[출처] http://blog.naver.com/nuevacancion/120098582665

자, 간만에 펭귄의 허접 서버관리 강좌를 이어 가도록 하겠습니다.

올해 처음으로 쓰는 강좌가 되겠군요.

 

CentOS가 보편화되면서 yum이라는 패키지 관리 프로그램으로 대부분 패키지 업데이트를 합니다.

그러나 이 경우 yum의 패키지 업데이트가 느린 경우가 왕왕 있는데, 대표적인 것이 OpenSSH입니다.

 

CentOS 5.2에서 OpenSSH를 yum으로 업데이트하더라도 버전은 다음과 같이 표시가 됩니다.

 

[root@hosting ~]# cat /etc/redhat-release
CentOS release 5.2 (Final)
[root@hosting ~]# ssh -V
OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

 

 

현재 OpenSSH는 버전 5.3까지 나와 있는데, yum으로 업데이트하면 꼴랑 4.3p2만 깔립니다.

OpenSSH는 서버 접속과 직결되는 부분이라, 최신 버전이 나오면 바로바로 업데이트해주어야 합니다.

 

이 글에서는 Openssh 최신 버전인 5.3을 컴파일하여 설치하는 법을 다루겠습니다.

 

1. 소스 다운받기

 

먼저, 다음의 명령들을 순차적으로 수행합니다.

 

[root@klsi root]# cd /usr/local/src
[root@klsi src]# wget ftp://ftp.kaist.ac.kr/pub/OpenBSD/OpenSSH/portable/openssh-5.3p1.tar.gz
--03:34:37--  ftp://ftp.kaist.ac.kr/pub/OpenBSD/OpenSSH/portable/openssh-5.3p1.tar.gz
           => `openssh-5.3p1.tar.gz'
Resolving ftp.kaist.ac.kr... 완료.
Connecting to ftp.kaist.ac.kr[143.248.234.110]:21... connected.
anonymous로서 로그인하고 있습니다...로그인 했습니다!
==> SYST ... 완료.    ==> PWD ... 완료.
==> TYPE I ... 완료.  ==> CWD /pub/OpenBSD/OpenSSH/portable ... 완료.
==> PORT ... 완료.    ==> RETR openssh-5.3p1.tar.gz ... 완료.
길이: 1,027,130 (unauthoritative)

100%[=================================================================================================================>] 1,027,130      4.69M/s    ETA 00:00

03:34:37 (4.69 MB/s) - `openssh-5.3p1.tar.gz'가 보존되었습니다 [1027130]

 

소스 파일을 받았으면 다음 명령으로 압축을 풉니다.

 

[root@klsi src]# tar xzvfp openssh-5.3.p1.tar.gz

 

2. telnet 잠시 열어놓기

 

만약에 OpenSSH 업그레이드 도중에 SSH 접속이 끊기거나 하면 IDC에 방문해야 하는 극악한 경우가 생길 수 있습니다.

이 경우를 대비하여 telnet을 잠시 열어 놓습니다.

CentOS의 경우에는 다음과 같이 설정합니다.

 

[root@hosting ~]# vi /etc/xinetd.d/krb5-telnet

service telnet 앞 부분에 #로 주석이 되어 있으면 주석을 해제합니다.
disable = yes로 되어 있으면 no로 수정합니다.

 

저장한 후, /etc/rc.d/init.d/xinetd reload [엔터] 후 /etc/rc.d/init.d/xinetd restart [엔터]를 순서대로 수행합니다.

netstat -nlp 명령으로 23번 포트가 열려져 있는 것을 확인합니다.

 

만약 iptable rule로 23번 포트 접속을 막아 놓은 경우에는 23번 포트 접속이 가능하도록 룰을 추가하여 줍니다.

RedHat 9의 경우에는 /etc/xinetd.d/telnet 파일을 열어 편집해 줍니다. 설정 변경 방법은 CentOS와 같습니다.

여기까지 성공했으면 telnet으로 서버에 접속한 뒤 su - 명령으로 수퍼유저로 전환합니다.

 

3. 기존의 패키지 제거

 

/etc/rc.d/init.d/sshd stop 명령으로 SSH 데몬을 정지한 후

rpm -qa | grep ssh 명령으로 기존 패키지를 확인한 후 제거합니다.

제거하는 방법은 rpm -e openssh-server [엔터] -> rpm -e openssh-client [엔터] -> rpm -e openssh [엔터] 순입니다.

