{"id":161,"date":"2013-07-30T10:00:00","date_gmt":"2013-07-30T01:00:00","guid":{"rendered":"https:\/\/jikoman.sin-cos.com\/blog\/?p=161"},"modified":"2013-07-30T10:00:00","modified_gmt":"2013-07-30T01:00:00","slug":"dti_30-2","status":"publish","type":"post","link":"https:\/\/jikoman.sin-cos.com\/blog\/2013\/07\/dti_30-2\/","title":{"rendered":"DTI\u30b5\u30fc\u30d0\u30fc\u69cb\u7bc9\uff17 \u300c\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5411\u4e0a\u59d4\u54e1\u4f1a\u300d"},"content":{"rendered":"<p>\u6700\u4f4e\u9650\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u306f\u3084\u3063\u3066\u304a\u304f\u3002\u57fa\u672c\u306f\u5927\u4e8b\u3002<\/p>\n<p>ServersMan@VPS\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a<br>\n<a href=\"http:\/\/dream.jp\/vps\/esp\/manual\/mnl_security_01.html\" target=\"_blank\" rel=\"noopener noreferrer\">http:\/\/dream.jp\/vps\/esp\/manual\/mnl_security_01.html<\/a><\/p>\n<p>\u516c\u5f0f\u30b5\u30dd\u30fc\u30c8\u306e\u60c5\u5831\u3092\u5143\u306b\u3001<\/p>\n<p># useradd <i>newusername<\/i><br>\n# passwd <i>newusername<\/i><br>\n\u30e6\u30fc\u30b6\u30fc <i>newusername<\/i> \u306e\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u5909\u66f4\u3002<br>\n\u65b0\u3057\u3044\u30d1\u30b9\u30ef\u30fc\u30c9:<i>***<\/i><br>\n\u65b0\u3057\u3044\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u518d\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044:<i>***<\/i><br>\npasswd: \u5168\u3066\u306e\u8a8d\u8a3c\u30c8\u30fc\u30af\u30f3\u304c\u6b63\u3057\u304f\u66f4\u65b0\u3067\u304d\u307e\u3057\u305f\u3002<br>\nSSH\u3067\u63a5\u7d9a\u3057\u306a\u304a\u3057\u3066\u3001<br>\n\u65b0\u3057\u3044\u30e6\u30fc\u30b6\u30fc\u3067\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u305f\u3089\u3001root\u306b\u306a\u308c\u308b\u304b\u3092\u78ba\u8a8d\uff01<\/p>\n<p>[newusername@newhost ~]$ su &#8211;<br>\n\u30d1\u30b9\u30ef\u30fc\u30c9:***<br>\n[root@newhost ~]#<br>\n\u306a\u308c\u305f\u3089\u3001root\u306b\u306a\u308c\u308b\u30e6\u30fc\u30b6\u30fc\u3092\u9650\u5b9a\u3059\u308b\u305f\u3081\u306b\u3001root\u306b\u306a\u308c\u308b\u30e6\u30fc\u30b6\u30fc\u3092wheel\u30b0\u30eb\u30fc\u30d7\u306b\u5165\u308c\u308b\u3002<\/p>\n<p># usermod -G wheel newusername<br>\nsudo\u304c\u4f7f\u3048\u308b\u30e6\u30fc\u30b6\u30fc\u3092wheel\u30b0\u30eb\u30fc\u30d7\u306e\u30e6\u30fc\u30b6\u30fc\u3060\u3051\u306b\u5236\u9650\u3059\u308b\u3002<br>\nvisudo\u306f\u3001sudo\u304c\u4f7f\u3048\u308b\u30e6\u30fc\u30b6\u30fc\u3092\u5909\u66f4\u3059\u308b\u305f\u3081\u306e\u30a8\u30c7\u30a3\u30bf\u3002<br>\n&#8220;sudo vi \/etc\/sudoers&#8221;\u3068\u540c\u3058\u3053\u3068\u3002<\/p>\n<p>$ visudo<br>\n&nbsp;\u6b21\u306e\u884c\u306e\u30b3\u30e1\u30f3\u30c8(#)\u3092\u5916\u3057\u3066\u3001\u4fdd\u5b58(:wq)\u3002<\/p>\n<p>%wheel &nbsp; ALL=(ALL) &nbsp; &nbsp; &nbsp;ALL<br>\nwheel\u30b0\u30eb\u30fc\u30d7\u306e\u30e6\u30fc\u30b6\u30fc\u306f\u3001sudo\u304c\u4f7f\u3048\u308b\u304b\u3092\u78ba\u8a8d\u3002<\/p>\n<p>[newusername@newhost ~]$ sudo ls \/<\/p>\n<p>We trust you have received the usual lecture from the local System<br>\nAdministrator. It usually boils down to these three things:<\/p>\n<p>&nbsp; &nbsp; #1) Respect the privacy of others.<br>\n&nbsp; &nbsp; #2) Think before you type.<br>\n&nbsp; &nbsp; #3) With great power comes great responsibility.<\/p>\n<p>[sudo] password for newusername:***<br>\naquota.group &nbsp;bin &nbsp; dev &nbsp;home &nbsp;lib64 &nbsp;mnt &nbsp;proc &nbsp;sbin &nbsp; &nbsp; srv &nbsp;tmp &nbsp;var<br>\naquota.user &nbsp; boot &nbsp;etc &nbsp;lib &nbsp; media &nbsp;opt &nbsp;root &nbsp;selinux &nbsp;sys &nbsp;usr<br>\n[newusername@newhost ~]$<br>\n\u305d\u306e\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306f\u4f7f\u3048\u306a\u3044\u304b\u3092\u78ba\u8a8d\u3002<\/p>\n<p>[notwheeluser@newhost ~]$ sudo ls \/<br>\n[sudo] password for notwheeluser:***<br>\nnotwheeluser is not in the sudoers file. &nbsp;This incident will be reported.