdb \ -u $Q_UID -g $Q_GID 0 25 /var/qmail/bin/qmail-smtpd 2>&1 ============================================ [root@localhost]# vi /var/qmail/supervise/qmail-smtpd/log/run ============================================ #!/bin/sh exec /usr/local/bin/setuidgid qmaill \ /usr/local/bin/multilog t /var/log/qmail/smtpd ============================================ [root@localhost]# chmod 755 /var/qmail/supervise/qmail-send/run [root@localhost]# chmod 755 /var/qmail/supervise/qmail-send/log/run [root@localhost]# chmod 755 /var/qmail/supervise/qmail-smtpd/run [root@localhost]# chmod 755 /var/qmail/supervise/qmail-smtpd/log/run [root@localhost]# mkdir -p /var/log/qmail/smtpd [root@localhost]# chown qmaill /var/log/qmail /var/log/qmail/smtpd [root@localhost]# echo server@foobar.com > /var/qmail/alias/.qmail-root [root@localhost]# echo server@foobar.com > /var/qmail/alias/.qmail-postmaster [root@localhost]# echo server@foobar.com > /var/qmail/alias/.qmail-mailer-daemon [root@localhost]# chmod 644 /var/qmail/alias/.qmail-* [root@localhost]# /etc/rc.d/init.d/sendmail stop [root@localhost]# chkconfig --level 345 sendmail off [root@localhost]# rm -f /usr/lib/sendmail [root@localhost]# rm -f /usr/sbin/sendmail [root@localhost]# ln -s /var/qmail/bin/sendmail /usr/lib [root@localhost]# ln -s /var/qmail/bin/sendmail /usr/sbin [root@localhost]# ln -s /var/qmail/supervise/qmail-send /service/ [root@localhost]# ln -s /var/qmail/supervise/qmail-smtpd /service/ ---------------------------- 3. qmail ºÎÆ® ½ºÅ©¸³Æ® ---------------------------- [root@localhost]# cd /usr/local/src [root@localhost]# wget http://pkg.tini4u.net/mta/qmail/source/qmail_init.tar.gz [root@localhost]# tar xfpz qmail_init.tar.gz [root@localhost]# mv qmail /etc/rc.d/init.d/qmail [root@localhost]# chkconfig --add qmail [root@localhost]# chkconfig --level 345 qmail on ==================================================== ¾Æ·¡´Â À§¿¡¼­ ´Ù¿î¹Þ¾Æ ¿Å±ä ½Ãµ¿½ºÅ©¸³Æ®ÀÌ´Ù. È®ÀοëÀ¸·Î ½ÇÀç ÀÔ·ÂÇÏÁö´Â ¾Ê´Â´Ù. #!/bin/sh # For Red Hat chkconfig # chkconfig: - 80 30 # description: the qmail MTA PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin export PATH case "$1" in start) echo "Starting qmail" if [ -e /service/qmail-send ] ; then if svok /service/qmail-send ; then svc -u /service/qmail-send else echo qmail-send supervise not running fi else ln -s /var/qmail/supervise/qmail-send /service/ fi if [ -e /service/qmail-smtpd ] ; then if svok /service/qmail-smtpd ; then svc -u /service/qmail-smtpd else echo qmail-smtpd supervise not running fi else ln -s /var/qmail/supervise/qmail-smtpd /service/ fi if [ -d /var/lock/subsys ]; then touch /var/lock/subsys/qmail fi ;; stop) echo "Stopping qmail..." echo " qmail-smtpd" svc -dx /service/qmail-smtpd /service/qmail-smtpd/log rm -f /service/qmail-smtpd echo " qmail-send" svc -dx /service/qmail-send /service/qmail-send/log rm -f /service/qmail-send if [ -f /var/lock/subsys/qmail ]; then rm /var/lock/subsys/qmail fi ;; stat) svstat /service/qmail-send svstat /service/qmail-send/log svstat /service/qmail-smtpd svstat /service/qmail-smtpd/log qmail-qstat ;; doqueue|alrm|flush) echo "Flushing timeout table and sending ALRM signal to qmail-send." /var/qmail/bin/qmail-tcpok svc -a /service/qmail-send ;; queue) qmail-qstat qmail-qread ;; reload|hup) echo "Sending HUP signal to qmail-send." svc -h /service/qmail-send ;; pause) echo "Pausing qmail-send" svc -p /service/qmail-send echo "Pausing qmail-smtpd" svc -p /service/qmail-smtpd ;; cont) echo "Continuing qmail-send" svc -c /service/qmail-send echo "Continuing qmail-smtpd" svc -c /service/qmail-smtpd ;; restart) echo "Restarting qmail:" echo "* Stopping qmail-smtpd." svc -d /service/qmail-smtpd echo "* Sending qmail-send SIGTERM and restarting." svc -t /service/qmail-send echo "* Restarting qmail-smtpd." svc -u /service/qmail-smtpd ;; cdb) tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp chmod 644 /etc/tcp.smtp.cdb echo "Reloaded /etc/tcp.smtp." ;; help) cat < /home/vpopmail/etc/defaultdomain [root@localhost]# chown vpopmail.vchkpw /home/vpopmail/etc/defaultdomain [root@localhost]# chmod 640 /home/vpopmail/etc/defaultdomain [root@localhost]# vi /home/vpopmail/etc/tcp.smtp ======================================== 127.0.0.1:allow,RELAYCLIENT="" 192.168.0.81:allow,RELAYCLIENT="" << IP´Â ÀÚ½ÅÀÇ ¸®´ª½º IP·Î ¼öÁ¤ÇÑ´Ù. ======================================== [root@localhost]# chmod 640 /home/vpopmail/etc/tcp.smtp [root@localhost]# /home/vpopmail/bin/clearopensmtp [root@localhost]# crontab -e ======================================== */15 * * * * /home/vpopmail/bin/clearopensmtp ======================================== [root@localhost]# vi /var/qmail/supervise/qmail-smtpd/run ======================================== #!/bin/sh Q_UID=`id -u qmaild` Q_GID=`id -g qmaild` exec /usr/local/bin/softlimit -m 2000000 \ /usr/local/bin/tcpserver -vRHl 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb \ <--- À̺κÐÀÇ °æ·Î¸¦ ¼öÁ¤ÇÑ´Ù. -u $Q_UID -g $Q_GID 0 25 /var/qmail/bin/qmail-smtpd 2>&1 ======================================== [root@localhost]# mkdir /var/qmail/supervise/vpop [root@localhost]# vi /var/qmail/supervise/vpop/run ======================================== #!/bin/sh VPOP_UID=`id -u vpopmail` VPOP_GID=`id -g vpopmail` exec /usr/local/bin/softlimit -m 2500000 \ tcpserver -vRHl 0 -u $VPOP_UID -g $VPOP_GID 0 110 \ /var/qmail/bin/qmail-popup foobar.com \ /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir 2>&1 ======================================== [root@localhost]# chmod 755 /var/qmail/supervise/vpop/run [root@localhost]# /home/vpopmail/bin/vadddomain foobar.com [root@localhost]# /home/vpopmail/bin/vadduser webmaster@foobar.com 1234 ¡Ø vadddomain½ÇÇà½Ã ³ª¿À´Â Æнº¿öµå´Â qmailadmin¿¡¼­ »ç¿ëÇÒ ºñ¹Ð¹øÈ£ ÀÔ´Ï´Ù. ¶ÇÇÑ vadddomain [µµ¸ÞÀÎ] [postmaster ºñ¹Ð¹øÈ£] ·Îµµ »ç¿ë°¡´ÉÇÕ´Ï´Ù. vadduser »ç¿ë¹ýÀº vadduser [¸ÞÀÏ°èÁ¤] [ºñ¹Ð¹øÈ£] ÀÔ´Ï´Ù. ---------------------------- 5. qmail°ú vpopmail ½ÃÀÛ ---------------------------- [root@localhost]# vi /var/qmail/supervise/qmail-smtpd/run ========================================================= #!/bin/sh Q_UID=`id -u qmaild` Q_GID=`id -g qmaild` exec /usr/local/bin/softlimit -m 72000000 \ << 7 À̶ó´Â ¼ýÀÚ¸¦ Ãß°¡ÇÑ´Ù. /usr/local/bin/tcpserver -vRHl 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb \ -u $Q_UID -g $Q_GID 0 25 /var/qmail/bin/qmail-smtpd 2>&1 ========================================================= [root@localhost]# /etc/rc.d/init.d/qmail start Starting qmail [root@localhost]# telnet localhost 25 ========================================================= Trying 127.0.0.1... Connected to mail.foobar.com (127.0.0.1). Escape character is '^]'. 220 mail.foobar.com ESMTP quit 221 mail.foobar.com Connection closed by foreign host. ========================================================= [root@localhost]# telnet localhost 110 ========================================================= Trying 127.0.0.1... Connected to mail.foobar.com (127.0.0.1). Escape character is '^]'. +OK <8595.1151652640@foobar.com> quit +OK Connection closed by foreign host. ========================================================= ---------------------------- 6. ezmlm°ú qmailadmin ¼³Ä¡ ---------------------------- [root@localhost]# cd /usr/local/src [root@localhost]# wget http://www.inter7.com/devel/autorespond-2.0.5.tar.gz [root@localhost]# tar xfz autorespond-2.0.5.tar.gz [root@localhost]# cd autorespond-2.0.5 [root@localhost]# make [root@localhost]# cp -p autorespond /usr/local/bin/ [root@localhost]# cd /usr/local/src [root@localhost]# wget http://www.inter7.com/devel/ezmlm-0.53-idx-0.41.tar.gz [root@localhost]# tar xfz ezmlm-0.53-idx-0.41.tar.gz [root@localhost]# cd ezmlm-0.53-idx-0.41 [root@localhost]# make [root@localhost]# make setup [root@localhost]# cd /usr/local/src [root@localhost]# wget http://jaist.dl.sourceforge.net/sourceforge/qmailadmin/qmailadmin-1.2.9.tar.gz [root@localhost]# wget http://pkg.tini4u.net/mta/qmail/source/qmailadmin-ko.tar.gz [root@localhost]# tar xfz qmailadmin-1.2.9.tar.gz [root@localhost]# tar xfz qmailadmin-ko.tar.gz -C ./qmailadmin-1.2.9/lang [root@localhost]# cd qmailadmin-1.2.9 [root@localhost]# ./configure \ --enable-htmllibdir=/home/qadmin/html/qmailadmin \ --enable-htmldir=/home/qadmin/html/qmailadmin \ --enable-cgibindir=/home/qadmin/html/qmailadmin \ --enable-imagedir=/home/qadmin/html/qmailadmin/images \ --enable-imageurl=/images \ --enable-cgipath=/index.cgi [root@localhost]# make [root@localhost]# make install-strip [root@localhost]# cd /home/qadmin/html/qmailadmin [root@localhost]# mv qmailadmin qmailadmin.cgi [root@localhost]# ln -sf qmailadmin.cgi index.cgi [root@localhost]# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0 [root@localhost]# vi /etc/sysconfig/network-scripts/ifcfg-eth0:0 DEVICE=eth0:0 <<< °¡»ó ÀÎÅÍÆäÀ̽º·Î ¼öÁ¤ ONBOOT=yes BOOTPROTO=static IPADDR=192.168.0.82 << ÀÚ½ÅÀÇ ¸®´ª½º °¡»ó IP·Î ¼öÁ¤ NETMASK=255.255.255.0 GATEWAY=192.168.0.1 [root@localhost]# /etc/rc.d/init.d/network restart [root@localhost]# ifconfig ¢Ñ ½ÇÁ¦ IP°¡ Ãß°¡µÇ¾ú´ÂÁö È®ÀÎÇÑ´Ù. [root@localhost]# vi /usr/local/httpd/conf/httpd.conf ================================== 115 116 Options FollowSymLinks 117 AllowOverride None 118 Order deny,allow 119 Allow from all 120 167 DirectoryIndex index.html index.cgi 274 275 Options FollowSymLinks ExecCGI 276 AllowOverride None 277 Order allow,deny 278 Allow from all 279 325 AddHandler cgi-script .cgi # ÁÖ¼®À» Á¦°ÅÇÏ¿© CGI¸¦ ÀνÄÇϵµ·Ï ÇÑ´Ù. 395 Include conf/extra/httpd-vhosts.conf # ÁÖ¼®À» Á¦°ÅÇÏ¿© °¡»óÈ£½ºÆ® ¼³Á¤ÆÄÀÏÀ» INCLUDE ÇÑ´Ù. ================================== [root@localhost]# vi /usr/local/httpd/conf/extra/httpd-vhosts.conf ================================== °¡»óÈ£½ºÆ® ¼³Á¤ÆÄÀÏÀ» ¿­¾î ¸ðµç ¶óÀÎÀ» ÁÖ¼®Ã³¸®ÇÏ°í ´ÙÀ½ÀÇ ³»¿ë¸¸ ³Ö¾îÁØ´Ù. ServerName mail.foobar.com DocumentRoot /home/qadmin/html/qmailadmin ================================== [root@localhost]# apachectl restart ¡Ø À¥À¸·Î Á¢¼ÓÇØ º¾´Ï´Ù. Á¢¼Ó ÁÖ¼Ò´Â À§¿¡¼­ ÁöÁ¤Çß´ø °¡»óÈ£½ºÆ®ÀÇ IPÀÌ´Ù. postmaster, webmaster °èÁ¤ÀÌ Á¢¼Ó °¡´ÉÇÏ´Ù. ¸¸¾à DNS¸¦ µû·Î ¼³Á¤Çؼ­ »ç¿ëÇϴ ȯ°æÀ̶ó¸é http://mail.foobar.com/ ÀÔ´Ï´Ù. ---------------------------- 7. yum ¼³Ä¡ ---------------------------- [root@localhost]# cd /usr/local/src [root@localhost]# wget ftp://rpmfind.net/linux/dag/redhat/9/en/i386/dag/RPMS/libxml2-devel-2.6.16-1.0.rh9.rf.i386.rpm [root@localhost]# rpm -Uvh --nodeps libxml2-devel-2.6.16-1.0.rh9.rf.i386.rpm [root@localhost]# wget ftp://rpmfind.net/linux/dag/redhat/9/en/i386/dag/RPMS/libxml2-2.6.16-1.0.rh9.rf.i386.rpm [root@localhost]# rpm -Uvh libxml2-2.6.16-1.0.rh9.rf.i386.rpm [root@localhost]# wget ftp://rpmfind.net/linux/dag/redhat/9/en/i386/dag/RPMS/libxml2-python-2.6.16-1.0.rh9.rf.i386.rpm [root@localhost]# rpm -Uvh libxml2-python-2.6.16-1.0.rh9.rf.i386.rpm [root@localhost]# wget ftp://195.220.108.108/linux/dag/redhat/9/en/i386/dag/RPMS/yum-2.0.8-0.1.rh9.rf.noarch.rpm [root@localhost]# rpm -Uvh yum-2.0.8-0.1.rh9.rf.noarch.rpm [root@localhost]# vi /etc/yum.conf ========================== [main] cachedir=/var/cache/yum debuglevel=2 logfile=/var/log/yum.log pkgpolicy=newest [base] name=Red Hat Linux $releasever base baseurl=http://mirror.hostway.co.kr/redhat/$releasever/os/$basearch/ [updates] name=Red Hat Linux $releasever updates baseurl=http://mirror.hostway.co.kr/redhat/$releasever/updates/$basearch/ ========================== [root@localhost]# yum list ¢Ñ ¸®½ºÆ® Á¤¸®ÇÑ´Ù. ---------------------------- 8. courier-imap ¼³Ä¡ ---------------------------- [root@localhost]# yum -y install tcl [root@localhost]# yum -y install expect [root@localhost]# chmod 755 /usr/bin/gcc [root@localhost]# chmod 755 /usr/bin/g++ [root@localhost]# chmod 755 /usr/bin/find [root@localhost]# chmod 755 /usr/bin/which [root@localhost]# chmod 755 /usr/bin/make [root@localhost]# chmod 755 /usr/bin/install [root@localhost]# chmod 777 /home/vpopmail/lib/ [root@localhost]# chmod 777 /home/vpopmail/lib/libvpopmail.a [root@localhost]# useradd webmail [root@localhost]# su - webmail [webmail@localhost]$ cd /var/tmp [webmail@localhost]$ wget http://pkg.tini4u.net/mta/qmail/source/courier-imap-3.0.8.tar.bz2 [webmail@localhost]$ tar xfj courier-imap-3.0.8.tar.bz2 [webmail@localhost]$ cd courier-imap-3.0.8 [webmail@localhost]$ CFLAGS="-DHAVE_OPEN_SMTP_RELAY"; export CFLAGS [webmail@localhost]$ ./configure \ --prefix=/usr \ --datadir=/usr/share/courier-imap \ --sysconfdir=/etc/courier-imap \ --libexecdir=/usr/libexec/courier-imap \ --localstatedir=/var \ --mandir=/usr/share/man \ --without-ipv6 \ --enable-unicode \ --with-authvchkpw \ --with-redhat \ --without-authdaemon \ --without-authmysql \ --without-authldap \ --without-authdaemon \ --without-authpgsql [webmail@localhost]$ make [webmail@localhost]$ make check [webmail@localhost]$ exit [root@localhost]# cd /var/tmp/courier-imap-3.0.8 [root@localhost]# make install [root@localhost]# make install-configure [root@localhost]# cp -f courier-imap.sysvinit /etc/rc.d/init.d/courier-imap [root@localhost]# chown root.root /etc/rc.d/init.d/courier-imap [root@localhost]# chmod 755 /etc/rc.d/init.d/courier-imap [root@localhost]# chkconfig --add courier-imap [root@localhost]# chkconfig --level 345 courier-imap on [root@localhost]# userdel -r webmail [root@localhost]# chmod 700 /usr/bin/gcc [root@localhost]# chmod 700 /usr/bin/g++ [root@localhost]# chmod 700 /usr/bin/find [root@localhost]# chmod 700 /usr/bin/which [root@localhost]# chmod 700 /usr/bin/make [root@localhost]# chmod 700 /usr/bin/install [root@localhost]# chmod 755 /home/vpopmail/lib/ [root@localhost]# chmod 644 /home/vpopmail/lib/libvpopmail.a [root@localhost]# rm -f /var/tmp/courier-imap-3.0.8.tar.bz2 [root@localhost]# rm -rf courier-imap-3.0.8 [root@localhost]# vi /usr/libexec/courier-imap/imapd.rc ============================================================== 58¶óÀÎ ¼öÁ¤ÇÑ´Ù. ¿øº» : -stderrlogger=${exec_prefix}/sbin/courierlogger \ ¼öÁ¤ : -stderrlogger=${exec_prefix}/sbin/courierlogger -user=vpopmail -group=vchkpw \ ============================================================== [root@localhost]# vi /usr/libexec/courier-imap/pop3d.rc ============================================================== 51¶óÀÎ ¼öÁ¤ÇÑ´Ù. ¿øº» : -stderrlogger=${exec_prefix}/sbin/courierlogger \ ¼öÁ¤ : -stderrlogger=${exec_prefix}/sbin/courierlogger -user=vpopmail -group=vchkpw \ À§ ½ºÅ©¸³Æ® ¼öÁ¤Àº ¶ç¾î¾²±â ÇϳªÇϳª±îÁö Á¤È®È÷ ÇؾßÇÑ´Ù. ÀÇ¿ÜÀÇ °÷¿¡¼­ ¶æÇÏÁö ¾Ê´Â ³­°ü¿¡ ºÎµ÷Èú¼ö Àֱ⠶§¹®¿¡ À¯ÀÇÇϵµ·Ï ÇÏÀÚ. ============================================================== [root@localhost]# chmod 755 /usr/libexec/courier-imap/imapd.rc [root@localhost]# chmod 755 /usr/libexec/courier-imap/pop3d.rc [root@localhost]# vi /etc/courier-imap/imapd ============================================================== 373¶óÀÎ ¼öÁ¤ÇÑ´Ù. ¿øº» : IMAPDSTART=NO ¼öÁ¤ : IMAPDSTART=YES ============================================================== [root@localhost]# /etc/rc.d/init.d/courier-imap start Starting Courier-IMAP server: imap ---------------------------- 9. squirrelmail ¼³Ä¡ ---------------------------- [root@localhost]# cd /usr/local/src [root@localhost]# wget http://jaist.dl.sourceforge.net/sourceforge/squirrelmail/squirrelmail-1.4.6.tar.gz [root@localhost]# wget http://jaist.dl.sourceforge.net/sourceforge/squirrelmail/all_locales-1.4.6-20060409.tar.gz [root@localhost]# tar xfpz squirrelmail-1.4.6.tar.gz [root@localhost]# tar xfpz all_locales-1.4.6-20060409.tar.gz -C squirrelmail-1.4.6 [root@localhost]# mkdir plugins [root@localhost]# wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fnotes.1.2-1.4.0.tar.gz [root@localhost]# wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fadd_address-1.0-1.4.0.tar.gz [root@localhost]# wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fhtml_mail-2.3-1.4.tar.gz [root@localhost]# wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Ffolder_sizes-1.5-1.4.0.tar.gz [root@localhost]# wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fmsg_flags-1.4.15a-1.4.3.tar.gz [root@localhost]# wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Funsafe_image_rules.0.8-1.4.tar.gz [root@localhost]# wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fview_as_html-3.7a-1.4.x.tar.gz [root@localhost]# wget http://www.squirrelmail.org/countdl.php?fileurl=http%3A%2F%2Fwww.squirrelmail.org%2Fplugins%2Fcompatibility-2.0.14-1.0.tar.gz [root@localhost]# tar zxvf notes.1.2-1.4.0.tar.gz -C ./plugins/ [root@localhost]# tar zxvf add_address-1.0-1.4.0.tar.gz -C ./plugins/ [root@localhost]# tar zxvf html_mail-2.3-1.4.tar.gz -C ./plugins/ [root@localhost]# tar zxvf folder_sizes-1.5-1.4.0.tar.gz -C ./plugins/ [root@localhost]# tar zxvf msg_flags-1.4.15a-1.4.3.tar.gz -C ./plugins/ [root@localhost]# tar zxvf unsafe_image_rules.0.8-1.4.tar.gz -C ./plugins/ [root@localhost]# tar zxvf view_as_html-3.7a-1.4.x.tar.gz -C ./plugins/ [root@localhost]# tar zxvf compatibility-2.0.14-1.0.tar.gz -C ./plugins/ [root@localhost]# mv ./plugins/* squirrelmail-1.4.6/plugins [root@localhost]# mv squirrelmail-1.4.6 webmail [root@localhost]# cd webmail/ [root@localhost]# ./configure SquirrelMail Configuration : Read: config_default.php (1.4.0) --------------------------------------------------------- Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color on S Save data Q Quit Command >> 1 - Organization Preferences Organization Preferences 1. Organization Name : LTN(Linux.Tini4u.Net) À¥¸ÞÀÏ 2. Organization Logo : ../images/sm_logo.png 3. Org. Logo Width/Height : (308/111) 4. Organization Title : LTN(Linux.Tini4u.Net) À¥¸ÞÀÏ 5. Signout Page : http://webmail.foobar.com/ 6. Top Frame : _top 7. Provider link : http://webmail.foobar.com/ 8. Provider name : LTN(Linux.Tini4u.Net) À¥¸ÞÀÏ - Server Settings Server Settings General ------- 1. Domain : foobar.com 2. Invert Time : false 3. Sendmail or SMTP : SMTP IMAP Settings -------------- 4. IMAP Server : localhost 5. IMAP Port : 143 6. Authentication type : login 7. Secure IMAP (TLS) : false 8. Server software : courier 9. Delimiter : detect B. Update SMTP Settings : localhost:25 H. Hide IMAP Server Settings - Plugins Plugins Installed Plugins 1. squirrelspell 2. msg_flags 3. notes 4. address_add 5. filters 6. view_as_html 7. folder_sizes 8. compatibility 9. listcommands 10. message_details 11. newmail 12. unsafe_image_rules 13. html_mail 14. sent_subfolders 15. delete_move_next Available Plugins: 16. spamcop 17. fortune 18. bug_report 19. translate 20. info 21. mail_fetch 22. abook_take 23. calendar 24. administrator 25. archive_mail - Language preferences Language preferences 1. Default Language : ko_KR 2. Default Charset : ko_KR 3. Enable lossy encoding : false ¡Ø ¸ðµç ¼³Á¤À» ¸¶ÃÆÀ¸¸é Save ÇÑ´Ù. [root@localhost]# vi /usr/local/httpd/conf/httpd.conf ============================================================ 167 DirectoryIndex index.html index.cgi index.php 238¶óÀο¡ Ãß°¡ÇÑ´Ù. Alias /webmail/ /usr/local/src/webmail/ ============================================================ [root@localhost]# apachectl restart [root@localhost]# chmod 777 data/ ÇÏ°í À¥¿¡¼­ Á¢¼Ó http://À¥¼­¹ö °¡»ó IP/webmail/index.php ID:webmaster PW:1234 <<< 206ÆäÀÌÁö¿¡¼­ ¼³Á¤ÇÑ Æнº¿öµå¸¦ ³Ö¾îÁØ´Ù. *********************************************************************** ¦£¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢Mail Server Security ¦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** ----------------------------- ¡Ø