svn commit: r50084 - head/ja_JP.eucJP/books/handbook/security
Ryusuke SUZUKI
ryusuke at FreeBSD.org
Sat Mar 25 04:30:56 UTC 2017
Author: ryusuke
Date: Sat Mar 25 04:30:55 2017
New Revision: 50084
URL: https://svnweb.freebsd.org/changeset/doc/50084
Log:
- Merge the following from the English version:
r22195 -> r22219 head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified:
head/ja_JP.eucJP/books/handbook/security/chapter.xml
Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml
==============================================================================
--- head/ja_JP.eucJP/books/handbook/security/chapter.xml Fri Mar 24 17:48:02 2017 (r50083)
+++ head/ja_JP.eucJP/books/handbook/security/chapter.xml Sat Mar 25 04:30:55 2017 (r50084)
@@ -3,7 +3,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: r22195
+ Original revision: r22219
$FreeBSD$
-->
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="security">
@@ -54,6 +54,11 @@
</listitem>
<listitem>
+ <para><command>inetd</command> ¤ÈÁȤ߹ç¤ï¤»¤Æ
+ <acronym>TCP</acronym> Wrappers ¤òÀßÄꤹ¤ëÊýË¡</para>
+ </listitem>
+
+ <listitem>
<para>&os; 5.0 ¤è¤êÁ°¤Î¥ê¥ê¡¼¥¹¤Ë¤ª¤±¤ë¡¢
<application>KerberosIV</application> ¤ÎÀßÄêÊýË¡</para>
</listitem>
@@ -1611,6 +1616,237 @@ permit port ttyd0</programlisting>
</sect2>
</sect1>
+ <sect1>
+ <info><title>TCP Wrappers</title>
+ <authorgroup>
+ <author>
+ <personname>
+ <firstname>Tom</firstname>
+ <surname>Rhodes</surname>
+ </personname>
+ <contrib>¼¹É®: </contrib>
+ </author>
+ </authorgroup>
+ </info>
+
+ <indexterm><primary>TCP Wrappers</primary></indexterm>
