동영상호스팅, 이미지호스팅 이야기: 커널컴파일 및 iptables 업그레이드

커널컴파일 및 iptables 업그레이드

1. 다운로드
ftp://ftp.sayclub.com/pub/Linux/kernel/v2.4/linux-2.4.26.tar.bz2
http://netfilter.org/files/iptables-1.2.11.tar.bz2
http://netfilter.org/files/patch-o-matic-ng-20040621.tar.bz2

2. 압축풀기

tar vjxf iptables-1.2.11.tar.bz2
tar vjxf linux-2.4.26.tar.bz2
tar vjxf patch-o-matic-ng-20040621.tar.bz2

3.string patch

rpm -e lokkit
rpm -e iptables
mv linux-2.4.26 /usr/src
mv iptables-1.2.11 /usr/src/iptables
ln -s linux-2.4.26 linux

cd patch-o-matic-ng-20040621
./runme extra
string.c = yes

4.kernel compile

cd /usr/src/linux
make menuconfig

rm -f include/asm
( cd include ; ln -sf asm-i386 asm)
make -C scripts/lxdialog all
make[1]: Entering directory `/usr/src/linux-2.4.24/scripts/lxdialog'
make[1]: Leaving directory `/usr/src/linux-2.4.24/scripts/lxdialog'
/bin/sh scripts/Menuconfig arch/i386/config.in
Using defaults found in .config
Preparing scripts: functions, parsing..................................................................................done.

Linux Kernel v2.4.24 Configuration
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq Main Menu qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Arrow keys navigate the menu. <Enter> selects submenus --->. Highlighted letters are hotkeys. Pressing <Y> includes,    x
x <N> excludes, <M> modularizes features. Press <Esc><Esc> to exit, <?> for Help. Legend: [*] built-in [ ] excluded x
x <M> module < > module capable x
x x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x Code maturity level options ---> x x
x x Loadable module support ---> x x
x x Processor type and features ---> x x
x x General setup ---> x x
x x Memory Technology Devices (MTD) ---> x x
x x Parallel port support ---> x x
x x Plug and Play configuration ---> x x
x x Block devices ---> x x
x x Multi-device support (RAID and LVM) ---> x x
x x Networking options --->    x x
x x Telephony Support ---> x x
x x ATA/IDE/MFM/RLL support ---> x x
x x SCSI support --->    x x
x x Fusion MPT device support ---> x x
x x IEEE 1394 (FireWire) support (EXPERIMENTAL) ---> x x
x x I2O device support --->    x x
x x Network device support --->    x x
x x Amateur Radio support ---> x x
x x IrDA (infrared) support ---> x x
x x ISDN subsystem --->    x x
x x Old CD-ROM drivers (not SCSI, not IDE) --->    x x
x x Input core support --->    x x
x x Character devices ---> x x
x x Multimedia devices --->    x x
x x File systems --->    x x
x x Console drivers ---> x x
x x Sound ---> x x
x x USB support ---> x x
x x Bluetooth support ---> x x
x x Kernel hacking --->    x x
x x Cryptographic options ---> x x
x x Library routines --->    x x
x x --- x x
x x Load an Alternate Configuration File    x x
x x Save Configuration to an Alternate File x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x    <Select>    < Exit >    < Help > x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

