CentOS7修复NFS文件共享时信息泄露漏洞

最新推荐文章于 2024-05-11 12:11:25 发布

转载最新推荐文章于 2024-05-11 12:11:25 发布 · 974 阅读

0 ·

CC 4.0 BY-SA版权

原文链接：https://blog.youkuaiyun.com/xiqi439/article/details/133774611

文章标签：

#服务器 #网络 #运维

文章讲述了如何在Linux系统中通过设置hosts.allow白名单和hosts.deny黑名单来保护共享主机的目录，防止未经授权的访问。作者提到应将目标IP地址添加到允许列表，同时将其他地址加入拒绝列表，以增强网络安全。

场景描述：我共享主机是192.168.12.15 ，将15上的目录共享到192.168.12.12和192.168.12.14上面。但是我再另外一台机器192.168.12.13上执行showmount -e 192.168.12.15时，泄露了共享目录信息。

解决方式：

1、设置白名单
[root@a ~]#vim /etc/hosts.allow
#
# hosts.allow This file contains access rules which are used to
# allow or deny connections to network services that
# either use the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
#
mountd:192.168.12.12,192.168.12.14 #<==添加客户端IP地址，相当于白名单

2、白名单外的地址都加黑名单

[root@a ~]# vim /etc/hosts.deny
#
# hosts.deny This file contains access rules which are used to
# deny connections to network services that either use
# the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# The rules in this file can also be set up in
# /etc/hosts.allow with a 'deny' option instead.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
#
mountd:all #<==添加该行，相当于黑名单