+
+ <para>&man.inetd.8; ¤Ë¾Ü¤·¤¤Êý¤Ç¤¢¤ì¤Ð¡¢
+ <acronym>TCP</acronym> Wrappers ¤Ë¤Ä¤¤¤Æʹ¤¤¤¿¤³¤È¤¬¤¢¤ë¤Ç¤·¤ç¤¦¡£
+ ¤·¤«¤·¡¢
+ ¤½¤Î͸úÀ¤ò¥Í¥Ã¥È¥ï¡¼¥¯´Ä¶¤Ë¤ª¤¤¤Æ´°Á´¤ËÍý²ò¤·¤Æ¤¤¤ë¿Í¤Ï¤Û¤È¤ó¤É¤¤¤Ê¤¯¡¢
+ ï¤â¤¬¥Í¥Ã¥È¥ï¡¼¥¯Àܳ¤ò¼è¤ê°·¤¦¤¿¤á¤Ë¡¢
+ ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤¿¤¤¤È¹Í¤¨¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¡£
+ ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Ï¡¢Éý¹¤¤ÍÑÅÓ¤¬¤¢¤ë°ìÊý¤Ç¡¢
+ Àܳ¸µ¤ËÂФ·¥Æ¥¥¹¥È¤òÁ÷¤ë¤È¤¤¤Ã¤¿¡¢¼è¤ê°·¤Ê¤¤ºî¶È¤¬¤¢¤ê¤Þ¤¹¡£
+ <acronym>TCP</acronym> ¥½¥Õ¥È¥¦¥§¥¢¤Ï¡¢¤³¤ì°Ê¾å¤Î¤³¤È¤¬¤Ç¤¤Þ¤¹¡£
+ °Ê²¼¤ÎÀá¤Ç¤Ï¡¢
+ <acronym>TCP</acronym> Wrappers ¤Î¿¤¯¤Îµ¡Ç½¤¬ÀâÌÀ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
+ ¤½¤·¤Æ¡¢Å¬±þ¤Ç¤¤ë¾ì¹ç¤Ë¤Ï¡¢ÀßÄê¹Ô¤ÎÎ㤬¾Ò²ð¤µ¤ì¤Æ¤¤¤Þ¤¹¡£</para>
+
+ <para><acronym>TCP</acronym> Wrappers ¥½¥Õ¥È¥¦¥§¥¢¤Ï¡¢
+ <command>inetd</command>
+ ¤Î´ÉÍý¤Î¤â¤È¤Ë¤¹¤Ù¤Æ¤Î¥µ¡¼¥Ð¥Ç¡¼¥â¥ó¤ËÂбþ¤¹¤ëµ¡Ç½¤ò³ÈÄ¥¤·¤Þ¤¹¡£
+ ¤³¤ÎÊýË¡¤ò»È¤¦¤³¤È¤Ç¡¢¥í¥°¤Ø¤ÎÂбþ¡¢
+ Àܳ¤ËÂФ·¤Æ¥á¥Ã¥»¡¼¥¸¤òÊÖ¤·¤¿¤ê¡¢
+ ÆâÉô¤ÎÀܳ¤À¤±¤òµö²Ä¤¹¤ë¤è¤¦¤Ë¥Ç¡¼¥â¥ó¤òÀßÄꤹ¤ë¤³¤È¤Ê¤É¤¬²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£
+ ¤³¤ì¤é¤Îµ¡Ç½¤Î¤¤¤¯¤Ä¤«¤Ï¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Ç¤â¼ÂÁõ¤Ç¤¤Þ¤¹¤¬¡¢
+ Êݸî¤Î¤¿¤á¤ÎÆÃÊ̤ʥ쥤¥ä¤òÄɲ乤ë¤À¤±¤Ç¤Ê¤¯¡¢
+ ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤¬Ä󶡤¹¤ë°Ê¾å¤Î´ÉÍý¤òÄ󶡤·¤Þ¤¹¡£</para>
+
+ <para><acronym>TCP</acronym> Wrappers µ¡Ç½¤ÎÄɲäϡ¢
+ ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î¤è¤êÎɤ¤ÃÖ¤´¹¤¨¤È¹Í¤¨¤ë¤Ù¤¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