Linux Kernel v2.4.24 Configuration
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq Networking options qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Arrow keys navigate the menu. <Enter> selects submenus --->. Highlighted letters are hotkeys. Pressing <Y> includes,    x
x <N> excludes, <M> modularizes features. Press <Esc><Esc> to exit, <?> for Help. Legend: [*] built-in [ ] excluded x
x <M> module < > module capable x
x x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x    <*> Packet socket    x x
x x    [ ] Packet socket: mmapped IO    x x
x x    < > Netlink device emulation x x
x x    [*] Network packet filtering (replaces ipchains) x x
x x    [ ] Network packet filtering debugging x x
x x    [*] Socket Filtering x x
x x    <*> Unix domain sockets    x x
x x    [*] TCP/IP networking    x x
x x    [*] IP: multicasting x x
x x    [ ] IP: advanced router    x x
x x    [ ] IP: kernel level autoconfiguration x x
x x    < > IP: tunneling    x x
x x    < > IP: GRE tunnels over IP    x x
x x    [ ] IP: multicast routing    x x
x x    [ ] IP: ARP daemon support (EXPERIMENTAL)    x x
x x    [ ] IP: TCP Explicit Congestion Notification support x x
x x    [ ] IP: TCP syncookie support (disabled per default) x x
x x    IP: Netfilter Configuration --->    x x
x x    IP: Virtual Server Configuration ---> x x
x x    < > The IPv6 protocol (EXPERIMENTAL) x x
x x    <M> Kernel httpd acceleration (EXPERIMENTAL) x x
x x SCTP Configuration (EXPERIMENTAL) ---> x x
x x    < > Asynchronous Transfer Mode (ATM) (EXPERIMENTAL)    x x
x x    < > 802.1Q VLAN Support    x x
x x    ---    x x
x x    < > The IPX protocol x x
x x    < > Appletalk protocol support x x
x x    Appletalk devices --->    x x
x x    < > DECnet Support x x
x x    <*> 802.1d Ethernet Bridging x x
x x    <*> Bridge: ebtables x x
x x    <M> ebt: filter table support    x x
x x    <M> ebt: nat table support x x
x x    <M> ebt: broute table support    x x
x x    <M> ebt: log support x x
x x    <M> ebt: IP filter support x x
x x    <M> ebt: ARP filter support    x x
x x    <M> ebt: among filter support    x x
x x    <M> ebt: limit filter support    x x
x x    <M> ebt: 802.1Q VLAN filter support    x x
x x    <M> ebt: 802.3 filter support    x x
x x    <M> ebt: packet type filter support    x x
x x    <M> ebt: STP filter support    x x
x x    <M> ebt: mark filter support x x
x x    <M> ebt: arp reply target support    x x
x x    <M> ebt: snat target support x x
x x    <M> ebt: dnat target support x x
x x    <M> ebt: redirect target support x x
x x    <M> ebt: mark target support x x
x x    < > CCITT X.25 Packet Layer (EXPERIMENTAL) x x
x x    < > LAPB Data Link Driver (EXPERIMENTAL) x x
x x    [ ] 802.2 LLC (EXPERIMENTAL) x x
x x    [ ] Frame Diverter (EXPERIMENTAL)    x x
x x    < > Acorn Econet/AUN protocols (EXPERIMENTAL)    x x
x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqv(+)qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x    <Select>    < Exit >    < Help > x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

