My Centos, Tips,article,how to,guide,intro to centos,

Than with photographs of any other system of UNIX derive,Because the clever design of NetBSD is decision-making,mix to can transplanting the indefatigable pursuit of code,Make it OK over the hardware platform that moves at more sort.No matter transplanting the operating system appropriative is embedded system,Perhaps searching the system that has stability and the compatibility that cross lab hardware platform,The appearance is public to Linux and GNU permit (GPL) ,NetBSD reachs his to open a license is a kind of choice that has appeal quite.

...

ReiserFS file system is a kind of new Linux file system.It carries the kind of a kind of extraordinary- - structure of complete balance tree will contain data,Include file data,File name and log support,And can above the search speed that continues to keep very fast and very tall efficiency.ReiserFS file system all the time since be like,be used on high-end Unix system,SGI.

...

Ubuntu 6.10 upgrades politic

1,Upgrade and backup has a system




Code:

Sudo Apt-get UpdateSudo Apt-get Dist-upgrade

Modification source




Code:

Sudo Gedit /etc/apt/sources.list
Replace the Dapper in the source for Edgy
Undertake backup next

...

?of Why Did This:Coxa of ? of act of leech ? trade washs with watercolors Irestarter of ? of appearance post Lu is too flabby also calm,Often break down on my Breezy,The Shorewall above novice guideline is not in the light of stand-alone user,Syntactic and regular Shorewall3.0.4 is changed somewhat.

This machine circumstance:Telegraphic ADSL,ISP trends allocates Ip.Adsl Modem of join of card of stand-alone only network (PPPoE) get online,Brand-new install Shorewall.

One, Linux firewall is basic knowledge:

Besides the classification of software and hardware firewall,If keep out a mechanism in order to seal a bag to come,classify,Can divide probably for Proxy and IP Filter.
Basically the IP Filter of Linux has two the basiccest firewall mechanisms,It is respectively:Ip Filter and TCP_Wrapper.
We talk about IP Filter here,Because Shorewall is OK what install IP Filter simply through IPTABLES is regular.
Perhaps say:If you are not troublesome the grammar of Iptables is regular,OK perhaps oneself write Iptables of batch processing of program of a few Shell to dictate,Shorewall of completely OK and disturbed outfit is other perhaps firewall.Because the firewall below Linux is basic,be to pass what the regulation that sets Iptables finishs.

1. decides above all (Uname instruction decides core,Lsmod is record in module currently certainly,If be Ipchains,Carry out Rmmod Ipchains please.
Next Modprobe Ip_tables can load Iptables the module that uses now) your kernel is to use which kinds to keep out a mechanism,
The Iptables that we need (of Ubuntu5.10 is Iptables)

Linux Kernel Version 2.0:Use Ipfwadm
Linux Kernel Version 2.2:Those who use is Ipchains
Linux Kernel Version 2.4:Basically be use Iptables but for compatible Ipchains,In version of Version 2.4 because of this,Compile Ipchains modular series at the same time for using,The good person that let use still can use ? the firewall of the Ipchains from 2.2 edition is regular.
- - - - - - - - - - - - - -
Carry out next below code will watch present firewall regulation (below couplet net circumstance,Root user)
The regulation that the meaning of $ Sudo Iptables -L -n (L is listed and current Table,N meaning is the mutual transition that does not have IP and HOSTNAME,Can accelerate indication rate so)
$ Sudo Iptables -t Nat -L -n (- the Filter that the meaning of T Nat is indication Nat.Iptables can have Nat Tables and Filter Tables,Do not add parameter to be Filter.The brother that have fun at can consult other about the introduction of Iptables,Interpose at too long,Do not make the introduction here;)
- - - - - - - - - - - - - -
Next we are about to keep clear of all firewall are regular now (below couplet net circumstance)
Root]# /sbin/iptables [-t Tables] [-FXZ of * of Root@ * * ]
Among them parameter meaning is:
- F:The regulation that keeps clear of to had been built so;
- X:The Chain (Tables that the person that kill builds) ;
- Z:Put in the computation of all Chain and discharge statistic 's charge for 0;
? exemple:
[Root]# /sbin/iptables -F of * of Root@ * *
[Root]# /sbin/iptables -X of * of Root@ * *
[Root]# /sbin/iptables -Z of * of Root@ * *
[Root]# /sbin/iptables -t Nat -F of * of Root@ * *
- - - - - - - - - - - - - -

