[ 上一页 ] [ 目录 ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ A ] [ B ] [ C ] [ D ] [ E ] [ F ] [ G ] [ H ] [ 下一页 ]

Securing Debian Manual
附录 G - SSHchroot 环境


SSH 创建一个限制环境是一项坚苦的工作, 这由 SSH 为用户提供一个远程 shell 的事实可知, 其依赖关系和与其它服务不同. 因此, 您还必须考虑在此环境中那些程序用户可以使用. 如果您创建了这种文件结构, 如 /var/chroot/ssh, 您可以被 chrootssh 服务, 用下边的命令:

       # chroot /var/chroot/ssh /sbin/sshd -f /etc/sshd_config

G.1 环境的自动构建(简单的方式)

您可以使用 makejail 软件包很容易的创建一个限制环境, 因为它自动跟踪处理服务器守护进程(使用 strace), 并使它运行在一个受限制的环境中.

自动构建 chroot 环境程序的优势在于它能为 chroot 环境复制任何软件包(甚至下边的依赖包, 并能保证其完整性). 因此, 用户使用起来更加容易.

使用 makejail 提供的例子配置环境, 运行下边的命令:

       # makejail /usr/share/doc/makejail/examples/sshd.py

阅读示例文件, 查看还对环境做了哪些修改. 其中一些修改, 譬如用户主目录的复制, 不能自动完成. 还有, 限制显示的敏感信息只能由一些指定用户从 /etc/shadow/etc/group 复制.

以下示例环境已经过(简单)测试, 使用软件包提供的配置文件构建, 包括 fileutils 软件包:

     .
     |-- bin
     |   |-- ash
     |   |-- bash
     |   |-- chgrp
     |   |-- chmod
     |   |-- chown
     |   |-- cp
     |   |-- csh -> /etc/alternatives/csh
     |   |-- dd
     |   |-- df
     |   |-- dir
     |   |-- fdflush
     |   |-- ksh
     |   |-- ln
     |   |-- ls
     |   |-- mkdir
     |   |-- mknod
     |   |-- mv
     |   |-- rbash -> bash
     |   |-- rm
     |   |-- rmdir
     |   |-- sh -> bash
     |   |-- sync
     |   |-- tcsh
     |   |-- touch
     |   |-- vdir
     |   |-- zsh -> /etc/alternatives/zsh
     |   `-- zsh4
     |-- dev
     |   |-- null
     |   |-- ptmx
     |   |-- pts
     |   |-- ptya0
     (...)
     |   |-- tty
     |   |-- tty0
     (...)
     |   `-- urandom
     |-- etc
     |   |-- alternatives
     |   |   |-- csh -> /bin/tcsh
     |   |   `-- zsh -> /bin/zsh4
     |   |-- environment
     |   |-- hosts
     |   |-- hosts.allow
     |   |-- hosts.deny
     |   |-- ld.so.conf
     |   |-- localtime -> /usr/share/zoneinfo/Europe/Madrid
     |   |-- motd
     |   |-- nsswitch.conf
     |   |-- pam.conf
     |   |-- pam.d
     |   |   |-- other
     |   |   `-- ssh
     |   |-- passwd
     |   |-- resolv.conf
     |   |-- security
     |   |   |-- access.conf
     |   |   |-- chroot.conf
     |   |   |-- group.conf
     |   |   |-- limits.conf
     |   |   |-- pam_env.conf
     |   |   `-- time.conf
     |   |-- shadow
     |   |-- shells
     |   `-- ssh
     |       |-- moduli
     |       |-- ssh_host_dsa_key
     |       |-- ssh_host_dsa_key.pub
     |       |-- ssh_host_rsa_key
     |       |-- ssh_host_rsa_key.pub
     |       `-- sshd_config
     |-- home
     |   `-- userX
     |-- lib
     |   |-- ld-2.2.5.so
     |   |-- ld-linux.so.2 -> ld-2.2.5.so
     |   |-- libc-2.2.5.so
     |   |-- libc.so.6 -> libc-2.2.5.so
     |   |-- libcap.so.1 -> libcap.so.1.10
     |   |-- libcap.so.1.10
     |   |-- libcrypt-2.2.5.so
     |   |-- libcrypt.so.1 -> libcrypt-2.2.5.so
     |   |-- libdl-2.2.5.so
     |   |-- libdl.so.2 -> libdl-2.2.5.so
     |   |-- libm-2.2.5.so
     |   |-- libm.so.6 -> libm-2.2.5.so
     |   |-- libncurses.so.5 -> libncurses.so.5.2
     |   |-- libncurses.so.5.2
     |   |-- libnsl-2.2.5.so
     |   |-- libnsl.so.1 -> libnsl-2.2.5.so
     |   |-- libnss_compat-2.2.5.so
     |   |-- libnss_compat.so.2 -> libnss_compat-2.2.5.so
     |   |-- libnss_db-2.2.so
     |   |-- libnss_db.so.2 -> libnss_db-2.2.so
     |   |-- libnss_dns-2.2.5.so
     |   |-- libnss_dns.so.2 -> libnss_dns-2.2.5.so
     |   |-- libnss_files-2.2.5.so
     |   |-- libnss_files.so.2 -> libnss_files-2.2.5.so
     |   |-- libnss_hesiod-2.2.5.so
     |   |-- libnss_hesiod.so.2 -> libnss_hesiod-2.2.5.so
     |   |-- libnss_nis-2.2.5.so
     |   |-- libnss_nis.so.2 -> libnss_nis-2.2.5.so
     |   |-- libnss_nisplus-2.2.5.so
     |   |-- libnss_nisplus.so.2 -> libnss_nisplus-2.2.5.so
     |   |-- libpam.so.0 -> libpam.so.0.72
     |   |-- libpam.so.0.72
     |   |-- libpthread-0.9.so
     |   |-- libpthread.so.0 -> libpthread-0.9.so
     |   |-- libresolv-2.2.5.so
     |   |-- libresolv.so.2 -> libresolv-2.2.5.so
     |   |-- librt-2.2.5.so
     |   |-- librt.so.1 -> librt-2.2.5.so
     |   |-- libutil-2.2.5.so
     |   |-- libutil.so.1 -> libutil-2.2.5.so
     |   |-- libwrap.so.0 -> libwrap.so.0.7.6
     |   |-- libwrap.so.0.7.6
     |   `-- security
     |       |-- pam_access.so
     |       |-- pam_chroot.so
     |       |-- pam_deny.so
     |       |-- pam_env.so
     |       |-- pam_filter.so
     |       |-- pam_ftp.so
     |       |-- pam_group.so
     |       |-- pam_issue.so
     |       |-- pam_lastlog.so
     |       |-- pam_limits.so
     |       |-- pam_listfile.so
     |       |-- pam_mail.so
     |       |-- pam_mkhomedir.so
     |       |-- pam_motd.so
     |       |-- pam_nologin.so
     |       |-- pam_permit.so
     |       |-- pam_rhosts_auth.so
     |       |-- pam_rootok.so
     |       |-- pam_securetty.so
     |       |-- pam_shells.so
     |       |-- pam_stress.so
     |       |-- pam_tally.so
     |       |-- pam_time.so
     |       |-- pam_unix.so
     |       |-- pam_unix_acct.so -> pam_unix.so
     |       |-- pam_unix_auth.so -> pam_unix.so
     |       |-- pam_unix_passwd.so -> pam_unix.so
     |       |-- pam_unix_session.so -> pam_unix.so
     |       |-- pam_userdb.so
     |       |-- pam_warn.so
     |       `-- pam_wheel.so
     |-- sbin
     |   `-- start-stop-daemon
     |-- usr
     |   |-- bin
     |   |   |-- dircolors
     |   |   |-- du
     |   |   |-- install
     |   |   |-- link
     |   |   |-- mkfifo
     |   |   |-- shred
     |   |   |-- touch -> /bin/touch
     |   |   `-- unlink
     |   |-- lib
     |   |   |-- libcrypto.so.0.9.6
     |   |   |-- libdb3.so.3 -> libdb3.so.3.0.2
     |   |   |-- libdb3.so.3.0.2
     |   |   |-- libz.so.1 -> libz.so.1.1.4
     |   |   `-- libz.so.1.1.4
     |   |-- sbin
     |   |   `-- sshd
     |   `-- share
     |       |-- locale
     |       |   `-- es
     |       |       |-- LC_MESSAGES
     |       |       |   |-- fileutils.mo
     |       |       |   |-- libc.mo
     |       |       |   `-- sh-utils.mo
     |       |       `-- LC_TIME -> LC_MESSAGES
     |       `-- zoneinfo
     |           `-- Europe
     |               `-- Madrid
     `-- var
         `-- run
             |-- sshd
             `-- sshd.pid
     
