• Strona startowa
• Polityka
• orgfd en

Podobne

• Strona startowa
• Linux. .Mandrake.10.Podręcznik.Użytkownika.[eBook.PL] (3)
• Sams' Teach Yourself Linux In 24 Hours
• Bruce Morris Adventure Guide Florida Keys & Everglades National Park (2005)
• Linux Installation and Getting Started
• Linux Installation and Getting Started (2)
• Linux Complete Command Reference
• dołęga mostowicz tadeusz kiwony
• Goddart Kennetch Alchemik (2)
• Card Orson Scott Uczen Alvin (2)
• Weis M., T. Hickman Smoki jesiennego zmierzchu 1
• zanotowane.pl
• doc.pisz.pl
• pdf.pisz.pl
• wiolkaszka.pev.pl

Cytat

Do celu tam się wysiada. Lec Stanisław Jerzy (pierw. de Tusch-Letz, 1909-1966)
A bogowie grają w kości i nie pytają wcale czy chcesz przyłączyć się do gry (. . . ) Bogowie kpią sobie z twojego poukładanego życia (. . . ) nie przejmują się zbytnio ani naszymi planami na przyszłość ani oczekiwaniami. Gdzieś we wszechświecie rzucają kości i przypadkiem wypada twoja kolej. I odtąd zwyciężyć lub przegrać - to tylko kwestia szczęścia. Borys Pasternak
Idąc po kurzych jajach nie podskakuj. Przysłowie szkockie
I Herkules nie poradzi przeciwko wielu.
Dialog półinteligentów równa się monologowi ćwierćinteligenta. Stanisław Jerzy Lec (pierw. de Tusch - Letz, 1909-1966)

