Linux \u306b\u306f\u3001\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u3092\u9632\u5fa1\u3059\u308b\u305f\u3081\u3001exec-shield \u8a2d\u5b9a\u304c\u8a2d\u3051\u3089\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n
\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u8a2d\u5b9a\u5024\u3092\u78ba\u8a8d\u3059\u308b\u3068 CentOS \u3067\u306f\u3001\uff11\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n
# cat \/proc\/sys\/kernel\/exec-shield\r\n1<\/pre>\n\u3053\u306e\u8a2d\u5b9a\u5024\u3092\u3001\uff12 (\u6709\u52b9) \u306b\u3059\u308b\u306b\u306f\u3001echo \u30b3\u30de\u30f3\u30c9\u3067<\/p>\n
# echo 2 > \/proc\/sys\/kernel\/exec-shield<\/pre>\n\u3068\u3057\u307e\u3059\u3002<\/p>\n
\u307e\u305f\u3053\u306e\u8a2d\u5b9a\u3092\u6c38\u7d9a\u7684\u306b\u3059\u308b\u306b\u306f\u3001<\/p>\n
vi \/etc\/sysctl.conf\r\n[\u6700\u4e0b\u884c\u306b\u4ee5\u4e0b\u3092\u8ffd\u8a18]\r\nkernel.exec-shield = 2\r\n<\/pre>\n\u30fb\u4fee\u6b63\u5f8c<\/p>\n
# sysctl -p\r\n<\/pre>\n\u3068\u3057\u307e\u3059\u3002\u3057\u304b\u3057\u3053\u306e\u8a2d\u5b9a\u306f\u3001\u4ee5\u4e0b\u306e\u30ea\u30f3\u30af\u306b\u3082\u3042\u308b\u901a\u308a kernel \u30d1\u30cb\u30c3\u30af\u306b\u306a\u308a\u6700\u60aa\u3001\u30b7\u30b9\u30c6\u30e0\u304c\u8d77\u52d5\u3057\u306a\u304f\u306a\u308b\u6050\u308c\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n
http:\/\/ja.528p.com\/linux\/centos\/B007-security_tips.html<\/a><\/p>\n
\u5b9f\u969b\u3001\u5f53\u65b9\u306e\u74b0\u5883\u3067\u4e0a\u8a18\u8a2d\u5b9a\u3092\u65bd\u3057\u305f\u3068\u3053\u308d\u3001certmonger \u30b5\u30fc\u30d3\u30b9\u8d77\u52d5\u4e0d\u80fd\u3068\u306a\u308a\u30d5\u30ea\u30fc\u30ba\u3057\u307e\u3057\u305f\u3002\u8a66\u307f\u306b\u3001grub \u753b\u9762\u304b\u3089\u30b7\u30f3\u30b0\u30eb\u30e6\u30fc\u30b6\u30fc\u30e2\u30fc\u30c9\u3067\u8d77\u52d5\u3001<\/p>\n
startx<\/pre>\n\u30b3\u30de\u30f3\u30c9\u3092\u6253\u3064\u3068\u3001\/bin\/dbus-daemon: failed: Permission denied \u3068\u306a\u308aX\u30a6\u30a3\u30f3\u30c9\u30a6\u304c\u8d77\u52d5\u3057\u307e\u305b\u3093\u3067\u3057\u305f\u3002grub \u306e kernel \u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u3001[ exec-shield=0 \u3092\u4e0e\u3048\u308b\u3068\u826f\u3044 ] \u3068\u3042\u308b\u306e\u3067\u305d\u306e\u901a\u308a\u306b\u3084\u3063\u3066\u307f\u307e\u3057\u305f\u304c\u3001\u30ad\u30fc\u30ec\u30a4\u30a2\u30a6\u30c8\u304c\u9055\u3046\u306e\u304b\u3001\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u8aad\u307f\u8fbc\u3093\u3067\u3044\u306a\u3044\u611f\u3058\u3067\u3057\u305f\u3002<\/span><\/p>\n
\u30d0\u30c3\u30af\u30a2\u30c3\u30d7\u306e HDD \u306b\u63db\u88c5\u3057\u3066\u30b7\u30b9\u30c6\u30e0\u5fa9\u65e7\u3057\u305f\u306e\u3067\u3059\u304c\u3001\u3069\u3046\u3057\u3066\u3082\u8ae6\u3081\u3089\u308c\u307e\u305b\u3093\u3002<\/p>\n
\u3082\u3046\u4e00\u5ea6\u3001HDD \u3092\u5143\u306b\u623b\u3057\u3066\u30b7\u30f3\u30b0\u30eb\u30e6\u30fc\u30b6\u30fc\u30e2\u30fc\u30c9\u304b\u3089\u3001<\/p>\n
vi \/etc\/sysctl.conf\r\n[\u4ee5\u4e0b\u8a2d\u5b9a\u3092\u524a\u9664]\r\nkernel.exec-shield = 2\r\n<\/pre>\n# sysctl -p\r\n# chkconfig certmonger off\r\n# reboot\r\n<\/pre>\n\u3068\u3001\u53e9\u3044\u305f\u3068\u3053\u308d\u7121\u4e8b\u8d77\u52d5\u3057\u307e\u3057\u305f\u3002\u3064\u3044\u3067\u306b\u3001SELinux \u306e\u30ea\u30e9\u30d9\u30eb\u3082\u884c\u308f\u308c\u3066\u3000postfix \u3082\u81ea\u52d5\u8d77\u52d5\u3057\u3066\u304f\u308c\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3057\u305f\u3002\u3081\u3067\u305f\u3057\u3001\u3081\u3067\u305f\u3057\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
Linux \u306b\u306f\u3001\u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u653b\u6483\u3092\u9632\u5fa1\u3059\u308b\u305f\u3081\u3001exec-shield \u8a2d\u5b9a\u304c\u8a2d\u3051\u3089\u308c\u3066\u3044\u307e\u3059\u3002 \u30de\u30fc\u30af\u3055\u308c\u305f\u30d0\u30a4\u30ca\u30ea\u3092\u6709\u52b9\u306b\u3057\u3001\u4ee5\u5916\u306f\u7121\u52b9 \u30de\u30fc\u30af\u3055\u308c\u305f\u30d0\u30a4\u30ca\u30ea\u3092\u7121\u52b9\u306b\u3057\u3001\u4ee5\u5916\u306f\u6709\u52b9 \u5e38\u306b\u6709\u52b9 \u30c7\u30d5\u30a9\u30eb\u30c8\u306e … \u7d9a\u304d\u3092\u8aad\u3080 \u30d0\u30c3\u30d5\u30a1\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u9632\u5fa1\u8a2d\u5b9a\u3067\u30cf\u30de\u3063\u305f\u30fb\u30fb\u30fborz\u3002<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,30,6],"tags":[],"class_list":["post-129","post","type-post","status-publish","format-standard","hentry","category-linux","category-problems","category-settings"],"_links":{"self":[{"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/129","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=129"}],"version-history":[{"count":7,"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/129\/revisions"}],"predecessor-version":[{"id":137,"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/129\/revisions\/137"}],"wp:attachment":[{"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=129"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=129"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.stuffy.site\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=129"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}