Linux(S) 7-25 ÇÁ·Ï½Ã ¼¹ö - squidclient »ç¿ë¹ý
Linux(S) 7-25 ÇÁ·Ï½Ã ¼¹ö | | | Linux (security) |
2006.07.26. 11:02 |
|
Ä«Æä¸Å´ÏÀú |
À¥
ºê¶ó¿ìÀú¿¡¼ ÇÁ·Ï½Ã ¼öµ¿»ç¿ë ¼³Á¤ÈÄ À¥Á¢¼ÓÀÌ ¾ÊµÈ´Ù.
-±âº»ÀûÀ¸·Î squid ´Â ¸ðµç À¥Á¢¼ÓÀ» ¸·°í ÀÖ´Ù.
-> vi /etc/squid/squid.conf ¸¦ ¿¾î¼
acl internel_network src 192.168.x.0/24
http_access allow internel_network
-> ȯ°æ¼³Á¤ÀÌ º¯°æµÇ¾úÀ¸¹Ç·Î service squid reload
-> À¥ºê¶ó¿ìÀú¿¡¼ Á¤»ó ÀÛµ¿ È®ÀÎ
squidclient ¸í·É¾î - Ŭ¶óÀ̾ðÆ®°¡ Á¢¼ÓÇÏ°íÀÚ ÇÏ´Â À¥¼¹öÀÇ À¥ÆäÀÌÁö¸¦
°¡Áö°í ¿À´Â ¸í·É¾î
-v ¿É¼Ç : À¥¼¹öÀÇ À¥ÆäÀÌÁö¸¦ °¡Á®¿Í¼ ȸ鿡 »Ñ·ÁÁÜ
-g ¿É¼Ç : ping mode
¿¹) squidclient -v http://www.naver.com
squidclient -v http://www.bmw.com
squidclient -g 5 http://www.naver.com
squidclient -g 5 http://www.yale.edu
---> À§ÀÇ 2 ¸í·É¾îÀÇ °á°ú°ªÀÌ ¸¹ÀÌ ´Ù¸£°Ô ³ª¿Â´Ù
ÀÌÀ¯´Â yale.edu À¥ÆäÀÌÁö´Â ÇÁ¶ô½Ã¿¡ ÀÇÇØ Ä³½³ÀÌ µÇ¾î¼
ùÆäÀÌÁö¸¸ ´Ê°Ô °¡Á®¿ÀÁö¸¸ 2~5¹ø°´Â ºü¸£°Ô °¡Á®¿Â´Ù
work(192.168.x.20) ÀÇ shell ¸í·É¾î¿¡¼ proxy ¸¦ ÀÌ¿ëÇϵµ·Ï ¼³Á¤
- export http_proxy=http://192.168.72.10:3128
- À§ÀÇ ¼³Á¤Àº ´Ü¹ß¼ºÀ̹ǷΠ°è¼ÓÀûÀÎ »ç¿ëÀ» Çϱâ À§Çؼ´Â »ç¿ëÀÚÀÇ
ȯ°æ¼³Á¤ ÆÄÀÏÀ» ¼öÁ¤ÇØ¾ß ÇÑ´Ù.
vi .bash_prifile
http_proxy=http://192.168.x.10:3128 À̶ó Ãß°¡ÇÏ°í
export PATH http_proxy ¸¦ Ãß°¡
ACL Syntax --> /etc/squid/squid.conf ¼³Á¤
1. acl Á¤ÀÇ
acl acl_name type{src/dst/time/dstdomain...} {¹®ÀÚ¿/"ÆÄÀϸí"}
2. acl Àû¿ë
http_access {allow/deny} acl_name
¿¹) ³»ºÎ³×Æ®¿÷¿¡¼ work(192.168.72.20) ÀÌ Æ®·¡ÇÈÀ» ¸¹ÀÌ ¹ß»ý ÇÏ´Â °ü°è·Î
ÀÎÅÍ³Ý ¼ÇÎÀ» ±ÝÁöÇÏ°í ½Í´Ù.
