Рейтинг  

Яндекс.Метрика
Яндекс цитирования
 

   

Статистика  

Пользователи
7
Материалы
574
Кол-во просмотров материалов
2725443
   
 

Сервер Red Hat Linux 7.3

Настройка (ограничение) доступа к серверу elis.it.ru



Конфигурационный файл /etc/hosts.deny
[root@elis /root]# less /etc/hosts.deny
#
# hosts.deny	This file describes the names of the hosts which are
#		*not* allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
ALL: ALL EXCEPT 172.18.11.17,  \
		172.18.14.2,   172.18.14.5,   172.18.14.19, \
		172.18.17.27,  \
		172.18.34.101, \
		172.18.64.100, 172.18.64.197, \
		172.18.65.1,   \
		172.18.84.5,   \
		172.18.92.16,  172.18.92.17, \
		172.18.93.64,  172.18.93.86,  172.18.93.92, \
		172.18.94.1,   172.18.94.2,   172.18.94.3,   172.18.94.4,  \
		172.18.94.5,   172.18.94.6,   172.18.94.7,   \
		172.18.94.10,  172.18.94.11,  \
		172.18.94.14,  172.18.94.15,  172.18.94.17,  172.18.94.18, \
		172.18.94.19,  172.18.94.20,  172.18.94.21,  172.18.94.22, \
		172.18.94.23,  \
		172.18.94.24,  172.18.94.25,  172.18.94.26,  172.18.94.27, \
		172.18.94.28,  172.18.94.31,  172.18.94.35,  \
		172.18.157.2,  172.18.157.3,  172.18.157.40, \
		172.18.159.3,  \
		172.18.209.60

exports - NFS file systems being exported (for Kernel based NFS) Конфигурационный файл /etc/exports
[root@elis /root]# less /etc/exports
/usr    172.18.94.4(rw)
/data   172.18.94.5(rw) 172.18.94.7(rw) 172.18.157.2(rw,anonuid=505,anongid=505) \
        172.18.84.5(rw) 172.18.209.60(rw) 172.18.93.62(ro) 172.18.93.40(ro) \
        172.18.93.4(rw,anonuid=505,anongid=505) 172.18.93.24(ro) 172.18.94.4(rw) \
        172.18.93.25(ro) 172.18.93.11(ro) 172.18.93.36(ro) 172.18.34.101(ro) \
        172.18.94.27(ro) 172.18.93.5(ro) 172.18.94.7(ro) 172.18.94.1(ro) \
        172.18.157.40(ro,anonuid=505,anongid=505) \
        172.18.157.3(ro,anonuid=505,anongid=505) \
        172.18.94.6(ro)
/usr/rh62       172.18.94.6(ro) 172.18.157.2(ro) 172.18.34.101(ro)
/tmp/bill       172.18.94.7(rw,all_squash,anonuid=505,anongid=505)

Конфигурационный файл /etc/ipchains (elis)
[root@elis /root]# less /etc/sysconfig/ipchains
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 0/0 -d 0/0 2049 -p udp   -j ACCEPT
-A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 21 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -s 0/0 -d 0/0 -i eth0 -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
-A input -p udp -s 0/0 -d 0/0 2049 -j REJECT
-A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT

Конфигурационный файл /etc/iptables (labuch)
[root@grossb /root]# less /etc/sysconfig/iptables
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 119 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
COMMIT

Конфигурационный файл /etc/iptables (shrek.technet)
[root@shrek /root]# less /etc/sysconfig/iptables
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 81.176.142.129 --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
#:RH-SunTechnic-0-50-OUTPUT - [0:0]
#-A OUTPUT -j RH-SunTechnic-0-50-OUTPUT
#-A PREROUTING -j RH-SunTechnic-0-50-OUTPUT
#-A POSTROUTING -j RH-SunTechnic-0-50-OUTPUT
#-A RH-SunTechnic-0-50-OUTPUT -s 172.18.1.0/24 -j SNAT --to-source 81.176.142.134
-A POSTROUTING -s 172.18.1.201 -j SNAT --to-source 81.176.142.134
-A POSTROUTING -s 172.18.1.40 -j SNAT --to-source 81.176.142.134
#-A POSTROUTING -s 172.18.1.0/24 -j SNAT --to-source 81.176.142.134
#-A POSTROUTING -s 172.18.1.0/24 -j SNAT --to-source 81.176.142.134 -c PKTS BYTES
COMMIT