Two, specific installation Shorewall3.0.4

The stable version with download newest Shorewall 3.0.4 (Tarball is installed,Install for source code Make namely.The machine that fixes you follows ' novice guideline ' installed compile a tool basically) ,Because stand newly inside or 2. Much version,What look in official website is the introduction of 3,Install so 3.0.4.And installation is very simple, won't appear other dependence problem.


- - - - - - - - - - -
1. downloads an address:Http://www1.shorewall.net/pub/shorewall/3.0/shorewall-3.0.4/

The need before 2. is installed:Mention before Iptables() + Iproute (the instruction that checks this is Sudo Which Ip) (basically Ubuntu5.10 was had,Need not consider so)

3. is not in as far as possible Ms - the configuration document that Shorewall compiles inside Windows,The text composition because of Ms and Lin is not quite same,For instance carriage return.

4.cd sees the list after pressing to you,Next. / Install.sh carriage return,See without wrong message,With respect to OK.But at the moment Shorewall was not started.Etc meeting we will start.Start every time namely after acquiescent installation start firewall automatically (setting file is in / Etc/shorewall/shorewall.conf.Find STARTUP_ENABLED=Yes
,Yes delegate switchs on the mobile phone to be started automatically!)

After 5. is installed, all files are located in respectively:/ Usr/shorewall and / Sbin and / Etc/shorewall,What we need to notice is / Etc/shorewall.Configuration file is here.(the individual suggests,To a few important,The document that often does not need to change is OK will conceal attribute Chattr +i to go up,Material statement information,Search please ' man ' Man)

The version after 6. examines installation:Sudo Shorewall Version can get the information of 3.0.4

- - - - - - - - - - - - - -

Three, configuration Shorewall3.0.4

Detailed official documentation is located in:Http://www.shorewall.net/Documentation.htm,The file of Shorewall is very much,But what average user uses is not much,Especially we the user that this kind of stand-alone dials.
- - - - - - - - - - - -

1. is configured above all / Etc/shorewall/zones file,Browse to finally,Add code to be as follows:
#ZONE TYPE OPTIONSFile of # of Fw Firewall exists originally this, fw is firewall itself,MustNet Ipv4Loc Ipv4
#LAST LINE- - DO NOT REMOVE

Among them about each Type,The explanation of Options,The part has before this configuration file,If everybody is strict requirement,Can consult the file is configured,Average user is configured above OK.

2. is configured / Etc/shorewall/interfaces, (the name of the ZONE that here uses is in last files / the name of the definition in Etc/shorewall/zones,Did not make a mistake orderly so.The method of name of this kind of Zone is simpler,Recommend this kind of method.)
#ZONE INTERFACE BROADCAST OPTIONSNet Ppp0
#LAST LINE- - DO NOT REMOVE

Same configuration file had detailed explanation to each parameter
- - - - - - - - - - - - -

3. is configured / Etc/shorewall/rules and / Etc/shorewall/policy

Relation:The strategy that Policy is definition acquiesce gives all link (to another Zone from a Zone,For instance we define arrive from Loc Net) ;Rules is the firewall regulation with special definition,It is namely do not have inside Policy.
Early or late condition:Any join,Firewall checks Rules first,If Rule is medium,describe without what ask about this join,The acquiesce that calls Policy is configured.

