From owner-man-jp-reviewer@jp.freebsd.org  Thu Dec 31 23:21:51 1998
Received: (from daemon@localhost)
	by jaz.jp.freebsd.org (8.9.1+3.1W/8.7.3) id XAA09151;
	Thu, 31 Dec 1998 23:21:51 +0900 (JST)
	(envelope-from owner-man-jp-reviewer@jp.FreeBSD.org)
Received: from mail.yk.rim.or.jp (root@mail.yk.rim.or.jp [202.247.130.37])
	by jaz.jp.freebsd.org (8.9.1+3.1W/8.7.3) with ESMTP id XAA09145
	for <man-jp-reviewer@jp.freebsd.org>; Thu, 31 Dec 1998 23:21:49 +0900 (JST)
	(envelope-from k-horik@yk.rim.or.jp)
Received: from localhost (ppp407.yk.rim.or.jp [202.247.165.107])
	by mail.yk.rim.or.jp (8.8.5/3.6W-RIMNET-98-06-09) with ESMTP id XAA05009
	for <man-jp-reviewer@jp.freebsd.org>; Thu, 31 Dec 1998 23:21:46 +0900 (JST)
To: man-jp-reviewer@jp.freebsd.org
In-Reply-To: Your message of "Wed, 30 Dec 1998 11:46:27 +0900"
	<199812300303.MAA02765@mail.nk.rim.or.jp>
References: <199812300303.MAA02765@mail.nk.rim.or.jp>
Mime-Version: 1.0
X-Mailer: Mew version 1.93 on Emacs 19.28 / Mule 2.3 (SUETSUMUHANA)
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19981231232112S.k-horik@yk.rim.or.jp>
Date: Thu, 31 Dec 1998 23:21:12 +0900
From: Kazuo Horikawa <k-horik@yk.rim.or.jp>
X-Dispatcher: imput version 980905(IM100)
Lines: 249
Reply-To: man-jp-reviewer@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+981115
X-Sequence: man-jp-reviewer 875
Subject: [man-jp-reviewer 875] Re: security.7
Errors-To: owner-man-jp-reviewer@jp.freebsd.org
Sender: owner-man-jp-reviewer@jp.freebsd.org
X-Originator: k-horik@yk.rim.or.jp

 $BKY@n$G$9!#(B

> $B!&(Bmdoc $B%^%/%m$r;H$&$h$&$KJQ99(B
>   .Pq, .Sq, .Xr, .Bx
>   $B86J8$bJQ99$N>e(B send-pr $B$7$F$$$^$9!#(B
 $B$"$j$,$H$5$s$G$9!#%U%!%$%k%Q%9$K$O(B Pa $B$b;H$C$?J}$,$h$+$C$?$+$b$7$l$^$;$s!#(B

> $B!&(B.Fx $B%^%/%m$,F0$+$J$$!#(B
>   2.2.7-RELEASE, 3.0-RELEASE $B$H$b$K!D(B
http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/groff/tmac/doc-syms?rev=1.16
$B$O(B
.\" Ns Fx macro - FreeBSD
.de Fx
.nr cF \\n(.f
.nr cZ \\n(.s
.ds aa \&\f\\n(cF\s\\n(cZ
.if \\n(.$==2 \{\
.       if "\\$1"1.0"  \&\\*(tNFreeBSD\\*(aa 1.0\\*(aa\\$2
.       if "\\$1"1.1"  \&\\*(tNFreeBSD\\*(aa 1.1\\*(aa\\$2
.       if "\\$1"1.1.5"  \&\\*(tNFreeBSD\\*(aa 1.1.5\\*(aa\\$2
.       if "\\$1"1.1.5.1"  \&\\*(tNFreeBSD\\*(aa 1.1.5.1\\*(aa\\$2
.       if "\\$1"2.0"  \&\\*(tNFreeBSD\\*(aa 2.0\\*(aa\\$2
.       if "\\$1"2.0.5"  \&\\*(tNFreeBSD\\*(aa 2.0.5\\*(aa\\$2
.       if "\\$1"2.1"  \&\\*(tNFreeBSD\\*(aa 2.1\\*(aa\\$2
.       if "\\$1"2.1.5"  \&\\*(tNFreeBSD\\*(aa 2.1.5\\*(aa\\$2
.       if "\\$1"2.1.6"  \&\\*(tNFreeBSD\\*(aa 2.1.6\\*(aa\\$2
.       if "\\$1"2.1.7"  \&\\*(tNFreeBSD\\*(aa 2.1.7\\*(aa\\$2
.       if "\\$1"2.2"  \&\\*(tNFreeBSD\\*(aa 2.2\\*(aa\\$2
.       if "\\$1"2.2.1"  \&\\*(tNFreeBSD\\*(aa 2.2.1\\*(aa\\$2
.       if "\\$1"2.2.2"  \&\\*(tNFreeBSD\\*(aa 2.2.2\\*(aa\\$2
.       if "\\$1"2.2.5"  \&\\*(tNFreeBSD\\*(aa 2.2.5\\*(aa\\$2
.       if "\\$1"2.2.6"  \&\\*(tNFreeBSD\\*(aa 2.2.6\\*(aa\\$2
.       if "\\$1"3.0"  \&\\*(tNFreeBSD\\*(aa 3.0\\*(aa\\$2
.\}
[$BN,(B]
$B$H$J$C$F$$$k$N$G!"(BFx 2.2.7 $B$OI=<($5$l$J$5$=$&$G$9$,!"(BFx 3.0 $B$OI=<((B
$B$5$l$k$N$G$O$J$$$G$7$g$&$+!#(B