Linux Kernel v2.4.24 Configuration
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq IP: Netfilter Configuration qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Arrow keys navigate the menu. <Enter> selects submenus --->. Highlighted letters are hotkeys. Pressing <Y> includes,    x
x <N> excludes, <M> modularizes features. Press <Esc><Esc> to exit, <?> for Help. Legend: [*] built-in [ ] excluded x
x <M> module < > module capable x
x x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x    <*> Connection tracking (required for masq/NAT)    x x
x x    <M> FTP protocol support x x
x x    <M> Amanda protocol support    x x
x x    <M> TFTP protocol support    x x
x x    <M> IRC protocol support x x
x x    <M> Userspace queueing via NETLINK (EXPERIMENTAL)    x x
x x    <*> IP tables support (required for filtering/masq/NAT)    x x
x x    <M> limit match support    x x
x x    <M> MAC address match support    x x
x x    <M> Packet type match support    x x
x x    <M> netfilter MARK match support x x
x x    <M> Multiple port match support    x x
x x    <M> TOS match support    x x
x x    <M> recent match support x x
x x    <M> ECN match support    x x
x x    <M> DSCP match support x x
x x    <M> AH/ESP match support x x
x x    <M> LENGTH match support x x
x x    <M> TTL match support    x x
x x    <M> tcpmss match support x x
x x    <M> Helper match support x x
x x    <M> Connection state match support x x
x x    <M> Connection tracking match support    x x
x x    <M> Unclean match support (EXPERIMENTAL) x x
x x    <M> String match support (EXPERIMENTAL)    x x
x x    <M> Owner match support (EXPERIMENTAL) x x
x x    <M> Physdev match support    x x
x x    <M> Packet filtering x x
x x    <M> REJECT target support    x x
x x    <M> MIRROR target support (EXPERIMENTAL) x x
x x    <M> Full NAT x x
x x    <M> MASQUERADE target support    x x
x x    <M> REDIRECT target support    x x
x x    [*] NAT of local connections (READ HELP) x x
x x    <M> Basic SNMP-ALG support (EXPERIMENTAL)    x x
x x    <M> Packet mangling    x x
x x    <M> TOS target support x x
x x    <M> ECN target support x x
x x    <M> DSCP target support    x x
x x    <M> MARK target support    x x
x x    <M> LOG target support x x
x x    <M> ULOG target support    x x
x x    <M> TCPMSS target support    x x
x x    <M> ARP tables support x x
x x    <M> ARP packet filtering x x
x x    <M> ARP payload mangling x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x    <Select>    < Exit >    < Help > x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

Linux Kernel v2.4.24 Configuration
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq Ethernet (10 or 100Mbit) qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Arrow keys navigate the menu. <Enter> selects submenus --->. Highlighted letters are hotkeys. Pressing <Y> includes,    x
x <N> excludes, <M> modularizes features. Press <Esc><Esc> to exit, <?> for Help. Legend: [*] built-in [ ] excluded x
x <M> module < > module capable x
x x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x    [*] Ethernet (10 or 100Mbit) x x
x x    < > Sun Happy Meal 10/100baseT support x x
x x    < > Sun GEM & Apple GMAC support x x
x x    [ ] 3COM cards x x
x x    < > AMD LANCE and PCnet (AT1500 and NE2100) support    x x
x x    [ ] Western Digital/SMC cards    x x
x x    [ ] Racal-Interlan (Micom) NI cards    x x
x x    < > AT1700/1720 support (EXPERIMENTAL) x x
x x    < > DEPCA, DE10x, DE200, DE201, DE202, DE422 support x x
x x    < > HP 10/100VG PCLAN (ISA, EISA, PCI) support x x
x x    [ ] Other ISA cards    x x
x x    [*] EISA, VLB, PCI and on board controllers    x x
x x    < > AMD PCnet32 PCI support    x x
x x    < > AMD 8111 (new PCI lance) support x x
x x    < > Adaptec Starfire/DuraLAN support x x
x x    < > Ansel Communications EISA 3200 support (EXPERIMENTAL)    x x
x x    < > Apricot Xen-II on board Ethernet x x
x x    < > Broadcom 4400 ethernet support (EXPERIMENTAL)    x x
x x    < > CS89x0 support x x
x x    < > DECchip Tulip (dc21x4x) PCI support    x x
x x    < > Generic DECchip & DIGITAL EtherWORKS PCI/EISA    x x
x x    < > Digi Intl. RightSwitch SE-X support    x x
x x    < > Davicom DM910x/DM980x support    x x
x x    <M> EtherExpressPro/100 support (eepro100, original Becker driver) x x
x x    [ ] Use PIO instead of MMIO    x x
x x    <M> EtherExpressPro/100 support (e100, Alternate Intel driver) x x
x x    < > Myson MTD-8xx PCI Ethernet support x x
x x    < > National Semiconductor DP8381x series PCI Ethernet support x x
x x    < > PCI NE2000 and clones support (see help) x x
x x    <M> RealTek RTL-8139 C+ PCI Fast Ethernet Adapter support (EXPERIMENTAL) x x
x x    <M> RealTek RTL-8139 PCI Fast Ethernet Adapter support x x
x x    [ ] Use PIO instead of MMIO    x x
x x    [ ] Support for uncommon RTL-8139 rev. K (automatic channel equalization)    x x
x x    [ ] Support for older RTL-8129/8130 boards x x
x x    [ ] Use older RX-reset method    x x
x x    < > SiS 900/7016 PCI Fast Ethernet Adapter support x x
x x    < > SMC EtherPower II    x x
x x    < > Sundance Alta support    x x
x x    < > TI ThunderLAN support    x x
x x    <M> VIA Rhine support    x x
x x    [ ] Use MMIO instead of PIO (EXPERIMENTAL) x x
x x    < > Winbond W89c840 Ethernet support x x
x x    [ ] Pocket and portable adapters x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x    <Select>    < Exit >    < Help > x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