+ ¥·¥¹¥Æ¥à¤ò¼é¤ë¤¿¤á¤Î¥ì¥¤¥ä¤òÄɲ乤뤿¤á¤Ë¤Ï¡¢
+ ¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ª¤è¤Ó¾¤Î¥»¥¥å¥ê¥Æ¥£ÀßÄê¤ÈÁȤ߹ç¤ï¤»¤Æ»È¤¦¤Ù¤¤Ç¤¹¡£</para>
+
+ <para>¤³¤ÎÀßÄê¤Ï <command>inetd</command> ¤ÎÀßÄê¤Î³ÈÄ¥¤Ê¤Î¤Ç¡¢
+ <link linkend="network-inetd">inetd ¤ÎÀßÄê</link>
+ ¾Ï¤ò¤¹¤Ç¤ËÆɤó¤Ç¤¤¤ë¤³¤È¤òÁÛÄꤷ¤Æ¤¤¤Þ¤¹¡£</para>
+
+ <sect2>
+ <title>½é´üÀßÄê</title>
+
+ <para>&os; ¾å¤Ç <acronym>TCP</acronym> Wrappers
+ ¤ò»ÈÍѤ¿¤á¤ËɬÍפȤʤë¤Î¤Ï¡¢
+ <filename>rc.conf</filename> ¤«¤é
+ <option>-Ww</option> ¥ª¥×¥·¥ç¥ó¤Ç
+ <command>inetd</command> ¥µ¡¼¥Ð¤¬µ¯Æ°¤µ¤ì¤ë¤³¤È¤ò³Îǧ¤¹¤ë¤À¤±¤Ç¤¹¡£
+ ¤³¤ì¤Ï¥Ç¥Õ¥©¥ë¥È¤ÎÀßÄê¤Ç¤¹¡£
+ ¤â¤Á¤í¤ó¡¢
+ <filename>/etc/hosts.allow</filename>
+ ¤âŬÀÚ¤ËÀßÄꤵ¤ì¤Æ¤¤¤ë¤³¤È¤¬Á°Äó¤Ç¤¹¡£
+ ¤³¤Î¾ì¹ç¡¢&man.syslogd.8;
+ ¤Ï¥·¥¹¥Æ¥à¥í¥°¤Ë¥á¥Ã¥»¡¼¥¸¤ò½ÐÎϤ·¤Þ¤¹¡£</para>
+
+ <note>
+ <para>¾¤Î <acronym>TCP</acronym> Wrappers ¤Î¼ÂÁõ¤È°Û¤Ê¤ê¡¢
+ <filename>hosts.deny</filename> ¤ÏÇѻߤµ¤ì¤Þ¤·¤¿¡£
+ ¤¹¤Ù¤Æ¤ÎÀßÄꥪ¥×¥·¥ç¥ó¤Ï <filename>/etc/hosts.allow</filename>
+ ¤Ë½ñ¤«¤ì¤Æ¤¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£</para>
+ </note>
+
+ <para>ºÇ¤â´Êñ¤ÊÀßÄê¤Ë¤ª¤±¤ë¥Ç¡¼¥â¥ó¤ÎÀܳ¥Ý¥ê¥·¤Ï¡¢
+ <filename>/etc/hosts.allow</filename> ¤ÎÃæ¤Ç¡¢
+ ¥ª¥×¥·¥ç¥ó¤´¤È¤Ëµö²Ä¤Þ¤¿¤Ï¥Ö¥í¥Ã¥¯¤¹¤ë¤è¤¦¤ËÀßÄꤹ¤ë¤È¤¤¤¦¤â¤Î¤Ç¤¹¡£
+ &os; ¤Î¥Ç¥Õ¥©¥ë¥È¤ÎÀßÄê¤Ç¤Ï¡¢<command>inetd</command>
+ ¤«¤éµ¯Æ°¤µ¤ì¤¿¤¹¤Ù¤Æ¤Î¥Ç¡¼¥â¥ó¤ÎÀܳ¤òµö²Ä¤·¤Þ¤¹¡£
+ ¤³¤ÎÀßÄê¤òÊѹ¹¤¹¤ë¤³¤È¤Ë¤Ä¤¤¤Æ¤Ï¡¢
+ ´ðËÜŪ¤ÊÀßÄê¤òÍý²ò¤·¤¿¸å¤ÇµÄÏÀ¤µ¤ì¤ë¤Ù¤¤Ç¤¹¡£</para>
+
+ <para>´ðËÜŪ¤ÊÀßÄê¤Ï¡¢Ä̾ï
+ <literal>daemon : host option(s) : action</literal>
+ ¤È¤¤¤¦·Á¼°¤Ç¤¹¡£¤³¤³¤Ç¡¢
+ <literal>daemon</literal> ¤Ï¡¢