 

4. 컴파일하기

 

[root@klsi root]# cd /usr/local/src/openssh-5.3.p1

명령으로 소스 압축을 풀어 놓은 디렉터리로 이동한 후 다음 명령을 수행합니다.

 

단, zlib이 /usr/local/zlib에 설치되어 있다는 것을 가정하며,

zlib을 OpenSSH와 연동하지 않을 경우에는 이 옵션은 생략해도 무방합니다.

 

./configure \
--prefix=/usr/local/openssh \
--sysconfdir=/etc/ssh \
--with-zlib=/usr/local/zlib \
--with-pam \
--with-mantype=man \
--with-md5-passwords

 

configure가 끝나면 make && make install 명령으로 설치를 완료합니다.

 

5. /etc/ssh/sshd_config 환경 설정

 

설치가 되면 /etc/ssh/sshd_config 파일을 에디터로 열어 환경 설정 부분을 수정하여 줍니다.

기본적으로 아래 옵션들은 꼭 수정해 주어야 합니다.

 

Port 22 -> 다른 포트를 사용할 경우에는 변경하며, 주석을 반드시 제거해 줍니다.

Protocol 2 -> SSH1보다는 SSH2가 보안상 강력하므로 반드시 Protocol은 2로 설정합니다.

PermitRootLogin no -> 루트로 직접 접속을 허용하지 않을 경우에는 no로 설정하고, 직접 접속을 허용할 경우에는 yes로 설정합니다.

# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key -> Hostkey 앞의 주석을 제거해 줍니다.

PasswordAuthentication yes -> 패스워드 인증을 허용하는 옵션입니다. 반드시 yes로 설정합니다.
PermitEmptyPasswords no -> 빈 패스워드를 허용하지 말라는 옵션이며 반드시 no로 설정합니다.

 

6. SSH 데몬 자동 실행 스크립트 설정

 

vi /etc/rc.d/init.d/sshd 명령으로 파일을 연 후 다음 내용을 그대로 추가합니다.

 

#!/bin/bash
#
# Init file for OpenSSH server daemon
#
# chkconfig: 2345 55 25
# description: OpenSSH server daemon
#
# processname: sshd
# config: /etc/ssh/ssh_host_key
# config: /etc/ssh/ssh_host_key.pub
# config: /etc/ssh/ssh_random_seed
# config: /etc/ssh/sshd_config
# pidfile: /var/run/sshd.pid

# source function library
. /etc/rc.d/init.d/functions

# pull in sysconfig settings
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd

RETVAL=0
prog="sshd"

# Some functions to make the below more readable
KEYGEN=/usr/local/openssh/bin/ssh-keygen
SSHD=/usr/local/openssh/sbin/sshd
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
PID_FILE=/var/run/sshd.pid

do_rsa1_keygen() {
        if [ ! -s $RSA1_KEY ]; then
                echo -n $"Generating SSH1 RSA host key: "
                if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
                        chmod 600 $RSA1_KEY
                        chmod 644 $RSA1_KEY.pub
                        success $"RSA1 key generation"
                        echo
                else
                        failure $"RSA1 key generation"
                        echo
                        exit 1
                fi
        fi
}

do_rsa_keygen() {
        if [ ! -s $RSA_KEY ]; then
                echo -n $"Generating SSH2 RSA host key: "
                if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
                        chmod 600 $RSA_KEY
                        chmod 644 $RSA_KEY.pub
                        success $"RSA key generation"
                        echo
                else
                        failure $"RSA key generation"
                        echo
                        exit 1
                fi
        fi
}

do_dsa_keygen() {
        if [ ! -s $DSA_KEY ]; then
                echo -n $"Generating SSH2 DSA host key: "
                if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
                        chmod 600 $DSA_KEY
                        chmod 644 $DSA_KEY.pub
                        success $"DSA key generation"
                        echo
                else
                        failure $"DSA key generation"
                        echo
                        exit 1
                fi
        fi
}

do_restart_sanity_check()
{
        $SSHD -t
        RETVAL=$?
        if [ ! "$RETVAL" = 0 ]; then
                failure $"Configuration file or keys are invalid"
                echo
        fi
}

start()
{
        # Create keys if necessary
        do_rsa1_keygen
        do_rsa_keygen
        do_dsa_keygen

        echo -n $"Starting $prog:"
        initlog -c "$SSHD $OPTIONS" && success || failure
        RETVAL=$?
        [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
        echo
}

stop()
{
        echo -n $"Stopping $prog:"
        killproc $SSHD -TERM
        RETVAL=$?
        [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd
        echo
}