E-mailÀ» ÀÌ¿ëÇÑ °ø°Ý ----------------------------- £ª Active Contents °ø°Ý - VBS Worm £ª Buffer Overflow °ø°Ý - MS Outlook Express BufferOverflow £ª Trojan Horse °ø°Ý - Loveletter, annakournikova.jpg £ª Shell Script °ø°Ý ¹æÈ­º®ÀÌ ³Î¸® º¸±ÞµÇ¸é¼­ ¼­¹öÀÇ º¸¾È Ãë¾àÁ¡¿¡ ´ëÇÑ °ø°ÝÀº È¿°úÀûÀ¸·Î ¹æ¾îÇÒ¼ö ÀÖ°Ô µÇ¾úÁö¸¸ ¸ÞÀÏÀ» ÅëÇÑ Ã·ºÎÆÄÀÏÀ̳ª HTMLÀÌ ³»ÀåµÈ ¸ÞÀÏ µîÀ» ÀÌ¿ëÇÑ °ø°ÝÀº ¾ÆÁ÷±îÁöµµ ¸¹Àº ¹®Á¦Á¡µéÀ» °¡Áö°í ÀÖ´Ù. ÀÌ·¯ÇÑ °ø°ÝÀº ´ëºÎºÐÀÇ »çÀÌÆ®¿¡¼­ Á¦°øÇÏ´Â ¼­ºñ½º¸¦ ÀÌ¿ëÇÑ °ø°ÝÀ̱⠶§¹®¿¡ ´õ¿í ŽÁöÇϰųª Â÷´Ü, ¹æÁöÇϱⰡ Èûµé´Ù. ----------------------------- ¡Ø Active Contents °ø°Ý ----------------------------- ¸ÞÀÏ ¿­¶÷½Ã HTML±â´ÉÀÌ ÀÖ´Â E-mail Ŭ¶óÀ̾ðÆ®³ª À¥ ºê¶ó¿ìÀú¸¦ »ç¿ëÇÏ´Â ÀÌ¿ëÀÚ¸¦ ´ë»óÀ¸·Î ÇÏ´Â °ø°Ý ±â¹ý ----------------------------- ¡Ø Buffer Overflow °ø°Ý ----------------------------- ÀϹÝÀûÀÎ ¹öÆÛ¿À¹öÇÃ·Î¿ì °ø°Ý°ú ¸¶Âù°¡Áö·Î E-mail ¼­¹ö ¶Ç´Â Ŭ¶óÀ̾ðÆ®ÀÇ Ãë¾à¼ºÀ» ÀÌ¿ëÇÏ¿© ´Ù¾çÇÑ °ø°ÝÀ» ¼öÇà ----------------------------- ¡Ø Trojan Horse °ø°Ý ----------------------------- Æ®·ÎÀÌÀÜ ¸ñ¸¶¸¦ ÀÌ¿ëÇÑ °ø°ÝÀº ÀÏ¹Ý »ç¿ëÀÚ°¡ Æ®·ÎÀÌÀÜ ÇÁ·Î±×·¥À» ½ÇÇà½ÃÄÑ ÇØ´ç ½Ã½ºÅÛ¿¡ Á¢±ÙÇÒ¼ö ÀÖ´Â ¹éµµ¾î¸¦ ¸¸µé°Ô Çϰųª ¶Ç´Â ½Ã½ºÅÛ¿¡ ÇÇÇظ¦ ÁÖ°Ô ÇÑ´Ù. ÀÌ·¯ÇÑ °ø°ÝÀÌ ¼º°øÇϱâ À§Çؼ­´Â ÇÇÇØÀÚ°¡ Æ®·ÎÀÌÀÜÀ» ½ÇÇà½ÃÅ°µµ·Ï À¯µµÇØ¾ß Çϴµ¥ À̶§ "»çȸ°øÇÐ ±â¹ý(Social engineering)"ÀÌ »ç¿ëµÈ´Ù. »çȸ°øÇÐ ±â¹ýÀº »ç¿ëÀÚ·Î ÇÏ¿©±Ý È£±â½ÉÀ» ÀÚ±ØÇÏ´Â ÆÄÀÏÀ» ÷ºÎ½ÃÄÑ Ã·ºÎÆÄÀÏÀ» ½ÇÇà½ÃÅ°µµ·Ï À¯µµÇÑ´Ù. ----------------------------- ¡Ø Shell Script °ø°Ý ----------------------------- À¯´Ð½º¿Í °°Àº ½Ã½ºÅÛÀº »ç¿ë»óÀÇ Æí¸®¿Í È®ÀåÀ» À§ÇØ ½© ½ºÅ©¸³Æ®¸¦ Á¦°øÇÑ´Ù. ¾î¶² ¸ÞÀÏÇÁ·Î±×·¥Àº ¸ÞÀÏ ¸Þ½ÃÁö¸¦ ó¸®ÇÒ ¶§ ³»ÀåµÈ ½© ¸í·ÉÀ» Áö¿øÇϴµ¥, À̸¦ À߸ø »ç¿ëÇÏ°Ô µÇ¸é, °ø°ÝÀÚ´Â Á¶ÀÛµÈ ¸ÞÀÏÇì´õ¸¦ Æ÷ÇÔÇÑ ¸ÞÀÏÀ» º¸³» ÇØ´ç ½Ã½ºÅÛ¿¡¼­ ƯÁ¤ ¸í·ÉÀÌ ¼öÇàµÇµµ·Ï ÇÒ¼ö ÀÖ´Ù. ÀÌ´Â ¸ÞÀÏÇì´õ¸¦ °Ë»çÇÏ¿© ÀÌ·¯ÇÑ Á¶ÀÛµÈ ºÎºÐÀ» ŽÁöÇÒ ¼ö ÀÖ´Ù. ¡Ø PGP(Pretty Good Protocol) - ¸ÞÀÏÀ» ¾ÏȣȭÇؼ­ º¸³»°í ¹ÞÀ»¶§ »ç¿ëÇÏ´Â ÇÁ·ÎÅäÄÝ ----------------------------- SMTP_AUTH (P.226) ----------------------------- sendmail 8.10ºÎÅÍ´Â SASL¿¡ ±âÃʸ¦ µÎ°í ÀÛ¼ºÇÑ SMTP_AUTH ±â´ÉÀ» Áö¿øÇÏ°í ÀÖ´Ù. ¼­¹öÀÇ SMTP¸¦ ¿ÜºÎ¿¡¼­ ÀÌ¿ëÇÒ °æ¿ì /etc/mail/accessÆÄÀÏ¿¡¼­ ¹ß½ÅÀÚÀÇ IP¸¦ RELAY ¼³Á¤ÇØ¾ß µÈ´Ù. ÇÏÁö¸¸ SMTP AUTH¸¦ »ç¿ëÇϸé /etc/mail/access ÆÄÀÏ¿¡ RELAY ¼³Á¤À» ÇÏÁö¾Ê°í POP3 ¿¡¼­ ¸ÞÀÏÀ» °¡Á® ¿ÀµíÀÌ ¾ÆÀ̵ð¿Í ºñ¹Ð¹øÈ£ ¼³Á¤À¸·Î sendmailÀÇ SMTP¸¦ ÀÌ¿ëÇØ ¸ÞÀÏÀ» º¸³¾¼ö ÀÖ´Ù. Ŭ¶óÀ̾ðÆ®°¡ À¯µ¿ ¾ÆÀÌÇÇÀÏ °æ¿ì¿¡ ¾ÆÁÖ À¯¿ëÇÏ°Ô »ç¿ëÇÒ¼ö ÀÖ´Ù. *********************************************************************** ¦®¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¯ ¦­Installing Secure DNS Server (p.231) ¦­ ¦±¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦° ¦£¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢°³³äÁ¤¸® ¦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** ----------- ¡Ø Domain ----------- ¼ýÀÚ·Î ±¸¼ºµÇ´Â IP ÁÖ¼Ò´Â »ç¿ëÇϱ⠺ÒÆíÇϱ⠶§¹®¿¡, ÀϹÝÀûÀ¸·Î º¸´Ù ½±°í Æí¸®ÇÏ°Ô ÀÌ¿ëÇÒ¼ö ÀÖ´Â Domain ÁÖ¼Ò¸¦ ¸¹ÀÌ »ç¿ëÇÑ´Ù. Domain ÁÖ¼Ò±¸¼º - Host À̸§ + Domain À̸§ ==> FQDN(Fully Qualified Domain Name) ¹æ½Ä ----------------------- ¡Ø DNS(Domain Name System) ----------------------- DNS Á¤ÀÇ - Domain Name SystemÀ̶õ À̸§°ú IPÁÖ¼Ò¸¦ ¸ÅÇÎÇÏ¿©ÁÖ´Â °Å´ëÇÑ ºÐ»ê ³×ÀÌ¹Ö ½Ã½ºÅÛÀÌ´Ù. Name Resolution Service·Î, ƯÁ¤ domain¸íÀ¸·Î ƯÁ¤ IPÁÖ¼Ò¸¦ ¸ÅÇÎÇϰųª ƯÁ¤ domainÀ¸·Î ƯÁ¤ IPÁÖ¼Ò¸¦ ¸ÅÇÎÇÏ´Â ¼­ºñ½º DNS ¼­¹ö - ¿ì¸®´Â ÈçÈ÷ ƯÁ¤ÇÑ »çÀÌÆ®¿¡ Á¢¼ÓÇϱâ À§ÇØ µµ¸ÞÀÎ À̸§À» ÀÔ·ÂÇÑ´Ù. ±×·¯³ª ½ÇÁ¦ÀûÀ¸·Î ÀÎÅͳÝÀº IPÁÖ¼Ò ±â¹ÝÀ̱⠶§¹®¿¡ ÇØ´ç »çÀÌÆ®ÀÇ IPÁÖ¼Ò¸¦ ¾Ë¾Æ¾ßÇÑ´Ù. À̶§ ¿ì¸®°¡ ÀÌ¿ëÇÏ´Â °ÍÀÌ ³×ÀÓ ¼­¹öÀÌ´Ù. - ³×ÀÓ¼­¹ö´Â ƯÁ¤ÇÑ Å¬¶óÀ̾ðÆ®·ÎºÎÅÍ Æ¯Á¤ÇÑ µµ¸ÞÀο¡ ´ëÇÑ ¿äûÀÌ ¿ÔÀ» °æ¿ì Root ³×ÀÓ¼­¹ö¿Í ´Ù¸¥ ³×ÀÓ¼­¹ö·Î ºÎÅÍ Á¤º¸¸¦ ¾ò¾î ¿äûÇÑ µµ¸ÞÀο¡ ´ëÇÑ IPÁÖ¼Ò¸¦ ¾Ë·ÁÁÖ´Â ¿ªÇÒÀ» ÇÑ´Ù. ¶ÇÇÑ °¢°¢ÀÇ µµ¸ÞÀγ×ÀÓ¼­¹öµéÀ» 2Â÷ µµ¸ÞÀεµ ºÎ¿©ÇÏ°í, ´Ù¸¥ ¼­¹ö·ÎºÎÅÍ ¿À´Â µµ¸ÞÀο¡ ´ëÇÑ ¿äûµµ ÀÀ´äÇÑ´Ù. DNS ¼­¹ö Æ÷Æ®´Â 53¹ø - 53 TCP - Æ®·£Àè¼ÇÀ» Àü¼ÛÇÑ´Ù. ½Å·Ú¼ºÀÌ Àֱ⶧¹®¿¡ - 53 UDP - ºü¸£±â¶§¹®¿¡ µ¥ÀÌÅ͸¦ Àü¼ÛÇÑ´Ù.. ---------------------------- ¡Ø Name ServerÀÇ Á¾·ù¿Í ¿ªÇÒ ---------------------------- ³×ÀÓ¼­¹öÀÇ ±âº»¿ªÇÒ - À¥ºê¶ó¿ìÀú¿¡¼­ www.yahoo.comÀ» °Ë»öÇÒ¶§ www.yahoo.comÀÇ IPÁÖ¼Ò¸¦ °Ë»öÇØÁÖ´Â ±â´ÉÀ» ÇÏ´Â ¼­¹ö ¸¶½ºÅͼ­¹ö : ÀϹÝÀûÀÎ ³×ÀÓ¼­¹ö. zone ÇüÅÂÀÇ DBÆÄÀÏÀ» À¯Áö. ÀÚ½ÅÀÌ °ü¸®ÇÏ´Â zone¿¡ ´ëÇÑ µ¥ÀÌÅ͸¦ Àڱ⠽ýºÅÛÀÇ localÆÄÀÏ¿¡¼­ °¡Á®¿Í service¸¦ Á¦°øÇÏ´Â DNS¼­¹öÀÌ´Ù. ½½·¹À̺꼭¹ö : ¸¶½ºÅͼ­¹ö¿Í µ¿ÀÏÇÑ ¼³Á¤ zone¿¡ ´ëÇÑ Á¤º¸¸¦ Network¸¦ ÅëÇؼ­ ´Ù¸¥ server·ÎºÎÅÍ ¹Þ¾Æ¿Í¼­ DNS service¸¦ Á¦°øÇÏ´Â serverÀÌ´Ù. º¸Åë º¸Á¶À̸§ ¼­¹ö·Î zone¿¡ ´ëÇÑ Á¤º¸°¡ Àü´ÞµÇ´Â °ÍÀ» Zone Transfer¶ó°í ÇÑ´Ù. ij½ÌÀü¿ë¼­¹ö(ÇÁ¶ô½Ã¼­¹ö) : zoneÆÄÀÏÀÌ ¾øÀÌ Áß°£ ¿ªÇÒ¸¸À» ¼öÇà. Æ÷¿öµå¼­¹ö : ´ëÇ¥ÀûÀ¸·Î ·çÆ®(.)³×ÀÓ¼­¹ö zoneÆÄÀÏÀÌ ¾øÀ¸¸ç ÇØ´ç ¼­¹ö·Î Àü´ÞÇÏ´Â ¿ªÇÒ¸¸ ¼öÇà ¡Ø Name Server ¼³Á¤ °ü·Ã ÆÄÀÏ - /etc/hosts : HostÀ̸§°ú IP Address ¸ÅÇÎ ¸ñ·Ï - /etc/host.conf : DNS service °Ë»ö ¼ø¼­¸¦ ¼³Á¤ÇÏ´Â ÆÄÀÏ - /etc/resolv.conf : Name Service ClientÀÎ resolver°¡ service¸¦ ¿äûÇÒ Name ServerÀÇ ÁÖ¼Òµî·Ï ---------------------------- ¡Ø ³×ÀÓ¼­¹öÀÇ °èÃþÀû °ü¸®±¸Á¶ ---------------------------- RootDomain -ÃÖ»óÀ§ À̸§¾ø´Â µµ¸ÞÀÎ (.) Top Level -¹Ì±¹Àº ±â°üÀÇ ¼º°Ý: com, net, org, edu, gov -±¹°¡ : kr(Çѱ¹), cn(Áß±¹), jp(ÀϺ») ... Second Level -¹Ì±¹Àº ±â°üÀ̸§ -±â°üÀÇ ¼º°Ý : co, ne, or, ac, go SubDomains or Hosts -¹Ì±¹Àº ¼­ºê µµ¸ÞÀÎ À̸§ ¶Ç´Â È£½ºÆ®À̸§ -±â°üÀ̸§ ----------------- ¡Ø DNS Äõ¸®ÀÇ Á¾·ù ----------------- DNS ¼­¹ö¸¦ È¿°úÀûÀ¸·Î ¼³Ä¡ÇÏ·Á¸é ¿ì¼±, ÀÌ ¼­¹ö°¡ ¾î¶² ±â´ÉÀ» ¼öÇàÇÏ´ÂÁö¸¦ È®½ÇÀÌ ÀÌÇØÇØ¾ß ÇÕ´Ï´Ù. - Àç±ÍÀû Äõ¸®(Recusive Queries) : °¡Àå °£´ÜÇÑ DNS Äõ¸® À¯ÇüÀÌ Àç±ÍÀû Äõ¸®ÀÔ´Ï´Ù. Àç±ÍÀû Äõ¸®¶õ Ŭ¶óÀ̾ðÆ®°¡ ¿äûÇÑ Á¤º¸¸¦ ÀüÇØÁְųª ¶Ç´Â ã°í ÀÖ´Â Á¤º¸°¡ ¾ø´Ù´Â ¿¡·¯ ¸Þ½ÃÁö¸¦ º¸³»ÁÖ´Â ÀÏÀ» ¸»ÇÕ´Ï´Ù. DNS¼­¹ö´Â ÇØ´ç Á¤º¸¸¦ ã±â À§ÇØ ´Ù¸¥ ¼­¹ö¿¡ Á¢¼ÓÀº ÇÏÁö ¾Ê½À´Ï´Ù. - ¹Ýº¹ Äõ¸®(Iterative Queries) : ¹Ýº¹Äõ¸®¶õ ¿äûµÈ À̸§À» IPÁÖ¼Ò·Î ¹Ù²Ù¾î Áְųª ¾Æ´Ï¸é ÀÌ ÀÛ¾÷À» ÇÒ ¼ö ÀÖ´Â ´Ù¸¥ DNS¼­¹ö¿¡ Ŭ¶óÀ̾ðÆ®¸¦ ¿¬°á½ÃÄÑ ÁÖ´Â ÀÛ¾÷À» ¸»ÇÕ´Ï´Ù. - ¿ª¹æÇâ Äõ¸®(Inverse Queries) : ¿ª¹æÇâÄõ¸®¶õ Ŭ¶óÀ̾ðÆ®°¡ ¾Ë°í ÀÖ´Â IPÁÖ¼Ò¸¦ °¡Áö°í È£½ºÆ® À̸§À» ÁöÁ¤ÇÏ·Á°í ÇÏ´Â Äõ¸®¸¦ ¸»ÇÕ´Ï´Ù. ¿ª¹æÇâ Äõ¸®¸¦ ¼öÇàÇÒ ¼ö ÀÖ´Â Á÷Á¢ÀûÀΠŽ»ö ¹æ¹ýÀº ¾ø±â ¶§¹®¾Ö, ÀÌ ÀÏÀ» ¼öÇàÇÒ ¼ö ÀÖµµ·Ï in-addr.arpa¶ó°í Çϴ Ư¼öµµ¸ÞÀÎÀÌ °³¹ßµÇ¾ú½À´Ï´Ù. in-addr.arpaµµ¸ÞÀο¡´Â IPÁÖ¼Ò¸¦ µû¶ó À̸§À» ¸¸µç ³ëµå(node)°¡ µé¾î ÀÖ½À´Ï´Ù. ----------------------- ¡Ø zoneÀÇ °³³ä ----------------------- DomainÀÇ Áö¿ªÀû ´ÜÀ§(¿µ¿ª)À̸ç, zoneÆÄÀÏÀº DNS server À§¿¡ ¸¸µé¾î³õÀº databaseÆÄÀÏÀÌ´Ù. zoneÀº ±âº»ÀûÀ¸·Î Çϳª ÀÌ»óÀÇ DomainÀ» Æ÷ÇÔÇϴµ¥, À̶§ zoneÀÌ °ü¸®ÇÏ´Â °¡Àå »óÀ§ÀÇ DomainÀ» ÇØ´ç zone¿¡ ´ëÇÑ root DomainÀ̶ó°í ÇÑ´Ù. ----------------------- ¡Ø BINDÀÇ ÀÌÇØ (p.240) ---------------------- £ªBerkely Internet Name Daemon £ªName Server¸¦ À§ÇÑ server daemon program £ªDomain Name SystemÀ» ±¸ÇöÇÑ °Í Áß °¡Àå ÀϹÝÀûÀÌ´Ù. *********************************************************************** ¦£¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢¼³Á¤Çϱ⠦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** # rpm -qa | grep bind bind-utils-9.2.1-16 --> DNS ³×ÀÓ ¼­¹öµéÀ» ÁúÀÇ(query)ÇÏ´Â À¯Æ¿¸®Æ¼ ypbind-1.11-4 bind-9.2.1-16 --> DNS ¼­¹ö bind-devel-9.2.1-16 ------------ 1. bind ¼³Ä¡ ------------ bind-9.2.1-16.i386.rpm : 1¹ø ½Ãµð caching-nameserver-7.2-7.noarch.rpm : 2¹ø ½Ãµð # cd /usr/local/src ¡Ø 1¹ø ½Ãµð ³Ö°í # mount /mnt/cdrom # cp /mnt/cdrom/RedHat/RPMS/bind-9.2.1-16.i386.rpm /usr/local/src # umount /mnt/cdrom ¡Ø 2¹ø ½Ãµð ³Ö°í # mount /mnt/cdrom # cp /mnt/cdrom/RedHat/RPMS/caching-nameserver-7.2-7.noarch.rpm /usr/local/src # umount /mnt/cdrom # rpm -Uvh bind-9.2.1-16.i386.rpm # rpm -Uvh caching-nameserver-7.2-7.noarch.rpm # vi /etc/named.conf ======================================================================== controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; }; options { directory "/var/named"; }; zone "." IN { type hint; file "named.ca"; --> root dns¼­¹ö Á¤º¸(/var/named/named.ca) }; zone "eduwiz.com" IN { type master; file "eduwiz.zone"; allow-update { none; }; }; zone "24.17.172.in-addr.arpa" IN { type master; file "eduwiz.rev"; allow-update { none; }; }; include "/etc/rndc.key"; ======================================================================== # vi /var/named/eduwiz.zone ======================================================================== $TTL 86400 @ 1D IN SOA ns.eduwiz.com. root.eduwiz.com. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns.eduwiz.com. ns IN A 172.17.24.160 www IN A 172.17.24.190 @ IN A 172.17.24.190 ======================================================================== # vi /var/named/eduwiz.rev ======================================================================== $TTL 86400 @ IN SOA ns.eduwiz.com. root.eduwiz.com. ( 2007111600 ; serial (d. adams) 28800 ; refresh 14400 ; retry 3600000 ; expiry 86400 ) ; minimum IN NS ns.eduwiz.com. 160 IN PTR ns.eduwiz.com. 190 IN PTR www.eduwiz.com. 190 IN PTR eduwiz.com. ======================================================================== ------------------------------------ 2. bind ³×ÀÓ¼­¹ö ¼³Á¤ÆÄÀÏ ¹®¹ý °Ë»ç ------------------------------------ # named-checkconf -t [³×ÀÓ¼­¹ö¼³Á¤ÆÄÀϵð·ºÅ丮] [³×ÀÓ¼­¹ö¼³Á¤ÆÄÀÏ] # named-checkzone [domain] [Á¸ÆÄÀÏ] ------------------------------------ 3. ³×ÀÓ¼­¹ö¸¦ ½ÃÀÛ|Á¤Áö|Àç½ÃÀÛ ¸í·É¾î ------------------------------------ # /etc/rc.d/init.d/named start|stop|restart À§ÀÇ ¸í·ÉÀÌ ÀßµÇÁö ¾ÊÀ¸¸é, ps -ef ¸í·ÉÀ» ÀÌ¿ëÇÏ¿© named µ¥¸óÀ» ãÀº ´ÙÀ½ kill -9 ¸í·ÉÀ» ÀÌ¿ëÇÏ¿© ÇÁ·Î¼¼½º¹øÈ£·Î µ¥¸óÀ» Á×ÀδÙÀ½ ³×ÀÓ¼­¹ö¸¦ ½ÃÀÛÇÑ´Ù. À§ÀÇ zone ÆÄÀÏ°ú rev ÆÄÀÏÀÇ ¼³Á¤Àº ±¸ºÐÀÚ¸¦ ½ºÆäÀ̽º¹Ù¸¦ »ç¿ëÇÏ´Â°Í º¸´Ù tabÀ» »ç¿ëÇÏÀÚ. ¾ÈµÉ°æ¿ì ÀÌ·¯ÇÑ ¹®Á¦·Î ¾ÈµÇ´Â °æ¿ìµµ ÀÖ´Ù. ------------------------ 4. DNS¿Í vhostÀÇ ¿¬°è ------------------------ # cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0 # vi /etc/sysconfig/network-scripts/ifcfg-eth0:0 DEVICE=eth0:0 --> ±âÁ¸¿¡´Â eth0 ·Î µÇ¾î ÀÖ´Ù. ONBOOT=yes BOOTPROTO=static IPADDR=192.168.20.97 --> ±âÁ¸ÀÇ ´Ù¸¥ IP°¡ ¼³Á¤µÇ¾î Àִµ¥ »õ·Î¿î IP¸¦ ³Ö¾îÁØ´Ù. NETMASK=255.255.255.0 GATEWAY=192.168.0.1 # /etc/rc.d/init.d/network restart # vi /usr/local/httpd/conf/httpd.conf =============================================================== ÆÄÀÏÀ» ¿­¾î /usr/local/httpd/conf/extra/httpd-vhosts.conf ÆÄÀÏÀ» INCLUDE ÇØÁØ´Ù. =============================================================== # vi /usr/local/httpd/conf/extra/httpd-vhosts.conf =============================================================== DocumentRoot /usr/local/httpd/htdocs/eduwiz ServerName eduwiz.com DocumentRoot /usr/local/httpd/htdocs/gukjungwon ServerName gukjungwon.com =============================================================== # apachectl restart # vi /etc/named.conf =============================================================== options { directory "/var/named"; }; zone "eduwiz.com" IN { type master; file "eduwiz.zone"; allow-update { none; }; }; zone "gukjungwon.com" IN { type master; file "gukjungwon.zone"; allow-update { none; }; }; zone "67.20.168.192" IN { type master; file "eduwiz.rev"; allow-update { none; }; }; zone "97.20.168.192" IN { type master; file "gukjungwon.rev"; allow-update { none; }; }; include "/etc/rndc.key"; =============================================================== --> 192.168.20.68ÀÇ Á¸ÆÄÀÏ # vi /var/named/eduwiz.zone =============================================================== $TTL 86400 @ 1D IN SOA ns.eduwiz.com. root.eduwiz.com. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns.eduwiz.com. ns IN A 192.168.20.67 www IN A 192.168.20.67 web IN A 192.168.20.67 @ IN A 192.168.20.67 # vi /var/named/eduwiz.rev $TTL 86400 @ IN SOA ns.eduwiz.com. root.eduwiz.com. ( 2007111600 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS ns.eduwiz.com. 67 IN PTR ns.eduwiz.com. 67 IN PTR www.eduwiz.com. 67 IN PTR eduwiz.com. 67 IN PTR web.eduwiz.com. =============================================================== --> 192.168.20.97ÀÇ Á¸ÆÄÀÏ # vi /var/named/gukjungwon.zone =============================================================== $TTL 86400 @ 1D IN SOA ns.gukjungwon.com. root.gukjungwon.com. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns.gukjungwon.com. ns IN A 192.168.20.97 www IN A 192.168.20.97 web IN A 192.168.20.97 @ IN A 192.168.20.97 =============================================================== # vi /var/named/gukjungwon.rev =============================================================== $TTL 86400 @ IN SOA ns.gukjungwon.com. root.gukjungwon.com. ( 2007111600 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS ns.gukjungwon.com. 97 IN PTR ns.gukjungwon.com. 97 IN PTR www.gukjungwon.com. 97 IN PTR gukjungwon.com. 97 IN PTR web.gukjungwon.com. =============================================================== # /etc/rc.d/init.d/named restart -------------------------------------- 5. ¸¶½ºÅÍ DNS ¿Í ½½·¹À̺ê DNS ±¸¼º -------------------------------------- =========== ¸¶½ºÅÍ DNS =========== # vi /etc/named.conf ================================================================== options { directory "/var/named"; controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; }; zone "." IN { type hint; file "named.ca"; }; zone "sak.co.kr" IN { type master; file "sak.zone"; allow-transfer { 192.168.20.97; }; }; zone "20.168.192.in-addr.arpa" IN { type master; file "sak.rev"; allow-transfer { 192.168.20.97; }; }; include "/etc/rndc.key"; ================================================================== =========== ½½·¹À̺ê DNS =========== # vi /etc/named.conf ================================================================== options { directory "/var/named"; }; controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; }; zone "." IN { type hint file "named.ca"; }; zone "sak.com" IN { type slave; file "sak.zone"; masters { 192.168.20.67; }; }; include "/etc/rndc.key"; ================================================================== -------------------------------------- 6. ¸¶½ºÅÍ DNS¿Í ½½·¹À̺ê DNSÀÇ TSIG ¼³Á¤ -------------------------------------- µÎ DNS¼­¹ö °£¿¡ »çÀü¿¡ °øÀ¯µÈ ¾Ïȣȭ۸¦ ÀÌ¿ëÇÏ¿© Æ®·£Àè¼ÇÀ» ÇÏ´Â °ÍÀ¸·Î master¿Í slave ÀÌ·¸°Ô µÎ´ë ÀÌ»óÀÇ DNS¼­¹ö¸¦ ¿î¿µÇÒ °æ¿ì¿¡¸¸ ÇØ´çµÈ´Ù. # dnsec-keygen -a hmac-md5 -b 128 -n HOST master-slave. Kmaster-slave.+157+25221 # cat Kmaster-slave.+157+25221.private Private-key-format: v1.2 Algorithm: 157 (HMAC_MD5) Key: l2YzOJ0370SM7gYdFCRenQ== Key¿¡ °ªÀ» °¢ DNSÀÇ /etc/named.conf »ó´Ü¿¡ ´ÙÀ½°ú °°ÀÌ Ãß°¡ÇÑ´Ù. ========== ¸¶½ºÅÍ DNS ========== # vi /etc/named.conf ================================================== key master-slave. { algorithm hmac-md5; secret "l2YzOJ0370SM7gYdFCRenQ=="; }; options { directory "/var/named"; }; controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; }; zone "." IN { type hint; file "named.ca"; }; zone "sak.com" IN { type master; file "sak.zone"; allow-transfer { key master-slave.; }; }; zone "20.168.192" IN { type master; file "sak.local"; allow-transfer { 192.168.20.97; }; }; include "/etc/rndc.key"; ================================================== ================ ½½·¹À̺ê DNS ================ # vi /etc/named.conf ================================================== key master-slave. { algorithm hmac-md5; secret "l2YzOJ0370SM7gYdFCRenQ=="; }; server 192.168.20.67 { keys { master-slave.; }; }; options { directory "/var/named"; }; controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; }; zone "." IN { type hint file "named.ca"; }; zone "sak.com" IN { type slave; file "sak.zone"; masters { 192.168.20.67; }; }; include "/etc/rndc.key"; ================================================== ±×¸®°í ¸¶Áö¸·À¸·Î TSIG¸¦ »ç¿ëÇÒ ¶§´Â ¼­¹öÀÇ ½Ã°£ Â÷ÀÌ°¡ 5ºÐ ÀÌ»ó ³¯ °æ¿ì Á¦´ë·Î µ¿ÀÛÇÏÁö ¾ÊÀ¸¹Ç·Î ¾ç¼­¹ö°£¿¡ ½Ã°£À» µ¿±âÈ­ÇÏ´Â °ÍÀÌ Áß¿äÇÏ´Ù. crontabÀ» ÀÌ¿ëÇÏ¿© ´ÙÀ½°ú °°ÀÌ ÁÖ±âÀûÀ¸·Î ½ÇÇàÇØÁÖ´Â °ÍÀÌ ÁÁ´Ù. ================================================== rdate -s time.bora.net && clock -w ================================================== -------------------------------------- 7. DNS¿Í vhost¸¦ ¿¬°è -------------------------------------- # vi /etc/named.conf ================================================================================= options { directory "/var/named"; }; zone "eduwiz.com" IN { type master; file "eduwiz.zone"; allow-update { none; }; }; zone "gukjungwon.com" IN { type master; file "gukjungwon.zone"; allow-update { none; }; }; zone "78.24.17.172" IN { type master; file "eduwiz.rev"; allow-update { none; }; }; zone "79.24.17.172" IN { type master; file "gukjungwon.rev"; allow-update { none; }; }; include "/etc/rndc.key"; ================================================================================= # vi /var/named/eduwiz.zone ================================================================================= $TTL 86400 @ 1D IN SOA ns.eduwiz.com. root.eduwiz.com. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns.eduwiz.com. ns IN A 172.17.24.78 www IN A 172.17.24.78 web IN A 172.17.24.78 @ IN A 172.17.24.78 ==================================================================================== # vi /var/named/eduwiz.rev ================================================================================= $TTL 86400 @ IN SOA ns.eduwiz.com. root.eduwiz.com. ( 2007111600 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS ns.eduwiz.com. 78 IN PTR ns.eduwiz.com. 78 IN PTR www.eduwiz.com. 78 IN PTR eduwiz.com. 78 IN PTR web.eduwiz.com. ========================================================================================== # vi /var/named/gukjungwon.zone ================================================================================= $TTL 86400 @ 1D IN SOA ns.gukjungwon.com. root.gukjungwon.com. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS ns.gukjungwon.com. ns IN A 172.17.24.79 www IN A 172.17.24.79 web IN A 172.17.24.79 @ IN A 172.17.24.79 ===================================================================================================== # vi /var/named/gukjungwon.rev ================================================================================= $TTL 86400 @ IN SOA ns.gukjungwon.com. root.gukjungwon.com. ( 2007111600 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum IN NS ns.gukjungwon.com. 79 IN PTR ns.gukjungwon.com. 79 IN PTR www.gukjungwon.com. 79 IN PTR gukjungwon.com. 79 IN PTR web.gukjungwon.com. ==================================================================================== --> ¾ÆÆÄÄ¡ ȯ°æ¼³Á¤ ÆÄÀÏ¿¡¼­ vhost¿¡ °ü·ÃµÈ ÆÄÀÏÀ» include ÇØÁØ´Ù. # vi /usr/local/httpd/conf/httpd.conf ================================================================================= ÆÄÀÏÀ» ¿­¾î /usr/local/httpd/conf/extra/httpd-vhosts.conf ÆÄÀÏÀ» INCLUDE ÇØÁØ´Ù. ================================================================================= # vi /usr/local/httpd/conf/extra/httpd-vhosts.conf ================================================================================= DocumentRoot /usr/local/httpd/htdocs/eduwiz ServerName eduwiz.com DocumentRoot /usr/local/httpd/htdocs/gukjungwon ServerName gukjungwon.com ================================================================================= *********************************************************************** ¦®¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¯ ¦­vsftpd FTP (p.271) ¦­ ¦±¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦° ¦£¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢°³³äÁ¤¸® ¦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** FTP´Â TCP±â¹ÝÀÇ ¼­ºñ½ºÀÌ´Ù. FTP´Â µ¥ÀÌÅÍ Æ÷Æ®¿Í ¸í·É Æ÷Æ® µÎ °³¸¦ »ç¿ëÇϴµ¥ ÀüÅëÀûÀ¸·Î 21¹ø Æ÷Æ®¸¦ ¸í·É Æ÷Æ®·Î »ç¿ëÇÏ°í 20¹ø Æ÷Æ®¸¦ µ¥ÀÌÅ͸¦ Àü¼ÛÇϴµ¥ »ç¿ëÇÑ´Ù. £ª20¹ø Æ÷Æ® : UDP¸¦ »ç¿ëÇÏ¿©¼­ ºü¸¥ Àü¼ÛÀÌ °¡´ÉÇϱ⠶§¹®¿¡ DATA ¸¦ Àü¼ÛÇϴµ¥ »ç¿ëµÈ´Ù. £ª21¹ø Æ÷Æ® : TCP¸¦ »ç¿ëÇÏ¿©¼­ ½Å·Ú¼ºÀÖ´Â Åë½ÅÀ» Çϱ⶧¹®¿¡ ¸í·É¾î(COMMAND)¸¦ Àü¼ÛÇϴµ¥ »ç¿ëµÈ´Ù. FTP´Â ±âº»ÀûÀ¸·Î µÎ °¡Áö ¸ðµå¸¦ Áö¿øÇÑ´Ù. £ªActive Mode - ¸ÕÀú Ŭ¶óÀ̾ðÆ®°¡ 1024 ÀÌ»óÀÇ ÀÓÀÇ Æ÷Æ®(N)¸¦ ¿­°í FTP¼­¹öÀÇ ¸í·É Æ÷Æ®ÀÎ 21¹øÀ¸·Î ¿¬°áÇÑ´Ù. ±×¸®°í Ŭ¶óÀ̾ðÆ®´Â N+1¹ø Æ÷Æ®¸¦ ¿­°í ´ë±â¸¦ ÇÏ°í FTP¸í·É PORT N+1 À» FTP¼­¹ö¿¡ º¸³½´Ù. ¼­¹ö´Â ÀÚ½ÅÀÇ ·ÎÄà µ¥ÀÌÅÍ Æ÷Æ®ÀÎ 21¹øÀ» ÀÌ¿ëÇÏ¿© Ŭ¶óÀ̾ðÆ®ÀÇ ÁöÁ¤µÈ µ¥ÀÌÅÍ Æ÷Æ®¿¡ ¿¬°áÇÑ´Ù. £ªPassive Mode - FTPŬ¶óÀ̾ðÆ®¿Í ¼­¹ö°£ÀÇ Åë½ÅÀº SYN ÆÐŶ°ú ACK ÆÐŶ¿¡ ÀÇÇØ ÀÌ·ç¾îÁø´Ù. ÇÏÁö¸¸, ÀÌ·² °æ¿ì Active¸ðµå´Â Firewall µî°ú °°Àº ½Ã½ºÅÛ ±¸¼º¿¡ À־ ¹®Á¦Á¡À» ¾ß±âÇÒ ¼ö ÀÖ°Ô µÈ´Ù. ¿Ö³ÄÇϸé, Firewall µîÀ» »ç¿ëÇÒ °æ¿ì, FTP¼­¹ö´Â FirewallÀ» ÅëÇØ Å¬¶óÀ̾ðÆ®¿ÍÀÇ Åë½ÅÀ» ÀÌ·ç¾î¾ß ÇϹǷÎ, ÀÌ·± Ãß±¸»óȲ±îÁö »ìÆ캸¾Æ¾ß Çϱ⶧¹®ÀÌ´Ù. Áï, ÀÌ·± ¹®Á¦Á¡µéÀ» ÇØ°áÇϱâ À§ÇØ µîÀåÇÑ °ÍÀÌ ¹Ù·Î Passive ¸ðµåÀÌ´Ù. - FTP ¼­¹öÀÇ 20¹ø Æ÷Æ®·Î Ŭ¶óÀ̾ðÆ®°¡ Á÷Á¢ Åë½ÅÇÒ ÇÊ¿ä°¡ ¾ø¾î¼­ ¹æÈ­º® µî°ú °°Àº ½Ã½ºÅÛ ±¸Ãà¿¡ »ó´çÇÑ µµ¿òÀÌ µÈ´Ù. ---------------- ¡Ø Vsftpd FTP¼Ò°³ ---------------- - °¡»ó IPº° º°µµÀÇ È¯°æ ¼³Á¤ ±â´É (¼³Á¤ÆÄÀÏÀÇ listen_address=ÀÌ¿ë) - °¡»ó »ç¿ëÀÚ ¼³Á¤ - Àü¼Û ´ë¿ªÆø ÁöÁ¤ - PAMÁö¿ø - xferlog Ç¥ÁØ ·Î±× ÆÄÀϺ¸´Ù »ó¼¼ÇÑ ÀÚü ·Î±× ÆÄÀÏ Çü½Ä Áö¿ø - Standalone¹æ½Ä°ú inetd(xinetd)¸¦ ÅëÇÑ ¿î¿µ ¸ðµÎ Áö¿ø - IPº° ´Ù¸¥ ȯ°æ ÆÄÀÏ ÁöÁ¤ ±â´É(tcp_wrappers¿Í ÇÔ²² »ç¿ëÇÒ ¶§) ¸®´ª½º¿¡¼­ »ç¿ëÇÒ¼ö ÀÖ´Â FTPµ¥¸óÀº proftp, wu-ftp¸¦ ºñ·ÔÇÏ¿© ¸¹Àº µ¥¸óµéÀÌ ÀÖ´Ù. ±×Áß vsftpd´Â Very Secure FTP DaemonÀÇ ¾àÀÚ·Î ¶Ù¾î³­ º¸¾ÈÀ» ÀÚ¶ûÇÏ´Â FTP ¼­¹ö ÇÁ·Î±×·¥(µ¥¸ó,Daemon)ÀÌ´Ù. vsftpd´Â º¸¾È ÀÌ¿Ü¿¡µµ, ºü¸¥ ÆÛÆ÷¸Õ½º, ¾ÈÁ¤¼ºÀ» ÁÖ¿ä Ư¡À¸·Î ¼Ò°³ÇÏ°í ÀÖ´Â ±× ¼º´Éµµ ¿©´À ftp¼­¹öº¸´Ù Ź¿ùÇÏ´Ù. ÇöÀç Redhat GNU/Linux¿¡¼­ ±âÁ¸ÀÇ wuftpd¸¦ ´ë½ÅÇؼ­ µé¾î ÀÖ°í ¿©·¯ Å« »çÀÌÆ®°¡ ÀÌ ÇÁ·Î±×·¥À¸·Î µ¹¾Æ°¡°í À־ ÇöÀç ±× ¼º´ÉÀ» ÀÎÁ¤¹Þ°í ÀÖ´Ù. *********************************************************************** ¦£¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢¼³Ä¡Çϱ⠦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** ------------------------------------ ¼³Ä¡µÇ¾î ÀÖ´ÂÁö È®ÀÎ Çϱâ ------------------------------------ --> ¼­¹ö¿¡¼­ 21¹øÆ÷Æ®(ftp)¸¦LISTEN ÇÏ°í ÀÖ´Â ¼­ºñ½ºµéÀ» º¾´Ï´Ù. # netstat -anp | grep LISTEN tcp 0 0 0.0.0.0:649 0.0.0.0:* LISTEN 1739/rpc.statd tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1923/xinetd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1720/portmap tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 1848/cupsd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1941/sendmail: acce tcp 0 0 :::22 :::* LISTEN 1910/sshd --> À§¿Í°°ÀÌ 21¹ø Æ÷Æ®°¡ ¿­·ÁÀÖÁö ¾Ê¾Æ¾ß ÇÑ´Ù. # cat /etc/passwd # cat /etc/group --> À§ µÎÆÄÀÏ¿¡ ftp ¶ó´Â °èÁ¤ÀÌ Á¸ÀçÇÏ´ÂÁö È®ÀÎÇÑ´Ù. --> Á¸ÀçÇÏÁö ¾Ê´Â´Ù¸é °èÁ¤À» ¸¸µé¾îÁØ´Ù. ----------------- vsftp ¼³Ä¡Çϱâ ----------------- # cd /usr/local/src # wget ftp://vsftpd.beasts.org/users/cevans/vsftpd-2.0.5.tar.gz # tar xvfz vsftpd-2.0.5.tar.gz # cd vsftpd-2.0.5 # vi logging.c ================================================================================ /* str_replace_unprintable(p_str, '?'); */ 157¶óÀÎÀ» ÁÖ¼®Ã³¸®ÇÏ¿© ¼öÁ¤ÇÑ´Ù. ÁÖÀÇÇÒ Á¡Àº /* ¿Í */ °¡ 157¶óÀÎÀÇ Ã³À½°ú ³¡¿¡ À§Ä¡ÇØ¾ß ÇÑ´Ù´Â °ÍÀÌ´Ù. ÀÌ ³»¿ëÀº vsftpd´Â Ãâ·ÂÇÒ ¼ö ¾ø´Ù°í ÆÇ´ÜÇÏ´Â ASCII ÄÚµå 31 ÀÌÇÏ, 128~159, 177 ¹®ÀÚ¸¦ ? ·Î ¹Ù²ã¼­ ÀúÀåÇÑ´Ù. ÇÑ±Û ÆÄÀϸíÀ» Àü¼ÛÇÒ ¶§ ·Î±×¿¡ ???? ·Î ³²Áö¾Êµµ·Ï str_replace_unprintable(p_str, '?'); ¸¦ ÁÖ¼®Ã³¸® ================================================================================ # vi builddefs.h ================================================================================ tcp_wrappers Á¢¼ÓÁ¦¾î¸¦ »ç¿ëÇÏ·Á¸é #undef VSF_BUILD_TCPWRAPPERS -> #define VSF_BUILD_TCPWRAPPERS ·Î ¹Ù²Û´Ù. ================================================================================ # make (configure °úÁ¤Àº ¾øÀ¸´Ï ¹Ù·Î make ÇÑ´Ù.) ¹Ù·Î make installÇϸé install½Ã ÇÊ¿äÇÑ Æ¯Á¤À§Ä¡ÀÇ µð·ºÅ丮µéÀÌ ¾ø¾î¼­ ¿À·ù°¡ ¶á´Ù ±×·¡¼­ ¹Ì¸® ¿À·ù³¯ ºÎºÐµéÀ» ¸¸µé¾î ³õ°í install Çϴ°ÍÀÌ ÁÁ´Ù. make °úÁ¤ÀÌ ³¡³ª¸é make install ÇϱâÀü¿¡ ¼±ÇàµÇ¾ßÇÒ ÀÛ¾÷ÀÌ ÀÖ´Ù. # grep nobody /etc/passwd ¢Ñ (nobody°èÁ¤ÀÌ Á¸ÀçÇؾßÇÑ´Ù.) # mkdir /usr/share/empty # mkdir /var/ftp # chown root:root /var/ftp # chmod og-w /var/ftp # mkdir /usr/local/sbin # mkdir /usr/loca/man # mkdir /usr/local/man/man8 # mkdir /usr/local/man/man5 # make install # cp vsftpd.conf /etc ¢Ñ (¼³Á¤ÆÄÀÏÀ» /etc ·Î º¹»çÇØ µÓ´Ï´Ù.) # cp RedHat/vsftpd.pam /etc/pam.d/vsftpd ¢Ñ (ÀÎÁõ°ü·Ã ó¸®) # vi /etc/xinetd.d/vsftpd ================================================================================ # default: on # description: # The vsftpd FTP server serves FTP connections. It uses # normal, unencrypted usernames and passwords for authentication. # vsftpd is designed to be secure. service ftp { socket_type = stream wait = no user = root server = /usr/local/sbin/vsftpd # server_args = # log_on_success += DURATION USERID # log_on_failure += USERID nice = 10 disable = no (disable Áï ºÒ°¡´ÉÀÌ no ´Ï±î ¼­ºñ½º¸¦ °¡´ÉÇÑ»óÅ·ΠµÎ°Ú´Ù¶ó´Â ÀǹÌ) } À§ÀÇ ³»¿ë¿¡¼­ disable = no·Î µÇ¾îÀÖ¾î¾ß ÇÕ´Ï´Ù. server = /usr/local/sbin/vsftpd ºÎºÐÀº ½ÇÁ¦ ¼öÆÛµ¥¸óÀÌ ÂüÁ¶ÇÏ´Â ½ÇÇàÆÄÀÏÀÔ´Ï´Ù. À§¿Í °°ÀÌ µÇ¾î ÀÖ´Ù¸é ÀúÀåÇÏ°í ³ª¿Â´Ù. ================================================================================ netsysv·Î ¼±ÅÃÇß´ø Á÷Á¢ vi /etc/xinetd.d/vsftpd ¸¦ üũÇÏ´øÁö # /etc/rc.d/init.d/xinetd restart xinetd ¸¦Á¤ÁöÇÔ: [ È®ÀÎ ] xinetd(À»)¸¦ ½ÃÀÛÇÔ: [ È®ÀÎ ] # netstat -anp | grep LISTEN ================================================================================ tcp 0 0 0.0.0.0:649 0.0.0.0:* LISTEN 1739/rpc.statd tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1923/xinetd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1720/portmap tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 3195/xinetd tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 1848/cupsd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1941/sendmail: acce tcp 0 0 :::22 :::* LISTEN 1910/sshd ================================================================================ vsftpµ¥¸óÀ̶óÇÏ¿©µµ ½´ÆÛµ¥¸óÀÌ À̸¦ °ü¸®ÇÏ¿© ¶ç¿öÁֹǷΠǥ½Ã´Â xinetd¶ó°í Ç¥½ÃµÇ³ª Æ÷Æ®¹øÈ£¸¦ º¸¸é 21¹øÀ̶ó°í ftp°¡ Ãß°¡µÇ¾úÀ½À» ¾Ë¼ö°¡ ÀÖ½À´Ï´Ù. ----------------- vsftpd.conf ----------------- ================================================================================ # vi /etc/vsftpd.conf # À͸í»ç¿ëÀÚ¸¦ Á¢¼Ó½Ãų°ÍÀ̳Ä? °ø°³¿ë ftp°¡ ¾Æ´Ï¶ó¸é no ȤÀº ÁÖ¼®Ã³¸®!! # anonymous_enable=YES # localÀ¯Àú Áï À̼­¹ö¿¡ ÀÖ´Â °èÁ¤µéÀ» Á¢¼Ó°¡´ÉÇÏ°Ô ÇÒ°ÍÀ̳Ä? local_enable=YES # ¾²±â±ÇÇѺο©ÇҰųÄ? write_enable=YES # ·ÎÄÃÁ¢¼ÓÀÚ Á¢¼Ó±ÇÇÑÀ» ¸í½ÃÇÑ´Ù. 022ÇØÁֽøé 755¶ó´Â Æ۹̼ÇÀ¸·Î Á¢¼ÓÇÏ°Ô µË´Ï´Ù. local_umask=022 # À͸í»ç¿ëÀÚ°¡ ¾÷·Îµå ÇÒ¼öÀÖ°Ô ÇҰųÄ? ¼­¹öÀÇ Æ¯¼º¿¡ ¸Â°Ô ¼³Á¤ÇÑ´Ù. # anon_upload_enable=YES # À͸í»ç¿ëÀÚ°¡ µð·ºÅ丮¸¦ ¸¸µé°Ô ÇҰųÄ? À͸í»ç¿ëÀÚ¸¦ Çã¿ë¾ÈÇҰŸé À͸í°ü·ÃÀº ´Ù no. #anon_mkdir_write_enable=YES #¿ø°Ý¿¡¼­ Á¢¼ÓÇϸé ȯ¿µ¹®ÀÚ »ç¿ëÇÒ°ÇÁö? dirmessage_enable=YES #¾÷,´Ù¿î·Îµå ·Î±× ³²±æ°ÇÁö? xferlog_enable=YES # ¾÷,´Ù¿î·Îµå ·Î±× ÆÄÀÏÁöÁ¤ xferlog_file=/var/log/vsftpd.log # ascii ¸ðµå ÆÄÀÏÀ» Ãë±Þ(¾÷,´Ù¿î·Îµå)ÇҰųÄ? #ascii_upload_enable=YES #ascii_download_enable=YES # ftp¼­¹öÁ¢¼Ó½Ã º¸¿©ÁÙ ¸àÆ® #ftpd_banner=Welcome to blah FTP service. ¾Æ·¡´Â °³³äÀÌ ¾à°£ ÀÇ¿ÜÀÌ´Ù. # ´Ü¼øÈ÷ yes , no °³³äÀÌ ¾Æ´Ï°í # ¸ÕÀú yes¸¦ ÇÏ¸é ´Ù¸§ ³ª¿À´Â ÆÄÀÏ¿¡ ¸í½ÃµÈ # °èÁ¤µéÀ» chroot(Ȩµð·ºÅ丮 À§·Î°¥¼öÀÖ´Â) ÇÏ°Ú´Ù¶ó´Â # ¶æÀ̵ǰí no¸¦ ÇÏ¸é ¾Æ·¡ÆÄÀÏ¿¡ ÀûÈù °èÁ¤µé¸¸ # chroot ¸øÇÏ°Ô ÇÏ°Ú´Ù¶ó´Â ¶æ #chroot_list_enable=YES #chroot_list_file=/etc/vsftpd.chroot_list ######################################################### # # ¿©±â¼­ºÎÅÍ´Â ±âº» ¼³Á¤¿¡´Â ¾ø°í ÇÊ¿ä½Ã Ãß°¡Çؼ­ # # ¾²´Â ¼³Á¤µéÀÔ´Ï´Ù. # ######################################################### # PAM ÆÄÀϸíÀ» ÁöÁ¤ (¼³Ä¡ÇÒ ¶§ /etc/pam.d/vsftpd¸íÀ¸·Î º¹»çÇÔ) pam_service_name=vsftpd # wtmp¿¡ ·Î±× ³²±â±â (YES·Î Çؾ߸¸ last ¸í·É¾î·Î Á¢¼Ó ¿©ºÎ È®ÀÎ °¡´É) session_support=YES # »ç¿ëÀÚ°¡ ÀÚ½ÅÀÇ home directory¸¦ ¹þ¾î³ªÁö ¸øÇϵµ·Ï ¼³Á¤ chroot_local_user=YES # »õ·Î¿î µð·ºÅ丮¿¡ µé¾î°¬À» ¶§ »Ñ·ÁÁ٠ȯ°æ ¸Þ½ÃÁö¸¦ ÀúÀåÇÑ ÆÄÀϸí # message_file=.message # xferlog Çü½ÄÀ¸·Î log¸¦ ³²±â·Á¸é (À§¿¡¼­ ÀÌ¹Ì YES·Î ÇßÀ½) # xferlog_std_format=NO # #¡¡ - xferlog Ç¥ÁØ Æ÷¸ËÀº ·Î±ä, µð·ºÅ丮 »ý¼ºµîÀÇ ·Î±×¸¦ ³²±âÁö ¾ÊÀ½ #¡¡¡¡ ±×·¯³ª vsftpd ½ºÅ¸ÀÏ ·Î±×´Â À̸¦ Æ÷ÇÔÇÑ º¸´Ù »ó¼¼ÇÑ ·Î±×¸¦ ³²±è #¡¡ - vsftpd ½ºÅ¸ÀÏ ·Î±× ¿¹ # #¡¡ Sun Jul 12 01:38:32 2003 [pid 31200] CONNECT: Client "127.0.0.1" #¡¡ Sun Jul 12 01:38:34 2003 [pid 31199] [truefeel] FAIL LOGIN: Client "127.0.0.1" #¡¡ Sun Jul 12 01:38:38 2003 [pid 31199] [truefeel] OK LOGIN: Client "127.0.0.1" # Àü¼Û¼Óµµ Á¦ÇÑ (0Àº Á¦ÇѾøÀ½, ´ÜÀ§´Â ÃÊ´ç bytes) anon_max_rate=0 local_max_rate=0 trans_chunk_size=0 # ÃÖ´ë Á¢¼Ó ¼³Á¤ (´Ü xinetd¸¦ ÅëÇÏÁö ¾Ê°í standaloneÀ¸·Î µ¿ÀÛÇÒ ¶§¸¸ »ç¿ë °¡´É) # standaloneÀ» À§Çؼ­´Â listen=YES Ãß°¡ÇÏ°í º°µµ·Î vsftpd¸¦ ¶ç¿ö¾ß ÇÔ # # max_clients=ÃÖ´ë Á¢¼ÓÀÚ ¼ö, max_per_ip=IP´ç Á¢¼Ó ¼ö # max_clients=100 # max_per_ip=3 # Standalone À¸·Î ¿î¿µÇÒ ¶§ listen=YES. Æ÷Æ® º¯°æÀ» ¿øÇÒ °æ¿ì listen_port ¼³Á¤ # µðÆúÆ® Æ÷Æ®´Â 21¹ø Æ÷Æ®ÀÌ´Ù. # listen=YES # listen_port=21 #######################¼³Á¤ ¿¹Á¦(ÇöÀç ½Ç½Àȯ°æ ¼³Á¤ ³»¿ë)######################## #anonymous_enable=YES local_enable=YES write_enable=YES local_umask=022 #anon_upload_enable=YES #anon_mkdir_write_enable=YES dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES #chown_uploads=YES #chown_username=whoever xferlog_file=/var/log/vsftpd.log xferlog_std_format=YES #idle_session_timeout=600 #data_connection_timeout=120 #nopriv_user=ftpsecure #async_abor_enable=YES #ascii_upload_enable=YES #ascii_download_enable=YES ftpd_banner=Welcome to HACKERS FTP service. #deny_email_enable=YES #banned_email_file=/etc/vsftpd.banned_emails #chroot_list_enable=YES #chroot_list_file=/etc/vsftpd.chroot_list #ls_recurse_enable=YES chroot_local_user=YES pam_service_name=vsftpd session_support=YES ########################################################################### *** À§¿Í°°ÀÌ ¼³Á¤ÀÌ µÇ¾ú´Ù¸é ftp »ç¿ëÀÚ·Î »ç¿ëÇÒ À¯Àú °èÁ¤À» »ý¼ºÇÑ´Ù. À§ ¼³Á¤¿¡ µû¸£¸é ÇØ´ç °èÁ¤Àº ÀÚ½ÅÀÇ °èÁ¤µð·ºÅ丮 ¿Ü¿¡´Â À̵¿ÇÏÁö ¸øÇÑ´Ù. ¼³Á¤ÀÌ ¿Ï·á µÇ¾úÀ¸¸é # /etc/rc.d/init.d/xinetd restart ####################### FTP ¸í·É¾î ######################## ascii : Àü¼Û¸ðµå¸¦ ASCII¸ðµå·Î ¼³Á¤ÇÑ´Ù.