|
|
官方的的脚本如下:我用的就是Debian GNU/Linux 3.1
These rules were written to make OpenSSH 3.8.1p1 run on a Debian GNU/Linux 3.1 system with all capabilities disabled in all LIDS states.
#!/bin/sh
#
# openssh.sh
#
# Sample ruleset for using OpenSSH with lids.
#
/sbin/lidsconf -A -s /usr/sbin/sshd -o CAP_SETGID -j GRANT
/sbin/lidsconf -A -s /usr/sbin/sshd -o CAP_SETUID -j GRANT
/sbin/lidsconf -A -s /usr/sbin/sshd -o CAP_SYS_CHROOT -j GRANT
/sbin/lidsconf -A -s /usr/sbin/sshd -o CAP_SYS_RESOURCE -j GRANT
/sbin/lidsconf -A -s /usr/sbin/sshd -o CAP_CHOWN -j GRANT
/sbin/lidsconf -A -s /usr/sbin/sshd -o /var/log -j WRITE
/sbin/lidsconf -A BOOT -s /usr/sbin/sshd -o CAP_NET_BIND_SERVICE 22 -j GRANT
/sbin/lidsconf -A POSTBOOT -o /usr/sbin/sshd -j DENY
/sbin/lidsconf -A SHUTDOWN -o /usr/sbin/sshd -j READONLY |
|
IP卡
狗仔卡
发表于 2005-9-14 09:48:58
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