Linux Kernel v2.4.24 Configuration
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq Character devices qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Arrow keys navigate the menu. <Enter> selects submenus --->. Highlighted letters are hotkeys. Pressing <Y> includes,    x
x <N> excludes, <M> modularizes features. Press <Esc><Esc> to exit, <?> for Help. Legend: [*] built-in [ ] excluded x
x <M> module < > module capable x
x x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x    [*] Virtual terminal x x
x x    [*] Support for console on virtual terminal    x x
x x    <*> Standard/generic (8250/16550 and compatible UARTs) serial support    x x
x x    [ ] Support for console on serial port x x
x x    [ ] Extended dumb serial driver options    x x
x x    [ ] Non-standard serial port support x x
x x    [*] Unix98 PTY support x x
x x    (256) Maximum number of Unix98 PTYs in use (0-2048)    x x
x x    I2C support --->    x x
x x    Mice ---> x x
x x    Joysticks --->    x x
x x    < > QIC-02 tape support    x x
x x    < > IPMI top-level message handler x x
x x    Watchdog Cards ---> x x
x x    < > NatSemi SCx200 GPIO Support    x x
x x    < > AMD 768/8111 Random Number Generator support x x
x x    < > Intel i8x0 Random Number Generator support x x
x x    < > Intel/AMD/VIA HW Random Number Generator support x x
x x    < > AMD 76x native power management (Experimental) x x
x x    < > /dev/nvram support x x
x x    <M> Enhanced Real Time Clock Support x x
x x    < > Double Talk PC internal speech card support    x x
x x    < > Siemens R3964 line discipline    x x
x x    < > Applicom intelligent fieldbus card support x x
x x    < > Sony Vaio Programmable I/O Control Device support (EXPERIMENTAL) x x
x x    Ftape, the floppy tape device driver ---> x x
x x    <*> /dev/agpgart (AGP Support) x x
x x    [*] Intel 440LX/BX/GX and I815/I820/I830M/I830MP/I840/I845/I850/I860 support x x
x x    [*] Intel I810/I815/I830M (on-board) support x x
x x    [*] VIA chipset support    x x
x x    [*] AMD Irongate, 761, and 762 support x x
x x    [ ] AMD Opteron/Athlon64 on-CPU GART support x x
x x    [*] Generic SiS support    x x
x x    [*] ALI chipset support    x x
x x    [ ] Serverworks LE/HE support    x x
x x    [ ] NVIDIA chipset support x x
x x    [ ] ATI IGP chipset support    x x
x x    Direct Rendering Manager (XFree86 DRI support) ---> x x
x x    PCMCIA character devices ---> x x
x x    < > ACP Modem (Mwave) support    x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x    <Select>    < Exit >    < Help > x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