<br>\n[notwheeluser@newhost ~]$<br>\n\u78ba\u8a8d\u304c\u7d42\u308f\u3063\u305f\u3089\u3001\u6b21\u306froot\u306b\u306a\u308c\u308b\u30e6\u30fc\u30b6\u30fc\u3082\u5236\u9650\u3059\u308b\u3002<\/p>\n<p>$ sudo vi \/etc\/pam.d\/su<br>\n\u6b21\u306e\u884c\u306e\u30b3\u30e1\u30f3\u30c8(#)\u3092\u5916\u3057\u3066\u4fdd\u5b58\u3002<br>\nauth &nbsp; &nbsp; &nbsp; required &nbsp; &nbsp; pam_wheel.so use_uid<\/p>\n<p>wheel\u30b0\u30eb\u30fc\u30d7\u306e\u30e6\u30fc\u30b6\u30fc\u306f\u3001root\u306b\u306a\u308c\u308b\u304b\u3092\u78ba\u8a8d\uff01<\/p>\n<p>[newusername@newhost ~]$ su &#8211;<br>\n\u30d1\u30b9\u30ef\u30fc\u30c9:***<br>\n[root@newhost ~]<b>#<\/b><br>\n<br>\n\u305d\u306e\u4ed6\u306e\u30e6\u30fc\u30b6\u30fc\u306f\u3001root\u306b\u306a\u308c\u306a\u3044\u4e8b\u3092\u78ba\u8a8d\uff01<\/p>\n<p>[notwheeluser@newhost ~]$ su &#8211;<br>\n\u30d1\u30b9\u30ef\u30fc\u30c9:***<br>\nsu: \u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u9055\u3044\u307e\u3059<br>\n[notwheeluser@newhost ~]$<br>\n\u6700\u5f8c\u306b\u3001SSH\u306broot\u3067\u76f4\u63a5\u30ed\u30b0\u30a4\u30f3\u51fa\u6765\u306a\u3044\u69d8\u306b\u8a2d\u5b9a\u5909\u66f4\u3002<\/p>\n<p># vi \/etc\/ssh\/sshd_config<br>\n\u3061\u306a\u307f\u306b\u3001&#8221;\/&#8221;\u306e\u5f8c\u306b\u691c\u7d22\u3057\u305f\u3044\u6587\u5b57\u5217\u3092\u5165\u308c\u308b\u3068\u691c\u7d22\u304c\u53ef\u80fd<br>\n\u6b21\u306e\u884c\u3092\u5165\u308c\u308b\u3002<\/p>\n<p>PermitRootLogin no<br>\nPermitEmptyPasswords no<br>\nSSH\u3092\u518d\u8d77\u52d5\u3057\u3066\u3001root\u3067\u30ed\u30b0\u30a4\u30f3\u3067\u304d\u306a\u3044\u304b\u8a66\u3057\u307e\u3057\u3087\u3046\u3002<\/p>\n<p># service sshd restart<\/p>\n<div>\n\u3067\u3082\u3001root\u3067\u5165\u308c\u306a\u304f\u306a\u308b\u3068\u3001\u5236\u9650\u3092\u6c17\u306b\u3057\u306a\u3044\u3068\u3044\u3051\u306a\u3044\u304b\u3089\u4e0d\u4fbf\u306a\u3093\u3067\u3059\u3088\u306d\uff5e\u3002<\/div>\n\n\n<p><a href=\"https:\/\/px.a8.net\/svt\/ejp?a8mat=25VJAH+72TKGQ+1QFI+109XW1\" rel=\"nofollow\"><img loading=\"lazy\" decoding=\"async\" border=\"0\" width=\"728\" height=\"90\" alt=\"\" src=\"https:\/\/www24.a8.net\/svt\/bgt?aid=130801769428&amp;wid=002&amp;eno=01&amp;mid=s00000008091006093000&amp;mc=1\"><\/a>\n<img loading=\"lazy\" decoding=\"async\" border=\"0\" width=\"1\" height=\"1\" src=\"https:\/\/www11.a8.net\/0.gif?a8mat=25VJAH+72TKGQ+1QFI+109XW1\" alt=\"\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u6700\u4f4e\u9650\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u306f\u3084\u3063\u3066\u304a\u304f\u3002\u57fa\u672c\u306f\u5927\u4e8b\u3002 ServersMan@VPS\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a http:\/\/dream.jp\/vps\/esp\/manual\/mnl_security_01.html \u516c\u5f0f\u30b5\u30dd\u30fc\u30c8\u306e\u60c5 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,130],"tags":[17,43],"class_list":["post-161","post","type-post","status-publish","format-standard","hentry","category-pc","category-130","tag-dti","tag-vps"],"_links":{"self":[{"href":"https:\/\/jikoman.sin-cos.com\/blog\/wp-json\/wp\/v2\/posts\/161","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jikoman.sin-cos.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jikoman.sin-cos.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jikoman.sin-cos.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jikoman.sin-cos.com\/blog\/wp-json\/wp\/v2\/comments?post=161"}],"version-history":[{"count":0,"href":"https:\/\/jikoman.sin-cos.com\/blog\/wp-json\/wp\/v2\/posts\/161\/revisions"}],"wp:attachment":[{"href":"https:\/\/jikoman.sin-cos.com\/blog\/wp-json\/wp\/v2\/media?parent=161"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jikoman.sin-cos.com\/blog\/wp-json\/wp\/v2\/categories?post=161"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jikoman.sin-cos.com\/blog\/wp-json\/wp\/v2\/tags?post=161"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}