(ascii¶Ç´Â as) binary : Àü¼Û¸ðµå¸¦ BINARY¸ðµå·Î ¼³Á¤ÇÑ´Ù.( binary¶Ç´Â bi) bell : ¸í·É¾î ¿Ï·á½Ã¿¡ º§¼Ò¸®¸¦ ³ª°ÔÇÑ´Ù.(bell) bye : ftpÁ¢¼ÓÀ» Á¾·áÇÏ°í ºüÁ®³ª°£´Ù.(bye) cd : remote½Ã½ºÅÛÀÇ µð·ºÅ丮¸¦ º¯°æÇÑ´Ù.(cd µð·ºÅ丮¸í) cdup : remote½Ã½ºÅÛ¿¡¼­ ÇÑ´Ü°è »óÀ§µð·ºÅ丮·Î À̵¿ÇÑ´Ù.(cdup) chmod : remote½Ã½ºÅÛÀÇ ÆÄÀÏÆ۹̼ÇÀ» º¯°æÇÑ´Ù.(chmod 755 index.html) close : ftpÁ¢¼ÓÀ» Á¾·áÇÑ´Ù. (close) delete : remote½Ã½ºÅÛÀÇ ÆÄÀÏÀ» »èÁ¦ÇÑ´Ù.(delete index.old) dir : remote½Ã½ºÅÛÀÇ µð·ºÅ丮 ³»¿ëÀ» µð½ºÇ÷¹ÀÌÇÑ´Ù.(dir) disconnect : ftpÁ¢¼ÓÀ» Á¾·áÇÑ´Ù.(disconnect) exit : ftpÁ¢¼ÓÀ» Á¾·áÇÏ°í ºüÁ®³ª°£´Ù.(exit) get : ÁöÁ¤µÈ ÆÄÀÏÇϳª¸¦ °¡Á®¿Â´Ù.(get index.html) hash : ÆÄÀÏÀü¼Û µµÁß¿¡ "#"Ç¥½Ã¸¦ ÇÏ¿© Àü¼ÛÁßÀÓÀ» ³ªÅ¸³½´Ù.(hash) help : ftp¸í·É¾î µµ¿ò¸»À» º¼ ¼ö ÀÖ´Ù.(help¶Ç´Â help ¸í·É¾î) lcd : local½Ã½ºÅÛÀÇ µð·ºÅ丮¸¦ º¯°æÇÑ´Ù.(lcd µð·ºÅ丮¸í) ls : remote½Ã½ºÅÛÀÇ µð·ºÅ丮 ³»¿ëÀ» µð½ºÇ÷¹ÀÌÇÑ´Ù. (ls ¶Ç´Â ls -l) mdelete : ¿©·¯°³ÀÇ ÆÄÀÏÀ» ÇѲ¨¹ø¿¡ Áö¿ï ¶§ »ç¿ëÇÑ´Ù.( mdelete *.old) mget : ¿©·¯°³ÀÇ ÆÄÀÏÀ» ÇѲ¨¹ø¿¡ °¡Á®¿À·ÁÇÒ ¶§ »ç¿ëÇÑ´Ù. ( mget *.gz) mput : ÇѲ¨¹ø¿¡ ¿©·¯°³ÀÇ ÆÄÀÏÀ» remote½Ã½ºÅÛ¿¡ ¿Ã¸°´Ù.(mput *.html) open : ftpÁ¢¼ÓÀ» ½ÃµµÇÑ´Ù.(open 168.126.72.51¶Ç´Â open ftp.kornet.net) prompt : ÆÄÀÏÀü¼Û½Ã¿¡ È®ÀΰúÁ¤À» °ÅÄ£´Ù. on/off Åä±Û (prompt) put : ÇϳªÀÇ ÆÄÀÏÀ» remote½Ã½ºÅÛ¿¡ ¿Ã¸°´Ù.(put index.html) pwd : remote½Ã½ºÅÛÀÇ ÇöÀç ÀÛ¾÷µð·ºÅ丮¸¦ Ç¥½ÃÇÑ´Ù.(pwd) quit : ftpÁ¢¼ÓÀ» Á¾·áÇÏ°í ºüÁ®³ª°£´Ù.(quit) rstatus : remote½Ã½ºÅÛÀÇ »óȲ(version, ¾îµð¼­, Á¢¼ÓIDµî)À» Ç¥½ÃÇÑ´Ù.(rstatus) rename : remote½Ã½ºÅÛÀÇ ÆÄÀϸíÀ» ¹Ù²Û´Ù.(remote ÇöÀçÆÄÀÏ¸í ¹Ù²ÜÆÄÀϸí) rmdir : remote½Ã½ºÅÛÀÇ µð·ºÅ丮À» »èÁ¦ÇÑ´Ù.(rmdir µð·ºÅ丮¸í) size :remote½Ã½ºÅÛ¿¡ ÀÖ´Â ÆÄÀÏÀÇ Å©±â¸¦ byte´ÜÀ§·Î Ç¥½ÃÇÑ´Ù.(size index.html) status : ÇöÀç ¿¬°áµÈ ftp¼¼¼Ç¸ðµå¿¡ ´ëÇÑ ¼³Á¤À» º¸¿©ÁØ´Ù.(status) type : Àü¼Û¸ðµå¸¦ ¼³Á¤ÇÑ´Ù.(type ¶Ç´Â type ascii ¶Ç´Â type binary) *********************************************************************** ¦®¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¯ ¦­NFS Server Security (p.285) ¦­ ¦±¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦° ¦£¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢°³³äÁ¤¸® ¦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** NFS(Network File System)ÀÇ Á¤ÀÇ - NFS´Â Sun Microsystems»ç¿¡¼­ °³¹ßµÇ¾ú´Ù. - TCP/IP network »ó¿¡¼­ ´Ù¸¥ computerÀÇ File SystemÀ» mountÇÏ¿© °øÀ¯ÇÑ´Ù. - Client¿¡¼­ ´Ù¸¥ systemÀÇ File SystemÀ» mountÇÏ¿© »ç¿ëÇÑ´Ù. º¸¾È¿¡ »ó´çÈ÷ ¹Ì¾àÇϱ⠶§¹®¿¡, ÁÖÀÇÇؼ­ »ç¿ëÇÏ¿©¾ß ÇÑ´Ù. NFS´Â ÄÄÇ»ÅÍ »ç¿ëÀÚ°¡ ¿ø°ÝÁö ÄÄÇ»ÅÍ¿¡ ÀÖ´Â ÆÄÀÏÀ» ¸¶Ä¡ ÀÚ½ÅÀÇ ÄÄÇ»ÅÍ¿¡ ÀÖ´Â °Íó·³ °Ë»öÇÏ°í, ¸¶À½´ë·Î ÀúÀåÇϰųª ¼öÁ¤Çϵµ·Ï ÇØÁִ Ŭ¶óÀ̾ðÆ®/¼­¹öÇü ÀÀ¿ëÇÁ·Î±×·¥ÀÌ´Ù. »ç¿ëÀÚ ½Ã½ºÅÛ¿¡´Â NFSŬ¶óÀ̾ðÆ®°¡ ÀÖ¾î¾ßÇϸç, ´Ù¸¥ ÄÄÇ»ÅÍ(¿ø°ÝÁöÀÇ ÄÄÇ»ÅÍ)¿¡´Â NFS ¼­¹ö°¡ ¼³Ä¡µÇ¾î ÀÖ¾î¾ß ÇÑ´Ù. ¶ÇÇÑ, µÑ ¸ðµÎ TCP/IP ÇÁ·ÎÅäÄÝÀÌ ¼³Ä¡µÇ¾î ÀÖ¾î¾ß Çϴµ¥, ¿Ö³ÄÇϸé, NFS¼­¹ö¿Í Ŭ¶óÀ̾ðÆ®°¡ ÆÄÀÏÀ» º¸³»°Å³ª ¼öÁ¤ÇÏ´Â ÇÁ·Î±×·¥À¸·Î TCP/IP¸¦ »ç¿ëÇϱ⠶§¹®ÀÌ´Ù. NFS´Â ½ã¸¶ÀÌÅ©·Î½Ã½ºÅÛÁî¿¡ ÀÇÇØ °³¹ßµÇ¾úÀ¸¸ç, ÆÄÀϼ­¹öÀÇ Ç¥ÁØÀ¸·Î Á¤ÂøµÇ¾ú´Ù. ÀÌ ÇÁ·ÎÅäÄÝÀº ÄÄÇ»ÅÍµé °£ÀÇ Åë½Å¹æ¹ýÀ¸·Î¼­ RPC¸¦ »ç¿ëÇÑ´Ù. À©µµ¿ì 95¿Í ½ã(Sun)ÀÇ Solstice Network Client¿Í °°Àº Á¦Ç°À» »ç¿ëÇÏ´Â ÀϺΠ¿î¿µÃ¼°è¿¡ NFS¸¦ ¼³Ä¡ÇÒ¼ö ÀÖ´Ù. *********************************************************************** ¦£¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢¼³Ä¡Çϱ⠦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** # rpm -qa | grep nfs # rpm -qa | grep portmap --> nfs¿Í portmap ÀÌ ÀÌ¹Ì ¼³Ä¡°¡ µÇ¾î ÀÖ´Ù. # ps -ef | grep portmap # ps -ef | grep nfs --> ÇÁ·Î¼¼½º¸¦ µé¾î´Ùº» °á°ú portmap´Â ½ÇÇàµÇ°í ÀÖÁö¸¸ nfs´Â ½ÇÇàµÇ°í ÀÖÁö ¾Ê´Ù. # /etc/rc.d/init.d/portmap restart # /etc/rc.d/init.d/nfs start --> portmapÀº Àç½ÃÀÛÇغ¸°í nfs´Â ½ÃÀÛÇÑ´Ù. # cat /etc/exports /data 192.168.10.32(rw,no_root_squash) --> À§¿Í °°ÀÌ ÀúÀåÇÏ°í ³ª¿Â´Ù. ÀÌ´Â /data¶ó´Â µð·ºÅ丮¸¦ °ø¿äÇÒ°ÍÀÌ°í --> 192.168.10.32¶ó´Â IP¿¡¼­ Á¢±ÙÀ» Çã¿ëÇϸç ÀÐ°í ¾²±â ±ÇÇÑÀ¸·Î ÇÏ°Ú´Ù´Â °ÍÀÌ´Ù. # mkdir /data # touch /data/1 # touch /data/2 # touch /data/3 # touch /data/4 # mkdir -p /test/home ¢Ñ ÇÊ¿äÇÑ µð·ºÅ丮¿Í ºñ¾îÀÖ´Â ÆÄÀÏÀ» »ý¼ºÇÑ´Ù. # exportfs -v ¢Ñ ÇöÀç ¼³Á¤À» È®ÀÎÇÏ´Â ¸í·ÉÀÌ´Ù. # exportfs -ar ¢Ñ À§ÀÇ /etc/exports ÆÄÀÏÀÇ ³»¿ëÀ» ½ÇÁ¦ Àû¿ëÇÏ´Â ¸í·ÉÀÌ´Ù. # exportfs -v ¢Ñ ½ÇÁ¦ ¼³Á¤ÀÌ Àû¿ëµÇ¾ú´ÂÁö È®ÀÎÇÒ ¼ö ÀÖ´Ù. # mount -t nfs 192.168.10.35:/data /test/home --> ½ÇÁ¦ »ó´ë¹æÀÇ nfs ¼­¹ö¸¦ ÀÌ¿ëÇÏ¿© ³» ½Ã½ºÅÛÀ¸·Î ¸¶¿îÆ® ÇÑ´Ù. # cd /test/home/ # ls # touch 1111 =========================================================================== µð·ºÅ丮¸¦ À̵¿ÇÏ¿© ½ÇÁ¦ »ó´ë¹æÀÇ ÆÄÀϵéÀÌ º¸ÀÌ´ÂÁö È®ÀÎÇغ»´Ù. ±×¸®°í ÆÄÀϵµ »ý¼ºÇÏ¿© ÀÐ°í ¾²±â°¡ °¡´ÉÇÑÁö Å×½ºÆ® ÇÑ´Ù. ´Ù È®ÀÎ Çß´Ù¸é umount ÇÏ´Â ¹æ¹ýÀ» ¾Ë¾Æº»´Ù. ÇØ´ç µð·ºÅ丮¿¡ À§Ä¡ÇÏ°í ÀÖÀ¸¸é¼­ umount¸¦ ÇÏ·ÁÇÑ´Ù¸é Àß µÇÁö ¾ÊÀ»°ÍÀÌ´Ù. µû¶ó¼­ ÇØ´ç µð·ºÅ丮¿¡¼­ ºüÁ®³ª¿Í µð·ºÅ丮¸¦ umount ÇؾßÇÑ´Ù. =========================================================================== # cd /root # umount /test/home/ ¢Ñ À§¿Í°°ÀÌ Çϸé umount°¡ µÈ´Ù. *********************************************************************** ¦®¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¯ ¦­Proxy Server Security (p.299) ¦­ ¦±¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦° ¦£¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢°³³äÁ¤¸® ¦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** º¸¾È°ú Network Cache ¸ñÀûÀ¸·Î ¼³Ä¡ÇÑ ¼­¹ö. Firewall ±â´É - º¸¾ÈÀ» À§ÇØ ³»ºÎ³×Æ®¿öÅ©¸¦ ¿ÜºÎ³×Æ®¿öÅ©¿Í Â÷´Ü. - Proxy Server¸¦ ÅëÇØ ÇØ´ç ¼­ºñ½ºÀÇ Á¢¼ÓÀ» Çã°¡ ¹× °ÅºÎ Network Cache ±â´É - Á¢¼ÓÇÑ µ¥ÀÌÅÍ´Â Proxy ServerÀÇ Cache¿¡ º¸°ü. - ÇØ´ç SiteÁ¢±ÙÇÏÁö ¾Ê°í Proxy Server µ¥ÀÌÅÍ ÀÌ¿ë. ÇÁ·Ï½Ã¼­¹ö´Â º¸Åë ³×Æ®¿öÅ© ¼Óµµ°¡ ´À¸° ȯ°æ¿¡¼­ º¸´Ù ºü¸¥ ÀÎÅͳÝÀ» ÀÌ¿ëÇϱâ À§ÇØ »ç¿ëÇÑ´Ù. ¼­ºñ½º¸¦ ÇÏ´Â ¼­¹ö¿¡ ij½Ã¼­¹ö¸¦ ¸¸µé¾î ÀÚÁÖ ¹æ¹®ÇÏ´Â »çÀÌÆ®¸¦ ij½Ã¼­¹ö¿¡ ÀúÀåÇÏ¿© »ç¿ëÀÚµéÀÌ ¶È°°Àº »çÀÌÆ®¸¦ Á¢¼ÓÀ» ½ÃµµÇÒ¶§ ij½Ã¼­¹öÀÇ ÀúÀåµÈ µ¥ÀÌÅÍ Á¤º¸¸¦ Àü´ÞÇØ ÁÜÀ¸·Î½á ¼Óµµ¸¦ ºü¸£°Ô ÇÑ´Ù. ¶ÇÇÑ Á¢±ÙÅëÁ¦ µîÀÇ ³×Æ®¿öÅ© º¸¾ÈÀ» À¯ÁöÇÒ ¶§µµ »ç¿ëÇÒ¼ö ÀÖ´Ù. *********************************************************************** ¦£¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢½Ç½ÀÇϱ⠦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** # wget http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE21.tar.bz2 # tar jxvf squid-2.6.STABLE21.tar.bz2 # cd squid-2.6.STABLE21 # ./configure --prefix=/usr/local/squid # make && make install # ls /usr/local/squid bin etc libexec sbin share var ============================================================================== Squid¼³Ä¡ÈÄ »ý¼ºµÇ´Â µð·ºÅ丮 (1) bin : squid½ÇÇà°ú °ü·ÃµÈ ½ºÅ©¸³Æ® ÇÁ·Î±×·¥ÀÌ ÀÖ´Ù. (2) etc : squid°ü·Ã ȯ°æ¼³Á¤ÆÄÀÏÀÎ squid.conf°¡ À§Ä¡ÇÏ°í ÀÖ´Ù. (3) libexec : ¼­¹ö¿î¿µ°ú °ü·ÃµÈ ½ºÅ©¸³Æ® ÆÄÀÏÀÌ ÀÖ´Â µð·ºÅ丮ÀÌ´Ù. (4) sbin : squid ¼­¹ö¸¦ ½ÇÇàÇÏ°í °ü¸®ÇÏ´Â squid¶ó´Â ¸í·ÉÀÌ À§Ä¡ÇÏ´Â µð·ºÅ丮ÀÌ´Ù. (5) share : squid¸¦ »ç¿ëÇϸ鼭 »ý±â´Â ¿¡·¯ ¸Þ½ÃÁö¿¡ ´ëÇÑ Á¤º¸ ÆÄÀÏÀ» °¡Áø´Ù. (6) var : ·Î±× ÆÄÀÏ¿¡ ´ëÇÑ Á¤º¸¸¦ °¡Áø´Ù. ============================================================================== # vi /usr/local/squid/etc/squid.conf ============================================================================== 635¶óÀο¡ http_access deny all -> http_access allow all ·Î ¼öÁ¤ÇÑ´Ù. 3023¶óÀο¡ cache_effective_user nobody <- Ãß°¡ÇÑ´Ù. 3035¶óÀο¡ cache_effective_group nobody <- Ãß°¡ÇÑ´Ù. 3051¶óÀο¡ visible_hostname hostname <- Ãß°¡ÇÑ´Ù. ============================================================================== # mkdir /usr/local/squid/var/cache # chmod 777 /usr/local/squid/var/cache # chown ?R nobody:nobody /usr/local/squid # ls -l /usr/local/squid total 24 drwxr-xr-x 2 nobody nobody 4096 Nov 13 09:39 bin drwxr-xr-x 2 nobody nobody 4096 Nov 13 09:39 etc drwxr-xr-x 2 nobody nobody 4096 Nov 13 09:39 libexec drwxr-xr-x 2 nobody nobody 4096 Nov 13 09:39 sbin drwxr-xr-x 5 nobody nobody 4096 Nov 13 09:39 share drwxr-xr-x 3 nobody nobody 4096 Nov 13 09:39 var # /usr/local/squid/sbin/squid -z 2008/11/13 10:01:41| Creating Swap Directories # /usr/local/squid/sbin/squid & <- ¹é±×¶ó¿îµå·Î ½ÇÇà # ps -ef | grep squid root 11790 1 0 13:52 ? 00:00:00 /usr/local/squid/sbin/squid nobody 11792 11790 0 13:52 ? 00:00:00 [squid] root 11795 1096 0 13:52 pts/0 00:00:00 grep squid [1]+ Done /usr/local/squid/sbin/squid --> Squid°¡ ½ÇÇàµÇ¾î ÀÖ´Ù¸é ¼³Ä¡¿Í ÀϺΠ¼³Á¤ÀÌ ¼º°øµÈ °ÍÀÌ´Ù. *********************************************************************** ¦®¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¯ ¦­SSH(Secure SHell) - P.311 ¦­ ¦±¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦° ¦£¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢°³³äÁ¤¸® ¦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** -------------- ¡Ø Telnet (23port) -------------- - ³×Æ®¿öÅ© Åë½Å½Ã Æò¹®(Plain Text)À¸·Î Åë½Å - ÅÚ³ÝÀ» ÅëÇØ »ç¿ëµÈ ID, Password´Â ¼Õ½±°Ô Sniffing°¡´É - Plain Text PacketÀÇ ¾Ïȣȭ ÇÊ¿ä - ÀüÅëÀûÀÎ POP, FTP, Telnet ¸ðµÎ º¸¾ÈÁ¶Ä¡°¡ ÇÊ¿ä -------------- ¡Ø SSH (22port) -------------- - Secure Shell - Public Key ¿Í Private Key¸¦ ÀÌ¿ëÇØ PacketÀ» ¾Ïȣȭ - ¸ðµç Æ®·¡ÇÈÀº ¾ÐÃàµÇ¹Ç·Î Àü¼Û ¼Óµµ Çâ»ó - 22port ÀÌ¿ë - ÇÁ·ÎÅäÄÝ SSH2 ÀÌ»ó »ç¿ë ±ÇÀå(SSH1Àº º¸¾È¿¡ Ãë¾à) SSH(Secure SHell)Àº ¸» ±×´ë·Î º¸¾È ·Î±×ÀÎ ½©ÀÌ´Ù. ±âÁ¸ telnet ¼­ºñ½º´Â Å°º¸µå·Î ÀԷµǴ ¸ðµç ³»¿ëÀÌ ´Ü¼øÇÑ ¹®ÀÚ¿­·Î ³ªÅ¸³ª¹Ç·Î Áß°£¿¡ µ¥ÀÌÅ͸¦ °¡·Îä¾î ¸ðµç ³»¿ëÀ» º¼¼ö ÀÖ´Ù. ÀüÅëÀûÀÎ ftp,pop,telnet°°Àº ¼­ºñ½ºµéÀº Àß ¾Ë·ÁÁø ´ë·Î ¸Å¿ì º¸¾È¿¡ Ãë¾àÇÏ´Ù. ÀÌ·± ¾Ïȣȭ µÇÁö ¾ÊÀº ÀÎÁõ ¹æ¹ýÀº ´ç½ÅÀÇ ¾ÏÈ£°¡ ±×´ë·Î ³ëÃâµÉ¼öµµ ÀÖ´Ù. ssh¸¦ ÅëÇÑ ¸ðµç µ¥ÀÌŸ´Â ¾ÏȣȭµÇ¸ç, Æ®·¡ÇÈÀº ¾ÐÃàµÇ¾î ´õ ºü¸¥ Àü¼Û È¿À²À» ¾òÀ» ¼öµµ ÀÖÀ¸¸ç ±âÁ¸ÀÇ ftp³ª pop°ú °°Àº ¾ÈÀüÇÏÁö ¸øÇÑ ¼­ºñ½ºµéÀ» À§ÇÑ "ÅͳÎ"±îÁö Áö¿øÇÑ´Ù. *********************************************************************** ¦£¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢¼³Ä¡Çϱ⠦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** -------------------------- ÅÚ³ÝÀ» rpmÀ» ÀÌ¿ëÇؼ­ ¼³Ä¡ -------------------------- # rpm -qa | grep telnet-server --> ·¹µåÇÞ 3¹ø° cd ³Ö°í # mount /mnt/cdrom # rpm -Uvh /mnt/cdrom/RedHat/RPMS/telnet-server-0.17-25.i386.rpm # vi /etc/xinet.d/telnet =================================================== service telnet { flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID disable = no } --> ¼³Á¤À» º¸°í disable ºÎºÐÀÌ yes·Î µÇ¾î ÀÖÀ¸¸é ÅÚ³ÝÀÌ ½ÇÇà ¾ÈµÊ. --> disableÀ» no·Î Çسõ´Â´Ù. --> ÀÌ»ó¾ø´Ù¸é ±×³É ÁøÇàÇÑ´Ù. =================================================== ---------------- ÅÚ³Ý ¼­ºñ½º ½ÃÀÛ ---------------- --> ½´ÆÛ µ¥¸ó xinetd¸¦ Àç½ÃÀÛ Çϸé ÅÚ³Ý ¼­ºñ½º°¡ ½ÃÀ۵ȴÙ. # /etc/rc.d/init.d/xinetd restart # service xinetd restart --> À§ µÑÁß À§ÀÇ ¹æ¹ýÀ» Ãßõ. ¾Æ·¡ÀÇ ¹æ¹ýÀº REDHAT °è¿­¸¸ ¸í·É¾î°¡ ¸ÔÈù´Ù. --> root¸¦ ÅÚ³Ý Á¢¼Ó½ÃÅ°·Á¸é # mv /etc/security /etc/security.bak --> À§ÀÇ ÆÄÀÏÀ» ÀÐ¾î ¿Ã¼ö¾øµµ·Ï ¸¸µé¾î ÁØ´Ù. -------------------------- OpenSSH ¼³Ä¡ (SSH ¼­¹ö) -------------------------- # rpm -qa|grep ssh openssh-server-3.5p1-6 openssh-3.5p1-6 openssh-clients-3.5p1-6 --> ±âÁ¸ÀÇ ssh°¡ ¼³Ä¡°¡ µÇ¾î ÀÖ´ÂÁö È®ÀÎÇÑ´Ù. --> ±âÁ¸ÀÇ ¼³Ä¡µÈ ¸ðµç ÆÐÅ°ÁöµéÀ» Áö¿ìµµ·Ï ÇÑ´Ù. # rpm -e openssh-server warning: /etc/ssh/sshd_config saved as /etc/ssh/sshd_config.rpmsave # rpm -e openssh-clients # rpm -e openssh # rm -rf /etc/ssh --> ´ÙÀ½Àº ¼Ò½º ÆÐÅ°Áö¸¦ ´Ù¿î·Îµå ¹Þ¾Æ¼­ ¼³Ä¡Çϵµ·Ï ÇÏ°Ú´Ù. # wget http://mirror.mcs.anl.gov/openssh/portable/openssh-4.6p1.tar.gz # tar zxf openssh-4.6p1.tar.gz # cd openssh-4.6p1 --> ¼³Ä¡ Àü º¸¾ÈÀ» À§ÇÑ privilege seperationÀ» À§ÇÑ ssh »ç¿ëÀÚ¿Í ±×·ì, µð·ºÅ丮¸¦ ¸¸µé¾î ÁÖ¾î¾ß ÇÑ´Ù. --> ¸¸¾à Á¸ÀçÇÑ´Ù¸é ¸¸µéÁö ¾Ê¾Æµµ µÈ´Ù. ´ÙÀ½ ¸í·ÉÀº ¸¸¾à sshd »ç¿ëÀÚ°¡ ¾øÀ» °æ¿ì »ý¼ºÇÏ´Â °úÁ¤ÀÌ´Ù. # mkdir /var/empty/sshd # chown root:sys /var/empty/sshd # chmod 755 /var/empty/sshd # groupdel sshd # userdel -r sshd # groupadd sshd # useradd -g sshd -c 'sshd privsep' -d /var/empty/sshd -s /bin/false sshd --> ÀÌÁ¦ ÄÄÆÄÀÏÀ» Çϵµ·Ï ÇÏ°Ú´Ù. # ./configure --prefix=/usr \ --sysconfdir=/etc/ssh \ --libexecdir=/usr/libexec/ssh \ --mandir=/usr/share/man \ --with-pam \ --with-ipaddr-display \ --with-ipv4-default \ --with-md5-passwords \ --with-zlib # make && make install # cp contrib/redhat/sshd.pam /etc/pam.d/sshd # cp contrib/redhat/sshd.init /etc/rc.d/init.d/sshd --> ¼³Ä¡ ÈÄ ±âº» ¼³Á¤Àº Ãë¾àÇÑ »óÅÂÀÌ´Ù. --> ·Î±×Àνà ¾Ïȣȭ¸¦ ÇÑ´Ù´Â °Í ¿Ü¿¡´Â ¾î¶°ÇÑ ¼³Á¤µµ µÇ¾î ÀÖÁö ¾Ê±â ¶§¹®ÀÌ´Ù. --> sshd_config ÆÄÀÏÀ» ¼öÁ¤ÇÏ¿© ÇÁ·ÎÅäÄÝÀº ¾î¶² °ÍÀ» ¾µ °ÍÀÎÁöºÎÅÍ Á¦ÇÑÇÒ »ç¿ëÀÚ¶óµçÁö --> ±× ¿Ü ¿©·¯ °¡Áö ¼³Á¤µé¿¡ ´ëÇؼ­ º¸µµ·Ï ÇÏ°Ú´Ù. # vi /etc/ssh/sshd_config ====================================================================== Port 22 Protocol 2,1 ListenAddress 192.168.152.129 HostKey /etc/ssh/ssh_host_key HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 60 KeyRegenerationInterval 3600 PermitRootLogin no IgnoreRhosts yes IgnoreUserKnownHosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes SyslogFacility AUTHPRIV LogLevel INFO RSAAuthentication yes PasswordAuthentication yes PermitEmptyPasswords no UsePrivilegeSeparation yes Subsystem sftp /usr/libexec/openssh/sftp-server AllowUsers hacker (SSH·Î ·Î±×ÀÎ Çã¿ëÇÒ °èÁ¤) ====================================================================== # vi /etc/ssh/ssh_config ====================================================================== Host * ForwardAgent no ForwardX11 no RSAAuthentication yes PasswordAuthentication yes BatchMode no CheckHostIP yes IdentityFile ~/.ssh/identity IdentityFile ~/.ssh/id_dsa IdentityFile ~/.ssh/id_rsa Port 22 Protocol 2,1 Cipher blowfish EscapeChar ~ ====================================================================== --> ¼³Á¤ÀÌ ³¡³ª¸é Å°¸¦ »ý¼ºÇÏ°í Á¢¼ÓÇÏ°íÀÚ ÇÏ´Â ¼­¹ö¿Í Å°¸¦ ±³È¯ÇØ¾ß Á¢¼ÓÀÌ °¡´ÉÇÏ´Ù. # mkdir /root/.ssh # ssh-keygen ¢Ñ Æнº¿öµå ±¸¹®À» 20ÀÚ¸® ÀÌ»óÀ¸·Î ¸¸µé¾îÁØ´Ù. --> »ç¿ëÀÚ¸¦ ÀÏ¹Ý »ç¿ëÀÚ·Î ¹Ù²Û´Ù. $ mkdir /home/»ç¿ëÀÚ°èÁ¤/.ssh $ ssh-keygen ¢Ñ Æнº¿öµå ±¸¹®À» 20ÀÚ¸® ÀÌ»óÀ¸·Î ¸¸µé¾îÁØ´Ù. --> ·çÆ®·Î »ç¿ëÀÚ ÀüȯÇÑ´Ù. --> ¼­¹ö 1ÀÇ °ø°³Å°¸¦ ¼­¹ö2ÀÇ ~/.ssh µð·ºÅ丮¿¡ authorized_keys¶ó´Â ÆÄÀÏ·Î º¹»ç¸¦ ÇÑ´Ù. --> ¼­¹ö2µµ ¶È°°Àº ¹æ¹ýÀ¸·Î ¼­¹ö1¿¡ °ø°³Å°¸¦ º¹»çÇÑ´Ù. --> ´ÙÀ½ °úÁ¤Àº root »ç¿ëÀÚ°¡ ssh2¸¦ ÀÌ¿ëÇÏ¿© ÀϹݻç¿ëÀÚ °èÁ¤À¸·Î Á¢¼ÓÇÏ´Â °úÁ¤ÀÌ´Ù. # cp /root/.ssh/id_rsa.pub ~»ç¿ëÀÚ°èÁ¤/.ssh/authorized_keys # cp ~»ç¿ëÀÚ°èÁ¤/.ssh/id_rsa.pub /root/.ssh/authorized_keys # chown »ç¿ëÀÚ°èÁ¤.»ç¿ëÀÚ°èÁ¤ ~»ç¿ëÀÚ°èÁ¤/.ssh/authorized_keys # ssh -l test 192.168.152.129 The authenticity of host '192.168.152.129 (192.168.152.129)' can't be established. RSA key fingerprint is d5:cd:6d:7b:cc:b2:37:5d:8a:a5:c8:00:94:72:70:19. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.152.129' (RSA) to the list of known hosts. Enter passphrase for key '/root/.ssh/id_rsa': Last login: Thu Mar 3 14:32:23 2005 from 192.168.152.129 $ *********************************************************************** ¦®¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¯ ¦­DHCP¼­¹ö - P.329 ¦­ ¦±¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦° ¦£¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢°³³äÁ¤¸® ¦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** ³×Æ®¿öÅ© °ü¸®ÀÚµéÀÌ Á¶Á÷ ³»ÀÇ ³×Æ®¿öÅ© »ó¿¡¼­ IPÁÖ¼Ò¸¦ Áß¾Ó¿¡¼­ °ü¸®ÇÏ°í ÇÒ´çÇØÁÙ¼ö ÀÖµµ·Ï ÇØÁÖ´Â ÇÁ·ÎÅäÄÝ DHCP¶õ µ¿ÀûÀ¸·Î IP¸¦ ÇÒ´çÇÏ´Â ÇÁ·ÎÅäÄÝÀÌ´Ù. DHCP±â´ÉÀ» žÀçÇÏ¿© µ¿ÀûÀ¸·Î IP¸¦ ÇÒ´çÇÏ´Â ¼­ºñ½º¸¦ ÇÏ´Â ½Ã½ºÅÛÀ» DHCP¼­¹ö¶ó°í ÇÏ¸ç ¿ì¸®°¡ °¡Á¤¿¡¼­ ÈçÈ÷ »ç¿ëÇÏ´Â ADSL°ú °°Àº ¼­ºñ½ºµéÀ» ÅëÇØ À¯µ¿ÀûÀ¸·Î IP¸¦ ÇÒ´ç ¹Þ´Â ÄÄÇ»Å͸¦ DHCP Ŭ¶óÀ̾ðÆ®¶ó°í ÇÑ´Ù. ÀÎÅͳÝÀÇ TCP/IP ÇÁ·ÎÅäÄÝ¿¡¼­´Â, °¢ ÄÄÇ»Å͵éÀÌ °íÀ¯ÇÑ IPÁÖ¼Ò¸¦ °¡Á®¾ß¸¸ ÀÎÅͳݿ¡ Á¢¼ÓÇÒ¼ö ÀÖ´Ù. Á¶Á÷¿¡¼­ ÄÄÇ»ÅÍ »ç¿ëÀÚµéÀÌ ÀÎÅͳݿ¡ Á¢¼ÓÇÒ¶§, IPÁÖ¼Ò´Â °¢ ÄÄÇ»ÅÍ¿¡ ¹Ýµå½Ã ÇÒ´çµÇ¾î¾ß¸¸ ÇÑ´Ù. DHCP´Â ³×Æ®¿öÅ© °ü¸®ÀÚ°¡ Áß¾Ó¿¡¼­ IPÁÖ¼Ò¸¦ °ü¸®ÇÏ°í ÇÒ´çÇϸç, ÄÄÇ»ÅÍ°¡ ³×Æ®¿öÅ©ÀÇ ´Ù¸¥ Àå¼Ò¿¡ Á¢¼ÓµÇ¾úÀ»¶§ ÀÚµ¿À¸·Î »õ·Î¿î IPÁÖ¼Ò¸¦ º¸³»ÁÙ¼ö ÀÖ°Ô ÇØÁØ´Ù. *********************************************************************** ¦®¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¯ ¦­MRTG Æ®·¡Çȼ­¹ö - P.341 ¦­ ¦±¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦¬¦° ¦£¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢°³³äÁ¤¸® ¦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** ----------------------------------- MRTG(Multi Router Traffic Grapher) ----------------------------------- MRTG´Â ÇöÀç ¼¼°è °¢Ã³¿¡¼­ Æ®·¡Çȸð´ÏÅ͸µ ¹× Æ®·¡ÇÈ°ü¸® ¹× °ü¸®¸¦ À§Çؼ­ »ç¿ëµÇ°í ÀÖ´Â °¡Àå ¹ü¿ëÀÇ ÅøÀÌ´Ù. MRTG´Â Æ®·¡ÇÈ°ü¸®¼­¹ö(MRTG°¡ ¼³Ä¡µÇ¾î ¿î¿ëµÇ°í ÀÖ´Â ¼­¹ö)¿¡¼­ ÁÖ±âÀûÀ¸·Î ½ÇÇàµÈ °á°ú¸¦ gif¹× pngÀÇ ±×·¡ÇÈ ÆÄÀÏÀ» Æ÷ÇÔÇÑ HTML ÆÄÀÏÀ» ÀÚµ¿À¸·Î »ý¼ºÇÏ¿© À¥ºê¶ó¿ìÀú¸¦ ÅëÇؼ­ ³×Æ®¿÷Æ®·¡ÇÈÀ» ºÐ¼®/°ü¸®ÇÒ¼ö ÀÖ´Ù. MRTG´Â C¿Í PERL·Î¼­ °³¹ßµÇ¾úÀ¸¸ç, ¼Óµµ¸¦ ¿äÇÏ´Â ·çƾÀº ´ëºÎºÐ C·Î, HTMLÀ» »ý¼ºÇÏ´Â ºÎºÐÀº ´ëºÎºÐ Perl·Î µÇ¾îÀÖ´Ù. ¿ëµµ´Â ¾Æ·¡¿Í °°´Ù - ³×Æ®¿÷Æ®·¡ÇÈ ¸ð´ÏÅ͸µ ¹× ºÐ¼® - ¼­¹öÀÇ Æ®·¡ÇÈ ¸ð´ÏÅ͸µ ¹× ºÐ¼® - CPUÀÇ ¸ð´ÏÅ͸µ ¹× ºÐ¼® - MEMORYÀÇ ¸ð´ÏÅ͸µ ¹× ºÐ¼® - DISKÀÇ »ç¿ë·® ¸ð´ÏÅ͸µ ¹× ºÐ¼® - ±âŸ MIB¿¡¼­ °¡Á®¿Ã¼ö ÀÖ´Â ´Ù¾çÇÑ ÀÚ¿øµéÀÇ ¸ð´ÏÅ͸µ ¹× ºÐ¼® ----------------------------------- SNMP(Simple Network Management Protocol) ----------------------------------- SNMP´Â ³×Æ®¿÷ Àåºñµé·Î ºÎÅÍ ÇÊ¿äÇÑ Á¤º¸¸¦ °¡Á®¿Í Àåºñ»óŸ¦ ¸ð´ÏÅ͸µÇϰųª Ư¼öÇÑ °æ¿ì ÀåºñÀÇ °ü·Ã ¼³Á¤°ªÀ» º¯°æÇÏ´Â µîÀÇ ÀÛ¾÷À» ÇÏ¿© ³×Æ®¿÷ÀåºñÀÇ Àüü »óȲÀ» °ü¸®ÇÒ¼ö ÀÖ´Â ÇÁ·ÎÅäÄÝÀÌ´Ù. SNMP´Â Client/Server ¸ðµ¨ ±â¹ÝÀ¸·Î ¿î¿ëÀÌ µÇ¸ç SNMP¿¡¼­ Client´Â Manager¶ó°í Çϸç ÀÌ Manager°¡ žÀçµÇ¾î ÀÀ¿ëÇÁ·Î±×·¥(¿¹,MRTG)ÀÌ µ¹¾Æ°¡´Â ½Ã½ºÅÛÀº ³×Æ®¿÷°ü¸® ½Ã½ºÅÛÀ̶ó°í ÇÑ´Ù. ¶ÇÇÑ Server´Â Agent¶ó°í ÇÏ¸ç °ü¸®´ë»óÀÌ µÇ´Â Àåºñµé¿¡¼­ µ¹¾Æ°¡¸ç ÇÊ¿äÇÑ Á¤º¸µéÀ» ¸ð¾Æ¼­ Manager·Î Àü¼ÛÀ» ÇÏ´Â ¿ªÇÒÀ» ÇÏ°Ô µÈ´Ù. ƯÈ÷ SNMP´Â MRTG¶ó´Â ¼ÒÇÁÆ®¿þ¾î¿¡¼­ ³×Æ®¿÷ÀåºñÀÇ Æ®·¡ÇÈ »ç¿ë·®À» ºÐ¼®Çϴµ¥ ¸¹ÀÌ »ç¿ëÀÌ µÇ°íÀÖ´Ù. ----------------------------------- MIB(Management Information Base) ----------------------------------- ³×Æ®¿÷Àåºñµé Áï ¼­¹ö, ¶ó¿ìÅÍ, Çãºê, ¿öÅ©½ºÅ×À̼Ç, ½ºÀ§Ä¡ µîÀ» ºÐ¼®´ë»ó ÀÚ¿øÀ̶ó°í ÇÏ°í À̵é ÀåºñµéÀÇ Æ¯Á¤ÇÑ °ªÀ» ÅëÇؼ­ °ü¸®¸¦ ÇÏ°Ô µÇ´Âµ¥ ÀÌ·± ƯÁ¤ÇÑ Á¤º¸³ª ÀÚ¿øÀ» °´Ã¼¶ó°í Çϸç ÀÌ·± °´Ã¼µéÀÇ ÁýÇÕü¸¦ MIBÀ̶ó°í ÇÑ´Ù. Áï, MIBÀ̶õ MRTGÀÇ ±¸Ã¼ÀûÀÎ ÀÛ¾÷´ë»óÀÌ µÇ´Â °ÍÀÌ´Ù. ÀÌ·± MIB°ªÀ» ÅëÇؼ­ °¢ ÀåºñÀÇ »óÅÂÆľÇÀ̳ª ¸ð´ÏÅ͸µÀÌ °¡´ÉÇØ Áö´Â °ÍÀÌ´Ù. ÀÀ¿ëÇÁ·Î±×·¥(¿¹,MRTG)À» ÅëÇØ ³×Æ®¿÷ÀÚ¿øÀ» °ü¸®ÇÑ´Ù¶ó´Â Àǹ̴ À̵é MIB°ªÀÇ Á¤º¸¸¦ ¼öÁýÇÏ¿© À̵é ÀÚ¿øÀÇ »óŸ¦ ÆľÇÇϰųª MIB°ªÀÇ º¯°æÀ» ÅëÇØ À̵é ÀÚ¿øÀÇ »óŸ¦ º¯°æ½ÃÅ°°Å³ª ƯÁ¤ µ¿ÀÛÀ» ¼öÇàÇÏ°Ô ÇÒ ¼öµµ ÀÖ´Ù´Â ÀǹÌÀÌ´Ù. *********************************************************************** ¦£¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¤ ¦¢MRTGÆ®·¡ÇÈ ¼­¹ö ¼³Ä¡ ¦¢ ¦¦¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¡¦¥ *********************************************************************** ------------- 1. SNMP ¼³Ä¡ ------------- # wget http://downloads.sourceforge.net/net-snmp/net-snmp-5.1.2.tar.gz # tar zxf net-snmp-5.1.2.tar.gz # cd net-snmp-5.1.2 #./configure --prefix=/usr/local/share/snmp --with-default-snmp-version="3" --with-sys-contact="jikim@eduwiz.co.kr" --with-sys-location="unknown" --with-logfile="/var/log/snmpd.log" --with-persistent-directory="/var/net-snmp" # make # make install # cp EXAMPLE.conf /usr/local/share/snmp/snmpd.conf # vi /usr/local/share/snmp/snmpd.conf ============================================================================ com2sec local localhost eduwiz ¢Ñ eduwiz´Â ÀڽŸ¸ÀÌ ¾Ë¼ö ÀÖ´Â ½ºÆ®¸µÀ¸·Î ¹Ù²Û´Ù com2sec mynetwork 192.168.10.0/24 eduwiz ¢Ñ À§¿Í ¸¶Âù°¡Áö·Î ¼öÁ¤ÇÑ´Ù group MyRWGroup v1 local group MyRWGroup v2c local group MyRWGroup usm local group MyROGroup v1 mynetwork group MyROGroup v2c mynetwork group MyROGroup usm mynetwork view all included .1 80 access MyROGroup "" any noauth exact all none none access MyRWGroup "" any noauth exact all all none syslocation eduwiz service, Gwangju korea. ¢Ñ ¼öÁ¤ÇÑ´Ù syscontact Me ¢Ñ ³»¸ÞÀÏÁÖ¼Ò¸¦ ÀÔ·ÂÇÑ´Ù. :wq ============================================================================ --> ÀÌ°ÍÁß¿¡¼­ local Àº ·ÎÄà ȣ½ºÆ®¿¡¼­ Á¢±ÙÇÒ¶§ ¿­¾îÁÖ´Â ±ÇÇÑÀÌ´Ù. --> ¾Æ·¡ÀÇ °ÍÀº ¿ÜºÎ ³×Æ®¿÷¿¡¼­ Á¢±Ù±ÇÇÑÀ» ¼³Á¤ÇÏ´Â °ÍÀÌ´Ù. --> ³×Æ®¿÷À¸·Î ÀÔ·ÂÇϴ°ÍÀº Á¢±ÙÇϴ ȣ½ºÆ®ÀÇ ÁÖ¼Ò³ª IP ´ë¿ªÀ» ³Ö´Â´Ù. --> Ä¿¹Â´ÏƼ¸íÀº "eduwiz" ·Î ¼³Á¤Çß´Ù. --> À§¿¡¼­ ¼³Á¤ÇÑ ÆÄÀÏÀ» ºÒ·¯¿Í¼­ snmpd µ¥¸óÀ» ½ÇÇà½ÃŲ´Ù. # /usr/local/share/snmp/sbin/snmpd -c /usr/local/share/snmp/snmpd.conf --> Æ÷Æ® È®ÀÎ # netstat -na | grep udp udp 0 0 0.0.0.0:32768 0.0.0.0:* udp 0 0 0.0.0.0:161 0.0.0.0:* // snmp È®ÀÎ udp 0 0 0.0.0.0:111 0.0.0.0:* udp 0 0 0.0.0.0:633 0.0.0.0:* --> mib °ª Å×½ºÆ® # /usr/local/share/snmp/bin/snmpwalk -v1 -c eduwiz localhost --> ÇÁ·Î¼¼½º ¸í È®ÀÎ # /usr/local/share/snmp/bin/snmpwalk -v1 -c eduwiz localhost .1.3.6.1.4.1.2021.2.1.2 --> ÇÁ·Î¼¼½º °¹¼ö È®ÀÎ # /usr/local/share/snmp/bin/snmpwalk -v1 -c eduwiz localhost .1.3.6.1.4.1.2021.2.1.5 --> ½ºÅ©¸³Æ® »ý¼º # vi /etc/rc.d/init.d/snmp.sh #!