玄箱
EMモードで起動時に、
fstabのスワップをマウントさせないで、
起動したらうまくいかなさそうだったので、
起動スクリプトでスワップを停止させた

KURO-BOX:~# pwd
/root
KURO-BOX:~# vi ./root_script
中身
---------------------------
#!/bin/sh
/sbin/swapoff /dev/hda2
---------------------------
KURO-BOX:~#chmod 777 ./root_script
KURO-BOX:~# ./root_script
KURO-BOX:~# free
total used free shared buffers cached
Mem: 127088 21868 105220 0 956 15884
-/+ buffers/cache: 5028 122060
Swap: 0 0 0

KURO-BOX:~# cp ./root_script /etc/init.d/root_script

KURO-BOX:~# update-rc.d root_script defaults
Adding system startup for /etc/init.d/root_script ...
/etc/rc0.d/K20root_script -> ../init.d/root_script
/etc/rc1.d/K20root_script -> ../init.d/root_script
/etc/rc6.d/K20root_script -> ../init.d/root_script
/etc/rc2.d/S20root_script -> ../init.d/root_script
/etc/rc3.d/S20root_script -> ../init.d/root_script
/etc/rc4.d/S20root_script -> ../init.d/root_script
/etc/rc5.d/S20root_script -> ../init.d/root_script

↑defaultsオプション指定で
runlevelごとにの適切なSとKが自動で、
シンボルクリックとして作成される

以下swapファイルの作成方法と確認方法
http://www.atmarkit.co.jp/flinux/rensai/linuxtips/389swapfile.html

AD

数字並びの覚え方

資格試験でポートの番号をおぼえる

1 ストロー
2 白鳥
3 尻(横にすると)
4 弓
5 車椅子
6 鍵
7 杖(横にすると)
8 メガネ
9 耳

番号を当てはめて
以上をイメージ
AD
イーサネットpcカードを増やして、
ipfordingでパケットキャプチャやsnortなど動かせるかなと、
思い設定。

ネットワーク設定
Debian GNU/Linux系では/etc/network/interfaces)を編集

Red Hat Linux系のディストリビューションでeth0のネットワーク・カードに対して固定のIPアドレスを指定する場合は,/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0              ← ネットワーク・インタフェース名
BOOTPROTO=static         ← 固定IPアドレスの場合の指定
BROADCAST=192.168.1.255  ← ブロードキャスト・アドレス
IPADDR=192.168.1.2       ← IPアドレス
NETMASK=255.255.255.0    ← ネット・マスク
NETWORK=192.168.1.0      ← ネットワーク・アドレス
ONBOOT=yes               ← マシン起動時にネットワークを有効にする場合はyes

ネットワーク再起動
etc/rc.d/init.d/network restart

設定確認
ifconfig eth0



-----名前解決-------
玄人箱をdebian化したが、
aptitude updateを行ったときに
resolve(名前解決できない)エラーがあった

ping yahoo.co.jp

を打ってみたが、 応答なし(他のPCでは帰ってくる)
名前解決できないと判断
名前解決ってどのファイル?
と模索していたが、とりあえず、
ipで直接リポロジを指定しようと
winで以下を実行

C:\Documents and Settings\tk>ping security.debian.org
Pinging security.debian.org [128.31.0.36] with 32 bytes of data:
Reply from 128.31.0.36: bytes=32 time=248ms TTL=43

ipが表示されるので
/etc/apt/sources.list に
deb http://150.65.7.130/debian/ lenny main
deb http://128.31.0.36/ lenny/updates main
直接指定

結局、下のネームサーバーをいじくって解決できた KURO-BOX:~# cat /etc/resolv.conf
search
nameserver 192.168.0.254



AD
ブロードバンドルータよりインターネット側から、
0~1055番ポートまでスキャンをしてみた。

ShieldsUP!

https://www.grc.com/x/ne.dll?bh0bkyd2

113がクローズで他はステルス

以下詳細

Port Authority Database

Port 113

Name:
auth / ident

Purpose:
Authentication Service / Identification Protocol

Description:
Auth/Ident servers — which are supposed to run on the local user's machine — open port 113 and listen for incoming connections and queries from remote machines. These querying machines provide a local and remote "port pair" describing some other already-existing connection between the machines. The user's "ident" server is tasked with looking up and returning the connection's "USER ID" and perhaps additional information, such as an eMail address, full name, or whatever.