reload()
{
        echo -n $"Reloading $prog:"
        killproc $SSHD -HUP
        RETVAL=$?
        echo
}

case "$1" in
        start)
                start
                ;;
        stop)
                stop
                ;;
        restart)
                stop
                start
                ;;
        reload)
                reload
                ;;
        condrestart)
                if [ -f /var/lock/subsys/sshd ] ; then
                        do_restart_sanity_check
                        if [ "$RETVAL" = 0 ] ; then
                                stop
                                # avoid race
                                sleep 3
                                start
                        fi
                fi
                ;;
        status)
                status $SSHD
                RETVAL=$?
                ;;
        *)
                echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}"
                RETVAL=1
esac
exit $RETVAL

 

 

저장한 후에는 chmod 700 /etc/rc.d/init.d/sshd [엔터] 한 후 /etc/rc.d/rc.local 파일 맨 마지막 줄에 /etc/rc.d/init.d/sshd start 라는 명령 한 줄을 추가합니다.

 

7. SSH 데몬 구동

 

명령 프롬프트에서 다음의 명령을 입력합니다.

 

[root@klsi root]# /etc/rc.d/init.d/sshd start
sshd를 시작함:                                             [  확인  ]
[root@klsi root]#

netstat -nlp 명령으로 확인하여 22번 포트가 열려 있으면 ssh -V 명령으로 버전을 확인합니다.


[root@klsi root]# ssh -V
OpenSSH_5.3p1, OpenSSL 0.9.7a Feb 19 2003


이렇게 나오면 OpenSSH 업그레이드 작업이 모두 완료됩니다. 

/etc/rc.d/init.d/sshd start
Starting sshd:WARNING initlog is deprecated and will be removed in a future release
#ln -s /usr/local/openssh/bin/* /usr/bin
#ln -s /usr/local/openssh/sbin/* /usr/sbin

신고

tripwire

- 파일 변조여부를 모니터링 하는 프로그램
- 파일 속성 및 디렉토리 정보를 데이터베이스화 하여 변조 여부를 비교한다.
- 변경으로 인한 데이터 손상에 대한 피해를 최소화 할 수 있다.
- policy 파일은 자신 시스템 중 어느 파일/디렉토리를 감시할 것인가를 설정하는 파일로 주의 깊게 설정해야 한다.


-------------------------------------------------------------------

http://www.tripwire.org/

http://sourceforge.net/projects/tripwire/

소스파일
tripwire-2.4.1.2-src.tar.bz2 : (다운로드)

RPM파일
tripwire-2.4.1.1-1.el5.i386.rpm : (다운로드)

-------------------------------------------------------------------

tripwire - RPM 설치 로 이동

-------------------------------------------------------------------


tripwire - Source 설치



1. tripwire 다운 및 압축 해제

 
[root@server3 Desktop]# pwd
/root/Desktop
[root@server3 Desktop]# ls
tripwire-2.4.1.2-src.tar.bz2

[root@server3 Desktop]# tar xvfj tripwire-2.4.1.2-src.tar.bz2
tripwire-2.4.1.2-src/man/Makefile.am
tripwire-2.4.1.2-src/mkinstalldirs
tripwire-2.4.1.2-src/configure
tripwire-2.4.1.2-src/Makefile.in
tripwire-2.4.1.2-src/configure.in
tripwire-2.4.1.2-src/ChangeLog
tripwire-2.4.1.2-src/config.guess
tripwire-2.4.1.2-src/config.sub
tripwire-2.4.1.2-src/config.h.in
tripwire-2.4.1.2-src/INSTALL
tripwire-2.4.1.2-src/COPYING
tripwire-2.4.1.2-src/Makefile.am
tripwire-2.4.1.2-src/missing
tripwire-2.4.1.2-src/TRADEMARK
tripwire-2.4.1.2-src/MAINTAINERS
tripwire-2.4.1.2-src/aclocal.m4
tripwire-2.4.1.2-src/install-sh
tripwire-2.4.1.2-src/COMMERCIAL
tripwire-2.4.1.2-src/install/
tripwire-2.4.1.2-src/install/install.cfg
tripwire-2.4.1.2-src/install/install.sh
[root@server3 Desktop]# ls
tripwire-2.4.1.2-src
tripwire-2.4.1.2-src.tar.bz2

[root@server3 Desktop]# mv tripwire-2.4.1.2-src /usr/local/src




2.
tripwire 설치

 
[root@server3 Desktop]# cd /usr/local/src
[root@server3 src]# ls
tripwire-2.4.1.2-src

[root@server3 src]# cd tripwire-2.4.1.2-src/
[root@server3 tripwire-2.4.1.2-src]# ls
COMMERCIAL  MAINTAINERS  aclocal.m4    config.sub    install     missing
COPYING     Makefile.am  bin           configure     install-sh  mkinstalldirs
ChangeLog   Makefile.in  config.guess  configure.in  lib         policy
INSTALL     TRADEMARK    config.h.in   contrib       man         src

[root@server3 tripwire-2.4.1.2-src]# ./configure --help
`configure' configures this package to adapt to many kinds of systems.