/ the configuration of Etc/shorewall/policy is as follows (acquiescent)
#SOURCE ZONE DESTINATION ZONE POLICY LOG LIMIT:BURST
# LEVELLoc Net ACCEPTNet All DROP InfoAll All REJECT Info
#LAST LINE- - DO NOT REMOVE
I am general below instead,So as to save opens port to bother every time.Fw Net ACCEPTNet All DROP InfoAll All REJECT Info
The meaning above is to allow this machine the requirement of all join network;All Zones that the network receives me repeatedly (for instance firewall Fw,This locality Loc) discard the Tcp that this join asks seals a bag,Note a daily record.Reject all join to ask and note a daily record (was rejected when join,Firewall can return a RST (to join an agreement is TCP) or the bag that an ICMP port cannot arrive at gives other agreement)

- - - - - - - - - - - -

/ Etc/shorewall/rules is configured as follows (do not need too big configuration commonly,The thing that unless your machine moved,thinks Web server and so on for instance.Need port opens moment to configure this file again)

#

I choose to keep acquiescent here,The thing that did not define namely.If what port thinks after you,Be in this with respect to oneself above write even if.About each option,There is very detailed description inside configuration file.For instance ACCEPT Net Loc Icmp Echo-request makes a network OK namely the Ping setting to this machine.Ftp should leave after you,Bt,The port such as Pop3 when,Oneself can be in this above setting!

- - - - - - - - - - - - - -
Four, the Shorewall that start.Attention of Sudo Shorewall Start (builds again / Var/lock/subsys this folder,The program needs,But Ubuntu does not have this catalog,Want oneself to build so!Otherwise can wrong message hints)
The new perhaps computer that start was started automatically,Revise / the file of Etc/default/shorewall,Starup instead 1 can.(usually,If your star is real bad,Ask oneself join this program Ln to RcS.d in)

Textual link:Http://forum.ubuntu.org.cn/about9367.html

...

"GunPG is a completely free fair key adds secret technology software to wrap.In application of intranet sth resembling a net,The information that public to be in network perhaps transmits use GunPG inside the local area network undertakes the number signs or increase close protection,The safety that is helpful for raising intranet sth resembling a net reduces cost of safe test and verify.The safety that is helpful for raising intranet sth resembling a net reduces cost of safe test and verify.

...

? ? / / without the test,Respective manual page is read first please before practice,Of the introduction a lot of is omit,It is only

? ? / / most earthy tutorial,Not demand perfection but beg without by accident,Welcome make a comment or criticism: -Welcome make a comment or criticism: -

...

Avoid duty statement:It is too good to must not be used,Important,It is not quite important machine does the business below even,If was discovered by the administrator or the fryer was lost,Oneself are not in charge of without exception.

? :Genesis
Often encounter a website to be sealed, before paragraph time sealed even Sf.net%26amp;gmail.com,Be overcome really,Look for a data to got on 3389 fryers to search.

One:Setting
The classification to VPN of what have probably understanding,Knowing is how to return a responsibility probably,If not quite clear friend is OK Google,The friend that likes to see English documentation can look below the two documentation introduction to VPN,Very clear.The article is incorrect these content had specific introduction.Http://hmyblog.vmmatrix.net/sdbwww/pub/books/Packt.Publishing.OpenVPN.Building.And.Integrating.Virtual.Private.Networks.Mar.2006.pdfHttp://hmyblog.vmmatrix.net/sdbwww/pub/books/Packt.Publishing.Building.And.Integrating.Virtual.Private.Networks.With.Openswan.Jan.200620060628185701.rar

Here,Cannot help wanting to make a fork,If be the word that just contacted new knowledge of a new field,The technical documentation that had better see chinese mainland person less write,That letter does not pass,One for not clear (for instance the article, breathe out ah) ,Two come to a lot of places flicker person,He himself is not perhaps clear also,Scratch stretch,Otherwise leaks to nod or change one a little bit in crucial place,The thing that copies family foreigner does not change even catalog file name to still make be achieved formerly actually.Specific authority was encountered with respect to organic meeting when searching Swan +vpn.Do not want to be being taken away anyway documentation of blind the most good-looking English or the thing that Chinese Taiwanese writes,The article that for instance the person of that elder brother calling a bird writes is pretty good still,Although very foundation,But those who tell is very clear,He gave this book,Cry " the confidential dish of bird elder brother " coming,The person that suit the introduction of Linux very much is read.Program of additionally a few bits big has DOCUMENT in official website or HOWTO,Of FAQ what and so on,Even if do not go doing,look seriously also can harvest many,At least knows that software is how to return a responsibility probably.
I roughly saw two PDF above,Accrual fine is much,Recommend again,To VPN and Openswan, what Openvpn introduces is very detailed.