Related Ports:
-




Background and Additional Information:

The "Authentication Protocol" for port 113 was originally proposed back in September of 1984 in a short two and a half page RFC 912 . Four months later that RFC was superseded by RFC 931 . Then eight years later, the protocol was further refined and renamed to the "Identification Protocol" with RFC 1413 .

The idea behind this protocol was to provide an automated means for remote servers to automatically identify the users who were attempting to connect to them. This means that when a user attempts to connect to a remote machine offering some public service, that remote server would, in turn, attempt to connect back to the user to ask the user's computer to identify the user.

This was originally conceived as a convenient means for allowing things like automatic logon to FTP servers so that users would not need to manually "authenticate" themselves with a username and password. While that might have been a nice idea, the protocol was so simple-minded that it was trivial to fool. It provided no real security, so no one ever took it seriously or trusted it. It was finally renamed from "Authentication Protocol" to "Identification Protocol" because it fell so far short of being able to usefully authenticate anything.

The problem with completely stealthing port 113

Despite the fact that IDENT was never very useful, even today some crusty old UNIX servers — most commonly IRC Chat, but some eMail servers as well — still have this IDENT protocol built into them. Any time someone attempts to establish a connection with them, that connection attempt is completely put on hold while the remote server attempts to use IDENT to connect back to the user's port 113 for identification.

If the user had no NAT router or personal firewall — and no IDENT server running in their machine to accept the remote server's connection request on port 113 — the user's computer would receive the port 113 connection request and immediately, actively reject the connection. The remote server would quickly know that IDENT was not running on the remote user's machine, it probably wouldn't care, and it would proceed to grant the user's suspended connection request.

However, if either a NAT router or a personal firewall ARE blocking and dropping incoming IDENT requests — if IDENT is fully stealthed — the remote server's attempts to connect would go unanswered. After waiting a while to hear back from its first connection request packet, it would send a second request packet. Then, after waiting much longer, it would send a third, and a fourth after waiting even longer still. With port 113 stealthed by the user, each incoming request would simply be dropped and ignored by the user's local security defenses. But in the meantime the remote server — and the user's original connection request — are "hung" waiting for some reply.

Since stealthed TCP connection attempts usually take 45 seconds or more to be abandoned, the effect is that stealthing of port 113 can cause some connections to some remote servers to hang for nearly a minute. (And SOME remote servers will even go so far as to finally refuse the original connection request if nothing is ever heard back from the client's port 113.)

Is all this really a problem?

Probably . . . Not. Most people who arrange to fully stealth port 113 never have any trouble connecting to any remote servers they commonly use. If, after stealthing port 113, you do experience connection delays, such as when sending or retrieving eMail, you'll know it immediately since it's usually quite apparent, and you'll know that your ISP is using an IDENT-dependent eMail server. (But this is not common.)

The trouble experienced by most security conscious people, is that port 113 can sometimes be rather tricky to stealth . . .

Stealthing port 113 on NAT routers

NAT router manufacturers certainly don't want to get the reputation that their NAT router causes connection trouble. But NAT routers have the problem that incoming IDENT requests are inherently unsolicited. As we know, NAT routers double as terrific hardware firewalls due to their natural tendency to drop all incoming unsolicited packets, thus stealthing their owner's networks. But since stealthing port 113 can "theoretically" cause connection problems (but probably never does) NAT routers usually treat port 113 specially. They deliberately return a "closed" status, actively rejecting connection attempts . . . but blowing their otherwise full-stealth cover in the process.

New users of NAT routers, who use this site to check their security, are often disappointed to discover a single closed (blue) port floating in a calm sea of stealth green.

The good news is . . . it is possible to configure NAT routers to return them to full stealth. The trick is to use the router's own "port forwarding" configuration options to forward just port 113 into the wild blue yonder. Just tell the router to forward port 113 packets to a completely non-existent IP address, one way up at the end of your router's internal address range. The router will then NOT return a port closed status. It will simply forward the port 113 packet "nowhere" . . . and your network will be returned to full stealth status.

It is my hope that NAT routers may consider incorporating the sort of adaptive dynamic IDENT handling which has always been (uniquely) offered by the Zone Alarm personal firewall . . .

