´ÙÀ½ ÀÌÀü Â÷·Ê

4. º¸¾È°ü·Ã:

º¸¾È»óÀÇ º¯È­´Â ¿ÀÁ÷ °ÔÀÌÆ®¿þÀÌ ³ëµå¿¡¼­¸¸ ÀÌ·ç¾îÁö´Â °ÍÀ» ±Ç°íÇÑ´Ù. ÀÌ·¸°Ô ÇÔÀ¸·Î½á °ÔÀÌÆ®¿þÀÌÀÇ º¸¾ÈÀÌ ¾ÈÁ¤ÀûÀÌ µÈ´Ù.

4.1 .rhosts VS hosts.equiv

Ŭ·¯½ºÅÍ°£¿¡ Æнº¿öµå¸¦ »èÁ¦ÇÏ´Â ¹æ¹ýÀº µÎ°¡Áö°¡ ÀÖ´Ù. /etc/hosts.equiv ÆÄÀÏ¿¡ ÀÔ·ÂÀ» Çϰųª home µð·ºÅ丮¿¡ÀÇ °¢ °èÁ¤¿¡ .rhosts¸¦ ¸¸µå´Â ÀÏÀÌ´Ù.

.rhostsÀ» ¸¸µå´Â ¹æ¹ýÀº °¢ À¯ÀúµéÀÇ °èÁ¤¿¡ Çϳª¾¿ Àֱ⠶§¹®¿¡ ¼±È£ µÇ´Â ¹æ¹ýÀÌ´Ù. /etc/hosts.equiv´Â Ŭ·¯½ºÅÍÀÇ °¢ ³ëµå¸¶´Ù À¯ÁöµÇ¾î¾ß Çϸç ÀÌ´Â »õ·Î¿î °èÁ¤À» ¸¸µé°Å³ª ¾ø¾Ù ¶§ °ü¸®ÀÚÀÇ ÀÔÀå¿¡¼­´Â ¾ÆÁÖ º¹ÀâÇÑ ÀÏÀÌ µÈ´Ù.

.rhosts ÆÄÀÏÀÇ Çü½ÄÀº ´ÙÀ½°ú °°´Ù: 

#.rhost file for coyote cluster 
# must be read/writable by user only!
coyote1
coyote2
coyote3
coyote4

hosts.equiv ÆÄÀÏÀÇ Çü½ÄÀº ´ÙÀ½°ú °°´Ù. 

#hosts.equiv file for coyote cluster
#node name       user name
coyote1          deadline
coyote2          deadline
coyote3          deadline
coyote4          deadline
coyote1          wgates 
coyote2          wgates 
coyote3          wgates 
coyote4          wgates 
coyote5          wgates

4.2 root rlogin Á¢±Ù

root°¡ rloginÀ» ÀÌ¿ë Ŭ·¯½ºÅÍÀÇ °¢ ³ëµå¿¡ Á¢±ÙÇϱâ À§ÇØ, .rhosts ÆÄÀÏÀ» °¢ ³ëµåÀÇ root µð·ºÅ丮¿¡ ÷°¡ÇؾßÇÑ´Ù. .rhosts ÆÄÀÏÀº Ŭ·¯½ºÅÍ¿¡ ÀÖ´Â ¸ðµç ³ëµåµéÀ» ¸í±âÇؾßÇÑ´Ù. Áß¿äÇÑÁ¡: .rhosts ÆÄÀÏÀº ¼ÒÀ¯ÀÚ¸¸ÀÌ ÀÐ°í ¾µ ¼ö ÀÖ¾î¾ß ÇÑ´Ù. ("chmod go-rwx .rhosts" : ¿ªÀÚÁÖ group°ú other°¡ .rhosts¸¦ ÀÐ°í ¾²°í ½ÇÇàÇÏÁö ¸øÇϵµ·Ï ÇÑ´Ù.)ÀÌ·¯ÇÑ °ÍÀº ¹Ýµå½Ã °ÔÀÌÆ®¿þÀÌ ³ëµå¿¡¼­´Â ÀÌ·ç¾î ÁöÁö ¾Ê¾Æ ¾ß ÇÑ´Ù. (¿ªÀÚÁÖ: º¸¾È»óÀÇ ¹®Á¦ ¶§¹®¿¡)

µ¡ºÙ¿©¼­, /etc/pam.d/rlogin ÆÄÀÏ¿¡ óÀ½ µÎÁÙÀ» ¹Ù²Ù¾î ÁØ´Ù.: 

#orginal /etc/pam.d/rlogin
auth     required       /lib/security/pam_securetty.so
auth     sufficient     /lib/security/pam_rhosts_auth.so
auth     required       /lib/security/pam_pwdb.so shadow nullock
auth     required       /lib/security/pam_nologin.so
account  required       /lib/security/pam_pwdb.so
password required       /lib/security/pam_cracklib.so
password required       /lib/security/pam_pwdb.so shadow nullock
                                                   use_authtok
session  required       /lib/security/pam_pwdb.so

#first two lines are swapped /etc/pam.d/rlogin
auth     sufficient     /lib/security/pam_rhosts_auth.so
auth     required       /lib/security/pam_securetty.so
auth     required       /lib/security/pam_pwdb.so shadow nullock
auth     required       /lib/security/pam_nologin.so
account  required       /lib/security/pam_pwdb.so
password required       /lib/security/pam_cracklib.so
password required       /lib/security/pam_pwdb.so shadow nullock
                                                   use_authtok
session  required       /lib/security/pam_pwdb.so

4.3 root telnet Á¢±Ù

°ÔÀÌÆ®¿þÀÌ ³ëµå¸¦ Á¦¿ÜÇÑ ¸ðµç ³ëµå¿¡ /etc/securetty ÆÄÀÏ¿¡ ´ÙÀ½°ú °°Àº ³»¿ëÀ» ÷°¡ÇÑ´Ù: 

ttyp0
ttyp1
ttyp2
ttyp3
ttyp4

ÀÌ·¯ÇÑ º¯È­´Â remote telnetÀ» ÀÌ¿ë Ŭ·¯½ºÅͳ»ÀÇ ¾î¶°ÇÑ ³ëµå·Î ¿¬°á ÀÌ °¡´ÉÄÉÇÏ´Â °ÍÀÌ´Ù.

4.4 root ftp Á¢±Ù

rootÀÇ ftp Á¢±ÙÀÌ ÇÊ¿äÇÑ ½Ã½ºÅÛÀÇ °æ¿ì, /etc/ftpusers ÆÄÀÏ¿¡ ´ÙÀ½°ú °°ÀÌ root ºÎºÐ¿¡ ÁÖ¼®À» ´Ü´Ù. 

#Comment out root to allow other systems ftp access as root
#root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

´ÙÀ½ ÀÌÀü Â÷·Ê