> $B!&(Bhellofalot of trouble $B$C$F$I$&$$$&0UL#!)(B
 $BB8$8$^$;$s$G$9(B _o_


> $B%7%9%F%`$O@N$+$i%^%k%A%f!<%6$KBP1~$7$F$$$^$9!#%;%-%e%j%F%#$N;EAH$_$r(B
> $BAH$_9~$s$G0];}$9$k$3$H$G!"%f!<%6$r(B
> .Sq $B@5D>$K(B
> $B$7B3$1$k;E;v$O!"%7%9%F%`4IM}<T$N$b$C$H$bBg$-$J4k$F$N0l$D$G$7$g$&!#5!3#$O!"(B
                                                $B@UL3(B

> $B%5!<%P%W%m%;%9$KBP$9$k967b$O!"%5!<%P$N%*%W%7%g%s$r;XDj$9$k$3$H$G!"(B
> $B5U>r7o$N%7%9%F%`$K$*$$$F!"%5!<%P$,0z$-5/$3$9Ii2Y$K8B3&$r@_$1$k$3$H$G(B
> $B=$@5$9$k$3$H$,$G$-$^$9!#(B
 $B5U>r7o$N%7%9%F%`(B (the system under adverse conditions) $B$N5U>r7o$O5U6-(B
$B$H$$$C$?0UL#$G;HMQ$7$F$$$k$H;W$&$N$G$9$,!"$"$k>r7o$H$O5U$N>r7o$,$"$k$N(B
$B$+$H$A$g$C$H9M$($F$7$^$&$H;W$&$N$G!"!V5U6-!W!V87$7$$>r7o!W!V87$7$$>u67!W(B
$B!V87$7$$>uBV!W$J$I$H$9$k$N$O$I$&$G$7$g$&!#(B


> .\"X A user account compromise is even more common then a D.O.S. attack.  Many
                                                     than (?)
> .\"X sysops still run standard telnetd, rlogind, rshd, and ftpd servers on their
> .\"X machines.  These servers, by default, do not operate over encrypted
> .\"X connections.  The result is that if you have any moderate-sized user base,
> .\"X one or more of your users logging into your system from a remote location
> .\"X (which is the most common and convenient way to login to a system) will
> .\"X have his or her password sniffed.  The attentive system admin will analyze
> .\"X his remote access logs occassionally looking for suspicious source addresses
> .\"X even for successful logins.
> $B%7%9%F%`4IM}<T$,Cm0U?<$$$J$i$P!"%j%b!<%H%"%/%;%9%m%0$r$H$-$I$-2r@O$7$F!"(B
> $B5?$o$7$$%=!<%9%"%I%l%9$+$i$N%m%0%$%s$N@.8y$,$J$$$+$I$&$+$rC5$9$b$N$G$9!#(B
$B%7%9%F%`4IM}<T$,Cm0U?<$$$J$i$P!"$?$H$(%m%0%$%s$,@.8y$7$F$$$?$H$7$F$b!"(B
$B%j%b!<%H%"%/%;%9%m%0$r$H$-$I$-2r@O$7$F!"5?$o$7$$%=!<%9%"%I%l%9$rC5$9$b$N$G$9!#(B


> root - root $B8"8B$N%5!<%P$H(B suid/sgid $B%P%$%J%j$N0BA4@-$r9b$a$k!#(B
  root $B$N0BA4@-8~>e(B - ...