Usage: ./configure [OPTION]... [VAR=VALUE]...

To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE.  See below for descriptions of some of the useful variables.

Defaults for the options are specified in brackets.

Configuration:
  -h, --help              display this help and exit
      --help=short        display options specific to this package
      --help=recursive    display the short help of all the included packages
  -V, --version           display version information and exit
  -q, --quiet, --silent   do not print `checking...' messages
      --cache-file=FILE   cache test results in FILE [disabled]
  -C, --config-cache      alias for `--cache-file=config.cache'
  -n, --no-create         do not create output files
      --srcdir=DIR        find the sources in DIR [configure dir or `..']

Installation directories:
  --prefix=PREFIX         install architecture-independent files in PREFIX
                          [/usr/local]
  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
                          [PREFIX]

- 중략

[root@server3 tripwire-2.4.1.2-src]# ./configure --prefix=/usr/local/tripwire

- 중략

config.status: creating Makefile
config.status: creating man/Makefile
config.status: creating man/man4/Makefile
config.status: creating man/man5/Makefile
config.status: creating man/man8/Makefile
config.status: creating src/Makefile
config.status: creating src/cryptlib/Makefile
config.status: creating src/core/Makefile
config.status: creating src/db/Makefile
config.status: creating src/fco/Makefile
config.status: creating src/fs/Makefile
config.status: creating src/tw/Makefile
config.status: creating src/twcrypto/Makefile
config.status: creating src/twparser/Makefile
config.status: creating src/util/Makefile
config.status: creating src/twprint/Makefile
config.status: creating src/twadmin/Makefile
config.status: creating src/siggen/Makefile
config.status: creating src/tripwire/Makefile
config.status: creating config.h
config.status: executing depfiles commands

[root@server3 tripwire-2.4.1.2-src]# make

- 중략

make[3]: Leaving directory `/usr/local/src/tripwire-2.4.1.2-src/src/tripwire'
make[3]: Entering directory `/usr/local/src/tripwire-2.4.1.2-src/src'
make[3]: `all-am'를 위해 할 일이 없습니다
make[3]: Leaving directory `/usr/local/src/tripwire-2.4.1.2-src/src'
make[2]: Leaving directory `/usr/local/src/tripwire-2.4.1.2-src/src'
make[2]: Entering directory `/usr/local/src/tripwire-2.4.1.2-src'
make[2]: `all-am'를 위해 할 일이 없습니다
make[2]: Leaving directory `/usr/local/src/tripwire-2.4.1.2-src'
make[1]: Leaving directory `/usr/local/src/tripwire-2.4.1.2-src'

[root@server3 tripwire-2.4.1.2-src]# make install

- 중략

----------------------------------------------
Creating key files...

(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)

Enter the site keyfile passphrase:    - 설정파일 등을 업데이트하거나 DB를 생성할 때 사용하는 키 입력
Verify the site keyfile passphrase:
Generating key (this may take several minutes)...Key generation complete.

(When selecting a passphrase, keep in mind that good passphrases typically
have upper and lower case letters, digits and punctuation marks, and are
at least 8 characters in length.)

Enter the local keyfile passphrase:     - DB를 초기화할 때 사용하는 키 입력
Verify the local keyfile passphrase:
Generating key (this may take several minutes)...Key generation complete.

----------------------------------------------
Generating Tripwire configuration file...

----------------------------------------------
Creating signed configuration file...
Please enter your site passphrase:      - configuration file을 생성하기 위해 site 키 입력
Wrote configuration file: /usr/local/tripwire/etc/tw.cfg

A clear-text version of the Tripwire configuration file
/usr/local/tripwire/etc/twcfg.txt
has been preserved for your inspection.  It is recommended
that you delete this file manually after you have examined it.


----------------------------------------------
Customizing default policy file...

