Linux操作系统安全配置步骤详细解析(2)

sshd: 192.168.1.10/255.255.255.0 gate.openarch.com

[root@deep]# tcpdchk

# Basic system aliases -- these MUST be present.
MAILER-DAEMON: postmaster
postmaster: root
# General redirections for pseudo accounts.
bin: root
daemon: root
#games: root ?remove or comment out.
#ingres: root ?remove or comment out.
nobody: root
#system: root ?remove or comment out.
#toor: root ?remove or comment out.
#uucp: root ?remove or comment out.
# Well-known aliases.
#manager: root ?remove or comment out.
#dumper: root ?remove or comment out.
#operator: root ?remove or comment out.
# trap decode to catch security attacks
#decode: root
# Person who should get root""s mail
#root: marc

echo 1 >; /proc/sys/net/ipv4/icmp_echo_ignore_all

telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd -h

# Lookup names via DNS first then fall back to /etc/hosts.
order bind,hosts
# We don""t have machines with multiple IP addresses on the same card
(like virtual server,IP Aliasing).
multi off
# Check for IP address spoofing.
nospoof on
IP Spoofing: IP-Spoofing is a security exploit that works by tricking
computers in a trust relationship that you are someone that you really aren""t.

tty1
#tty2
#tty3
#tty4
#tty5
#tty6
#tty7
#tty8