> $BFCJL$J(B chflags $B%U%i%0$,8z2L$rH/4x$7$^$9!#$3$l$K2C$($F!"5^=j$H$J$k(B
> $B5/F0%U%!%$%k!"%G%#%l%/%H%j!"%9%/%j%W%H%U%!%$%k(B - $B0BA4%l%Y%k$,@_Dj$5$l$k(B
> $B>l=j$K;j$k$^$G$N4V$K<B9T$5$l$k$b$N$9$Y$F$KBP$7$F(B
> .Sq schg
> $B%U%i%0$r(B on $B$K(B
> $B$7$F$*$/$3$H$b!"3N<B$K$7$F$*$/I,MW$,$"$j$^$9!#(B
$B$@$H!V5/F0!W$,%U%!%$%k$N$_7AMF$9$k$h$&$KFI$a$k$N$G!"(B
	$B5/F0$K$*$$$F=EMW$J%P%$%J%j!&%G%#%l%/%H%j!&%9%/%j%W%H%U%!%$%k(B
$B$J$I$H$9$k$N$O$I$&$G$7$g$&!#(B
 $B86J8$O(B critical startup binaries, directories, and script files


> .\"X When it comes right down to it, you can only protect your core system
> .\"X configuration and control files so much before the convenience factor
> .\"X rears its ugly head.  The last layer of your security onion is perhaps
> .\"X the most important - detection.
> $B$3$H$3$3$K;j$k$H!"%7%9%F%`4IM}<T$K$G$-$k$3$H$O!"%3%"%7%9%F%`$N@_Dj(B / $B@)8f(B
> $B%U%!%$%k$r!"JXMxEY$,$=$N=9$$F,$r>e$2$J$$DxEY$KKI8f$9$k$3$H$@$1$G$9!#(B
> $B%;%-%e%j%F%#%?%^%M%.$N:G8e$NAX$O$*$=$i$/:G$b=EMW$J$b$N(B - $BC5CN$G$9!#(B
 o $B<qL#$NLdBj$+$b$7$l$^$;$s$,!"(B
	$B$3$H$3$3$K;j$k$H%7%9%F%`4IM}<T$K$G$-$k$3$H$O!"(B
	$BJXMxEY$,$=$N=9$$F,$r>e$2$J$$DxEY$K!"(B
	$B%3%"%7%9%F%`$N@_Dj(B / $B@)8f%U%!%$%k$rKI8f$9$k$3$H$@$1$G$9!#(B
   $B$NJ}$,J,$j0W$$8l=g$+$b$7$l$^$;$s!#(B
 o $B!V%;%-%e%j%F%#%?%^%M%.!W$h$j$O!V%;%-%e%j%F%#$N%?%^%M%.!W$NJ}$,0cOB(B
   $B46$,>/$J$$$h$&$J5$$,$7$^$9!#(B


> .\"X machines on the system.  The most common way of checking is to have
> .\"X the security script scp(1) over a find and md5 binary and then ssh a
> .\"X shell command to the remote machine to md5 all the files in the system
> .\"X (or, at least, the /, /var, and /usr partitions!).  The security
> .\"X machine copies the results to a file and diff's them against results
> .\"X from a previous run (or compares the results against its own
> .\"X binaries), then emails each staff member a daily report of
> .\"X differences.
> $B0BA4$J%7%9%F%`(B
> $B$rMQ$$$F!"(Bssh $B7PM3$GB>$N%7%9%F%`$N(B root $B6u4V$K%"%/%;%9$r3]$1$^$9!#(B
                                                        $B$7$^$9!#(B

> $B:G$bIaDL$N%A%'%C%/J}K!$O!"%;%-%e%j%F%#%9%/%j%W%H(B
> .Xr scp 1
> $B$r(B find $B$H(B md5 $B%P%$%J%j$KBP$7$FE,MQ$7!"%7%9%F%`$NA4$F$N%U%!%$%k(B
> .Pq $B$b$7$/$O!">/$J$/$H$b(B /, /var, /usr $B%Q!<%F%#%7%g%s(B!
> $B$KBP$7$F(B
> md5 $B$r3]$1$k%7%'%k%3%^%s%I$r%j%b!<%H%^%7%s$G(B ssh $B$r;H$$<B9T$9$k$b$N$G$9!#(B
        $BE,MQ$9$k(B              ssh $B$r;H$C$F%j%b!<%H%^%7%s$G<B9T$9$k$b$N$G$9!#(B