----------------------------------------------
Creating signed policy file...
Please enter your site passphrase:      - policy file을 생성하기 위해 site 키 입력
Wrote policy file: /usr/local/tripwire/etc/tw.pol

A clear-text version of the Tripwire policy file
/usr/local/tripwire/etc/twpol.txt
has been preserved for your inspection.  This implements
a minimal policy, intended only to test essential
Tripwire functionality.  You should edit the policy file
to describe your system, and then use twadmin to generate
a new signed copy of the Tripwire policy.


----------------------------------------------
The installation succeeded.

Please refer to
for release information and to the printed user documentation
for further instructions on using Tripwire 2.4 Open Source.

make[3]: Leaving directory `/usr/local/src/tripwire-2.4.1.2-src'
make[2]: Leaving directory `/usr/local/src/tripwire-2.4.1.2-src'
make[1]: Leaving directory `/usr/local/src/tripwire-2.4.1.2-src'
[root@server3 tripwire-2.4.1.2-src]#




3. tripwire 실행

 
[root@server3 tripwire-2.4.1.2-src]# cd /usr/local/tripwire - 설치 폴더
[root@server3 tripwire]# pwd
/usr/local/tripwire
[root@server3 tripwire]# ls
doc  etc  lib  man  sbin  share
[root@server3 tripwire]# cd sbin
[root@server3 sbin]# ls
siggen  tripwire  twadmin  twprint

[root@server3 sbin]# ./tripwire --help or twadmin --help
tripwire: File integrity assessment application.

Open Soure Tripwire(R) 2.4.1.2 built for i686-pc-linux-gnu

Open Source Tripwire 2.4 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered
trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
for details use --version. This is free software which may be redistributed
or modified only under certain conditions; see COPYING for details.
All rights reserved.
Usage:

Database Initialization:  tripwire [-m i|--init] [options]
Integrity Checking:  tripwire [-m c|--check] [object1 [object2...]]
Database Update:  tripwire [-m u|--update]
Policy Update:  tripwire [-m p|--update-policy] policyfile.txt
Test:  tripwire [-m t|--test] --email address

Type 'tripwire [mode] --help' OR
'tripwire --help mode [mode...]' OR
'tripwire --help all' for extended help
[root@server3 ~]#

-------------------------------------------------------------------

1. tripwire 데이터 베이스 생성 (초기화)

[root@server3 sbin]# ./tripwire --init or ./twadmin --init
Please enter your local passphrase: 
Parsing policy file: /usr/local/tripwire/etc/tw.pol
Generating the database...
*** Processing Unix File System ***
The object: "/VMware" is on a different file system...ignoring.
The object: "/backup" is on a different file system...ignoring.
The object: "/home2" is on a different file system...ignoring.
The object: "/media/IRIVER-1GB" is on a different file system...ignoring.
The object: "/media/IRIVER-1GB_" is on a different file system...ignoring.
The object: "/media/MEMO-4GB" is on a different file system...ignoring.
The object: "/media/MXR2" is on a different file system...ignoring.
The object: "/misc" is on a different file system...ignoring.
The object: "/net" is on a different file system...ignoring.
The object: "/raid1" is on a different file system...ignoring.
The object: "/sys" is on a different file system...ignoring.
### Warning: File system error.
### Filename: /usr/local/doc
### \xea\xb7\xb8\xeb\x9f\xb0 \xed\x8c\x8c\xec\x9d\xbc\xec\x9d\xb4\xeb\x82\x98
### \xeb\x94\x94\xeb\xa0\x89\xed\x86\xa0\xeb\xa6\xac\xea\xb0\x80
### \xec\x97\x86\xec\x9d\x8c
### Continuing...

- 중략

Wrote database file: /usr/local/tripwire/lib/tripwire/server3.co.kr.twd
The database was successfully generated.
[root@server3 sbin]#

-------------------------------------------------------------------

2. 무결성 검사

[root@server3 sbin]# ./tripwire --check - 무결성 검사

- 중략

-------------------------------------------------------------------------------
*** End of report ***

Open Source Tripwire 2.4 Portions copyright 2000 Tripwire, Inc. Tripwire is a registered
trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;
for details use --version. This is free software which may be redistributed
or modified only under certain conditions; see COPYING for details.
All rights reserved.
Integrity check complete.
[root@server3 sbin]#

-------------------------------------------------------------------

무결성 검사가 끝나고 나면 xxx.twr 이라는 파일이 생성된다.