     27 directories, 733 files

G.2 修补 SSH 启用 chroot 功能

Debian 的 sshd 不允许通过服务器限制用户的活动, 因为 sshd2 中(使用 'ChrootGroups' 或 'ChrootUsers', 参阅 sshd2_config(5))的商用程序缺乏 chroot 功能. 但是, 可以利用一个补丁来 Bug report 139047 增加此项功能. 这个补丁可能在 OpenSSH 的未来发行版中提供. 在 http://debian.home-dn.net/woody/ssh/ 处 Emmanuel Lacour 提供了含有这种功能的 ssh deb 软件包. 虽然需要完成编译步骤.

http://mail.incredimail.com/howto/openssh/ 处可以找到所有步骤的描述(虽然它是针对RedHat7.2 用户的, 几乎所有的内容都适用于 Debian). 打了补丁以后, 编辑 /etc/passwd 修改用户主目录为(注意 /./):

       joeuser:x:1099:1099:Joe Random User:/home/joe/./:/bin/bash

这将限制通过 ssh 隧道的远程 shell 访问, 和通过 ssh 隧道进行的远程拷贝.

确保用户的 chroot 目录下包含了所有需要的程序和库文件. 这些文件的宿主应当是 root 以避免被用户篡改(在用户退出 chroot jail 时). 下边是一个范例:

     ./bin:
     total 660
     drwxr-xr-x    2 root     root         4096 Mar 18 13:36 .
     drwxr-xr-x    8 guest    guest        4096 Mar 15 16:53 ..
     -r-xr-xr-x    1 root     root       531160 Feb  6 22:36 bash
     -r-xr-xr-x    1 root     root        43916 Nov 29 13:19 ls
     -r-xr-xr-x    1 root     root        16684 Nov 29 13:19 mkdir
     -rwxr-xr-x    1 root     root        23960 Mar 18 13:36 more
     -r-xr-xr-x    1 root     root         9916 Jul 26  2001 pwd
     -r-xr-xr-x    1 root     root        24780 Nov 29 13:19 rm
     lrwxrwxrwx    1 root     root            4 Mar 30 16:29 sh -> bash
     
     ./etc:
     total 24
     drwxr-xr-x    2 root     root         4096 Mar 15 16:13 .
     drwxr-xr-x    8 guest    guest        4096 Mar 15 16:53 ..
     -rw-r--r--    1 root     root           54 Mar 15 13:23 group
     -rw-r--r--    1 root     root          428 Mar 15 15:56 hosts
     -rw-r--r--    1 root     root           44 Mar 15 15:53 passwd
     -rw-r--r--    1 root     root           52 Mar 15 13:23 shells
     
     ./lib:
     total 1848
     drwxr-xr-x    2 root     root         4096 Mar 18 13:37 .
     drwxr-xr-x    8 guest    guest        4096 Mar 15 16:53 ..
     -rwxr-xr-x    1 root     root        92511 Mar 15 12:49 ld-linux.so.2
     -rwxr-xr-x    1 root     root      1170812 Mar 15 12:49 libc.so.6
     -rw-r--r--    1 root     root        20900 Mar 15 13:01 libcrypt.so.1
     -rw-r--r--    1 root     root         9436 Mar 15 12:49 libdl.so.2
     -rw-r--r--    1 root     root       248132 Mar 15 12:48 libncurses.so.5
     -rw-r--r--    1 root     root        71332 Mar 15 13:00 libnsl.so.1
     -rw-r--r--    1 root     root        34144 Mar 15 16:10
     libnss_files.so.2
     -rw-r--r--    1 root     root        29420 Mar 15 12:57 libpam.so.0
     -rw-r--r--    1 root     root       105498 Mar 15 12:51 libpthread.so.0
     -rw-r--r--    1 root     root        25596 Mar 15 12:51 librt.so.1
     -rw-r--r--    1 root     root         7760 Mar 15 12:59 libutil.so.1
     -rw-r--r--    1 root     root        24328 Mar 15 12:57 libwrap.so.0
     
     ./usr:
     total 16
     drwxr-xr-x    4 root     root         4096 Mar 15 13:00 .
     drwxr-xr-x    8 guest    guest        4096 Mar 15 16:53 ..
     drwxr-xr-x    2 root     root         4096 Mar 15 15:55 bin
     drwxr-xr-x    2 root     root         4096 Mar 15 15:37 lib
     