+ <command>inetd</command> ¤¬µ¯Æ°¤¹¤ë¥Ç¡¼¥â¥ó¤Î̾Á°¤Ç¤¹¡£
+ <literal>address</literal> ¤ÎÉôʬ¤Ï¡¢Í¸ú¤Ê¥Û¥¹¥È̾¡¢
+ <acronym>IP</acronym> ¥¢¥É¥ì¥¹¤Þ¤¿¤Ï¡¢
+ ³ç¸Ì ([ ]) ¤Ç°Ï¤Þ¤ì¤¿ IPv6 ¥¢¥É¥ì¥¹¤Ç¤¹¡£
+ action ¥Õ¥£¡¼¥ë¥É¤ÎÉôʬ¤Ï¡¢¥¢¥¯¥»¥¹¤òŬÀڤ˵ö²Ä¤Þ¤¿¤ÏµñÈݤò¤¹¤ë¤è¤¦¤Ë¡¢
+ allow ¤Þ¤¿¤Ï deny ¤È¤Ê¤ê¤Þ¤¹¡£
+ ºÇ½é¤Î¥Þ¥Ã¥Á¤·¤¿¥ë¡¼¥ë¤¬Å¬ÍѤµ¤ì¤ë¤È¡¢
+ ÀßÄê¤Ï¤½¤³¤Ç½ª¤ï¤ë¤³¤È¤ò³Ð¤¨¤Æ¤ª¤¤¤Æ¤¯¤À¤µ¤¤¡£
+ ¤³¤ì¤Ï¡¢ÀßÄê¥Õ¥¡¥¤¥ë¤Ï¾º½ç¤Ë¥ë¡¼¥ë¤Î¥Þ¥Ã¥Á¤ò¥¹¥¥ã¥ó¤µ¤ì¡¢
+ ¥Þ¥Ã¥Á¤¹¤ë¤È¡¢¥ë¡¼¥ë¤¬Å¬ÍѤµ¤ì¡¢
+ ¸¡º÷¤Î¥×¥í¥»¥¹¤ÏÄä»ß¤¹¤ë¤³¤È¤ò°ÕÌ£¤·¤Æ¤¤¤Þ¤¹¡£</para>
+
+ <para>¾¤Ë¤â¤¤¤¯¤Ä¤«¤Î¥ª¥×¥·¥ç¥ó¤¬Â¸ºß¤·¡¢°Ê¹ß¤ÎÀá¤ÇÀâÌÀ¤µ¤ì¤Þ¤¹¡£
+ ´Êñ¤ÊÀßÄê¤Î¹Ô¤Ï¡¢¾åµ¤Î¾ðÊó¤Î¤ß¤Ç´Êñ¤Ë¹½À®¤µ¤ì¤Þ¤¹¡£
+ Îã¤È¤·¤Æ¡¢<acronym>POP</acronym>3 ¤ÎÀܳ¤ò¡¢
+ <filename role="package">mail/qpopper</filename>
+ ¥Ç¡¼¥â¥ó¤«¤éµö²Ä¤¹¤ë¤Ë¤Ï¡¢°Ê²¼¤Î¹Ô¤ò
+ <filename>hosts.allow</filename> ¤ËÄɲ䷤Ƥ¯¤À¤µ¤¤¡£</para>
+
+ <programlisting># This line is required for POP3 connections:
+qpopper : ALL : allow</programlisting>
+
+ <para>¤³¤Î¹Ô¤òÄɲä·¤¿¤é¡¢<command>inetd</command> ¤òºÆµ¯Æ°¤·¤Æ¤¯¤À¤µ¤¤¡£
+ ¤³¤ì¤ò¹Ô¤¦¤Ë¤Ï¡¢&man.kill.1; ¥³¥Þ¥ó¥É¤ò»È¤¦¤«¡¢
+ <parameter>restart</parameter> ¥Ñ¥é¥á¡¼¥¿¤È¤È¤â¤Ë¡¢
+ <filename>/etc/rc.d/inetd</filename> ¤ò»È¤Ã¤Æ¤¯¤À¤µ¤¤¡£</para>
+ </sect2>
+
+ <sect2>
+ <title>¹âÅÙ¤ÊÀßÄê</title>
+
+ <para><acronym>TCP</acronym> Wrappers ¤Ç¹âÅÙ¤ÊÀßÄê¤â¤Ç¤¤Þ¤¹¡£
+ Àܳ¤ò¼è¤ê°·¤¦°Ê¾å¤ÎÀ©¸æ¤ò¹Ô¤¦¤³¤È¤¬¤Ç¤¤ë¤Î¤Ç¤¹¡£
+ ¤¢¤ë»þ¤Ï¡¢Àܳ¤·¤Æ¤¤¤ë¥Û¥¹¥È¤Þ¤¿¤Ï¥Ç¡¼¥â¥ó¤Ë¥³¥á¥ó¥È¤òÊÖ¤¹¤³¤È¤¬Îɤ¤¹Í¤¨¤Î¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£
+ Ê̤ξì¹ç¤Ç¤Ï¡¢¤ª¤½¤é¤¯¥í¥°¥Õ¥¡¥¤¥ë¤òµÏ¿¤·¤¿¤ê¡¢
