1. &RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± &,36*$
&8562'(
6(*85$1d$(0
5('(6/,18;
$XWRU5HQDWR0DUWLQL
UPDUWLQL#FLSVJDRUJEU
0DUoRGH
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 1

2. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
XUVRGH6HJXUDQoDHP5HGHV
RPLWHGH,QFHQWLYRD3URGXomR
GR6RIWZDUH*UDWXLWRH$OWHUQDWLYR
,36*$
$XWRU
5HQDWR0DUWLQL
UPDUWLQL#FLSVJDRUJEU
0DUoRGH
RSULJKW F

3. 5HQDWR 0DUWLQL
3HUPLVVLRQ LV JUDQWHG WR FRS GLVWULEXWH DQGRU PRGLI WKLV GRFXPHQW XQGHU WKH WHUPV RI WKH *18 )UHH
'RFXPHQWDWLRQ /LFHQVH 9HUVLRQ RU DQ ODWHU YHUVLRQ SXEOLVKHG E WKH )UHH 6RIWZDUH )RXQGDWLRQ ZLWK WKH
,QYDULDQW 6HFWLRQV EHLQJ /,67 7+(,5 7,7/(6 ZLWK WKH )URQWRYHU 7H[WV EHLQJ /,67 DQG ZLWK WKH %DFNRYHU
7H[WV EHLQJ /,67
$ FRS RI WKH OLFHQVH LV LQFOXGHG LQ WKH VHFWLRQ HQWLWOHG *18 )UHH 'RFXPHQWDWLRQ /LFHQVH
RSULJKW F

4. 5HQDWR 0DUWLQL
( JDUDQWLGD D SHUPLVVmR SDUD FRSLDU GLVWULEXLU HRX PRGLILFDU HVWH GRFXPHQWR VRE RV WHUPRV GD *18 )UHH 'RFXPHQWDWLRQ /LFHQVH
YHUVmR RX TXDOTXHU RXWUD YHUVmR SRVWHULRU SXEOLFDGD SHOD )UHH 6RIWZDUH )RXQGDWLRQ VHP REULJDWRULHGDGH GH 6Ho}HV ,QYDULDQWHV QD
DEHUWXUD H DR ILQDO GRV WH[WRV
8PD FRSLD GD OLFHQoD GHYH VHU LQFOXtGD QD VHomR LQWLWXODGD *18 )UHH 'RFXPHQWDWLRQ /LFHQVH
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 2

5. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
ËQGLFH
1 SEGURANÇA: FUNDAMENTOS ......................................................................................................................................... 4
1.1 Introdução ................................................................................................................................................................ 4
1.2 Segurança: o conceito .............................................................................................................................................. 4
1.3 Segurança e as ferramentas de rede......................................................................................................................... 6
1.4 Nosso objetivo .......................................................................................................................................................... 7
2 0 FIREWALL: DUAS SOLUÇÕES EM AMBIENTE LINUX...................................................................................................... 9
2.1 Uma palavra inicial sobre firewalls ......................................................................................................................... 9
2.2 Firewalls e acesso remoto: o Secure Shell ............................................................................................................. 10
2.3 Firewalls: solução Linux ........................................................................................................................................ 15
2.4 A filtragem de pacotes ............................................................................................................................................ 16
2.5 IPCHAINS (The Enhanced IP Firewalling Chains Software for Linux) ................................................................ 17
2.6 The SINUS Firewall - a TCP/IP packet filter for Linux ......................................................................................... 32
3 MONITORAÇÃO DA REDE ............................................................................................................................................... 56
3.1 Os scanners de rede................................................................................................................................................ 56
3.2 Saint: Security Administrator's Integrated Network Tool....................................................................................... 72
+8/B9= ................................................................................................................................................. 80
+8/B9 +$ ....................................................................................................................................................................... 81
+8/B9 ,$ ....................................................................................................................................................................... 82
+8/B9 -$ ....................................................................................................................................................................... 90
+8/B9 .$ ......................................................................................................................................................................... 96
+8/B9 /$ ......................................................................................................................................................................... 99
,3,6391+03+ 1/+6 ..................................................................................................................... 100
SOBRE O AUTOR DA APOSTILA .................................................................................................... 102
*18 )5(( '280(17$7,21 /,(16( ....................................................................................... 103
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 3

6. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
1 Segurança: Fundamentos
1.1 Introdução
9 YLTO^S`Y NO]^O NYM_WOX^Y ¤ WY]^K MYWY Y 6SX_b YPOOMO _WK
]YV_”ÁYMYWZVO^KZKKYZYLVOWKNK]OQ_KX”K9L]O`O]OK[_S[_O
]O PKVKWY] ]YV_”ÁY€ XÁY ]SQXSPSMK K ObS]^ XMSK NO _W ]S]^OWK
KL]YV_^KWOX^O ]OQ_Y 9 6SX_b YPOOMO S]^Y ]SW K] POKWOX^K]
XOMO]]£SK] ZKK K QO]^ÁY NK ]OQ_KX”K X_W WSMY S]YVKNKWOX^O Y_
X_WKSX^KXO^OOX^ÁY^KVSX^KXO^MYXOM^KNK§1KXNOONO/]^O
NYM_WOX^YNO]MO`OSX^YN_^YSKWOX^O^KS]POKWOX^K]OZYLVOWK]NO
]OQ_KX”K
1.2 Segurança: o conceito
K^KOWY] ]OQ_KX”K MYWY ]OXNY K O]^S”ÁY NY] OM_]Y] NO _W
WSMYMYWZ_^KNY Y_ NO _WK ONO Y_ NO ZYӃO] NO]^K ONO ZKK
Y_^Y] _]_£SY] Y_ MYWZ_^KNYO] =OQ_KX”K XKNK WKS] ¤ NY [_O K
QO]^ÁYNO^KVO]^S”ÁYY[_OMYX]^S^_SZY^KX^Y_WKZYV´^SMKNO
]OQ_KX”K Y_ MYWY ]O NSd OW SXQV ]$ ]OM_S^c ZYVSMc 9 [_O
]SQXSPSMK ^ÁY]YWOX^O [_O X_WK ONO R£ NO^OWSXKNY] OM_]Y]
K[_S`Y] NS]ZY]S^S`Y] NO RKNaKO O^M [_O O]^ÁY NS]ZYX´`OS]
ZKK O]^O MYWZ_^KNY Y_ ^SZY NO _]_£SY WK] [_O ZY Y_^Y VKNY
PSMKWO]^S^Y]K^KVY_[_KVMYWZ_^KNYO]^OTKOVOPYKY_NOX^Y
NKONO
7O]WY _W ]S]^OWK MYWY Y KX^SQY .9= SWZVOWOX^K`K _W ^SZY NO
]OQ_KX”K MVKY [_O ]SXQOVK POX^O KY] =9 W_V^S_]_£SY] MYWY Y
6SX_b Y_ [_KV[_O ^SZY NO ]S]^OWK ?83B 8Y .9= R£ NO^OWSXKNY]
K[_S`Y]YM_V^Y]R£K[_S`Y]MYWK^SL_^Y]ZKK[_O]OZOWS^K[_O
O]^O ]YWOX^O ]OTK VSNY O^M :Y MYX]OQ_SX^O R£ O]^S”ÁY NO
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 4

7. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
£OK]€NY=9-VKY[_O^_NYS]]YX_W]S]^OWK.9=Y_WO]WYXK]_K
]O[_ XMSK RS]^¥SMK Y ASXNYa] #b ZY]]_OW O]^S”ÉO] [_O
PKMSVWOX^OL_VKWY]7K]Y.9=ASXNYa]XÁYPYKWPOS^Y]ZKKONO9
OM_]Y NY XO^aYUSXQ XÁY ¤ OWL_^SNY L_SV^SX SX^´X]OMY KY
ASXNYa]ZYS]]YWO]WY^YNY]Y]OWLKK”Y][_O]O_]_]_£SY]ZY]]_OW
KYYZOKOWXK3X^OXO^MYWYZYObOWZVYXYPKWY]Y,KMU9SPSMO
96SX_b¤_W]S]^OWKW_V^S_]_£SYO]]OXMSKVWOX^O _W =9 MKZKMS^KNY
ZKKK]ONO]XÁY¤_WOM_]Y[_OVROPYSKMO]MSNYOb^OXKWOX^O
/^YNY=9NOONOO]^KLOVOMOZS`SV¤QSY]MYWYPYWKNO]OQ_KX”K$R£
_]_£SY] O]ZOMSKS] XK XYWOXMVK^_K MYO^K =_ZO?]_£SY] Y_
_]_£SY YY^ [_O ZYNOW KV^OK K[_S`Y] O]ZOMSKS] NY ]S]^OWK
WYX^K ZK^SӃO] ]OTKW VYMKS] Y_ OWY^K] NO]VSQK K ONO O^M 9
_]_£SYMYW_W]OWZS`SV¤QSY]XÁYZYNOPKd VY :Y¤W [_KXNY XY]
NO]VYMKWY] NK ¥^SMK NO _W MYWZ_^KNY ZOX]KNY S]YVKNKWOX^O S]^Y ¤
_WK ¦XSMK O]^K”ÁY NO ^KLKVRY _]KNY ZY _WK] ZO]]YK] NSQKWY]
`OWY] [_O ]O MYVYMK ]OW N¦`SNK Y ^OWK NK ]OQ_KX”K 7K] [_KXNY
YL]O`KWY]_WKONOVYMKVK]OQ_KX”K¤_W^OWKKSXNKWKS]_QOX^O
8_WK SX^KXO^ §] `OdO] NS`O]Y] OM_]Y] NO `£SY] WSMY] O]^ÁY
SX^ONS^KNY] NO _W NOZK^KWOX^Y ZY ObOWZVY / ]YLO^_NY [_KXNY
O]^K SX^KXO^ MYXOM^K]O K 3X^OXO^ Y [_O ¤ [_K]O SXO`S^£`OV K
]OQ_KX”K^YXK]OKSXNKWKS]_QOX^OOP_XNKWOX^KV
:YNO´KWY]O][_OWK^SdKK]]SW$
ONO'''''''''''''''''''' INTERNET!
6YMKVf0SOaKVVf
''''''''''''''''''''
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 5

8. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
1.3 Segurança e as ferramentas de rede
8_W ¦XSMY WSMY Y_ X_WK ONO VYMKV NO ZO[_OXY W¤NSY Y_ QKXNO
ZY^O O K]]SW [_KXNY O]^K ONO O]^£ MYXOM^KNK XK 1KXNO ONO K
]OQ_KX”K^OW[_O]OQOSNKOVYQY`OOWY]Y6SX_b^OW^YNK]K]
POKWOX^K]OKNYM_WOX^K”ÁYXOMO]]£SK]ZKKS]]Y
.O`O]OVOWLK[_O^KS]POKWOX^K]]ÁYSX¦^OS] ]O Y KNWSXS]^KNY
XÁY ^S`O _WK ZYV´^SMK NO ]OQ_KX”K 8ÁY MYX]^S^_S YLTO^S`Y NO]^O
NYM_WOX^Y ^K^K ObZVSMS^KWOX^O NY ^OWK 6OS^_K] SXSMSK]
YLSQK^¥SK] ZKK ^KX^Y ]ÁY$ Y 0- # SX^S^_VKNY NO =S^O
=OM_S^c2KXNLYYUR^^Z$aaaPMONS^YYQO]MS^YZY,0K]O
]O^OWLY NO ##!% O Y 6SX_b =OM_S^c 29A9
P^Z$]_X]S^O_XMON_Z_L6SX_bNYM]29A9NO50OXdSO.AO]US
WKSY NO ##% O Y VS`Y NO :K_V =Oc 0OKWOX^K] :YNOY]K] ZKK
ONO] OW 6SX_b ON -S XMSK 7YNOXK +VS Y VOS^Y OXMYX^K£ ZY
MO^Y Y] OX]SXKWOX^Y] SXSMSKS] ZKK K MYX]^_”ÁY NK ZYV´^SMK NO
]OQ_KX”K NO ]_K ONO O [_O Y 0- # ZYZSKWOX^O NOPSXO MYWY
_WK NOMVKK”ÁY PYWKV NO OQK] [_O MYXMONOW KMO]]Y K OM_]Y] NO
SXPYWK”ÁY O ^OMXYVYQSK O [_O VYQY NO`OW ]O M_WZSNK] .O`OWY]
VOWLK KSXNK [_O Y KV_XY ZYNO£ OXMYX^K _WK O_XSÁY LK]^KX^O
KLKXQOX^ONOPOKWOX^K]ZKK^YNY]Y]]KLYO]€NO]S]^OWK]?83B
XY ]S^O R^^Z$aaa]OM_S^cPYM_]MYW `S]S^K YLSQK^¥SK ZKK ^YNY
K[_OVO[_O]OYM_ZKMYW]OQ_KX”K
1Y]^K´KWY] NO O]_WS K[_S KVQ_X] ZYX^Y] NY 6SX_b =OM_S^c 29A9
ARK^ KO cY_ ^cSXQ ^Y ZY^OM^)€ / Y .O`OVYZSXQ K
]OM_S^c ZYVSMc€ O OVO] NO`OW ]O VO`KNY] OW MYX]SNOK”ÁY KX^O]
WO]WY NO ]O MSK _WK ZYV´^SMK NO ]OQ_KX”K ZKK K ]_K ONO +X^O]
NO ZY^OQO ]O_ ]S]^OWK `YM NO`O ]KLO NO [_O ^SZY NO KWOK”K ]O
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 6

9. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
O]^£ ^OX^KXNY ZY^OQO ]O K^KMKNY Y [_O O]^£ OW TYQY @OTKWY]
OX^ÁY$
*O risco é a possibilidade que um intruso possa ter sucesso ao tentar invadir seus computadores. Um intruso pode, ao
acessar seus arquivos, danificar dados críticos? Não se esqueça, também, que ao possuir uma conta de sua rede, o
intruso pode se passar por você.
*As ameaças serão sempre no sentido de se obter acesso não-autorizado em sua rede ou computador. Há portanto
vários tipos de intrusos e, então, diferentes tipos de ameaça a sua rede.
*Há o curioso: esse tipo de intruso se interessa pelo tipo de dado e sistema você possui.
*Há o malicioso: esse quer em síntese derrubar o seu sistema, destruir dados, destruir os documento publicados no
seu Web server, etc. É o chamado cracker.
*Há o intruso de “alto-nível” (High-Profile): ele quer obter popularidade mostrando suas habilidades ao invadir seu
sistema.
*Há o competidor: esse que conhecer seus dados para obter algum ganho com isso.
*Por fim, “vulnerabilidade” descreve o quão bem protegido é seu computador, e o que se perderá se alguém obter
acesso não-autorizado a algum(ns) computador(res).
Portanto, crie uma política de segurança para sua rede que seja simples e genérica e que todos os usuários
possam prontamente compreender e seguir. Você pode proteger dados tanto quanto respeitar a privacidade dos
usuários
1.4 Nosso objetivo
/W]_WKXY]]KSX^OX^Y¤WY]^KMYWYT£NS]]OWY]K]POKWOX^K]
XOMO]]£SK] ZKK K MYX]^_”ÁY O QO XMSK NO _WK ZYV´^SMK NO
]OQ_KX”KOWKWLSOX^O6SX_bYNY]]ÁY]YP^aKO] KLO^Y] O MYLO^Y]
ZOVK1:61OXOKV:_LVSM6SMOX]ONK18?K]]SWMYWYKNYM_WOX^K”ÁY
NS]ZYX´`OV:KK^KX^YXY]]YMKWSXRYXÁYMYWO”K£NK]OQ_KX”KVYMKV
1
RFC é o acrônimo de Request for Comments, um enorme conjunto de documentos organizados pela INTERNIC reunindo
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 7

10. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
Y_]OTK_WKONOSX^OXK]OQ_XNYKXYWOXMVK^_KNY=S^O=OM_S^c
2KXNLYYU OW NSO”ÁY § ]OQ_KX”K Ob^KXO^ ONO Ob^OXK
-YX^KSKWOX^O SOWY] NK ]OQ_KX”K Ob^OXK ZK]]KXNY YL`SKWOX^O
ZOVK][_O]^ÁYNO]OQ_KX”KXKONOSX^KXO^ZYS]YPSOaKVV^KWL¤W
YM_ZK]OMYWO]^OZYX^YZKKK]OQ_KX”KSX^OXK
informações sobre TCP/IP e outros protocolos, assim como Redes, segurança, correio eletrônico, etc.
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 8

11. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
2 0 Firewall: duas soluções em ambiente Linux
2.1 Uma palavra inicial sobre firewalls
0SOaKVV ¤ _WK ZKONO€ [_O ]OZKK ]_K SX^KXO^ NY W_XNY Ob^OSY
S]^Y ¤ K SX^OXO^ 7K] ^KWL¤W _W PSOaKVV ZYNO ]O _]KNY
OPSMSOX^OWOX^OX_WKSX^KXO^[_OXÁYMROQKK^OKMO]]Y§SX^OXO^
:YS] ZYNO PSV^K ZKMY^O] [_O ZK]]KW NO _WK W£[_SXK K Y_^K X_WK
SX^KXO^
Definindo:
Um firewall é todo sistema conjunto de hardware e software que
é elaborado para proteger uma intranet de usuários
potencialmente perigosos, visto que não autorizados.
/X^O^KX^Y K MKZKMSNKNO OPO^S`K NO MYX^YVO NO _W PSOaKVV ¤
SWZVOWOX^KNK KY Z¡]O OX^O K ONO VYMKV O K SX^OXO^ NO PYWK K
O`S^K [_O Y W_XNY ^OXRK KMO]]Y K NKNY] ZK^SM_VKO] 7K] XÁY
O]^KWY] PKMO K PKMO MYW KVQY K]]SW MYWY _W ZYQKWK€ P£MSV O
]SWZVO] NO ObOM_^K :YS] MYWY T£ `SWY] _W PSOaKVV ^OW
SX[_O]^SYXK`OVWOX^O_WKXK^_OdKKLKXQOX^O
8ÁY RK`OSK ZYLVOWK] NO ]OQ_KX”K ]O `YM MYWY [_O S]YVK]]O ]O_]
MYWZ_^KNYO] Y_ ]_K ONO NY W_XNY 7K] _WK SX^KXO^ ¤
P_XNKWOX^KVWOX^O _WK ONO SX^OXK [_O _]K ^OMXYVYQSK] AYVN ASNO
AOL ZKK ZK^SVRK ^KOPK] O SXPYWKӃO] OX^O NOZK^KWOX^Y] OY_
VYMKS]OWY^Y]€8ÁYZY]]YSX]^KVK_W]O`SNY+ZKMROX_WKW£[_SXK
O POMRK Y KMO]]Y K ]O_] NKNY] OW WO_ PSOaKVV ^ÁY ZY_MY ZY]]Y
POMRKYKMO]]YK^YNY]Y]MYWZ_^KNYO][_OPYWKWKONOW_XNSKV
2
Definiçao retirada de SCO OpenServer© Internet Services (v.5.0.4 may 1997), p. 11.
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 9

12. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
/]^OO][_OWKWY]^KKSWZVOWOX^K”ÁY]SWZVO]NO_WPSOaKVV$
YNK`SK NO`O´KWY] XY^K OW XY]]Y O][_OWK [_O XY]]K ONO ^OW [_O
ZY]]_S_WRY]^_WLK]^SYXRY]^[_OVSQKNYKYY^OKNYXY]ZÉOOW
MYX^K^YMYWYW_XNY»LK]^KX^OMYX]OX]_KV[_O^KVW£[_SXKNO`O^O
]O_] ]O`S”Y] NO]VSQKNY] Y W´XSWY NO ZY^K] NO`OW O]^K K^S`K]
:KK^KX^YYKV_XYNO`O]OQ_SK]YSOX^K”ÉO]L£]SMK]ZKKNO]VSQK
]O`S”Y] XY ]O_ SXO^N 9 6SX_b NK ON 2K^ ZY]]_S _WK POKWOX^K NO
]O^_ZOWWYNY^Ob^Y:YNO]O_]£VKMYWY_WKSX^OPKMO`KVSY]KZKK
NO]VSQK]O`S”Y]MYWYP^Z^P^Z^OVXO^O^M@YM ZYNOMRKW£VKXY
MYX]YVO K ZK^S NY MYWKXNY ]O^_Z Y_ MRKWK NSO^KWOX^O ZOVY
MYWKXNYXO^]c]`ZYS]KPOKWOX^K]O^_Z¤KZOXK]_WKSX^OPKMOZKK
NS`O]Y] Y_^Y] ZYQKWK] NO MYXPSQ_K”ÁY 3Q_KVWOX^O XÁY ]O PKd
XOMO]]£SYKSX]^KVK”ÁYNY]S]^OWKQ£PSMYBPOO9RY]^O]ZYX]£`OV
ZOVY PSOaKVV NO XY]]K ONO NO`O ]O _WK W£[_SXK OXb_^K€ MYW K
ZSYSNKNO¥L`SKNOM_WZSK]P_X”ÉO]NOPSOaKVV
2.2 Firewalls e acesso remoto: o Secure Shell
:KK Y KMO]]Y OWY^Y KY XY]]Y PSOaKVV NO`OWY] _]K Y ]YP^aKO ==2
=OM_O =ROVV ]]R$ R^^Z$aaa]]RYQ O XÁY ^OVXO^ Y_ ]R Y_
VYQSX WO]WY ZY[_O T£ ^K^KWY] NO NO]VSQ£VY] 9 ]]R ¤ _W ZKMY^O
MYWZVO^Y ZKK VYQSX OWY^Y [_O ^OW K MKZKMSNKNO NO MSZ^YQKPK
_^SVSdKXNY]ONKK_^OX^SMK”ÁYPY^O=+KMYW_XSMK”ÁYOX^OONO]O
RY]^] XÁYMYXPS£`OS] +]]SW ]OXNY ^YNK] K] MYW_XSMK”ÉO] ]ÁY
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 10

13. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
MSZ^YQKPKNK] + =+ ¤ _]KNK ZKK _W SX^OMŸWLSY NO MRK`O]€ X_W
O][_OWKNOMRK`O]Z¦LVSMK]OZS`KNK]O_WW¤^YNYNOMSZ^YQKPSK
3./+ ,VYaPS]R O^M ¤ _]KNY ^KWL¤W ZKK MSZ^YQKPK K ]O]]ÁY
OWY^K K ]O KLO^K 9 [_O ¤ SWZY^KX^O XY ]]R ¤ [_O Y ]YP^aKO
NS]ZKK K MSZ^YQKPSK KX^O] NY ZYMO]]Y NO K_^OX^SMK”ÁY Y_ ]OTK
KX^O]NKMROMKQOWNK]]OXRK]:Y^KX^YXOXR_WK]OXRK¤OX`SKNKZOVK
ONOOWKLO^Y]OWMSZ^YQKPSK
+WKSYZK^ONK]NS]^SL_S”ÉO]K^_KS]NY6SX_bT£`OWMYWK`O]ÁY
!NO]^OZYQKWKK¦V^SWK`O]ÁY¤KMRKWKNKNO]]R
=O MYX]OQ_S Y ]]R K^K`¤] NO _W ZKMY^O :7 LK]^K SX]^KV£VY MYW Y
MYWKXNYZWS`R€/VOSX]^KVK£Y]]OQ_SX^O]K[_S`Y]$
$UTXLYRV 'HVFULomR
VVKG 'DHPRQ TXH URGD QD PiTXLQDVHUYLGRU
HVSHUD R SHGLGR GR FOLHQWH VVK DXWHQWLFD D
FRQH[mR H LQLFLD D VHVVmR
VVKRXVORJLQ OLHQWH SURJUDPD XVDGR SDUD ORJLQ H H[HFXomR
GH RXWURV FRPDQGRV
VFS 8VDGR SDUD FRSLDU DUTXLYRV GH XP FRPSXWDGRU
SDUD RXWUR HP VHJXUDQoD
VVKNHJHQ 8VDGR SDUD FULDU FKDYHV 56$
VVKDJHQW $JHQWH SDUD D DXWHQWLFDomR GDV FKDYHV
VVKDGG 8VDGR SDUD UHJLVWUDU QRYDV FKDYHV
PDNHVVKNQRZQKRVWV 6FULSW SHUO XVDGR SDUD FULDU R DUTXLYR
HWFVVKBNQRZQBKRVWV D VHU XVDGR SHOR '16
OKVSdKNKKSX]^KVK”ÁYMYW bS^Y`KWY]QOKWY]OX^ÁY_WKMRK`O=+
ZKKY_]_£SYYY^X_WRY]^MRKWKNYKVZRK_]KXNYYMYWKXNYNO]MS^Y
KMSWK]]RUOcQOX/XMYX^K´KWY]ZYObOWZVYK]OQ_SX^O]K´NK$
URRW#DOSKD @ VVKNHJHQ
,QLWLDOL]LQJ UDQGRP QXPEHU JHQHUDWRU
*HQHUDWLQJ S GLVWDQFH

14. *HQHUDWLQJ T GLVWDQFH

15. RPSXWLQJ WKH NHV
7HVWLQJ WKH NHV
.H JHQHUDWLRQ FRPSOHWH
(QWHU ILOH LQ ZKLFK WR VDYH WKH NH URRWVVKLGHQWLW

16. (QWHU SDVVSKUDVH HQWUH FRP D VHQKD QDGD VHUi HFRDGR

17. 3
A autenticação RSA é baseada numa chave pública de criptografia. Uma chave para criptografar e a outra para
descriptografar. A chave pública é usada para criptografar, e a chave para descriptografar por sua vez é privada, mas
jamais poderemos derivar esta chave de descriptografar da outra.
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 11

18. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
(QWHU WKH VDPH SDVVSKUDVH DJDLQ LGHP