     ./usr/bin:
     total 340
     drwxr-xr-x    2 root     root         4096 Mar 15 15:55 .
     drwxr-xr-x    4 root     root         4096 Mar 15 13:00 ..
     -rwxr-xr-x    1 root     root        10332 Mar 15 15:55 env
     -rwxr-xr-x    1 root     root        13052 Mar 15 13:13 id
     -r-xr-xr-x    1 root     root        25432 Mar 15 12:40 scp
     -rwxr-xr-x    1 root     root        43768 Mar 15 15:15 sftp
     -r-sr-xr-x    1 root     root       218456 Mar 15 12:40 ssh
     -rwxr-xr-x    1 root     root         9692 Mar 15 13:17 tty
     
     ./usr/lib:
     total 852
     drwxr-xr-x    2 root     root         4096 Mar 15 15:37 .
     drwxr-xr-x    4 root     root         4096 Mar 15 13:00 ..
     -rw-r--r--    1 root     root       771088 Mar 15 13:01
     libcrypto.so.0.9.6
     -rw-r--r--    1 root     root        54548 Mar 15 13:00 libz.so.1
     -rwxr-xr-x    1 root     root        23096 Mar 15 15:37 sftp-server

G.3 手工构建环境(复杂的方式)

使用尝试-错误的方式, 通过监视 sshd 服务器和日志文件以确定必要的文件, 构建一个环境是可能的. 下边的环境, 由 José Luis Ledesma 提供, 是一个 sshchroot 环境下的文件列表: [51]