 $B$"$H!"(B
$B$3$3$N(B The most common way of checking is to have the security script
scp(1) over a find and md5 binary and then ssh a shell command to the
remote machine to md5 all the files in the system ... $B$N$H$3$m$O!"(B
 $B:G$b0lHLE*$J%A%'%C%/J}K!$O!"%;%-%e%j%F%#%9%/%j%W%H$K(B
 (1) find $B$H(B md5 $B$N%P%$%J%j$r%j%b!<%H%^%7%s$K(B scp(1) $B$5$;(B
 (2) $B%7%9%F%`A4BN$N%U%!%$%k$N(B md5 $B$rE,MQ$9$k%7%'%k%3%^%s%I$r(B ssh $B$G(B
     $B%j%b!<%H%^%7%s$K<B9T$5$;$k(B
$B$3$H$G$9!#(B
$B$H$$$&0UL#$G$O$J$$$G$7$g$&$+!#(B
# have the security scp and then ssh $B$G!"%;%-%e%j%F%#%9%/%j%W%H$K(B scp 
# $B$H(B ssh $B$5$;$k$H$$$&2r<a(B


> $B0BA4$J5!3#$O!"%A%'%C%/7k2L$r%U%!%$%k$K%3%T!<$7!"A02s$N%A%'%C%/7k2L$H(B
> diff $B$r<h$j(B
> .Pq $B$^$?$O!"$=$l<+?H$N%P%$%J%j$KBP$9$k7k2L$HHf3S$9$k(B
              $B0BA4$J5!3#<+?H$N!D(B
> $B0c$$$r(B
> $BKhF|$N%l%]!<%H$H$7$F%9%?%C%U%a%s%P$R$H$j$R$H$j$K%a!<%k$rAw$j$^$9!#(B


> $BB?>/JQ<A68E*$K$J$C$F$b7h$7$F=}$D$1$k$3$H$O$"$j$^$;$s!#(B
                              $B0-$$$3$H$K$O$J$j$^$;$s!#(B
# $B$/$i$$!)(B


> .\"X .Sh SPECIAL SECTION ON D.O.S. ATTACKS
> .Sh $B%5!<%S%9ITG=967b(B (D.O.S attach) $B$K$D$$$F$NFC5-;v9`(B
                                   k

> $B$3$N%;%/%7%g%s$G$O%5!<%S%9ITG=967b$r07$$$^$9!#%5!<%S%9ITG=967b$O!"IaDL$O!"(B
> $B%Q%1%C%H967b$G$9!#%M%C%H%o!<%/$rK0OB$5$;$k:G@hC<$N56B$%Q%1%C%H(B
> .Pq spoofed packet
> $B967b$KBP$7$F%7%9%F%`4IM}<T$,BG$F$k<j$O$=$l$[$IB?$/(B
> $B$"$j$^$;$s$,!"0lHLE*$K!"$=$N<o$N967b$,%5!<%P$r%@%&%s$5$;$J$$$3$H$r(B
> $B3N<B$K$9$k$3$H$G!"Ho32$r8B$k$3$H$O$G$-$^$9!#(B
                          $B8BDj$9$k$3$H$O$G$-$^$9!#(B
                          $B@)8B(B


> $B$3$l$O!"%5!<%P$K5!3#$,;`$L$^$G(B
> $B%W%m%;%9!"%U%!%$%k5-=R;R!"%a%b%j$r?)$$?T$/$5$;$k$b$N$G$9!#(B
$B$3$l$O!"%5!<%P$K%W%m%;%9!&%U%!%$%k5-=R;R!&%a%b%j$r?)$$?T$/$5$;$F!"(B
$B%^%7%s$r;&$=$&$H$9$k$b$N$G$9!#(B

> $B5!3#$,(B
> $B%@%&%s$9$k$3$H$rKI;_$9$k$3$H$O2DG=$G$9$,!"$3$N<o$N967b$K$h$j%5!<%S%9$,(B
> $BIe$k$3$H$rKI;_$9$k$3$H$O0lHLE*$K2DG=$H$O8B$i$J$$$3$H$KCm0U$9$kI,MW$,(B
  $BJx2u$9$k$3$H$r(B
> $B$"$j$^$9!#(B