Acquiesce of target system Red Hat Linux 9 is installed

Two:Demand
Spoken parts in an opera is to use a fryer to do add close representative
1:Change smally as far as possible to the system,Include to add file and systematic daily record,What use because of us is a fryer.::
2:It is Client- - %26gt; the mode of Server,The mode that is not Net-net,The webpage that browse just.
3:No matter Server or Client want configuration,go to the lavatory,Simple good with,What we want is fast.

Three:Type selecting (the actor defect here is myself think,May not be in fact in that way)
1:*Swan
A:The delegate of Ipsec Vpn, acquiescent port Tcp/udp 500

B:Advantage:Add close strong, to network game the support of what is good (we are not used)

C:Defect:Deploy is troublesome,Configuration is troublesome, the Nat-t that the key is him,It is Nat passes through the function needs to hit kernel patch,Compile a kernel to just go afresh,This thing is done in the fryer must not,Breathe out ah.The specific Rar that can see that Openswan above,Those who tell is very detailed.Probably say Swan set,Most beginning is Freeswan,Stopped to develop 2004 seemingly next,Derive an Openswan and Strongswan two branch,I looked,Those who look like Openswan development is pretty good,Strongswan connects a Rpm bag to be done not have,Of course,That is to look like.Do not know Code because of me,Say what must add those who look like two words,Must not look down upon Scriptkid nevertheless oh,Because you do not know when he uses Uid0 in your system in Script,Although I still am for many times by others B4,Breathe out ah.Retrace comes... Swan series divides two,One is user space program,One is kernel space program.What does user space program call P come O is coming,As to it is P what O after all,Your outfit outfit knew,Otherwise is installed,Knew to also do not have what meaning.:) of kernel space include module and patch,Probably so return a responsibility.That is to say,Should accomplish Nat-t,With respect to program of need user space,Lkm and kernel patch,Need compiles a kernel afresh,This we do not have a law to do in the fryer,Of Drop.Still he wants to move with Root.

Cite for many times to the name of four ten thousand classmate finally and did not express apologize to copyright cost:Cite for many times to the name of four ten thousand classmate finally and did not express apologize to copyright cost:

2:Pptpd
A:The model of Pptp Vpn is represented, acquiescent port Tcp 1723

B:Advantage:The Client that Windows took him,Installation is convenient also,With respect to a few Rpm,Configuration is not difficult also

C:Defect:One batch goes in he can change default gateway,Very irritated,Or dials him Route Add/delete a few times to change change,Do not disconnect all the time,See a website is it worthwhile so troublesome

3:Openvpn
A:The model of SSL VPN is represented, acquiescent port Tcp/udp 1194

B:Advantage:Simple good outfit,A Rpm is done calm,The Rpm of a many Lzo includes the sentence that should reduce.Configuration also is simple,Generate a Static.key, OK still Chroot,And can move with Nobody,The fryer's safety also is very important,Custodial and bad to was grabbed,OK still Chroot.
After still have even if dialing VPN,He won't change your acquiesce gateway,The trouble that discharged do sth over and over again,We can add the address of Sf.net to static road by go.
In Server there it is OK to need port of an Udp Or Tcp only, the Iptables that not very needs to move others.
Seem to laden and balanced what still have seemingly,This purpose difference with us is a bit big,Of Ignore.

C:Defect:Besides want additional outfit besides a Client,Defect of it doesn't matter was looked like for our demand relatively.