Linux Kernel v2.4.24 Configuration
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq File systems qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Arrow keys navigate the menu. <Enter> selects submenus --->. Highlighted letters are hotkeys. Pressing <Y> includes,    x
x <N> excludes, <M> modularizes features. Press <Esc><Esc> to exit, <?> for Help. Legend: [*] built-in [ ] excluded x
x <M> module < > module capable x
x x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x [*] Quota support x x
x x < > VFS v0 quota format support x x
x x < > Kernel automounter support    x x
x x <*> Kernel automounter version 4 support (also supports v3) x x
x x <M> Reiserfs support    x x
x x [*] Enable reiserfs debug mode    x x
x x [*] Stats in /proc/fs/reiserfs    x x
x x < > ADFS file system support (EXPERIMENTAL) x x
x x < > Amiga FFS file system support (EXPERIMENTAL)    x x
x x < > Apple HFS file system support (EXPERIMENTAL)    x x
x x < > Apple HFS+ (Extended HFS) file system support (EXPERIMENTAL)    x x
x x < > BeOS file systemv(BeFS) support (read only) (EXPERIMENTAL)    x x
x x < > BFS file system support (EXPERIMENTAL)    x x
x x <M> Ext3 journalling file system support    x x
x x [*] JBD (ext3) debugging support    x x
x x <M> DOS FAT fs support    x x
x x <M> MSDOS fs support    x x
x x < > UMSDOS: Unix-like file system on top of standard MSDOS fs x x
x x <M> VFAT (Windows-95) fs support    x x
x x < > EFS file system support (read only) (EXPERIMENTAL)    x x
x x < > Compressed ROM file system support    x x
x x [*] Virtual memory file system support (former shm fs)    x x
x x <*> ISO 9660 CDROM file system support    x x
x x [ ] Microsoft Joliet CDROM extensions x x
x x [ ] Transparent decompression extension x x
x x < > JFS filesystem support    x x
x x < > Minix fs support    x x
x x < > FreeVxFS file system support (VERITAS VxFS(TM) compatible)    x x
x x < > NTFS file system support (read only)    x x
x x < > OS/2 HPFS file system support x x
x x [*] /proc file system support x x
x x [ ] /dev file system support (EXPERIMENTAL) x x
x x [*] /dev/pts file system for Unix98 PTYs    x x
x x < > QNX4 file system support (read only)    x x
x x < > ROM file system support x x
x x <*> Second extended fs support    x x
x x < > System V/Xenix/V7/Coherent file system support    x x
x x < > UDF file system support (read only) x x
x x < > UFS file system support (read only) x x
x x Network File Systems --->    x x
x x Partition Types ---> x x
x x Native Language Support ---> x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x    <Select>    < Exit >    < Help > x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