[root@server3 ~]# cd /usr/local/tripwire/lib/tripwire/report/
[root@server3 report]# ls
server3.co.kr-20090203-114212.twr - twr 파일은 암화화 되어있기 때문에 twprint를 이용해 txt파일로 변환해 준다.

-------------------------------------------------------------------

[root@server3 sbin]# pwd
/usr/local/tripwire/sbin
[root@server3 sbin]# ./twprint -m r --twrfile /usr/local/tripwire/lib/tripwire/report/server3.co.kr-20090203-114212.twr > report.txt
[root@server3 sbin]# vi report.txt - 파일의 속성 및 디렉토리 정보를 데이터 베이스화 한 정보를 볼 수 있다.
Note: Report is not encrypted.
Open Source Tripwire(R) 2.4.1 Integrity Check Report

Report generated by:          root
Report created on:            2009년 02월 03일 (화) 오전 11시 42분 12초
Database last updated on:     Never

===============================================================================
Report Summary:
===============================================================================

Host name:                    server3.co.kr
Host IP address:              127.0.0.1
Host ID:                      None
Policy file used:             /usr/local/tripwire/etc/tw.pol
Configuration file used:      /usr/local/tripwire/etc/tw.cfg
Database file used:           /usr/local/tripwire/lib/tripwire/server3.co.kr.twd
Command line used:            ./tripwire --check

===============================================================================
Rule Summary:
===============================================================================

-------------------------------------------------------------------------------
  Section: Unix File System
-------------------------------------------------------------------------------

  Rule Name                       Severity Level    Added    Removed  Modified
  ---------                       --------------    -----    -------  --------
* Tripwire Data Files             0                 1        0        0
* Monitor Filesystems             0                 0        0        19
* User Binaries and Libraries     0                 0        0        1
  Tripwire Binaries               0                 0        0        0
  OS Binaries and Libraries       0                 0        0        0
  Temporary Directories           0                 0        0        0
* Global Configuration Files      0                 0        0        2
  System Boot Changes             0                 0        0        0
  RPM Checksum Files              0                 0        0        0
  OS Devices and Misc Directories 0                 0        0        0
  OS Boot Files and Mount Points  0                 0        0        0
* Root Directory and Files        0                 3        0        15

Total objects scanned:  243249
Total violations found:  41

- 중략

-------------------------------------------------------------------

3. 데이터베이스 업데이트

[root@server3 sbin]# ./tripwire --update - 무결성 검사가 끝난 후에는 자신의 시스템에 대한 데이터베이스를 만들고 저장한다.
### Error: File could not be opened.
### Filename:
### /usr/local/tripwire/lib/tripwire/report/server3.co.kr-20090203-133624.twr
### \xea\xb7\xb8\xeb\x9f\xb0 \xed\x8c\x8c\xec\x9d\xbc\xec\x9d\xb4\xeb\x82\x98
### \xeb\x94\x94\xeb\xa0\x89\xed\x86\xa0\xeb\xa6\xac\xea\xb0\x80
### \xec\x97\x86\xec\x9d\x8c
### Exiting...
[root@server3 sbin]#



[출처] http://bban2.tistory.com/236
신고

출처 loves0508님의 블로그 | 시쿵
원문 http://blog.naver.com/loves0508/3092689
Linux on Tomcat 자동 실행 하기

linux에서 부팅시 tomcat 자동시작
부팅시 tomcat 가동하기...

# vi /etc/rc.d/tomcat 새로운 파일을 만든다

################### 여기 부터 ##########################
#!/bin/sh
# Source function library.
. /etc/rc.d/init.d/functions

source /etc/profile
export TOMCAT_HOME=/usr/local/tomcat4

# See how we were called.
case "$1" in
start)
echo -n "Starting tomcat EXPERIMENTAL: "
daemon $TOMCAT_HOME/bin/startup.sh
echo
;;
stop)
echo -n "Shutting down tomcat EXPERIMENTAL: "
daemon $TOMCAT_HOME/bin/shutdown.sh
echo
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac

exit 0
###################### 여기 까지 ######################

# chmod 755 /etc/rc.d/romcat  권한 설정
# /etc/rc.d/tomcat   실행테스트

Usage : {start|stop|restart} 이 메세지가 뜨면 완성

# cd /etc/rc.d
# ln -s tomcat rc3.d/S90tomcat
# ln -s tomcat rc5.d/S90tomcat
# ln -s tomcat rc6.d/K90tomcat

각 폴더 에 링크 생성(부팅시 텍스트 모드,그래픽모드)

신고

+ Recent posts

티스토리 툴바