+ ´ÉÍý¼Ô¤Ë¥á¡¼¥ë¤ÇÁ÷¤ëɬÍפ¬¤¢¤ë¤³¤È¤â¤¢¤ë¤Ç¤·¤ç¤¦¡£
+ ¤Þ¤¿¤½¤Î¾¤Î¾õ¶·¤È¤·¤Æ¤Ï¡¢
+ ¥µ¡¼¥Ó¥¹¤ò¥í¡¼¥«¥ë¤ÎÀܳ¤Î¤ß¤Ç»ÈÍѤǤ¤ëɬÍפ¬¤¢¤ë¾ì¹ç¤â¤¢¤ê¤Þ¤¹¡£
+ ¤³¤ì¤é¤Ï¤¹¤Ù¤Æ¡¢<literal>¥ï¥¤¥ë¥É¥«¡¼¥É</literal>
+ ¤È¸Æ¤Ð¤ì¤ëÀßÄê¤Î¥ª¥×¥·¥ç¥ó (³Èĥʸ»ú¤ª¤è¤Ó³°Éô¥³¥Þ¥ó¥É¤Î¼Â¹Ô)
+ ¤Ç²Äǽ¤È¤Ê¤ê¤Þ¤¹¡£
+ °Ê²¼¤Î 2 ¤Ä¤ÎÀá¤Ç¤Ï¡¢
+ ¤³¤Î¤è¤¦¤Ê¾õ¶·¤Ø¤ÎÂбþ¤Ë¤Ä¤¤¤Æ¿¨¤ì¤Æ¤¤¤Þ¤¹¡£</para>
+
+ <sect3>
+ <title>³°Éô¥³¥Þ¥ó¥É</title>
+
+ <para>Àܳ¤ÏµñÈݤ·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¤¬¡¢
+ ¤½¤ÎÍýͳ¤òÀܳ¤Î³ÎΩ¤ò»î¤ß¤¿Áê¼ê¤ËÁ÷¤ê¤¿¤¤¾õ¶·¤ò¹Í¤¨¤Æ¤¯¤À¤µ¤¤¡£
+ ¤³¤ì¤Ï¡¢¤É¤Î¤è¤¦¤Ë¹Ô¤¦¤³¤È¤¬¤Ç¤¤ë¤Ç¤·¤ç¤¦¤«¡©
+ ¤³¤Î¥¢¥¯¥·¥ç¥ó¤Ï¡¢<option>twist</option>
+ ¥ª¥×¥·¥ç¥ó¤ò»È¤¦¤³¤È¤Ç¼Â¸½²Äǽ¤Ç¤¹¡£
+ Àܳ¤¬»î¤ß¤é¤ì¤ë¤È¡¢<option>twist</option>
+ ¤Ï¥·¥§¥ë¥³¥Þ¥ó¥É¤Þ¤¿¤Ï¥¹¥¯¥ê¥×¥È¤Î¼Â¹Ô¤òÍ׵ᤷ¤Þ¤¹¡£
+ ¤³¤Î¾ì¹ç¤ÎÎã¤Ï¡¢
+ <filename>hosts.allow</filename> ¥Õ¥¡¥¤¥ë¤Ë½ñ¤«¤ì¤Æ¤¤¤Þ¤¹¡£</para>
+
+ <programlisting># The rest of the daemons are protected.
+ALL : ALL \
+ : severity auth.info \
+ : twist /bin/echo "You are not welcome to use %d from %h."</programlisting>
+
+ <para>¤³¤ÎÎã¤Ï¡¢
+ <quote>You are not allowed to use <literal>daemon</literal>
+ from <literal>hostname</literal>.</quote> ¤È¤¤¤¦¥á¥Ã¥»¡¼¥¸¤ò¡¢
+ ¥¢¥¯¥»¥¹¥Õ¥¡¥¤¥ë¤ÎÃæ¤ÇÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¤¤¹¤Ù¤Æ¤Î¥Ç¡¼¥â¥ó¤ËÂФ·¤ÆÊÖ¤·¤Þ¤¹¡£
+ Àܳ¸µ¤ËÂФ·¡¢³ÎΩ¤µ¤ì¤¿Àܳ¤¬ÇË´þ¤µ¤ì¤¿Ä¾¸å¤ËÊÖÅú¤¹¤ë¤³¤È¤Ï¡¢
+ Èó¾ï¤Ë͸ú¤Ç¤¹¡£
+ ÊÖ¿®¤Ë»È¤ï¤ì¤ë¥á¥Ã¥»¡¼¥¸¤Ï¡¢<literal>"</literal> ʸ»ú¤Ç°Ï¤à
+ <emphasis>ɬÍ×</emphasis> ¤¬¤¢¤ê¤Þ¤¹¡£
+ ¤³¤Îµ¬Â§¤ËÎã³°¤Ï¤¢¤ê¤Þ¤»¤ó¡£</para>
+
+ <warning>
+ <para>¹¶·â¼Ô¤ä¹¶·â¼Ô¤Î¥°¥ë¡¼¥×¤Ï¡¢