/bin/bash /usr/local/sbin/snmpd -c /usr/local/share/snmp/snmpd.conf :wq # chmod 755 /etc/rc.d/init.d/snmp.sh # ln -s /etc/rc.d/init.d/snmp.sh /etc/rc.d/rc3.d/S92snmp # find ./ -name "*.gz" -exec tar zxf {} \; ¢Ñ Çѹø¿¡ ¾ÐÃà Ç®±â ---------------------------------------------------- 2. zlib ¼³Ä¡ - µ¥ÀÌÅ;ÐÃà°ú ÇØÁ¦¿¡ »ç¿ëµÇ´Â ¶óÀ̺귯¸®. ---------------------------------------------------- zlib Àº gzip µîÀ¸·Î ¾ÐÃàµÈ ÆÄÀÏÀ» ÀÐ°í ¾²±â À§ÇØ ²À ÇÊ¿äÇÑ ¶óÀ̺귯¸®ÀÓ. MRTG ¸¦ ÀÌ¿ëÇÑ Æ®·¡Çȸð´ÏÅ͸µ ȨÆäÀÌÁö¸¦ ±¸ÃàÇÒ ¶§¿¡ ¹Ýµå½Ã ÇÊ¿äÇÔ. # cd /usr/local/src # makedir mrtg # cd mrtg # wget http://www.zlib.net/zlib-1.2.3.tar.gz # tar zxf zlib-1.2.3.tar.gz # mv zlib-1.2.3 /usr/local/zlib # cd /usr/local/zlib # ./configure && make && make install ---------------------------------------------------- 3. libpng ¼³Ä¡ - png Æ÷¸ËÀ» ´Ù·ç±â À§ÇÑ ¶óÀ̺귯¸®. ---------------------------------------------------- zlib°¡ »ý¼ºÇÑ À̹ÌÁö ÆÄÀÏÀ» pngÆ÷¸ËÀ¸·Î º¯ÇüÇÏ¿© »ç¿ëÇϱâ À§ÇÑ ¶óÀ̺귯¸® Áï Æ÷Åͺí³×Æ®¿öÅ© ±×·¡ÇȶóÀ̺귯¸®·Î¼­ zlib°¡ ¹Ýµå½Ã ¼³Ä¡µÇÀÖ¾î¾ßµÊ. MRTGµî¿¡¼­ À¥È­¸é ½Ç½Ã°£ ±×·¡ÇÈ Ç¥ÇöÀ» À§ÇØ zlib¿Í ÇÔ²² ¾ø¾î¼­´Â ¾ÊµÉ ¶óÀ̺귯¸® # cd /usr/local/src # wget ftp://ftp.rus.ru/netsoft/libpng-1.2.5.tar.gz # tar zxf libpng-1.2.5.tar.gz # mv libpng-1.2.5 /usr/local/libpng # cd /usr/local/libpng # cp scripts/makefile.linux makefile # make test # make install ------------------------------------------------------------------ 4. freetype ¼³Ä¡ - ÅؽºÆ®ÀÇ À̹ÌÁöÃâ·ÂµîÀ» Çϱâ À§ÇÑ °ø°³ ÆùÆ®¿£Áø ------------------------------------------------------------------ freetype Àº ÀÏÁ¾ÀÇ ÆùÆ®¿£ÁøÀ¸·Î¼­ ÀÛ°í, È¿À²ÀûÀÌ°í, À̹ÌÁö Ãâ·Â½Ã Ä¿½ºÆ®¸¶ÀÌ¡ÀÌ ½¬¿î ÆùÆ®¶óºê·¯¸®ÀÓ. freetype ´Â ±×·¡ÇÈ ¶óÀ̺귯¸®¿¡ »ç¿ëµÉ ¼ö ÀÖÀ¸¸ç ÆùÆ®ÄÁ¹öÀü Åø¿¡¼­µµ »ç¿ëµÉ ¼ö ÀÖÀ½. »Ó¸¸¾Æ´Ï¶ó ÅؽºÆ®À̹ÌÁö »ý¼ºµµ±¸·Îµµ ¸¹ÀÌ »ç¿ëÇÏ°í ÀÖ´Â °ø°³ Æ®·çŸÀÔ ÆùÆ®¿£ÁøÀ¸·Î¼­ GPL ¶óÀ̼¾½º¸¦ µû¸£°í ÀÖÀ½ # wget http://downloads.sourceforge.net/freetype/freetype-2.3.5.tar.gz # tar zxf freetype-2.3.5.tar.gz # cd freetype-2.3.5 # ./configure && make && make install ------------------------------------------------------------------ 5. jpeg ¼³Ä¡Çϱâ - jpeg ¾ÐÃà/¾ÐÃàÇØÁ¦ ¶óÀ̺귯¸® ¼ÒÇÁÆ®¿þ¾î ------------------------------------------------------------------ # wget http://www.ijg.org/files/jpegsrc.v6b.tar.gz # tar zxf jpegsrc.v6b.tar.gz # cd jpeg-6b # ./configure --enable-shared --enable-static && make && make install ----------------------------------------------------------- 6. gd ¼³Ä¡Çϱâ - µ¿ÀûÀ̹ÌÁö »ý¼º ----------------------------------------------------------- gif¿Í pngÆ÷¸äÀÇ À̹ÌÁöÆÄÀÏ¿¡ ´ëÇÏ¿© À¥¿¡¼­ µ¿ÀûÀ̹ÌÁö¸¦ ±¸ÇöÇϱâ À§ÇÑ °Í µ¿ÀûÀ̹ÌÁö »ý¼º ANSI C¶óÀ̺귯¸®·Î¼­ PNG,JPEG, GIFÀÇ Æ÷¸äÀ¸·ÎµÈÀ̹ÌÁöµéÀ» »ý¼ºÇÒ¼öÀÖ´Â ¾ÆÁÖ À¯¿ëÇÑ ÅøÀÔ´Ï´Ù. ÀÌ°É ¸¶Áö¸·¿¡ ¼³Ä¡Çϴ°ÍÀº ÀÌ°ÍÀ» ¼³Ä¡Çϱâ À§ÇØ À§ÀÇ 4°¡Áö°¡ ¼³Ä¡µÇ¾î ÀÖ¾î¾ß Çϱ⶧¹®ÀÔ´Ï´Ù. # wget http://www.boutell.com/gd/http/gd-2.0.33.tar.gz # tar zxf gd-2.0.33.tar.gz # mv ./gd-2.0.33 /usr/local/gd # cd /usr/local/gd # ./configure && make && make install ----------------------------------------------------------- 7. mrtg ¼³Ä¡Çϱâ ----------------------------------------------------------- ================================================================ MRTG¿¡¼­ ¼­¹öÆ®·¡ÇÈÀ» ¸ð´ÏÅ͸µÇϱâÀ§Çؼ­´Â cfgÆÄÀÏÀ» ¸¸µé¾î¾ßÇÑ´Ù. cfgÆÄÀÏÀ» ¸¸µå´Â ¹æ¹ýÀº µÎ°¡Áö°¡ ÀÖ´Ù. ù°, cfgmaker·Î ¸¸µå´Â ¹æ¹ý µÑ°, °¡ÀåÀ¯»çÇÑ cfgÆÄÀÏ º¹»çÈÄ ¼öÁ¤ÇÏ´Â ¹æ¹ý À§ÀÇ µÎ°¡Áö ¹æ¹ý¸ðµÎ ½Ç¹«¿¡¼­ »ç¿ëµÇ°í ÀÖ´Â ¹æ¹ýÀÌ´Ù. ±»ÀÌ ±¸ºÐÇØ º»´Ù¸é ù ¹ø°ÀÇ °æ¿ì¿¡´Â MRTG¼­¹ö¸¦ óÀ½±¸ÃàÇÑÈÄ¿¡ ÀÌ¹Ì »ç¿ëÁßÀÎ cfgÆÄÀÏÀÌ Á¸ÀçÇÏÁö ¾ÊÀ¸¹Ç·Î ȯ°æÆÄÀÏ»ý¼ºÅøÀÎ cfgmaker¸¦ ÀÌ¿ëÇÏ¿© »ý¼ºÇÏ´Â ¹æ¹ýÀÌ´Ù. Áï, MRTG ¼­¹ö±¸ÃàÃʱ⿡ ¸¹ÀÌ »ç¿ëµÇ´Â ¹æ¹ýÀ̸ç À̹æ¹ýÀ¸·Î »ý¼ºµÈ cfgÆÄÀÏÀ» »ìÆ캸¸é ºÒÇÊ¿äÇÑ ³»¿ëÀÌ ¸¹ÀÌ Ãß°¡µÇ¾î ÀÖÀ½À» ¾Ë ¼ö ÀÖ´Ù. µÎ ¹ø° ¹æ¹ýÀº MRTG¼­¹ö¸¦ ¾î´ÀÁ¤µµ »ç¿ëÇÏ´Ù º¸¸é »ý¼ºµÈ cfgÆÄÀÏÀÌ ¿©·¯°³ Á¸ÀçÇÏ°Ô µÈ´Ù. »õ·Î¿î ¼­¹öÀÇ Æ®·¡ÇÈ»ç¿ë·®À̳ª ÀÚ¿øµé(CPU, DISK, MEMORY)ÀÇ »ç¿ë·®À» ¸ð´ÏÅ͸µÇϱâÀ§Çؼ­´Â »õ·Î¿î cfgÆÄÀÏÀÌ ÇÊ¿äÇÏ°Ô µÈ´Ù. À̶§¿¡ ÀÌ¹Ì »ç¿ëÁßÀÎ cfgÆÄÀÏÁß °¡Àå À¯»çÇÑ ÆÄÀÏÀ» º¹»çÇÑ ÈÄ ±× ³»¿ëÀ» Á¶±Ý¸¸ ¼öÁ¤ÇØ ÁÖ¸é »ç¿ëÀÌ °¡´ÉÇÏ´Ù. MRTG¸¦ óÀ½ »ç¿ëÇÏ´Â ºÐÀ̶ó¸é ù ¹ø° ¹æ¹ýÀ» »ç¿ëÇÏ°í, MRTG¸¦ »ç¿ëÁßÀÎ ºÐÀ̶ó¸é µÎ ¹ø° ¹æ¹ýÀ¸·Î cfgÆÄÀÏÀ» »ý¼ºÇÏ´Â °ÍÀÌ ÀϹÝÀûÀÌÁö ¾Ê³ª »ý°¢ÇÑ´Ù. ´Ù¸¸ ¿©±â¿¡¼­´Â ¾Õ¼­ cfgmaker·Î ȯ°æÆÄÀÏ(cfg)À» »ý¼ºÇÏ´Â ¹æ¹ý¿¡ ´ëÇؼ­ ¹è¿üÀ¸¹Ç·Î ±× »ç¿ë¹ýÀ» ´Ù½Ã ¾ð±ÞÇÑ´Ù´Â °ÍÀº ¹«ÀǹÌÇϹǷΠµÎ ¹ø°ÀÇ ¹æ¹ýÀ¸·Î ÀÌ¹Ì cfgÆÄÀÏÀ» »ý¼ºÇß´Ù´Â °¡Á¤ÇÏ¿¡°Ô ¼³¸íÀ» °è¼ÓÁøÇàÇØ ³ª°¥ °ÍÀÌ´Ù. ================================================================ # wget http://oss.oetiker.ch/mrtg/pub/old/mrtg-2.11.1.tar.gz # tar zxf mrtg-2.11.1.tar.gz # cd mrtg-2.11.1 # ./configure --prefix=/usr/local/mrtg --with-gd=/usr/local/gd --with-z=/usr/local/zlib --with-png=/usr/local/libpng && make && make install # mkdir /usr/local/mrtg/conf # mkdir /usr/local/mrtg/www # /usr/local/mrtg/bin/cfgmaker --global 'WorkDir: /usr/local/mrtg/www' --global 'Language: korean' --global 'Options[_]: bits,growright' --global 'Interval: 5' --global 'WithPeak[_]: dwmy' --output /usr/local/mrtg/conf/mrtg.cfg eduwiz@192.168.0.32 =============================================== // ¾Æ·¡´Â Ãâ·Â ¸Þ¼¼Áö // --base: Get Device Info on eduwiz@192.168.0.234: --base: Vendor Id: --base: Populating confcache --snpo: confcache eduwiz@192.168.0.234: Descr lo --> 1 --snpo: confcache eduwiz@192.168.0.234: Descr eth0 --> 2 --snpo: confcache eduwiz@192.168.0.234: Type 24 --> 1 --snpo: confcache eduwiz@192.168.0.234: Type 6 --> 2 --snpo: confcache eduwiz@192.168.0.234: Ip 127.0.0.1 --> 1 --snpo: confcache eduwiz@192.168.0.234: Ip 192.168.0.234 --> 2 --snpo: confcache eduwiz@192.168.0.234: Eth --> 1 --snpo: confcache eduwiz@192.168.0.234: Eth 00-0c-29-ca-85-c0 --> 2 --base: Get Interface Info --base: Walking ifIndex --base: Walking ifType --base: Walking ifAdminStatus --base: Walking ifOperStatus --base: Walking ifMtu --base: Walking ifSpeed --base: Writing /usr/local/mrtg/conf/mrtg.cfg =============================================== # vi /usr/local/mrtg/conf/mrtg.cfg =============================================== WorkDir: /usr/local/mrtg/www Options[_]: bits,growright WithPeak[_]: dwmy Interval: 5 Target[192.168.0.234_2]: 2:eduwiz@192.168.0.234: SetEnv[192.168.0.234_2]: MRTG_INT_IP="192.168.0.234" MRTG_INT_DESCR="eth0" MaxBytes[192.168.0.234_2]: 1250000 Title[192.168.0.234_2]: Traffic Analysis for 2 -- eduwiz PageTop[192.168.0.234_2]:

Traffic Analysis for 2 -- eduwiz

System: eduwiz in jikim service, Gwangju Korea.
Maintainer: Me <jikim@eduwiz.co.kr>
Description:eth0
ifType: ethernetCsmacd (6)
ifName:
Max Speed: 10.0 Mbits/s
Ip: 192.168.0.234 ()
=============================================== # env LANG=C /usr/local/mrtg/bin/mrtg /usr/local/mrtg/conf/mrtg.cfg Rateup WARNING: /usr/local/mrtg/bin/rateup could not read the primary log file for 192.168.0.234_2 Rateup WARNING: /usr/local/mrtg/bin/rateup The backup log file for 192.168.0.234_2 was invalid as well Rateup WARNING: /usr/local/mrtg/bin/rateup Can't remove 192.168.0.234_2.old updating log file Rateup WARNING: /usr/local/mrtg/bin/rateup Can't rename 192.168.0.234_2.log to 192.168.0.234_2.old updating log file # env LANG=C /usr/local/mrtg/bin/mrtg /usr/local/mrtg/conf/mrtg.cfg Rateup WARNING: /usr/local/mrtg/bin/rateup Can't remove 192.168.0.234_2.old updating log file # env LANG=C /usr/local/mrtg/bin/mrtg /usr/local/mrtg/conf/mrtg.cfg # cd /usr/local/mrtg/www # ll -rw-r--r-- 1 root root 1115 Feb 10 10:22 192.168.0.234_2-day.png -rw-r--r-- 1 root root 8804 Feb 10 10:22 192.168.0.234_2.html -rw-r--r-- 1 root root 48226 Feb 10 10:22 192.168.0.234_2.log -rw-r--r-- 1 root root 1439 Feb 10 10:22 192.168.0.234_2-month.png -rw-r--r-- 1 root root 48223 Jan 21 16:51 192.168.0.234_2.old -rw-r--r-- 1 root root 1115 Feb 10 10:22 192.168.0.234_2-week.png -rw-r--r-- 1 root root 1957 Feb 10 10:22 192.168.0.234_2-year.png -rw-r--r-- 1 root root 538 Jan 21 16:51 mrtg-l.png -rw-r--r-- 1 root root 414 Jan 21 16:51 mrtg-m.png -rw-r--r-- 1 root root 1759 Jan 21 16:51 mrtg-r.png --> ¾ÆÆÄÄ¡ ¼³Á¤ º¯°æ # vi /usr/local/httpd/conf/httpd.conf =============================================== DirectoryIndex index.html 192.168.0.234_2.html //192.168.0.234_2.html Ãß°¡ alias /mrtg/ /usr/local/mrtg/www/ Order allow,deny Allow from all =============================================== # apachectl restart --> ½ºÅ©¸³Æ® »ý¼º # vi /usr/local/mrtg/bin/mrtg.sh =============================================== #!/bin/bash env LANG=C /usr/local/mrtg/bin/mrtg /usr/local/mrtg/conf/mrtg.cfg rdate -s time.bora.net :wq =============================================== # chmod 755 /usr/local/mrtg/bin/mrtg.sh # crontab -e =============================================== */5 * * * * /usr/local/mrtg/bin/mrtg.sh //5ºÐ ÁÖ±â·Î ½ÇÇà =============================================== # /etc/rc.d/init.d/crond restart --> ¸ðµç¼³Ä¡°¡ ³¡³µ´Ù¸é http://³» ¾ÆÀÌÇÇ/mrtg/ ·Î Á¢¼ÓÇغ»´Ù. ***********************************************************************