Four:Do
The program is on Http://baoz.net and Http://xsec.org some,Fear to back door searchs with respect to oneself had fallen from government-owned net:)

1:Install program of Client And Server
[Root@RH9 Root]# Http://dag.wieers.com/packages/openvpn/openvpn-2.0.7-1.rh9.rf.i386.rpm
[Root@RH9 Root]# Rpm -ivh Lzo-1.08-2_2.RHL9.at.i386.rpmWarning:Lzo-1.08-2_2.RHL9.at.i386.rpm:V3 DSA Signatur E:NOKEY, key ID 66534c2b
Preparing. . . ########################################### [100% ]
1:Lzo ########################################### [100% ]
[Root@RH9 Root]# Rpm -ivh Openvpn-2.0.7-1.rh9.rf.i386.rpmWarning:Openvpn-2.0.7-1.rh9.rf.i386.rpm:V3 DSA Signatur E:NOKEY, key ID 6b8d79e6
Preparing. . . ########################################### [100% ]
1:Openvpn ########################################### [100% ]

2:The service carries configuration
[Root@RH9 Root]# Cat%26gt;/ Etc/openvpn/server.confDev TunIfconfig 10.8.0.1 10.8.0.2King of day of Secret Static.key 0; builds ground tiger,Pagoda presses down river bewitching, final parameter 0 it is to prevent replay offensive,Generate 4 Key to be in Static.key file, put 4 Key one case namely,Want conjugate with Client,One is 0,One is 1.User Nobody; falls attributive,Security personnel is completeGroup NobodyPort 3389; changes port,Ignore ah leisurely- - %26gt; do not change 1024 the following port nevertheless,Attributive of that need Root,Have to above of two Nobody delete.Compress since Comp-lzo; ,Acceleration
;no-log; is not recorded ah annals of om a few daysVerb 0Status /dev/nullLog /dev/nullLog-append /dev/null
Server configuration ends.

3:The client carries configuration
Install this Http://www.openvpn.se/files/install_packages/openvpn-2.0.9-gui-1.0.3-install.exe
Open next begin- - program- - Openvpn- - Generate A Static OpenVPN Key,This meeting is in C:\The file that one makes call Key.txt below Program Files\OpenVPN\config,Name him again for Static.key, generate four,Lane go in a file,Use different Key to do add close decode prevent replay.
Duplicate this file to Linux fryer next / Etc/openvpn/static.key goes
Be in finally C:\The file that one founds to call Client.ovpn below Program Files\OpenVPN\config catalog,Content is as followsThe IP of Remote fryerDev TunIfconfig 10.8.0.2 10.8.0.1The parameter with final Secret Static.key 1 1 it is to prevent replay offensive,Generate 4 Key to be in Static.key file, put 4 Key one case namely,Want conjugate with Client,One is 0,One is 1.Port 3389Verb 3Comp-lzo
Client configuration ends.
Notice,No matter be service end or the IP that the client carries,Do not want and systematic some IP paragraph conflict,Changed port to need to change in Client And Server additionally consistent.

4:Start and join
A:The service that start is carried
[Root@RH9 Root]# /etc/init.d/openvpn Start
Starting Openvpn: [OK]
Theoretic meeting discovers this moment much an interface,Etc meet us want to clear away this cut.
[Root@RH9 Root]# Ifconfig Tun0Tun0 Link Encap:POint-to-Point ProtocolInet Addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX Packets:0Errors:0Dropped:0Overruns:0Frame:0
TX Packets:0Errors:0Dropped:0Overruns:0Carrier:0Collisions:0Txqueuelen:100
RX Bytes:0(0.0 B) TX Bytes:0(0.0 B)

[Root@RH9 Root]# Netstat -an | Grep 3389Udp 0 0 0.0.0.0:3389 0.0.0.0:*
Theoretic meeting had this time an Udp of 3389 mouth,If these two things had,That with respect to OK,Have WT besides RP commonly besides,Here is basic not very may appear mistake.:)
If have a mistake,aboveVerb 0Status /dev/nullLog /dev/nullLog-append /dev/null
ChangeVerb 9Status /usr/lib/0Log /usr/lib/1Log-append /usr/lib/1
The new Openvpn that start serves and examine a daily record next,Notice,This moment Messages can have a daily record,Debug end remember deleting / Usr/lib/0 /usr/lib/1.