+ ¤³¤ì¤é¤Î¥Ç¡¼¥â¥ó¤ÎÀܳ¤Î¥ê¥¯¥¨¥¹¥È¤Ç¤¢¤Õ¤ì¤µ¤»¤ë¤³¤È¤Ë¤è¤ê¡¢
+ ¥µ¡¼¥Ð¤ËÂФ·¤Æ DoS ¹¶·â¤ò»Å³Ý¤±¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¡£</para>
+ </warning>
+
+ <para>¤³¤Î¤è¤¦¤Ê¾õ¶·¤Ë¤ª¤¤¤Æ¡¢Â¾¤Î²ÄǽÀ¤Ï <option>spawn</option>
+ ¥ª¥×¥·¥ç¥ó¤ò»È¤¦¤³¤È¤Ç¤¹¡£
+ <option>twist</option> ¤ÈƱÍͤˡ¢
+ <option>spawn</option> ¤Ï¡¢°ÅÌۤΤ¦¤Á¤ËÀܳ¤òµñÈݤ·¡¢
+ ³°Éô¤Î¥·¥§¥ë¥³¥Þ¥ó¥É¤ä¥¹¥¯¥ê¥×¥È¤ò¼Â¹Ô¤Ç¤¤Þ¤¹¡£
+ <option>twist</option> ¤È°Û¤Ê¤ê¡¢<option>spawn</option> ¤Ï¡¢
+ Àܳ¤ò³ÎΩ¤·¤¿Áê¼ê¤ËÂФ·¡¢ÊÖ»ö¤òÊÖ¤¹¤³¤È¤Ï¤¢¤ê¤Þ¤»¤ó¡£
+ ¤¿¤È¤¨¤Ð¡¢°Ê²¼¤Î¤è¤¦¤ÊÀßÄê¤Î¹Ô¤ò¹Í¤¨¤Æ¤ß¤Æ¤¯¤À¤µ¤¤¡£</para>
+
+ <programlisting># We do not allow connections from example.com:
+ALL : .example.com \
+ : spawn (/bin/echo %a from %h attempted to access %d >> \
+ /var/log/connections.log) \
+ : deny</programlisting>
+
+ <para>¤³¤Î¹Ô¤Ï¡¢
+ <systemitem class="fqdomainname">*.example.com</systemitem>
+ ¥É¥á¥¤¥ó¤«¤é¤ÎÀܳ¤ò¤¹¤Ù¤ÆµñÈݤ·¤Þ¤¹¡£
+ Ʊ»þ¤Ë¥Û¥¹¥È̾¡¢<acronym>IP</acronym>
+ ¥¢¥É¥ì¥¹¤ª¤è¤Ó¥¢¥¯¥»¥¹¤ò»î¤ß¤¿¥Ç¡¼¥â¥ó¤¬¡¢
+ <filename>/var/log/connections.log</filename>
+ ¥Õ¥¡¥¤¥ë¤ËµÏ¿¤µ¤ì¤Þ¤¹¡£</para>
+
+ <para>¤¹¤Ç¤ËÀâÌÀ¤·¤¿ÃÖ´¹Ê¸»ú (¤¿¤È¤¨¤Ð %a) °Ê³°¤Ë¤âÃÖ´¹Ê¸»ú¤¬¤¢¤ê¤Þ¤¹¡£
+ ´°Á´¤Ê°ìÍ÷¤Ï
+ &man.hosts.access.5; ¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
+ </sect3>
+
+ <sect3>
+ <title>¥ï¥¤¥ë¥É¥«¡¼¥É¥ª¥×¥·¥ç¥ó</title>
+
+ <para>¤³¤ì¤Þ¤Ç¤ÎÎã¤Ë¤ª¤¤¤Æ¤Ï¡¢·Ñ³¤·¤Æ
+ <literal>ALL</literal> ¤ò»ÈÍѤ¹¤ëÎ㤬ÍѤ¤¤é¤ì¤Æ¤¤Þ¤·¤¿¡£
+ ¤³¤Îµ¡Ç½¤ò³ÈÄ¥¤¹¤ë¾¤Î¥ª¥×¥·¥ç¥ó¤â¸ºß¤·¤Þ¤¹¡£¤¿¤È¤¨¤Ð¡¢
+ <literal>ALL</literal> ¤Ï¡¢
+ ¥Ç¡¼¥â¥ó¡¢¥É¥á¥¤¥ó¤Þ¤¿¤Ï <acronym>IP</acronym>