> .\"X Sendmail has its -OMaxDaemonChildren option which tends to work much
> .\"X better then trying to use sendmail's load limiting options due to the
> .\"X load lag.  You should specify a MaxDaemonChildren parameter when you start
> .\"X sendmail high enough to handle your expected load but no so high that
> .\"X the computer cannot handle that number of sendmails without falling on
> .\"X its face. It is also prudent to run sendmail in queued mode
> .\"X (-ODeliveryMode=queued) and to run the daemon (sendmail -bd) separate
> .\"X from the queue-runs (sendmail -q15m).  If you still want realtime
> .\"X delivery you can run the queue at a much lower interval, such as -q1m,
> .\"X but be sure to specify a reasonable MaxDaemonChildren option for that
> .\"X sendmail to prevent cascade failures.
> sendmail $B$O!"$3$l$i$h$j$:$C$H$^$H$b$KF0:n$9$k2DG=@-$,9b$$(B
> .Fl OMaxDaemonChildren
> $B%*%W%7%g%s$rHw$($F$*$j!"Ii2Y$N%i%0$K$h$C$F(B
> sendmail $B$NIi2Y$K8B3&$r@_$1$k%*%W%7%g%s$r;H$$$^$9!#(B
due to load lag $B$,$h$/$o$+$i$J$$$N$G$9$,!":G=i$N(B than vs then $B$N$h$&$K!"(B
$B$3$3$b(B than $B$r(B then $B$H$7$F$7$^$C$?$H$$$&$3$H$O$J$$$G$7$g$&$+!#(B
$B$b$7$=$&$@$H$9$k$H!"(B
	sendmail $B$,Hw$($F$$$k(B -OMaxDaemonChildren$B%*%W%7%g%s$O!"(B
	sendmail $B$NIi2Y@)8B%*%W%7%g%s$h$j$b$:$C$H$^$H$b$KF0:n$9$k2DG=(B
	$B@-$,9b$$$G$9!#$J$<$J$iIi2Y$K$O%i%0(B ($BCY$l(B) $B$,$"$k$?$a$G$9!#(B
$B$H$7$F0UL#$,DL$80W$$$H;W$$$^$9!#(B


> .Bx Free
> $B$G$O!"(Bnet.inet.ip.portrange $B$X$N(B sysctl
> .Pq sysctl -a \&| fgrep portrange ,
                                    ^ $B%H%k(B
> $B$r;HMQ$9$k$3$H$G!"%]!<%HHV9f$NHO0O$r@)8f$G$-$k$3$H$r5-21$K$H$I$a$F(B
> $B$*$$$F2<$5$$!#(B

> $B;d$O!"(Bnormal $B$NHO0O$H$7$F!"(Bfirst/last $B$,(B 4000 $B$+$i(B 5000 $B$r!"(Bhiport $B$NHO0O(B
        $BDL>o(B                                               $B9b0L$N%]!<%H$NHO0O(B


> .\"X A second common springboard attack is against the ICMP
> .\"X error reporting system.  By constructing packets that generate ICMP
> .\"X error responses, an attacker can saturate a server's incoming network
> .\"X and cause the server to saturate its outgoing network with ICMP
> .\"X responses.  This type of attack can also crash the server by running
> .\"X it out of mbuf's, especially if the server cannot drain the ICMP
> .\"X responses it generates fast enough.  The FreeBSD kernel has a new
> .\"X kernel compile option called ICMP_BANDLIM which limits the
> .\"X effectiveness of these sorts of attacks.

> $B967b<T$,@8@.$7$?(B ICMP $B1~Ez$,Aa2a$.$F!"(B
> ICMP $B1~Ez$r=P$7?T$/$9$3$H$,$G$-$J$$>l9g!"$H$/$K$R$I$$$3$H$K$J$j$^$9!#(B
$B967b<T$,(B ICMP $B1~Ez$r:n@.$9$k$H$O=q$+$l$F$$$J$$$N$G!"(B
	$B967b<T$N@8@.$,Aa2a$.$F!"(B
	$B%5!<%P$,(BICMP $B1~Ez$r=P$7?T$/$9$3$H$,$G$-$J$$>l9g!"(B
	$B$H$/$K$R$I$$$3$H$K$J$j$^$9!#(B
$B$H$9$k$N$O$I$&$G$7$g$&!#(B


> .Pq $B<+J,$N5!3#$r%/%i%C%7%e$5$;$?$/$J$$8B$j$O(B:-
> $B$I$A$i$+$r%<%m$K(B
            0
> $B$9$k$h$&$J$3$H$O7h$7$F$7$J$$$G2<$5$$!#(B


 $B$"$H!"(B
 o $B$=$$$D(B -> $B967b<T(B
 o $B5!3#(B -> $B%^%7%s(B
 o $B:/(B -> $B:/@W(B or $B7A@W(B
 o $B$f$-$H$I$$$?(B -> $B9T$-FO$$$?(B
 o $B%*!<%P!<%X%C%I(B -> $B%*!<%P%X%C%I(B
 o $B@Z$k(B $B@Z$C$?(B $B@Z$C$F(B -> $BL58z$K$9$k(B $B$J$I(B
$B$H$7$?J}$,$h$$$+$b$7$l$^$;$s!#(B 
--
$BKY@nOBM:(B