B:The client that start is carried
Begin- - program- - Openvpn- - OpenVPN GUI
Join serves end
Nod the icon of right red playing role- - Connect
Icon becomes green,Join successfully namely and allocated an address,The firewall that notices to let you is passed.
If did not change green,Wherefrom icon that View Log,If do not discover to the problem,With respect to the configures a file Verb Client the setting is 9,Join afresh,See a daily record again,Again Google.

C:The examination joins:
See in Client have so information
This locality of Ethernet Adapter joins 4:

Connection-specific DNS Suffix. :
IP Address. . . . . . . . . . . . : 10.8.0.2
Subnet Mask. . . . . . . . . . . : 255.255.255.252
Default Gateway. . . . . . . . . :

C:\%26gt; Ping 10.8.0.1

Pinging 10.8.0.1 With 32 Bytes Of Data:

Reply From 10.8.0.1: Bytes=32 Time=7ms TTL=64
Join wood has a problem,This moment changes acquiescent gateway according to the individual's be fond of,If your fryer is not very fast word,Still did not suggest to change acquiescent gateway,The order related gateway of a few modification acquiesce is offerred here,The OK and referenced move that has need changes, put into file of a Cmd next,When such need are used, carry out with respect to OK.Gateway of current acquiesce of IP Mask 255.255.255.255 of fryer of Route Add - P - - %26gt; this is the link that maintains a fryer ceaseless,If was being broken,Vpn join also broke:) Route Delete 0.0.0.0- - %26gt; delete acquiescent gatewayRoute Add 0.0.0.0 Mask 0.0.0.0 10.8.0.1 - - %26gt; the gateway of acquiesce of Tun0 address instead VPNGateway of current acquiesce of IP Mask 255.255.255.255 of server of Route Add DNS - - %26gt; the DNS inquiry that lets us or the gateway that go original,Such meetings are a lot of quicker

D:Service end opens transmit
Do a Nat,But notice if can go,Eth0 needs the interface of outer net,Wait for meeting data to go not to go out otherwise, if the fryer is the word of only port,do not need concern.
[Root@RH9 Root]# Iptables -t Nat -A POSTROUTING -s 10.8.0.0/24 -o Eth0 -j MASQUERADE
Saw transmit leave to do not have again
[Root@RH9 Root]# Sysctl -a | Grep Net.ipv4.ip_forwardNet.ipv4.ip_forward = 0
We open him
[Root@RH9 Root]# Sysctl -w Net.ipv4.ip_forward=1

5:Diagnose
VPN gives a problem to have three places only commonly,The firewall of Client,The firewall of Server,Whether to open with transmit switch,So we catch the place that catchs a bag to be able to find a problem completely in service end.Ipsec Pptp is OK so look for a fault.

A:All sacks are grabbed in the Tun0 mouth of Server,In order to detect Client- - %26gt; whether does Server connect,Gibberish,Connect for certain,Otherwise how can that icon be green. . . .
[Root@RH9 Root]# Tcpdump -n -i Tun0Tcpdump: Listening On Tun0


B:Target address is caught to wrap in the Eth0 mouth of Server,Whether does transmit have a problem with detecting.
[Root@RH9 Root]# Tcpdump -n -i Eth0 Dst Host Baoz.netTcpdump: Listening On Eth0

C:
This moment Baoz.net sees our Telnet
C:\%26gt; Telnet Baoz.net

Both sides sees the bag was opposite.If have,cannot see a package at the same time,With respect to him do sth over and over again one good.Look to come over to did not make a mistake all the way.
Hereto,We can have gotten online through adding close representative.

D:Hope your inside the way that there is not 10 in the net by,The friend has given similar problem,If the net inside you is of 10,Best in front 10.8.0.1 and 10.8.0.2 change 192.168.0.1 and 192.168.0.2 in order to avoid a road by the problem that go up.