1. acl bad_hosts src 192.168.x.20
acl bad_hosts src 192.168.x.33
acl bad_hosts src 192.168.x.157
http_access deny bad_hosts
2. acl bad_hosts src "/etc/squid/bad_hosts"
http_access deny bad_hosts
"/etc/squid/bad_hosts" ÀÇ ³»¿ë -> 192.168.x.20
192.168.x.35
192.168.x.124
½Ã°£À» ÀÌ¿ëÇÑ acl ¼³Á¤
¿¹) ȸ»ç³»ÀÇ Àü »ç¿øÀÌ ¾÷¹«½Ã°£(¿ÀÀü9½Ã~¿ÀÈÄ6½Ã¹Ý) ¿¡´Â ÀÎÅÍ³Ý ¼ÇÎÀ»
¸øÇϵµ·Ï ±ÝÁö½ÃÅ°°íÀÚ ÇÑ´Ù.(ÁÖ5ÀÏ ±Ù¹« ȸ»ç)
acl work_hour time MTWHF 09:00-12:00
acl work_hour time MTWHF 13:00-18:30
http_access deny work_hour
ºÒ·® »çÀÌÆ®(°ÔÀÓ,äÆÃ,Áõ±Ç,¼ºÀÎ...)¿¡ Á¢¼ÓÀ» ±ÝÁöÇÏ°í ½Í´Ù.
acl bad_sites dstdomain "/etc/squid/bad_sites"
http_access deny bad_sites
/etc/squid/bad_sites -> .hangame.com
.skylove.com
.daishin.co.kr
# service squid restart
- À¥ºê¶ó¿ìÁ®½ÇÇà -> ÇØ´ç »çÀÌÆ® Á¢¼Ó ¾ÈµÈ´Ù. -
¿¡·¯¸Þ½ÃÁöÀÇ ÇѱÛÈ
-±âº»ÀûÀ¸·Î ¿¡·¯ ¸Þ½ÃÁö´Â ¿µ¾î
- vi /etc/squid/squid.conf ÆÄÀÏÀ» ¿¾î¼ Çà¹øÈ£ 2825¹ø°ÁÙ ÁÖÀ§ÀÇ ÁÖ¼®Ã³¸®µÈ
#error_directory /usr/share/squid/errors/English À» ´ÙÀ½°ú °°ÀÌ ÁÖ¼®Á¦°ÅÇÏ°í
error_directory /usr/share/squid/errors/Korean À¸·Î ¼öÁ¤
- service squid reload
keywork filtering - ƯÁ¤ Å°¿öµå°¡ url °æ·Î Æ÷ÇÔÀÌ µÇ¸é
Á¢¼ÓÇã¿ë/Â÷´ÜÀ» »ç¿ëÇÒ ¼ö ÀÖ´Ù.
ƯÁ¤ Å°¿öµå(game,sex,adult,kill,chat...)°¡ µé¾îÀÖ´Â ½ÎÀÌÆ® Á¢¼ÓÀ» Â÷´ÜÇÏ°í ½Í´Ù.
acl bad_keyword url_regex -i "/etc/squid/bad_keyword"
http_access deny bad_keyword
"/etc/squid/bad_keyword" ÀÇ ³»¿ë -> game
sex
adult
# man perlre -> Á¤±ÔÇ¥Çö½Ä ¾Ë¾Æº¸±â
ÀÎÅÍ³Ý »ó¿¡¼ ½ÇÇàÆÄÀÏ(*.exe, *.vbs, *.bat...)ÀÇ ´Ù¿î·Îµå¸¦ Â÷´ÜÇÏ°í ½Í´Ù.
acl bad_suffix url_regex "/etc/squid/bad_suffix"
http_access deny bad_suffix
"/etc/squid/bad_suffix" ÀÇ ³»¿ë -> .*\.exe$
.*\.vbs$
.*\.bat$
-¿öÅ©ÄÄ¿¡¼-
# yum install httpd
# cd /var/www/html
# seq 10 > test.txt
# cp test.txt backdoor.vbs
# cp test.txt virus.exe
# service httpd start
-¼¹öÄÄ¿¡¼-
À¥ºê¶ó¿ìÀú¿¡¼ ¿öÅ©ÀÇ ÆÄÀÏÀ» ´Ù¿î·Îµå -> ¿¹) http://192.168.x.20/backdoor.vbs
test.txt´Â µÇÁö¸¸ backdoor.vbs´Â µÇÁö ¾Ê´Â´Ù.\