Конфигурационный файл /etc/passwd (shrek.technet)
[root@shrek /root]# less /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown +1 -h
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/bin/bash
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
squid:x:23:23::/usr/local/squid:/sbin/nologin
webalizer:x:67:67:Webalizer:/var/www/html/usage:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
mailman:x:41:41:GNU Mailing List Manager:/var/mailman:/bin/false
desktop:x:80:80:desktop:/var/lib/menu/kde:/sbin/nologin
radvd:x:75:75:radvd user:/:/sbin/nologin
suntechnic:x:500:500::/home/suntechnic:/bin/bash
usernet:x:501:501::/home/usernet:/bin/bash
cvb:x:502:502::/home/cvb:/bin/bash
i36start:x:503:505::/home/internet:/usr/local/bin/class36_up
i36stop:x:504:505::/home/internet:/usr/local/bin/class36_down
i37start:x:506:505::/home/internet:/usr/local/bin/class37_up
i37stop:x:507:505::/home/internet:/usr/local/bin/class37_down
i38start:x:508:505::/home/internet:/usr/local/bin/class38_up
i38stop:x:509:505::/home/internet:/usr/local/bin/class38_down
ws10:x:510:501::/home/ws10:/sbin/nologin
ws11:x:511:501::/home/ws11:/sbin/nologin
ws12:x:512:501::/home/ws12:/sbin/nologin
ws13:x:513:501::/home/ws13:/sbin/nologin
ws14:x:514:501::/home/ws14:/sbin/nologin
ws15:x:515:501::/home/ws15:/sbin/nologin
ws16:x:516:501::/home/ws16:/sbin/nologin
ws17:x:517:501::/home/ws17:/sbin/nologin
ws18:x:518:501::/home/ws18:/sbin/nologin
ws19:x:519:501::/home/ws19:/sbin/nologin
ws20:x:520:501::/home/ws20:/sbin/nologin
ws21:x:521:501::/home/ws21:/sbin/nologin
ws22:x:522:501::/home/ws22:/sbin/nologin
ws23:x:523:501::/home/ws23:/sbin/nologin
ws24:x:524:501::/home/ws24:/sbin/nologin
ws25:x:525:501::/home/ws25:/sbin/nologin
ws26:x:526:501::/home/ws26:/sbin/nologin
ws27:x:527:501::/home/ws27:/sbin/nologin
ws28:x:528:501::/home/ws28:/sbin/nologin
ws29:x:529:501::/home/ws29:/sbin/nologin
ws30:x:530:501::/home/ws30:/sbin/nologin
ws31:x:531:501::/home/ws31:/sbin/nologin
ws32:x:532:501::/home/ws32:/sbin/nologin
ws33:x:533:501::/home/ws33:/sbin/nologin
ws34:x:534:501::/home/ws34:/sbin/nologin
ws35:x:535:501::/home/ws35:/sbin/nologin
ws36:x:536:501::/home/ws36:/sbin/nologin
ws37:x:537:501::/home/ws37:/sbin/nologin
ws38:x:538:501::/home/ws38:/sbin/nologin
ws39:x:539:501::/home/ws39:/sbin/nologin
ws40:x:540:501::/home/ws40:/sbin/nologin
ws41:x:541:501::/home/ws41:/sbin/nologin
ws42:x:542:501::/home/ws42:/sbin/nologin
ws43:x:543:501::/home/ws43:/sbin/nologin
ws44:x:544:501::/home/ws44:/sbin/nologin
ws45:x:545:501::/home/ws45:/sbin/nologin
luda:x:546:501::/home/luda:/sbin/nologin
mattis:x:547:501::/home/mattis:/sbin/nologin
nataly:x:548:501::/home/nataly:/sbin/nologin
irina:x:549:501::/home/irina:/sbin/nologin

 

   
   

Login Form