Linux Kernel v2.4.24 Configuration
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq Native Language Support qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Arrow keys navigate the menu. <Enter> selects submenus --->. Highlighted letters are hotkeys. Pressing <Y> includes,    x
x <N> excludes, <M> modularizes features. Press <Esc><Esc> to exit, <?> for Help. Legend: [*] built-in [ ] excluded x
x <M> module < > module capable x
x x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x    Default NLS Option: "iso8859-1"    x x
x x <M> Codepage 437 (United States, Canada)    x x
x x < > Codepage 737 (Greek)    x x
x x < > Codepage 775 (Baltic Rim) x x
x x < > Codepage 850 (Europe) x x
x x < > Codepage 852 (Central/Eastern Europe) x x
x x < > Codepage 855 (Cyrillic) x x
x x < > Codepage 857 (Turkish)    x x
x x < > Codepage 860 (Portuguese) x x
x x < > Codepage 861 (Icelandic)    x x
x x < > Codepage 862 (Hebrew) x x
x x < > Codepage 863 (Canadian French)    x x
x x < > Codepage 864 (Arabic) x x
x x < > Codepage 865 (Norwegian, Danish)    x x
x x < > Codepage 866 (Cyrillic/Russian) x x
x x < > Codepage 869 (Greek)    x x
x x < > Simplified Chinese charset (CP936, GB2312)    x x
x x < > Traditional Chinese charset (Big5)    x x
x x < > Japanese charsets (Shift-JIS, EUC-JP) x x
x x <M> Korean charset (CP949, EUC-KR)    x x
x x < > Thai charset (CP874, TIS-620) x x
x x < > Hebrew charsets (ISO-8859-8, CP1255)    x x
x x < > Windows CP1250 (Slavic/Central European Languages)    x x
x x < > Windows CP1251 (Bulgarian, Belarusian)    x x
x x <M> NLS ISO 8859-1 (Latin 1; Western European Languages) x x
x x < > NLS ISO 8859-2 (Latin 2; Slavic/Central European Languages)    x x
x x < > NLS ISO 8859-3 (Latin 3; Esperanto, Galician, Maltese, Turkish)    x x
x x < > NLS ISO 8859-4 (Latin 4; old Baltic charset) x x
x x < > NLS ISO 8859-5 (Cyrillic)    x x
x x < > NLS ISO 8859-6 (Arabic)    x x
x x < > NLS ISO 8859-7 (Modern Greek)    x x
x x < > NLS ISO 8859-9 (Latin 5; Turkish)    x x
x x < > NLS ISO 8859-13 (Latin 7; Baltic) x x
x x < > NLS ISO 8859-14 (Latin 8; Celtic) x x
x x <M> NLS ISO 8859-15 (Latin 9; Western European Languages with Euro) x x
x x < > NLS KOI8-R (Russian)    x x
x x < > NLS KOI8-U/RU (Ukrainian, Belarusian) x x
x x < > NLS UTF8    x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x x x x
x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x
tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu
x    <Select>    < Exit >    < Help > x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

Saving your kernel configuration...

*** End of Linux kernel configuration.
*** Check the top-level Makefile for additional configuration.
*** Next, you must run 'make dep'.

# make dep && make clean && make bzImage && make modules && make modules_install && make install
# mkinitrd /boot/initrd-2.4.26.img 2.4.26

# cat /boot/grub/grub.conf

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
#    all kernel and initrd paths are relative to /boot/, eg.
#    root (hd0,0)
#    kernel /vmlinuz-version ro root=/dev/hda7
#    initrd /initrd-version.img
#boot=/dev/hda
default=0
timeout=10
splashimage=(hd0,0)/grub/splash.xpm.gz
title Red Hat Linux (2.4.24)
root (hd0,0)
kernel /vmlinuz-2.4.24 ro root=/dev/hda7
initrd /initrd-2.4.24.img
title Red Hat Linux (2.4.20-30.8.legacy)
root (hd0,0)
kernel /vmlinuz-2.4.20-30.8.legacy ro root=LABEL=/
initrd /initrd-2.4.20-30.8.legacy.img
title Red Hat Linux (2.4.18-14)
root (hd0,0)
kernel /vmlinuz-2.4.18-14 ro root=LABEL=/
initrd /initrd-2.4.18-14.img
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

5. iptables 설치

cd /usr/src/iptables
make KERNEL_DIR=/usr/src/linux
make install KERNEL_DIR=/usr/src/linux
make install-devel

6.firewall

#!/bin/sh

IPTABLES="/usr/local/sbin/iptables" # iptables 의 절대 경로

#########
/sbin/depmod -a

$IPTABLES -F # 체인의 규칙들을 지운다.
$IPTABLES -X # 체인을 지운다, 초기화 작업.

######################
# 초기 정책. #
######################

$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP

#######################
# Firewall Server #
#######################

$IPTABLES -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j ACCEPT
$IPTABLES -A INPUT -p tcp -s xxx.xxx.xxx.xxx-j ACCEPT
$IPTABLES -A INPUT -p udp -s xxx.xxx.xxx.xxx-j ACCEPT
$IPTABLES -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j ACCEPT
$IPTABLES -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j ACCEPT
$IPTABLES -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j ACCEPT
$IPTABLES -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j ACCEPT
$IPTABLES -A INPUT -p udp -s xxx.xxx.xxx.xxx -j ACCEPT
$IPTABLES -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j ACCEPT
$IPTABLES -A INPUT -p udp -s xxx.xxx.xxx.xxx -j ACCEPT