     .:
     total 36
     drwxr-xr-x 9 root root 4096 Jun 5 10:05 ./
     drwxr-xr-x 11 root root 4096 Jun 3 13:43 ../
     drwxr-xr-x 2 root root 4096 Jun 4 12:13 bin/
     drwxr-xr-x 2 root root 4096 Jun 4 12:16 dev/
     drwxr-xr-x 4 root root 4096 Jun 4 12:35 etc/
     drwxr-xr-x 3 root root 4096 Jun 4 12:13 lib/
     drwxr-xr-x 2 root root 4096 Jun 4 12:35 sbin/
     drwxr-xr-x 2 root root 4096 Jun 4 12:32 tmp/
     drwxr-xr-x 2 root root 4096 Jun 4 12:16 usr/
     ./bin:
     total 8368
     drwxr-xr-x 2 root root 4096 Jun 4 12:13 ./
     drwxr-xr-x 9 root root 4096 Jun 5 10:05 ../
     -rwxr-xr-x 1 root root 109855 Jun 3 13:45 a2p*
     -rwxr-xr-x 1 root root 387764 Jun 3 13:45 bash*
     -rwxr-xr-x 1 root root 36365 Jun 3 13:45 c2ph*
     -rwxr-xr-x 1 root root 20629 Jun 3 13:45 dprofpp*
     -rwxr-xr-x 1 root root 6956 Jun 3 13:46 env*
     -rwxr-xr-x 1 root root 158116 Jun 3 13:45 fax2ps*
     -rwxr-xr-x 1 root root 104008 Jun 3 13:45 faxalter*
     -rwxr-xr-x 1 root root 89340 Jun 3 13:45 faxcover*
     -rwxr-xr-x 1 root root 441584 Jun 3 13:45 faxmail*
     -rwxr-xr-x 1 root root 96036 Jun 3 13:45 faxrm*
     -rwxr-xr-x 1 root root 107000 Jun 3 13:45 faxstat*
     -rwxr-xr-x 1 root root 77832 Jun 4 11:46 grep*
     -rwxr-xr-x 1 root root 19597 Jun 3 13:45 h2ph*
     -rwxr-xr-x 1 root root 46979 Jun 3 13:45 h2xs*
     -rwxr-xr-x 1 root root 10420 Jun 3 13:46 id*
     -rwxr-xr-x 1 root root 4528 Jun 3 13:46 ldd*
     -rwxr-xr-x 1 root root 111386 Jun 4 11:46 less*
     -r-xr-xr-x 1 root root 26168 Jun 3 13:45 login*
     -rwxr-xr-x 1 root root 49164 Jun 3 13:45 ls*
     -rwxr-xr-x 1 root root 11600 Jun 3 13:45 mkdir*
     -rwxr-xr-x 1 root root 24780 Jun 3 13:45 more*
     -rwxr-xr-x 1 root root 154980 Jun 3 13:45 pal2rgb*
     -rwxr-xr-x 1 root root 27920 Jun 3 13:46 passwd*
     -rwxr-xr-x 1 root root 4241 Jun 3 13:45 pl2pm*
     -rwxr-xr-x 1 root root 2350 Jun 3 13:45 pod2html*
     -rwxr-xr-x 1 root root 7875 Jun 3 13:45 pod2latex*
     -rwxr-xr-x 1 root root 17587 Jun 3 13:45 pod2man*
     -rwxr-xr-x 1 root root 6877 Jun 3 13:45 pod2text*
     -rwxr-xr-x 1 root root 3300 Jun 3 13:45 pod2usage*
     -rwxr-xr-x 1 root root 3341 Jun 3 13:45 podchecker*
     -rwxr-xr-x 1 root root 2483 Jun 3 13:45 podselect*
     -r-xr-xr-x 1 root root 82412 Jun 4 11:46 ps*
     -rwxr-xr-x 1 root root 36365 Jun 3 13:45 pstruct*
     -rwxr-xr-x 1 root root 7120 Jun 3 13:45 pwd*
     -rwxr-xr-x 1 root root 179884 Jun 3 13:45 rgb2ycbcr*
     -rwxr-xr-x 1 root root 20532 Jun 3 13:45 rm*
     -rwxr-xr-x 1 root root 6720 Jun 4 10:15 rmdir*
     -rwxr-xr-x 1 root root 14705 Jun 3 13:45 s2p*
     -rwxr-xr-x 1 root root 28764 Jun 3 13:46 scp*
     -rwxr-xr-x 1 root root 385000 Jun 3 13:45 sendfax*
     -rwxr-xr-x 1 root root 67548 Jun 3 13:45 sendpage*
     -rwxr-xr-x 1 root root 88632 Jun 3 13:46 sftp*
     -rwxr-xr-x 1 root root 387764 Jun 3 13:45 sh*
     -rws--x--x 1 root root 744500 Jun 3 13:46 slogin*
     -rwxr-xr-x 1 root root 14523 Jun 3 13:46 splain*
     -rws--x--x 1 root root 744500 Jun 3 13:46 ssh*
     -rwxr-xr-x 1 root root 570960 Jun 3 13:46 ssh-add*
     -rwxr-xr-x 1 root root 502952 Jun 3 13:46 ssh-agent*
     -rwxr-xr-x 1 root root 575740 Jun 3 13:46 ssh-keygen*
