最近对HPUX应用进行测试时,发现应用程序存在安全问题,因此需望通过防火墙对主机加固,本来应用网络上有防火墙,但懒得去找人加策略了,直接查主机上的防火墙看看,一查主机装了ipfilter,呵呵,# ipf -Vipf: HP IP Filter: v3.5alpha5 (A.11.23.15.01) (376)Kernel: HP IP Filter: v3.5alpha5 (A.11.23.15.01) Running: yesLog Flags: 0 = none setDefault: pass all, Logging: availableActive list: 0# ipfstat -iblock in on lan0 proto tcp from 10.25.2.17/32 to any# ipfstatdropped packets: in 0 out 0non-data packets: in 0 out 0no-data packets: in 0 out 0non-ip packets: in 0 out 0 bad packets: in 0 out 0copied messages: in 0 out 0 IPv6 packets: in 0 out 0 input packets: blocked 0 passed 0 nomatch 0 counted 0 short 0output packets: blocked 0 passed 0 nomatch 0 counted 0 short 0 input packets logged: blocked 0 passed 0output packets logged: blocked 0 passed 0 packets logged: input 0 output 0 log failures: input 0 output 0fragment state(in): kept 0 lost 0fragment state(out): kept 0 lost 0packet state(in): kept 0 lost 0packet state(out): kept 0 lost 0TCP connections: in 0 out 0 ICMP replies: 0 TCP RSTs sent: 0Invalid source(in): 0Result cache hits(in): 0 (out): 0IN Pullups succeeded: 0 failed: 0OUT Pullups succeeded: 0 failed: 0Fastroute successes: 0 failures: 0TCP cksum fails(in): 0 (out): 0Packet log flags set: (0) none# 进入/etc/opt/ipf目录,看了一下ipf.conf文件,发现是空的,直接vi 一个test.rule文件,加入测试策略:block in quick from 10.10.2.17/32 to any执行ipfstat -Fa -f ./test.rule没有提示问题,再执行ipfstat -i# ipfstat -iblock in quick from 10.10.2.17/32 to any看来策略加得成功了,在我们机器上hpux 11.23默认启动了ipf,不然,可以去/sbin/init.d/ipfboot查看启动脚本了。通过10.10.2.17这台主机ping,telnet 22端口,发现都失败了,看来是正常的啦,通过ipfstat可以查看到block的包的。按照HP文档上的DEBUG方法,发现有一台机器配置后,就是不生效,使用ipfstat查看所有显示为0,使用kcmodule -a可以列出ipl这些模块加载正常,但查看/etc/rc.log时,发现启动时netconf中有错,修改后,需要重启主机,只能等有机会重启后再测试了
阅读(1941) | 评论(0) | 转发(0) |