Linux伺服器漏洞修復處理辦法
禁traceroute:
/sbin/iptables -A FORWARD -p icmp --icmp-type 11 -j DROP
禁traceroute和ping:
/sbin/iptables -A FORWARD -p icmp -j DROP
3.ICMP timestamp請求響應漏洞解決方案:
shell> echo "1" >/proc/sys/net/ipv4/icmp_echo_ignore_all
shell> echo "echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all">> /etc/rc.local
Windows Server 2008
Windows Server 2003參考: http://zhidao.baidu.com/question/41992099
6. rpc相關漏洞解決方案:
(和專案組確認沒有使用NFS後再操作)
shell> /etc/init.d/portmap stop && chkconfig portmap off
shell> /etc/init.d/rpcidmapd stop && chkconfig rpcidmapd off
shell> /etc/init.d/nfslock stop && chkconfig nfslock off
linux伺服器如何禁止traceroute
禁traceroute:
/sbin/iptables -A FORWARD -p icmp --icmp-type 11 -j DROP
禁traceroute和ping:
/sbin/iptables -A FORWARD -p icmp -j DROP
停用命令
service nfslock stop
chkconfig nfslock off
rpcbind服務停止命令
service portmap stop