19. RXU LGHQWLILFDWLRQ KDV EHHQ VDYHG LQ URRWVVKLGHQWLW
RXU SXEOLF NH LV
URRW#FLSVJDRUJEU
RXU SXEOLF NH KDV EHHQ VDYHG LQ URRWVVKLGHQWLWSXE
.OZYS] NO QOKWY] XY]]K] MRK`O] K Z¦LVSMK O K ZS`KNK O O]^K]
]OOW QK`KNK] XY NSO^¥SY NO XY]]K O]MYVRK K[_S KMOS^KWY] K
WOVRYYZ”ÁYKNOPK_V^NY]]RUOcQOX`KWY]^OX^KKLS_WK]O]]ÁY
]OQ_K 7K] KX^O] ^OWY] NO MKOQK Y ZYQKWK ]O`SNY NY ]]R Y
]]RN /bOM_^KOWY] ]]RN WKX_KVWOX^O ZKK ^KX^Y Y KV_XY NO`O
NSQS^K$ O^MMNSXS^N]]RN ¤ MYW O]]O ]MSZ^ [_O Y ON 2K^
6SX_b ]KLSNKWOX^O MKOQK OW ^YNK SXSMSKVSdK”ÁY Y NKOWYX ]OW
ZY^KX^Y K XOMO]]SNKNO NO _WK ObOM_”ÁY WKX_KV .OZYS] KV_XY NO`O
`OSPSMKMYWKPOKWOX^KXO^]c]`NYON2K^]OY]]RNO]^£WKMKNY
ZKK ObOM_”ÁY K_^YW£^SMK .O`O ]O ^O K^OX”ÁY ZKK ^KV NO^KVRO
ZY[_O ]O Y ]]R Y MVSOX^O XÁY OXMYX^K Y ]]RN YNKXNY OVO
YPOOMO K ZY]]SLSVSNKNO NO _WK ]O]]ÁY XÁY]OQ_K `SK ]R -YWY XY
ObOWZVYKLKSbY$
URRW#EHWD URRW@ VVK DOSKD
6HFXUH FRQQHFWLRQ WR DOSKD UHIXVHG UHYHUWLQJ WR LQVHFXUH PHWKRG
8VLQJ UVK :$51,1* RQQHFWLRQ ZLOO QRW EH HQFUSWHG
HQFUSWHG Õ
3DVVZRUG

20. +]]SW MO^Y] [_O Y ]]RN O]^£ K^S`Y XY RY]^ KVZRK X_WK Y_^K
W£[_SXK[_OMRKWKWY]LO^KMKOQKWY]YMVSOX^O]]RZKKMYXOM^KMYW
YRY]^KVZRK`OTKWY]$
URRW#EHWD @ VVK DOSKDFLSVJDRUJEU
+RVW NH QRW IRXQG IURP WKH OLVW RI NQRZQ KRVWV
$UH RX VXUH RX ZDQW WR FRQWLQXH FRQQHFWLQJ HVQR

21. HV
+RVW
EHWDFLSVJDRUJEU
DGGHG WR WKH OLVW RI NQRZQ KRVWV
UHDWLQJ UDQGRP VHHG ILOH aVVKUDQGRPBVHHG 7KLV PD WDNH D ZKLOH
URRW#DOSKDFLSVJDRUJEU
V SDVVZRUG HQWUD FRP VHQKD QDGD p HFRDGR@
/DVW ORJLQ IURP 6DW -DQ IURP DOSKD
URRW#DOSKD URRW@
@KWY]OX^OXNOK]WOX]KQOX]NK^OVK;_KXNYY]O`SNY]]RNXYRY]^
KVZRK OMOLO_ K ]YVSMS^K”ÁY OVO XY] KN`O^S_ XÁY ^O OXMYX^KNY K
RY]^ UOc NK VS]^K NO RY]^] MYXROMSNY] KSXNK K]]SW KMOS^KWY]
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 12

22. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
MYX^SX_KKMYXObÁYOVOZÉOKW£[_SXKLO^KXKVS]^KOMYX^SX_KMYW
K K_^OX^SMK”ÁY NOZYS] [_O OVK ¤ ObOM_^KNK MYW bS^Y OMOLOWY] Y
^OWSXKV`S^_KV=OOKVSdKWY]YVYQY_^OXY`KWOX^OOX^KMYW_W
ZONSNYNO]O]]ÁY]]RYNKOWYXV YK[_S`Yh]]RKXNYXI]OONOXY]
ZOWS^OK]O]]ÁY]OQ_KOKK_^OX^SMK”ÁYZKNÁYNY]S]^OWK:Y¤WY
KV_XYNO`OO]MYVROOX^OO]^OW¤^YNYYSWZY^K]_KMRK`OZ¦LVSMK
KWKdOXKNK XY K[_S`Y SNOX^S^cZ_L ZKK K W£[_SXK OWY^K 3]]Y
ZY]]SLSVS^K£KYZYQKWK_]KKK_^OX^SMK”ÁYLK]OKNKOW=+-YWY
XY]]K W£[_SXK RKLSVS^KNK ZKK PSOaKVV XÁY XY] ZY]]SLSVS^K
^KX]PO XMSKNOK[_S`YP^Z80=O^M_]KOWY]Y`OVRYNS][_O^O
_]KXNY _W ZYQKWK NK] POKWOX^K] W^YYV] Y WMYZc -YVY[_O _W
NS][_O^O XK _XSNKNO XK O NSQS^O$ WMYZc h]]RZ_L K$€ -YW S]]Y
MYZSKOWY] ZKK Y NSO^¥SY OWY^Y h]]R XY]]K MRK`O Z¦LVSMK
K^OX”ÁY$ ]¥ VO`KWY] XY]]K MRK`O Z¦LVSMK + MRK`O ZS`KNK XÁY NO`O
]O NS`_VQKNK WK] KQYK MYW _W XY`Y XYWO K ]O _^SVSdKNY XK]
MYXObÉO] K ]KLO K_^RYSdONIUOc] KV K[_S`Y MYO]ZYXNO KY
MYX`OXMSYXKV K[_S`Y RY]^]% OVO ZY]]_S _WK MRK`O ZY VSXRK
]_ZY^KXNY ZY^KX^Y NS`O]K] MRK`O] Z¦LVSMK] NO NSPOOX^O] _]_£SY]
O RY]^] +^OX”ÁY ZKK XÁY ^_XMK Y K[_S`Y ZYS] K] MRK`O] ]ÁY
VYXQK] O NO`OW OX^K X_WK ¦XSMK VSXRK 6YQY NOZYS] NS]]Y Y
_]_£SYZYNOObOM_^KYVYQSX]OWKK_^OX^SMK”ÁYZKNÁYWK]KZOXK]
NKXNYYZK]]ZRK]ONKMRK`O=+[_O¤]YLOWKXOSKWKS]]OQ_Y
-YWKMSK”ÁYNYK_^RYSdONIUOc][_KXNYKLSWY]KXY`K]O]]ÁYMYW
YMVSOX^O]]R`OOWY]ZSWOSKWOX^OOX^ÁY$
URRW#DOSKD@VVK EHWD
+RVW NH QRW IRXQG IURP WKH OLVW RI NQRZQ KRVWV
$UH RX VXUH RX ZDQW WR FRQWLQXH FRQQHFWLQJ HVQR