+ ¥¢¥É¥ì¥¹¤Î¤¹¤Ù¤Æ¤Î¥¤¥ó¥¹¥¿¥ó¥¹¤Î¤É¤ì¤«¤Ë¥Þ¥Ã¥Á¤¹¤ë¤«¤É¤¦¤«¤Ë»È¤ï¤ì¤Þ¤¹¡£
+ ¾¤Î¥ï¥¤¥ë¥É¥«¡¼¥É¤Ï¡¢µ¶Â¤¤µ¤ì¤¿ <acronym>IP</acronym>
+ ¥¢¥É¥ì¥¹¤òÄ󶡤¹¤ë¥Û¥¹¥È¤Ë¥Þ¥Ã¥Á¤¹¤ë¤«¤É¤¦¤«¤ËÍѤ¤¤é¤ì¤ë
+ <literal>PARANOID</literal> ¤Ç¤¹¡£
+ ¸À¤¤´¹¤¨¤ë¤È¡¢<literal>paranoid</literal> ¤ò»È¤¦¤³¤È¤Ç¡¢
+ ¥Û¥¹¥È̾¤È°Û¤Ê¤ë <acronym>IP</acronym>
+ ¥¢¥É¥ì¥¹¤«¤é¤ÎÀܳ¤¬¤¢¤Ã¤¿»þ¤Î¥¢¥¯¥·¥ç¥ó¤òÄêµÁ¤Ç¤¤Þ¤¹¡£
+ °Ê²¼¤ÎÎã¤Ï¡¢¤³¤ì¤é¤ÎÀâÌÀ¤òÌÀ³Î¤Ë¤¹¤ë¤Ç¤·¤ç¤¦¡£</para>
+
+ <programlisting># Block possibly spoofed requests to sendmail:
+sendmail : PARANOID : deny</programlisting>
+
+ <para>¤³¤ÎÎã¤Ç¤Ï¡¢¥Û¥¹¥È̾¤«¤é¸¡º÷¤µ¤ì¤ë
+ <acronym>IP</acronym> ¥¢¥É¥ì¥¹¤È°Û¤Ê¤ë
+ <acronym>IP</acronym> ¥¢¥É¥ì¥¹¤ò»ý¤Ä
+ <command>sendmail</command>
+ ¤Ø¤ÎÀܳ¤Î¤¹¤Ù¤Æ¤Î¥ê¥¯¥¨¥¹¥È¤òµñÈݤ·¤Þ¤¹¡£</para>
+
+ <caution>
+ <para>¥¯¥é¥¤¥¢¥ó¥È¤â¤·¤¯¤Ï¥µ¡¼¥Ð¤Î <acronym>DNS</acronym>
+ ¤ÎÀßÄ꤬´Ö°ã¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ë¡¢
+ <literal>PARANOID</literal> ¤ò»È¤¦¤È¡¢
+ ¥µ¡¼¥Ð¤¬¤È¤Æ¤â»È¤¤¤Å¤é¤¯¤Ê¤ê¤Þ¤¹¡£
+ ´ÉÍý¼Ô¤Î¿µ½Å¤µ¤¬µá¤á¤é¤ì¤Þ¤¹¡£</para>
+ </caution>
+
+ <para>¥ï¥¤¥ë¥É¥«¡¼¥É¤ª¤è¤Ó´ØÏ¢¤¹¤ëµ¡Ç½¤Ë¤Ä¤¤¤Æ¤â¤Ã¤ÈÃΤꤿ¤¤¾ì¹ç¤Ë¤Ï¡¢
+ &man.hosts.access.5; ¥Þ¥Ë¥å¥¢¥ë¥Ú¡¼¥¸¤ò¤´Í÷¤¯¤À¤µ¤¤¡£</para>
+
+ <para>¾åµ¤ÎÀßÄ꤬ưºî¤¹¤ë¤Ë¤Ï¡¢<filename>hosts.allow</filename>
+ ¤ÎÃæ¤Ç¡¢ºÇ½é¤ÎÀßÄê¤Î¹Ô¤¬¥³¥á¥ó¥È¥¢¥¦¥È¤µ¤ì¤Æ¤¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
+ ¤³¤ì¤Ï¤¹¤Ç¤Ë¤³¤Î¾Ï¤ÎºÇ½é¤ÇÀâÌÀ¤·¤¿Ä̤ê¤Ç¤¹¡£</para>
+ </sect3>
+ </sect2>
+ </sect1>
+
<sect1 xml:id="kerberosIV">
<info><title><application>KerberosIV</application></title>
<authorgroup>
More information about the svn-doc-all
mailing list