6:Safe
Besides use Nobody:nObody runs besides Openvpn,We are OK still Chroot,At the beginning I think to also want Ldd next the library of what still configuration file is lost go in one catalog,One friend and I say Openvpn has Remote 1 to go out seemingly today,Do not know true holiday,Do not cross 0day Exp this thing,Still would rather believe its to have,Suspect its are not had,He suggests I also keep the measure of Chroot go in,I see documentation again,The implementation that discovers so his itself has Chroot,His configuration file,Key of what,Had laded before Chroot,The configuration document that we need to add a parameter to the service to carry only goes with respect to OKChroot /var/tmp- - %26gt; etc meet us can pass the judgement Openvpn with accurate Lsof already Chroot

[Root@RH9 Root]# Ps Aux | Grep OpenvpnNobody 24066 0.0 0.1 4012 1684? S 15:12 0:00 [openvpn]Root 24069 0.0 0.0 3572 624 Pts/2 S 15:45 0:00 Grep Openvpn
[Root@RH9 Root]# Lsof -p 24066 | Grep "/var/tmp "Openvpn 24066 Nobody Cwd DIR 8, 1 4096 294337 /var/tmpOpenvpn 24066 Nobody Rtd DIR 8, 1 4096 294337 /var/tmp
Although others has Remote Exp,also not was afraid of this time,If wanting to be able to come in, look please / the thing in Var/tmp became good,Breathe out ah.


Five:The fryer is concealed mediumly
0:Which come to the fryer?
A:Web App flaw, awstat of what,Do not have a thing advertent the Webapp part of Milw0rm.com,Give new loophole with respect to Google Hacking.
B:Weak countersign of Ssh Or Telnet does not have a thing to look for a few A BLOCK to sweep sweep look.Recommend the X-Scan with glacial Xfocus.
C:0day Exp? This I was not clear about.
D:Sweet canister,Three kinds of circumstances may be sweet canister above,Irrespective nevertheless,Make a net of acting before last,Sweet canister is sweet coal tub,Want a net only fast go quickly.

1:Log
Configuration carried to had been mentioned partly in the service above the processing of the log,Tread lightly is,Want you to compare a system only (safe) administrator more you can play XX go down,Among them XX can be used attentive,Tough,Do not unplug wait for an adjective to replace.

2:Process, port and join
A:Sk2 is installed,The Client that uses Sk2 goes in the Openvpn that start,Trends obscures process port and network link
B:Adore, should change travel altering ability seemingly,Nevertheless I do not have this demand temporarily,Sk2 already very bright.
C:Shv5, a Rootkit that catchs recently,Replace ELF document,Be come to very easily by fish,The meaning that do not have what,His feature is acquiesce has / Usr/lib/libsh catalog.

3:Ifconfig
This is the most crucial also be the most troublesome,Because metropolis Ifconfig is knocking average person play,play,Can be discovered not carefully much a Tun0....Breathe out ah,I think method has two:
A:Script of use Awk Or Sed is replaced / Sbin/ifconfig,Filter the output related Tun0,But it is easy that this is compared by Chkrootkit such thing discovers,Although was discovered by Chkrootkit of person family expenses,also hold out glory nevertheless,The person that uses Chkrootkit at least still compares professional spot a little,Always better than was being discovered by family Ifconfig...
B:The source program of modification Ifconfig,TunX equipment does not show when letting him output,This relatively reliable,Because general examination Ifconfig is comparative that is jumbly mode just,Still have file kind of course.
[Root@RH9 Root]# Rpm -q- - Whatprovides /sbin/ifconfigNet-tools-1.60-12
Checked,In this software package,Want to change oneself can change change,Do not think the goes using Wzt to revise Ifconfig course that change covers a system / Sbin/ifconfig file,This won't show TunX interface.
This program can download in Http://baoz.net or Http://xsec.org.

