Linux 3.0 1...2 2...2 2.1...3 2.2...3 2.3...3 2.4 Web...3 2.5...4 2.6...4 3...4 3.1 Web...5 3.2...6 3.3 DNS...7 3.4...7 3.5 DHCP...10 3.6 FTP...10 3.7 /...10 3.8 Email...11 3.9 snort...11 3.10 Xinetd...14 4 Linux...15 4.1 snmp MRTG...15 4.2 Nmap...17 4.3 Web...17 4.4 Tomcat3.1 JSP Web...18 4.5 Raid...19 4.6...20 5 Linux...21 5.1...21 5.2...21 5.3...21 5.4...21 1
1 Linux Linux Linux Windows NT Linux Linux UNIX Internet Linux Internet 1998 9 Internet Web Linux 26.3% Web Apache 60% Sendmail Internet Linux ISP/ICP Linux Linux 3.0 Linux 3.0 Linux 3.0 3.0 3.0 2 2
2.1 Framebuffer 2.2 2.4.7 SMP 32 CPU 64GB 2G RAID USB Zip reiserfs 2.3 Apache Web Wu-ftp FTP Squid DHCP DNS Bind9 MySQL PostgreSQL Samba sendmail 2.4 Web Web Linux DNS DHCP WWW Linux 3
2.5 Web SSL iptrains Linux Internet snort Xinetd inetd Kerberos LDAP NIS 2.6 RDBMS Linux ext2 ext2 Ext2 4K 4K G 2G UNIX 3 Linux Linux, WWW Email DHCP DNS FTP Linux 4
ISP/ICP Internet 3.1 Web Web ISP/ICP Web Intranet/Internet Web Web Apache 1.3.20 Apache WWW Apache perl, php web URL tom,http://hostname/~tom http1.1 proxy SSL Linux Web WebBench 700CPU 1G 40 1700 / 1.5 Linux Apache SSL Web Server Linux Apache PHP4 PHP PHP4 PHP3 ASP Apache MySQL 5
Linux Linux MySQL PostgresSQL MySQL Web PostgresSQL PostgresSQL PostgresSQL Web 3.2 Internet Internet Internet Internet yahoo Internet Internet Internet Internet Internet Internet WWW WWW Web Internet Internet Internet Internet Internet G Internet Internet Internet ftp Cache Internet, Cache,, Cache,, Web squid-2.4.stable1 Linux HTTP FTP SSL squid Cache Cache Squid Web 6
SSL Web HTTP FTP 3.3 DNS DNS IP Bind DNS Linux BIND9.1.3, Intranet Bind9 Bind8 Cache Cache IP Cache Internet Bind9 3.4 Internet Internet Internet Internet Internet 7
1 TCP UDP Telnet FTP checkpoint ftp ftp PORT PASS 2 HTTP SMTP FTP Telnet r sock Internet 8
TCP Session OSI TCP/IP NAT VPN NAT NAT Network Address Translation IP IP Source NAT SNAT Destination NAT DNAT Masquerading SNAT IP IP Port forwarding DNAT VPN VPN IP Ipchains Iptables Ipchains Linux Ipchains IP Ipchains IP Internet Internet Iptables Ipchains Ipchains Iptables 1. Linux INPUT,OUTPUT,FORWARD iptables INPUT FORWARD OUTPUT ipchains 2.iptables 9
Iptables 3. linux 2.4 NAT SNAT( NAT) DNAT( NAT) SNAT DNAT 3.5 DHCP DHCP IP IP Linux DHCP IP DHCP, IP IP DNS 3.6 FTP FTP Internet/Intranet linux wu-ftpd FTP Linux ftp FTP IP Internet FTP IP 3.7 / / Samba 10
Windows Samba Linux Samba Samba Samba(smb) Linux MS Windows Linux MS Windows NT MS Windows 3.1/95/98 Samba Win NT WinNT Linux MS Windows MS Windows 3.1/95/98 Windows NT Microsoft 3.8 Email Email Email Email Web -- -- sendmail Unix/Linux Email Linux POP3 IMAP MS Windows 9x Outlook Express Email POP3 IMAP4 ESMTP Nicknames Aliases 3.9 snort 11
snort IP / snort 1).snort snort 110KB 2).snort snort Linux,Solaris,BSD,IRIX,HP-UX,WinY2K 3) snort snort IP snort, syslog UNIX SAMBA Windows WinPopup XML snort SNML( simple network markup language) snort / snort TCP UDP ICMP ARP ICRP GRE OSPF RIP IPX CGI SMB snort tcpdump ASCII snort Postgresql MySQL unixodbc, Oracle( Oracle ) TCP (tcpstream) snort TCP snort IP TCP 12