     -rwxr-xr-x 1 root root 383480 Jun 3 13:46 ssh-keyscan*
     -rwxr-xr-x 1 root root 39 Jun 3 13:46 ssh_europa*
     -rwxr-xr-x 1 root root 107252 Jun 4 10:14 strace*
     -rwxr-xr-x 1 root root 8323 Jun 4 10:14 strace-graph*
     -rwxr-xr-x 1 root root 158088 Jun 3 13:46 thumbnail*
     -rwxr-xr-x 1 root root 6312 Jun 3 13:46 tty*
     -rwxr-xr-x 1 root root 55904 Jun 4 11:46 useradd*
     -rwxr-xr-x 1 root root 585656 Jun 4 11:47 vi*
     -rwxr-xr-x 1 root root 6444 Jun 4 11:45 whoami*
     ./dev:
     total 8
     drwxr-xr-x 2 root root 4096 Jun 4 12:16 ./
     drwxr-xr-x 9 root root 4096 Jun 5 10:05 ../
     crw-r--r-- 1 root root 1, 9 Jun 3 13:43 urandom
     ./etc:
     total 208
     drwxr-xr-x 4 root root 4096 Jun 4 12:35 ./
     drwxr-xr-x 9 root root 4096 Jun 5 10:05 ../
     -rw------- 1 root root 0 Jun 4 11:46 .pwd.lock
     -rw-r--r-- 1 root root 653 Jun 3 13:46 group
     -rw-r--r-- 1 root root 242 Jun 4 11:33 host.conf
     -rw-r--r-- 1 root root 857 Jun 4 12:04 hosts
     -rw-r--r-- 1 root root 1050 Jun 4 11:29 ld.so.cache
     -rw-r--r-- 1 root root 304 Jun 4 11:28 ld.so.conf
     -rw-r--r-- 1 root root 235 Jun 4 11:27 ld.so.conf~
     -rw-r--r-- 1 root root 88039 Jun 3 13:46 moduli
     -rw-r--r-- 1 root root 1342 Jun 4 11:34 nsswitch.conf
     drwxr-xr-x 2 root root 4096 Jun 4 12:02 pam.d/
     -rw-r--r-- 1 root root 28 Jun 4 12:00 pam_smb.conf
     -rw-r--r-- 1 root root 2520 Jun 4 11:57 passwd
     -rw-r--r-- 1 root root 7228 Jun 3 13:48 profile
     -rw-r--r-- 1 root root 1339 Jun 4 11:33 protocols
     -rw-r--r-- 1 root root 274 Jun 4 11:44 resolv.conf
     drwxr-xr-x 2 root root 4096 Jun 3 13:43 security/
     -rw-r----- 1 root root 1178 Jun 4 11:51 shadow
     -rw------- 1 root root 80 Jun 4 11:45 shadow-
     -rw-r----- 1 root root 1178 Jun 4 11:48 shadow.old
     -rw-r--r-- 1 root root 161 Jun 3 13:46 shells
     -rw-r--r-- 1 root root 1144 Jun 3 13:46 ssh_config
     -rw------- 1 root root 668 Jun 3 13:46 ssh_host_dsa_key
     -rw-r--r-- 1 root root 602 Jun 3 13:46 ssh_host_dsa_key.pub
     -rw------- 1 root root 527 Jun 3 13:46 ssh_host_key
     -rw-r--r-- 1 root root 331 Jun 3 13:46 ssh_host_key.pub
     -rw------- 1 root root 883 Jun 3 13:46 ssh_host_rsa_key
     -rw-r--r-- 1 root root 222 Jun 3 13:46 ssh_host_rsa_key.pub
     -rw-r--r-- 1 root root 2471 Jun 4 12:15 sshd_config
     ./etc/pam.d:
     total 24
     drwxr-xr-x 2 root root 4096 Jun 4 12:02 ./
     drwxr-xr-x 4 root root 4096 Jun 4 12:35 ../
     lrwxrwxrwx 1 root root 4 Jun 4 12:02 other -> sshd
     -rw-r--r-- 1 root root 318 Jun 3 13:46 passwd
     -rw-r--r-- 1 root root 546 Jun 4 11:36 ssh
     -rw-r--r-- 1 root root 479 Jun 4 12:02 sshd
     -rw-r--r-- 1 root root 370 Jun 3 13:46 su
     ./etc/security:
     total 32
     drwxr-xr-x 2 root root 4096 Jun 3 13:43 ./
     drwxr-xr-x 4 root root 4096 Jun 4 12:35 ../
     -rw-r--r-- 1 root root 1971 Jun 3 13:46 access.conf
     -rw-r--r-- 1 root root 184 Jun 3 13:46 chroot.conf
     -rw-r--r-- 1 root root 2145 Jun 3 13:46 group.conf
     -rw-r--r-- 1 root root 1356 Jun 3 13:46 limits.conf
     -rw-r--r-- 1 root root 2858 Jun 3 13:46 pam_env.conf
     -rw-r--r-- 1 root root 2154 Jun 3 13:46 time.conf
     ./lib:
     total 8316