# SSH

$IPTABLES -A INPUT -p tcp -s xxx.xxx.xxx.xxx/26 --dport 22 -j ACCEPT
$IPTABLES -A INPUT -p tcp -s xxx.xxx.xxx.xxx/28 --dport 22 -j ACCEPT
$IPTABLES -A INPUT -p tcp -s xxx.xxx.xxx.xxx--dport 22 -j ACCEPT

$IPTABLES -A INPUT -p icmp -s xxx.xxx.xxx.xxx/28 -d xxx.xxx.xxx.xxx -j ACCEPT
$IPTABLES -A INPUT -p icmp -s xxx.xxx.xxx.xxx/26 -d xxx.xxx.xxx.xxx -j ACCEPT

# DNS

$IPTABLES -A INPUT -p udp --dport 53 -j ACCEPT
$IPTABLES -A INPUT -p udp -s xxx.xxx.xxx.xxx --dport 53 -j ACCEPT

# MAIL

$IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 110 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 110 -j ACCEPT

# FTP

$IPTABLES -A INPUT -p tcp -d xxx.xxx.xxx.xxx --sport 21 -m state --state ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -p tcp -d xxx.xxx.xxx.xxx --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p tcp -d xxx.xxx.xxx.xxx --sport 1024:65535 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -p tcp -d xxx.xxx.xxx.xxx --dport 113 -j ACCEPT
$IPTABLES -A INPUT -p tcp -d xxx.xxx.xxx.xxx --sport 113 -j ACCEPT

$IPTABLES -A INPUT -p udp -d xxx.xxx.xxx.xxx --dport 20 -j ACCEPT
$IPTABLES -A INPUT -p tcp -d xxx.xxx.xxx.xxx --dport 20 -j ACCEPT
$IPTABLES -A INPUT -p udp -d xxx.xxx.xxx.xxx --dport 21 -j ACCEPT
$IPTABLES -A INPUT -p tcp -d xxx.xxx.xxx.xxx --dport 21 -j ACCEPT

# HTTP

$IPTABLES -A INPUT -p tcp -s 0.0.0.0/0 -d xxx.xxx.xxx.xxx --dport 80 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT

# Nimda, CodeRed

$IPTABLES -A INPUT -p tcp --tcp-flags ACK ACK --dport 80 -m string --string "/default.ida?" -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -p tcp --tcp-flags ACK ACK --dport 80 -m string --string "XXXXXXXX" -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -p tcp --tcp-flags ACK ACK --dport 80 -m string --string "cmd.exe" -j REJECT --reject-with tcp-reset
$IPTABLES -A INPUT -p tcp --tcp-flags ACK ACK --dport 80 -m string --string "root.exe?" -j REJECT --reject-with tcp-reset
#$IPTABLES -A INPUT -p tcp --tcp-flags ACK ACK --dport 80 -m string --string "SEARCH /" -j REJECT --reject-with tcp-reset

# SQL Slammer

$IPTABLES -A INPUT -p udp -m string --string "Qh.dllhel32hkern" -j REJECT

# syn packet drop

$IPTABLES -A INPUT -p tcp --syn -d 220.95.230.55 -j DROP

# net send drop

#$IPTABLES -A FORWARD -p tcp --syn -d xxx.xxx.xxx.xxx/28 --sport 139 -j DROP
#$IPTABLES -A FORWARD -p tcp --syn -d xxx.xxx.xxx.xxx/24 --sport 2603 -j DROP
#$IPTABLES -A FORWARD -p udp -d xxx.xxx.xxx.xxx/24 --dport 135 -j DROP

#$IPTABLES -A INPUT -p ALL -j ACCEPT

2009년 5월 14일 목요일

커널컴파일 및 iptables 업그레이드

댓글 없음:

댓글 쓰기