[ Pobierz całość w formacie PDF ]
.There are howeverother versions of identd available, some with security enhancements (I do not endorse these asI have yet to test them):http://insecurity.net/ - Paul's secure identd written in perlhttp://www.ojnk.nu/~odin/ - ojnk identdhttp://www.tildeslash.org/nullidentd.html - null identdhttp://www.ajk.tele.fi/~too/sw/ - fake identdhttp://p8ur.op.het.net/midentd/ - midentd76xntpdNot written yet.http://www.eecis.udel.edu/~ntp/77CVSCVS allows multiple developers to work together on large source code projects and maintaina large code base in a somewhat sane manner.CVS's internal security mechanisms are rathersimple (and some would say weak) on their own, and I would have to agree.CVS'sauthentication is typically achieved over the network using pserver, usernames are sent inclear text, and passwords are trivially hashed (no security really).To get around this you haveseveral good options.In a Unix environment probably the simplest method is to use SSH totunnel connections between the client machines and the server, "Tim TimeWaster" (TimHemel) has written an excellent page covering this that I won't bother to rehash, and it isavailable at: http://cuba.xs4all.nl/~tim/scvs/.A somewhat more complicated approach (butbetter in the long run for large installations) is to kerberize the CVS server and clients,typically large networks (especially in university environments) already have an establishedKerberoes infrastructure.Details on kerberizing CVS are available at:http://www.cyclic.com/cyclic-pages/security.html.Apart from that I would strongly urgefirewalling CVS unless you are using it for some public purpose (such as an open sourceproject across the Internet).There are other less obvious concerns you should be aware of, when dealing with source codeyou should be very to ensure no Trojan horses or backdoors are emplaced.In an open sourceproject this is relatively simple, review the code people submit, especially if it is a publiclyaccessible effort, such as the Mozilla project.Other concerns might be destruction of thesource code, make sure you have back ups.78rsyncrsync is an extremely efficient method for mirroring files, be it source code files of a CVStree, a web site, or even this document.rsync preserves file permissions, links, file times andmore, in addition to this it supports an anonymous mode (which incidentally I use for themirroring of this document) that makes life very easy for all concerned.The rsync programitself can act as the client (run from a command line or script) and as the server (typically runfrom inetd.conf).The program itself is quite secure, it does not require root privileges to runas a client nor as the server (although it can if you really want it to), and can chroot itself tothe root directory of whatever is being mirrored (this however requires root privileges and canbe more dangerous then it is worth).You can also map the user id and group id it will accessthe system as (the default is nobody for most precompiled rsync packages and is probably thebest choice).In non anonymous mode rsync supports usernames and passwords, that areencrypted quite strongly using 128 bit MD4.The "man rsyncd.conf" page quite clearlycovers setting up rsync as a server and making it relatively safe.The default configuration fileis /etc/rsyncd.conf, and has a global section, and module sections (basically each sharedout directory is a module).rsyncd.conf example:motd file = /etc/rsync.motd # specifies a file to be displayed, legaldisclaimer, etcmax connections = 5 # maximum number of connections so you don'tget flooded[pub-ftp]comment = public ftp area # simple commentpath = /home/ftp/pub # path to the directory being exportedread only = yes # make it read only, great for exporteddirectorieschroot = yes # chroot to /home/ftp/pubuid = nobody # explicitly set the UIDgid = nobody # explicitly set the GID[secret-stuff]comment = my secret stuffpath = /home/user/secret # path to my stufflist = no # hide this module when asked for alistsecrets file = /etc/rsync.users # password fileauth users = me, bob, santa # list of users I trust to see mysecret stuffhosts allow = 1.1.1.1, 2.2.2.2 # list of hosts to allowAs you can see rsync is quite configurable, and generally quite secure, the exception being theactual file transfers which are not encrypted in any way.If you need security I suggest youuse SSH to tunnel a connection, or some VPN solution like FREES/WAN.Also make sureyou are running rsync 2.3.x or higher as a potential root compromise was found in 2.2.x.79LPDNot written yet.80X Window SystemThe X Window System provides a network transparent method for sharing graphical data, ormore specifically for exporting the display of a program to a remote (or the local) host.Usingit you can run a powerful 3d rendering package on your SGI origin 2000 and display it on a486.Essentially it's the granddaddy to all this 'thin client' hype that is becoming very popularnowadays.It was created by MIT, and at the time security was not much of a concern, this ofcourse has led to more then a few nasty bugs being found, as well the level of control X isgiven (it handles keystrokes, mouse movements, draws the screen, etc) means if it iscompromised very bad things can happen.This data, if sent over the network (i.e.the Xprogram being run is displaying on a remote host) can easily be logged, so sensitiveinformation (like an xterm being used to login to another remote system) is vulnerable.Inaddition to these problems the authentication protocol that X uses is relatively weak (althoughit has been improved).Running a graphical xemacs session on a server 3 timezones awayhowever can be a very handy thing.X is very predictable in port usage, almost all implementations and installations of X use port6000 for the first session and increment by one for other sessions, thus making it quite easy toscan for.If you are not going to be using X to display program running on remote systems Isuggest strongly you firewall port 6000.Control over who/what is allowed to connect to the Xserver can be accomplished several ways.ipfwadm -I -a accept -P tcp -S 10.0/8 -D 0.0/0 6000:6100ipfwadm -I -a accept -P tcp -S some.trusted.host -D 0.0/0 6000:6100ipfwadm -I -a deny -P tcp -S 0.0/0 -D 0.0/0 6000:6100oripchains -A input -p tcp -j ACCEPT -s 10.0/8 -d 0.0/0 6000:6100ipchains -A input -p tcp -j ACCEPT -s some.trusted.host -d 0.0/06000:6100ipchains -A input -p tcp -j DENY -s 0.0/0 -d 0.0/0 6000:6100xhostxhost simply allows you to specify which machines are, or aren't allowed to connect to the Xserver, this is a very simplistic security mechanism and is not really suitable in any modernenvironment, however used in conjunction with other mechanisms it can help.The commandis quite simple: 'xhost +hostname.com' adds hostname.com, 'xhost -hostname.com'removes hostname.com from the list, you must also specify 'xhost -' to turn on the accesscontrol list, or else everyone is let in by default.mkxauthmkxauth is definitely a step up, it helps create.Xauthority files, and merge them, which areused to specify hostnames and the related magic cookies (basically a token used to gainaccess).These cookies can then be used to gain access to a remote X host (you essentiallyhave a copy of the cookie on each end) and are transferred either plain text (insecure) or DESencrypted (quite secure).Using this method you can be relatively safe and secure.Xauthorityfiles can also be used in conjunction with Kerberoes, removing the necessity to copyXauthority files around and keep them in synchronization [ Pobierz całość w formacie PDF ]

zanotowane.pl

doc.pisz.pl

pdf.pisz.pl

trendy-girls.htw.pl