     drwxr-xr-x 3 root root 4096 Jun 4 12:13 ./
     drwxr-xr-x 9 root root 4096 Jun 5 10:05 ../
     -rw-r--r-- 1 root root 1024 Jun 4 11:51 cracklib_dict.hwm
     -rw-r--r-- 1 root root 214324 Jun 4 11:51 cracklib_dict.pwd
     -rw-r--r-- 1 root root 11360 Jun 4 11:51 cracklib_dict.pwi
     -rwxr-xr-x 1 root root 342427 Jun 3 13:46 ld-linux.so.2*
     -rwxr-xr-x 1 root root 4061504 Jun 3 13:46 libc.so.6*
     lrwxrwxrwx 1 root root 15 Jun 4 12:11 libcrack.so -> libcrack.so.2.7*
     lrwxrwxrwx 1 root root 15 Jun 4 12:11 libcrack.so.2 -> libcrack.so.2.7*
     -rwxr-xr-x 1 root root 33291 Jun 4 11:39 libcrack.so.2.7*
     -rwxr-xr-x 1 root root 60988 Jun 3 13:46 libcrypt.so.1*
     -rwxr-xr-x 1 root root 71846 Jun 3 13:46 libdl.so.2*
     -rwxr-xr-x 1 root root 27762 Jun 3 13:46 libhistory.so.4.0*
     lrwxrwxrwx 1 root root 17 Jun 4 12:12 libncurses.so.4 -> libncurses.so.4.2*
     -rwxr-xr-x 1 root root 503903 Jun 3 13:46 libncurses.so.4.2*
     lrwxrwxrwx 1 root root 17 Jun 4 12:12 libncurses.so.5 -> libncurses.so.5.0*
     -rwxr-xr-x 1 root root 549429 Jun 3 13:46 libncurses.so.5.0*
     -rwxr-xr-x 1 root root 369801 Jun 3 13:46 libnsl.so.1*
     -rwxr-xr-x 1 root root 142563 Jun 4 11:49 libnss_compat.so.1*
     -rwxr-xr-x 1 root root 215569 Jun 4 11:49 libnss_compat.so.2*
     -rwxr-xr-x 1 root root 61648 Jun 4 11:34 libnss_dns.so.1*
     -rwxr-xr-x 1 root root 63453 Jun 4 11:34 libnss_dns.so.2*
     -rwxr-xr-x 1 root root 63782 Jun 4 11:34 libnss_dns6.so.2*
     -rwxr-xr-x 1 root root 205715 Jun 3 13:46 libnss_files.so.1*
     -rwxr-xr-x 1 root root 235932 Jun 3 13:49 libnss_files.so.2*
     -rwxr-xr-x 1 root root 204383 Jun 4 11:33 libnss_nis.so.1*
     -rwxr-xr-x 1 root root 254023 Jun 4 11:33 libnss_nis.so.2*
     -rwxr-xr-x 1 root root 256465 Jun 4 11:33 libnss_nisplus.so.2*
     lrwxrwxrwx 1 root root 14 Jun 4 12:12 libpam.so.0 -> libpam.so.0.72*
     -rwxr-xr-x 1 root root 31449 Jun 3 13:46 libpam.so.0.72*
     lrwxrwxrwx 1 root root 19 Jun 4 12:12 libpam_misc.so.0 ->
     libpam_misc.so.0.72*
     -rwxr-xr-x 1 root root 8125 Jun 3 13:46 libpam_misc.so.0.72*
     lrwxrwxrwx 1 root root 15 Jun 4 12:12 libpamc.so.0 -> libpamc.so.0.72*
     -rwxr-xr-x 1 root root 10499 Jun 3 13:46 libpamc.so.0.72*
     -rwxr-xr-x 1 root root 176427 Jun 3 13:46 libreadline.so.4.0*
     -rwxr-xr-x 1 root root 44729 Jun 3 13:46 libutil.so.1*
     -rwxr-xr-x 1 root root 70254 Jun 3 13:46 libz.a*
     lrwxrwxrwx 1 root root 13 Jun 4 12:13 libz.so -> libz.so.1.1.3*
     lrwxrwxrwx 1 root root 13 Jun 4 12:13 libz.so.1 -> libz.so.1.1.3*
     -rwxr-xr-x 1 root root 63312 Jun 3 13:46 libz.so.1.1.3*
     drwxr-xr-x 2 root root 4096 Jun 4 12:00 security/
     ./lib/security:
     total 668
     drwxr-xr-x 2 root root 4096 Jun 4 12:00 ./
     drwxr-xr-x 3 root root 4096 Jun 4 12:13 ../
     -rwxr-xr-x 1 root root 10067 Jun 3 13:46 pam_access.so*
     -rwxr-xr-x 1 root root 8300 Jun 3 13:46 pam_chroot.so*
     -rwxr-xr-x 1 root root 14397 Jun 3 13:46 pam_cracklib.so*
     -rwxr-xr-x 1 root root 5082 Jun 3 13:46 pam_deny.so*
     -rwxr-xr-x 1 root root 13153 Jun 3 13:46 pam_env.so*
     -rwxr-xr-x 1 root root 13371 Jun 3 13:46 pam_filter.so*
     -rwxr-xr-x 1 root root 7957 Jun 3 13:46 pam_ftp.so*