UPDATE: The latest firmware update for the Linksys family of NAT routers has added an adaptive IDENT stealthing feature (though it is not enabled by default). So the Linksys routers will give you the best of both worlds. Bravo Linksys!

Stealthing port 113 on personal firewalls

One of the things that first caught my eye about the Zone Alarm personal firewall (aside from the fact that is was free) was that it has always been very clever about handling IDENT's port 113. I recall being impressed and thinking "these guys really know what they're doing". When Zone Alarm receives an inbound connection request for port 113, it checks to see whether the computer has recently initiated any outbound connections to the remote server sending the IDENT request. If not, the IDENT packet is simply dropped, stealthing the protected machine. But if the user does have an existing "relationship" with the sender of the IDENT request, the IDENT packet is allowed to pass through Zone Alarm's firewall protection so that the user's system can respond normally (which usually means immediately returning a closed status for the port). This means that Zone Alarm is a "stateful packet inspecting personal firewall", not just a simpler static packet filter.

At the time of this writing, Zone Alarm is still the only personal firewall to offer this sort of adaptive dynamic IDENT port handling. I hope that other firewalls will follow suit once the benefits are better understood.

The good news is that since IDENT is almost never used, simple "hard stealthing" of port 113, which is available from all personal firewalls, is probably sufficient. It will allow your system to remain completely invisible on the Internet and will almost certainly never cause any connection trouble.


113がクローズなのは普通らしい

英語の相互関係

テーマ:
英語の相互関係
すべてが補完されて
英語が実用的なものになるらしい
自分の相対表
(10がもっとも多く時間を当てている部分)


  speaking(2)
      |
      |
reading(4)-writing(1)
      |
      |
  listening(10)

自分の英語経験の流れ
listening(字幕で確認しながら)

reading

speaking

writing

読めても、聞けても
しゃべれない、書けないのは当たり前。

cronに関して

テーマ:
一覧
crontab -l

* * * * * コマンド 因数

cron に登録する内容の書式は,以下の通り

分 時 日 月 曜日 コマンドと引数...
分は 0~59,時は0~23,日は1~31,月は1~12,曜日は0~7
曜日は,0と7が日曜,1が月曜…以下省略
これら5つの時間のフィールドは,特に条件がなければ,* を指定

編集
crontab -e

centos5の場合
cornの動作は
/var/log/cron
に表示される
ユーザーごとの設定は
/var/spool/cron/ユーザー名


出力をなくす
* * * * * コマンド 因数 > /dev/null 2>&1

フィンランドといえば、

北欧・キシリトール・寒そう、






勉強不足の僕ではこんなことしかイメージができませんでしたガーン





しかし、探せば日本に根付いている文化もありますね~ビックリマーク

世界シェア1位の携帯電話の端末で有名なNOKIAも

フィンランドにあるそうです。


あと、「サウナ」という言葉もフィンランド語だそうですニコニコ







今回なぜ、フィンランドを取り上げたか、 

それは、フィンランドの小学校の国語教育がすばらしいからです。




小学校の先生は、生徒の回答に必ず理由を聞きます。

「ミクシ?」という言葉なのですがニコニコ





「ほえる犬は怖いと思います」と生徒が答えれば、

「どうして?」と先生が聞き返します。





どんな当たり前のように思えることでも理由を聞きます。





大切なのは、回答よりも、しっかりとした、理由付けを求めているということです。







「原因と結果」の法則で言われるように、

物事には常に原因がつきまといます。

その原因自体に問題があれば、悪い結果になってしまう。

だから、なぜ?という質問で、原因を追究するのは、

物事を最善に進ませる一つの方法としてとても有意義な方法なんですね。






思考がまとまらない僕にとっては、

結構、目から鱗でしたよ目




何を話していいのかわからない人にとっては、

以下の流れだと話がまとまりやすいと思います。



意見

理由+具体例





右手バナースポンサーサイトです→

閲覧ご協力お願いいたします。





[PR]------------------------------------------------------

会社を辞めずに起業する「目からウロコ」起業法。「好きなこと」を
追求して、自分だけのビジネスにする週末起業家を応援する会員組織
週末起業フォーラム には、そのノウハウと実体験が満載。
大きな収入を手に入れて、独立する人も登場。ただいま会員募集中。