C:
We know Rpm is OK from desired result,If we changed his Ifconfig,Next we are checked,With respect to the information below meeting discovery
[Root@RH9 Root]# Rpm -V -f /sbin/ifconfig
S.5. . . .T / Sbin/ifconfig
This result tells us a thing,Ifconfig was distorted,Its file size,MD5 and time were changed.
Present idea is modification Rpm program,Replace Rpm again,Because Rpm is in RH each version,change is compared big,Especially RH9 is a bound,Involve whether to support NTPL to wait a problem a moment,And Rpm itself is compared giant and one of main component that are a system,If replace still do not know to be able to cause other issue,Is the key how to many person there is meeting Rpm -V -a? Anyway also with respect to the fryer,Lost changing is.Balance one,The method that still need not replace Rpm temporarily,The Md5 database that I think to revise him however,Do not cross my Rebuilddb and Initdb,Discover Md5 database and did not change: (The desired result trouble that which tall person knows how to cope with Rpm shows just a little.

Act on sleep early early rise principle,It is moment slept.

Six:TODOChroot- - %26gt; had done calmOf TunX reliable conceal- - %26gt; had done calm, thx Wzt
Cope with examination of Rpm desired result

Seven:ReferencedHttp://openvpn.net/howto.htmlHttp://www.securityfocus.com/infocus/1821
Packt.Publishing.OpenVPN.Building.And.Integrating.Virtual.Private.Networks.pdf
Packt.Publishing.Building.And.Integrating.Virtual.Private.Networks.With.Openswan.pdf

Eight:Write finally
Information safety is sword of a double blade,Oneself knew how to can be atttacked as far as possible,How should atttack,Where can be discovered among them,Just knew the family wants how to be atttacked likely,How can atttack,The person that attempt or also just opportunity discovery inbreaks,Evict the person that inbreak then go or bar outside the door,Otherwise by family Root still do not know a few years how to return a responsibility.Breathe out ah,I did XX to still establish memorial archway?No matter how that is the fact that does not dispute however.
BTW:I am being written " Linux back door sweeps past a shadow " , the postern technology below the Linux that this article has contacted to oneself made comparative be attackinged in detail defend an analysis,The friend that have fun at pays close attention to following site please in order to obtain the newest version of these articles.Http://baoz.netHttp://xsec.orgScriptkid is written civil,The mistake is great,Still ask each make corrections.If you are right the article or " Linux back door sweeps past a shadow " have what suggests or opinion,Contact me pleasePerlish(*)gmail.com Or Fatb@zzu.edu.cn

##############
Changes
1: ?he Keep Alive of ? ? Erver and Client paragraph,It is me to the wrong understanding of those a few parameter,In fact this is Server send Icmp to wrap examination Client to whether be inside 60 seconds through every 10 seconds response,If Client had firewall to filter,Icmp is wrapped,Such Client often can drop a line.
2: ?u plum washing with watercolors is happy ?of ? of strange offspringing beat up
3: ??? grinds Mian of Cheng Xi ? has an ancient nationality in China of virtuous ? of Ru which ? to seek branny ?BR>4: ??? grinds part of Hroot of ? of Mian of Cheng Xi ?
5:tUnX is reliable conceal do surely

...

All projects that the article will browse group of project of Apache portal quickly,The core project in emphasizing group of introductory portal project - Jetspeed-2.

Foreword

JEE serves as build the company level on Java platform to apply a solution,Through these year of ceaseless development,The industrial standard that has made company level development and first selection platform.Numerous manufacturer is like IBM,BEA and Oracle rolled out around this standard corresponding,The product with powerful function.In JEE normative group most sufferring what industry is agreed with and gain the greatest success is standard of JEE Web level,Develop to today,Had entered a portal (the times of Portal) .

...

The idea that the article expounded Linux-PAM,The architecture that still analysed Linux-PAM together with the reader at the same time,Author hope book this to the understanding of Linux-PAM with deepening a reader,So that have more deep-seated assurance to its.

...

In This HowTo I Will Describe How To Prepare A CentOS 4.4 Server For OpenVZ Virtual Machines. With OpenVZ You Can Create Multiple Virtual Private Servers (VPS) On The Same Hardware, similar To Xen And The Linux Vserver Project. OpenVZ Is The Open-source Branch Of Virtuozzo, a Commercial Virtualization Solution Used By Many Providers That Offer Virtual Servers.

...