     -rwxr-xr-x 1 root root 12771 Jun 3 13:46 pam_group.so*
     -rwxr-xr-x 1 root root 10174 Jun 3 13:46 pam_issue.so*
     -rwxr-xr-x 1 root root 9774 Jun 3 13:46 pam_lastlog.so*
     -rwxr-xr-x 1 root root 13591 Jun 3 13:46 pam_limits.so*
     -rwxr-xr-x 1 root root 11268 Jun 3 13:46 pam_listfile.so*
     -rwxr-xr-x 1 root root 11182 Jun 3 13:46 pam_mail.so*
     -rwxr-xr-x 1 root root 5923 Jun 3 13:46 pam_nologin.so*
     -rwxr-xr-x 1 root root 5460 Jun 3 13:46 pam_permit.so*
     -rwxr-xr-x 1 root root 18226 Jun 3 13:46 pam_pwcheck.so*
     -rwxr-xr-x 1 root root 12590 Jun 3 13:46 pam_rhosts_auth.so*
     -rwxr-xr-x 1 root root 5551 Jun 3 13:46 pam_rootok.so*
     -rwxr-xr-x 1 root root 7239 Jun 3 13:46 pam_securetty.so*
     -rwxr-xr-x 1 root root 6551 Jun 3 13:46 pam_shells.so*
     -rwxr-xr-x 1 root root 55925 Jun 4 12:00 pam_smb_auth.so*
     -rwxr-xr-x 1 root root 12678 Jun 3 13:46 pam_stress.so*
     -rwxr-xr-x 1 root root 11170 Jun 3 13:46 pam_tally.so*
     -rwxr-xr-x 1 root root 11124 Jun 3 13:46 pam_time.so*
     -rwxr-xr-x 1 root root 45703 Jun 3 13:46 pam_unix.so*
     -rwxr-xr-x 1 root root 45703 Jun 3 13:46 pam_unix2.so*
     -rwxr-xr-x 1 root root 45386 Jun 3 13:46 pam_unix_acct.so*
     -rwxr-xr-x 1 root root 45386 Jun 3 13:46 pam_unix_auth.so*
     -rwxr-xr-x 1 root root 45386 Jun 3 13:46 pam_unix_passwd.so*
     -rwxr-xr-x 1 root root 45386 Jun 3 13:46 pam_unix_session.so*
     -rwxr-xr-x 1 root root 9726 Jun 3 13:46 pam_userdb.so*
     -rwxr-xr-x 1 root root 6424 Jun 3 13:46 pam_warn.so*
     -rwxr-xr-x 1 root root 7460 Jun 3 13:46 pam_wheel.so*
     ./sbin:
     total 3132
     drwxr-xr-x 2 root root 4096 Jun 4 12:35 ./
     drwxr-xr-x 9 root root 4096 Jun 5 10:05 ../
     -rwxr-xr-x 1 root root 178256 Jun 3 13:46 choptest*
     -rwxr-xr-x 1 root root 184032 Jun 3 13:46 cqtest*
     -rwxr-xr-x 1 root root 81096 Jun 3 13:46 dialtest*
     -rwxr-xr-x 1 root root 1142128 Jun 4 11:28 ldconfig*
     -rwxr-xr-x 1 root root 2868 Jun 3 13:46 lockname*
     -rwxr-xr-x 1 root root 3340 Jun 3 13:46 ondelay*
     -rwxr-xr-x 1 root root 376796 Jun 3 13:46 pagesend*
     -rwxr-xr-x 1 root root 13950 Jun 3 13:46 probemodem*
     -rwxr-xr-x 1 root root 9234 Jun 3 13:46 recvstats*
     -rwxr-xr-x 1 root root 64480 Jun 3 13:46 sftp-server*
     -rwxr-xr-x 1 root root 744412 Jun 3 13:46 sshd*
     -rwxr-xr-x 1 root root 30750 Jun 4 11:46 su*
     -rwxr-xr-x 1 root root 194632 Jun 3 13:46 tagtest*
     -rwxr-xr-x 1 root root 69892 Jun 3 13:46 tsitest*
     -rwxr-xr-x 1 root root 43792 Jun 3 13:46 typetest*
     ./tmp:
     total 8
     drwxr-xr-x 2 root root 4096 Jun 4 12:32 ./
     drwxr-xr-x 9 root root 4096 Jun 5 10:05 ../
     ./usr:
     total 8
     drwxr-xr-x 2 root root 4096 Jun 4 12:16 ./
     drwxr-xr-x 9 root root 4096 Jun 5 10:05 ../
     lrwxrwxrwx 1 root root 7 Jun 4 12:14 bin -> ../bin//
     lrwxrwxrwx 1 root root 7 Jun 4 11:33 lib -> ../lib//
     lrwxrwxrwx 1 root root 8 Jun 4 12:13 sbin -> ../sbin//

[ 上一页 ] [ 目录 ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ A ] [ B ] [ C ] [ D ] [ E ] [ F ] [ G ] [ H ] [ 下一页 ]

Securing Debian Manual

v3.2, Mon, 20 Jun 2005 08:01:11 +0000

Javier Fernández-Sanguino Peña jfs@debian.org
Translator: eTony etony@tom.com
作者, 第 1.1 节