next up previous
$B LIDS$B$N%$%s%9%H!<%k(B $B>e$X(B: 5$B7nJY6/2qH/I=%l%]!<%H(B $BLa$k(B: 5$B7nJY6/2qH/I=%l%]!<%H(B

LIDS$B$H$O2?$+(B

Linux/Unix$B$G$O!"(Broot$B%"%+%&%s%H$OA4$F$N8"8B$r;}$C$F$$$^$9!#(Broot$B%"%+%&%s%H$O!"%U%!%$%k%7%9%F%`$N:n@.$d%M%C%H%o!<%/%+!<%I$N@_Dj$J$I$r9T$$!"%m%0$N4IM}$J$I$b9T$$$^$9!#$3$N(Broot$B%"%+%&%s%H$K8"8B$,=8Cf$9$k;v$KIU$$$F$N4m81@-$O!"4{$KC/$b$,G'<1$7$F$$$kLdBj$G$9!#(BBufferOverfolow$B$J$I$K$h$j(Broot$B8"8B$G0-0U$N%W%m%0%i%`$J$I$rF0:n$5$;$i$l$F$7$^$&$H%7%9%F%`A4BN$,4m81$K;/$5$l$F$7$^$$$^$9!#(B $B$3$N4m81@-$KBP$9$k0l$D$N2r$H$7$F!"(BLIDS(Linux Intruder Detection System)$B$,$"$j$^$9!#$3$l$O!"(BKernel$B$K%Q%C%A$r$"$F$k;v$K$h$j!"(Broot$B%"%+%&%s%H$K$b@)8B$r3]$1$F!"I,MW$J%W%m%0%i%`$N$_$,I,MW$J%U%!%$%k$K$N$_?($l$k$h$&$K$9$k$b$N$G$9!#(B LIDS$B$rM-8z$K$7$?%+!<%M%k$G5/F0$9$k;v$K$h$j!"0J2<$N$h$&$J5!G=$,;HMQ$G$-$^$9!#(B
  1. $B%]!<%H%9%-%c%s$N8!=P!#$3$l$O!"%+!<%M%k%3%s%Q%$%k;~$K;XDj$9$k%*%W%7%g%s$G$9$,!"$3$l$r;XDj$9$k;v$K$h$j!"(Bnmap$B$J$I$+$i$N%]!<%H%9%-%c%s$r(Bsyslog$B$K;D$9;v$,=PMh$^$9!#(B
  2. $B%U%!%$%k%"%/%;%9@)8B!#3F%U%!%$%k$d%G%#%l%/%H%j$KBP$7$F!"(Bread/write/append/deny$B$N@)8B$r@_$1$k;v$,=PMh$^$9!#(B
  3. $B%W%m%;%9Kh$K=PMh$k;v$N@)8B!#$3$l$K$h$j!"!V(B/usr/local/bin/httpd$B$O!"(BPort80$B$N$_$r%M%C%H%o!<%/$G;HMQ$G$-$k!W$J$I$N@)8B$,=PMh$^$9!#(B
  4. LKM(LinuxKernelModule)$B$NFI$_9~$_@)8B!#(BNIC$B%I%i%$%P$d!"%G%#%9%/!"%U%!%$%k%7%9%F%`$J$I$N%b%8%e!<%kFI$_9~$_$r!"Iu0u(B(seal)$B$r9T$&;v$K$h$j@)8B$9$k;v$,=PMh$^$9!#$3$l$K$h$j!"(BKernel$B%b%8%e!<%k$H$7$F%m!<%I$5$l$F$7$^$&%?%$%W$N%H%m%$$NLZGO$rKI$0;v$,=PMh$^$9!#(B
LIDS$B$N5!G=$NCf$G!"%U%!%$%k%"%/%;%9@)8B$O!"%+!<%M%k5/F08e$9$0$KM-8z$K$J$j$^$9!#%W%m%;%9Kh$N@)8B$d!"(BLKM$B$NFI$_9~$_@)8B$O!"%+!<%M%k$rIu0u(B(seal)$B$9$k$3$H$K$h$j!"M-8z$K$J$j$^$9!#$^$?!"(BLIDS$B$rM-8z$K$7$?%+!<%M%k$G5/F0$7$F$$$k>uBV$G$b!"(Blidsadm($B8e=R(B)$B$r;HMQ$7$F!"CuBV$K$9$k$3$H$,$G$-$^$9!#$3$l$K$h$j!"%+!<%M%k$r2?EY$b:F5/F0$9$k;vL5$/!"(BLIDS$B$N@_Dj$rJQ99$9$k;v$,=PMh$^$9!#(B

Kazuki Omo $BJ?@.(B15$BG/(B5$B7n(B16$BF|(B