tailieunhanh - Setting Up LAMP Getting Linux, Apache, MySQL, and PHP Working Together phần 5
Ở đây bạn thấy rằng mtime cờ bây giờ có một đối số 14 cho số ngày và bạn đang tìm kiếm các tập tin mà bắt đầu với gia tăng. Đây là hai khu vực đã thay đổi kịch bản mới của bạn. Sau khi đã được thêm vào, thêm lệnh tương tự bạn sử dụng trong kịch bản sao lưu đầy đủ của bạn để chuyển thư mục | 146 Chapter 6 Linux Security Simpo PDF Merge and Split Unregistered Version - http IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT Allow Ping echo IPTABLES -A INPUT -p icmp -j ACCEPT Load Modules insmod ip_conntrack_ftp insmod ipt_LOG insmod ipt_REJECT insmod ipt_limit insmod ipt_state The logging is set so if more than 5 packets are dropped in three seconds they will be ignored. This helps to prevent a DOS attack crashing the computer the firewall is running on IPTABLES -A INPUT -m limit limit 3 second --limit-burst 5 -i lo -j LOG Drop and log all other data IPTABLES -A INPUT -i lo -j DROP Let s begin to understand the firewall script in Listing . The first line is our bash shell line. It s called the shebang and might be required by some systems to run properly bin sh Next you will see some comments throughout the script. This helps keep track of what you re doing and is a simple way to take notes. Sometimes in scripting you will have so much code that keeping notes helps you refresh your memory later. Simply put a comment symbol in front of each line on a comment to prevent the script from attempting to execute your comments when it is run Change the part after the to the where you IPTABLES is on your system Now you are going to create a variable or a shortcut to your iptables executable. This variable prevents you from having to type the full command each time you need it. In this case you are going to create IPTABLES with the value of sbin iptables IPTABLES sbin iptables Your next task is to flush out any existing rules from your INPUT chain. This enables you to clear out any old information before you attempt to set up your rules. The -F option is really Configuring the Firewall 147 Simpo PDF Merge and Split Unregistered Version - http useful when you make a change to this script and delete a rule so next time all you have to do is run this script again and all of the old rules
đang nạp các trang xem trước