TCP snort TCP snort TCP TCP snort spade(statistical Packet Anomaly Detection Engine) snort snort FlexResp snort 4). snort snort snort HTTP URI normalization XML snort Bugtraq Snort Snort 1 Snort SLIP PPP 2 Snort Snort / ip TCP ICMP Snort 13
plugin Snort 3 / tcpdump syslog flat Unix /var/log/snort /var/log/snort/alerts 3.10 Xinetd inetd Inetd Inetd tcpd Tcpd hosts {allow deny} ( ftpd telnetd) tcp_wrapper xinetd(extended InterNET services daemon) inetd+tcp_wrapper tcp ucp RPC log DoS (Denial of Services) log ip IP IP, TCP wrappers xinetd 14
4 Linux Linux Function Server Linux 3.0 Internet Linux Web WWW Email DHCP DNS FTP SQUID ISP/ICP Internet Linux Linux Linux 4.1 snmp MRTG Internet/Intranet Internet/Intranet Internet/Intranet SNMP 1988 IP IPX AppleTalk OSIC SNMP SNMP ISO S MIP SNMP Internet SNMP TCP/IP UDP TCP S NMP Internet SNMP SNMP SNMP SNMP (manager_ ) (agent) SNMP C/S / Get.Set.Trap SNMP MIB(Management Information Base) ( UP/DOWN/TESTING ) ( ) ( UpTime) SNMP ASN.1(Abstract Syntax Notation) OID(Object Iden tigier) IP OID 1 3 6 1 2 1 4 Internet SNMP SNMP MIB OID 15
SNMP I nternet MRTG PERL SNMP GIF HTML CPU MRTG SNMP RateUp MRTG SNMP MRTG-2 SIMON LEINEN PERL SNMP 7 CMU snmpget PERL SNMP PERL SNMP SNMP MRTG ASCII RateUp MRTG MRTG WEB MRTG-2 C MRTG GIF THOMAS BOUTELL GD Library MRTG-2 cfgmaker cfgmaker SNMP 16
4.2 Nmap Nmap UDP TCP connect(),tcp SYN (half open), ftp proxy (bounce attack),reverse-ident, ICMP (ping sweep), FIN, ACK sweep,xmas Tree, SYN sweep, Null nmap tcp/ip PING RPC nmap TCP DNS 4.3 Web webalizer web HTML web Internet webalizer web webalizer 17
1.Webalizer C 200Mhz webalizer 10000 40M 15 2. Webalizer (Common Logfile Format) (Combined Logfile Format) webalizer wu-ftpd xferlog squid 3. 4. 5. UNIX linux NT, OS/2 MacOS WWW IP 4.4 Tomcat3.1 JSP Web JavaServer PagesTM (JSP) Web JSP Web Web JSP Web Ejb+jsp/servlet+ + Linux tomcat3.1 JSP servlet2.2 jsp1.1 Tomcat Java Web Server Tomcat Sun apache Jakarta Sun apache server java tomcat jsp & servlet tomcat jakarta ant java XML Regexp 100% Java debug java Slide Servlet API WebDAV (web-based Distributed Authoring and Versioning) servlet api 2.2 Struts jsp/servlet web MVC(Model-View-Controller) Taglibs JSP1.1 jsp jsp Watchdog tomcat3.1 servlet jsp 18
Tomcat Linux 4.5 Raid RAID RAID 0 RAID 1 RAID RAID RAID RAID RAID RAID RAID RAID SCSI RAID SCSI RAID RAID SCSI RAID RAID RAID IDE SCSI CPU RAID RAID RAID Linux MD RAID RAID CPU Linux RAID RAID0 I/O RAID1 RAID 1 1 2 I/O 1 RAID4 I/O 4 19
RAID5 4 4 5 raid5 raid4 raid5 RAID RAID I/O RAID Linux Raid Raid Web Raid 4.6 Linux Web 20
5 Linux Linux DataBase Server Linux Linux Server3 Linux Oracle 8i/9i IBM DB2 Informix 2000 Sybase v11.9/v12 PostgreSQL MySQL Linux Linux linux 5.1 Oracle8i/9i DB2V7.1 SybaseV11.9/v12.5 Informix2000 Oracle8i Oracle9i IBM DB2 Universal Database Enterprise Edition V7.1. Sybase Adaptive Server Enterprise11.9.2 for Linux Informix Dynamic Server 2000 5.2 MySQL3.22.38 PostgreSQL7.1.2 5.3 Linux C C++ Perl JAVA PHP Python Tcl ODBC JDBC 5.4 21
linux Linux 22