23. HV
+RVW
EHWD
DGGHG WR WKH OLVW RI NQRZQ KRVWV
(QWHU WKH SDVVSKUDVH IRU 56$ NH
URRW#DOSKDFLSVJDRUJEU
QDGD HFRD

24. /DVW ORJLQ 6XQ -DQ RQ WW
RX KDYH PDLO
URRW#EHWD URRW@
8_WKZY]^OSYMYXObÁYOXMYX^KOWY]Y]OQ_SX^OMOX£SY$
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 13

25. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
URRW#DOSKD @VVK EHWD
(QWHU WKH SDVVSKUDVH IRU 56$ NH
URRW#DOSKDFLSVJDRUJEU
QDGD HFRD

26. /DVW ORJLQ 6XQ -DQ IURP DOSKD
RX KDYH PDLO
URRW#EHWD URRW@
+]]SWYKV_XYOX^KMYWK]_KZK]]ZRK]OK]MRK`O]]ÁYMROMKNK]OK
]O]]ÁY]OQ_KMSZ^YQKPKNK¤ZY]^KOWK”ÁY
9_^Y W¤S^Y SXNS]M_^´`OV NY =OM_O =ROVV ¤ Y PK^Y NY MVSOX^O ZKK
KMO]]Y OWY^Y T£ O]^K ZY^KNY ZKK NS`O]K] ZVK^KPYWK] ?83B
9=ASXO^MY[_O¤LK]^KX^OSWZY^KX^O[_KXNY^OWY]ONO]
R´LSNK]€@S]S^OY]S^OP^Z$P^ZM]R_^PSZ_L]]RZKK_WK`S]ÁY
NO `O]ÉO] NS]ZYX´`OS] :YNOWY] ]_QOS KY KV_XY ZO][_S]K K]
]OQ_SX^O]`O]ÉO]XÁYMYWOMSKS]ZKKASXO9=O]ZOM^S`KWOX^O$
Âhttp://www.chiark.greenend.org.uk/~sgtatham/putty/ (PuTTY é uma versão livre para telnet e SSH).
R^^Z$NYWOaOOQ_SYaKON_Z_LNYWO]^SM]Y]ZY^]]]R!McQaSXL^KLd
@O]ÁY MVSOX^O O ]O`SNY ==2 NOX^Y NY ZYTO^Y -cQX_]
ÂP^Z$P^ZM]R_^PSZ_L]]RY]]]RY]dSZ @O]ÁY ==2 ZKK 9= b
8O]^K^OVK`OOWY]_WMVSOX^OMYWZSVKNYOYNKXNYX_WKW£[_SXK?83B
=-9 9ZOX=O`O ` R^^Z$aaa]MYMYW O KLSXNY _WK MYXObÁY
]]RMYWMROMKQOWNKMRK`O=+X_WRY]^6SX_b$
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 14

27. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
2.3 Firewalls: solução Linux
8ÁYNS]M_^SOWY]K[_SKSWZVOWOX^K”ÁYP´]SMKNO_WPSOaKVV8Y]]Y¤
YLTO^S`Y¤WY]^KK]POKWOX^K]NS]ZYX´`OS]XY6SX_b9KV_XY^OW
[_O^OOWWOX^O^KWL¤W[_OXÁYObS]^O_WK]YV_”ÁY¦XSMKOW^OWY]
NO PSOaKVV @YM ^OW [_O MYXROMO K] POKWOX^K] O OX^ÁY KNKZ^£
VK]§]XOMO]]SNKNO]O]ZOM´PSMK]NO]_KONOWYX^K]_KZYV´^SMKNO
]OQ_KX”K O KNKZ^£VK K _W PSOaKVV @YM ^O£ _WK SX^YN_”ÁY O
NOZYS] ^O£ [_O ZO][_S]K ]_K] NOWKXNK] O]ZOM´PSMK] =ÁY ^KX^Y] Y]
MOX£SY] ZY]]´`OS] [_O Y ^OWK ^YXK]O SXO]QY^£`OV$ _WK ZO[_OXK
ONO NYW¤]^SMY Y_ _W ZO[_OXY O]MS^¥SY [_O ]O MYXOM^K K 3X^OXO^
`SK ZZZ% _WK ONO MYW _W Y^OKNY MYXOM^KNY K 3X^OXO^% _WK ONO
W¤NSK MYW NYS] PSOaKVV] O^M O^M .KOWY] K[_S Y] MYXMOS^Y]
ZSXMSZKS]NK]POKWOX^K]]O_]MYWKXNY]YZ”ÉO]O_^SVSdK”ÁY
?W PSOaKVV ¤ SWZVOWOX^KNY XY 6SX_b OW X´`OV NO UOXOV ZY S]]Y
^YNY Y ^Ob^Y ]YLO Y ^OWK MYWO”K MYW K] YZ”ÉO] ZKK OMYWZSVK Y
UOXOV=OWN¦`SNKZKK^OWY]_WPSOaKVVXY6SX_bXOMO]]S^KWY]NO
]_KRKLSVS^K”ÁYXYUOXOV7K]S]]YXÁY]OPKdXOMO]]£SYZYS]YON
2K^ b T£ `OW MYW Y UOXOV ZKK PSOaKVVSXQ ^KX^Y [_KX^Y Y =_=/
b ZY ObOWZVY Y 9ZOX6SX_b NK -KVNOK ` ZY ]O WKS]
`YV^KNYZKK_W]S]^OWKNO]U^YZXÁYZY]]_S_WUOXOVMYWZSVKNYZKK
PSOaKVV +SXNK K]]SW ]O NO]OTK MROMK ]O ]_K] W£[_SXK] O]^ÁY
RKLSVS^KNK] ZKK PSOaKVV NSQS^O$ €V] ZYMXO^SZIPaMRKSX]€ ]O
^KV K[_S`Y O]^S`O K´ YU ^OWY] PSOaKVV +ZOXK] MYWY SXPYWK”ÁY
VS]^KWY] KLKSbY K] YZӃO] K ]OOW RKLSVS^KNK] O NO]KLSVS^KNK] X_W
UOXOVOMYWZSVKNYZKKPSOaKVV$
Em 'general setup':
1. turn networking support = ATIVO
Em 'networking options':
1. turn network firewalls = ATIVO
4
O Linux IPCHAINS-HOWTO por exemplo apresenta 4 diferentes cenários possíveis.
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 15

28. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
2. turn TCP/IP networking = ATIVO
3. turn IP forwarding/gatewaying = ATIVO
4. turn IP firewalling = ATIVO
5. turn IP firewall packet logging = ATIVO
6. turn IP masquerading = ATIVO
7. turn IP accounting = ATIVO
8. turn IP tunneling = DESATIVO
9. turn IP aliasing = ATIVO (pode-se optar por seu uso modular...)
10. turn IP (PC/TCP mode) = DESATIVO
11. turn IP (reverse ARP) = DESATIVO
12. turn drop source routed frames = ATIVO
Em 'network device support':
1. turn network device support = ATIVO
2. turn net driver support = ATIVO
3. turn ethernet (10/100 mbit.) = ATIVO
2.4 A filtragem de pacotes
+] SXPYWK”ÉO] [_O K^K`O]]KW _WK ONO ]ÁY NO]WOWLKNK] O OX`SKNK]
XK PYWK NO ZKMY^O] Y_ NK^KQKWK] KS] ZKMY^O] ^ W _W PYWK^Y [_O
SXMV_S _W MKLO”KVRY O _W MYZY NO NKNY] 8Y MKLO”KVRY NY ZKMY^O 3:
OXMYX^KWY]KVQ_WK]SXPYWKӃO]^KS]MYWY$
KOXNOO”YNOYSQOW
LOXNOO”YNONO]^SXY
:YMYX]OQ_SX^O_WPSV^YNOZKMY^O]€ZY]]_SKRKLSVSNKNONOYVR£
VY] [_KXNY OVO] ZK]]KW O K]]SW NOMSNS Y ]O_ NO]^SXY :YNOXNY
O]MYVRO ZY XOQK NOXc _W ZKMY^O NO]MK^KXNYY ^Y^KVWOX^O
KMOS^KKMMOZ^YZKMY^ONOSbKXNYYZK]]KY_ ZY PSWOTOS^K
OTOM^ Y ZKMY^O ZY¤W O^YXKXNY _WK WOX]KQOW KY OXNOO”Y NO
YSQOW /S] K´ ^ ] MYXMOS^Y] P_XNKWOX^KS] OW [_KV[_O ]YP^aKO NO
PSOaKVV
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 16

29. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
» ZY O]]K] MKKM^O´]^SMK] [_O _W PSOaKVV ZYNO XY] QKKX^S
]OQ_KX”KOMYX^YVOX_WKONOYKNWSXS]^KNYZYO`S^KYOX`SY
NO ZKMY^O] ZKK PYK NK ONO Y_ OX^ÁY [_O ZKMY^O NO PYK OX^O OW
MO^K]ZK^O]NKSX^KXO^
2.5 IPCHAINS (The Enhanced IP Firewalling Chains Software for Linux)
O Ipchains5, escrito por Rusty Russel (ipchains@rustcorp.com), tem a habilidade de filtrar os pacotes que passam pelo
kernel. Não é um software simples, mas conhecendo o seu mecanismo e seus conceitos o administrador de rede pode
escolher a política de segurança de sua rede. A versão trabalhada aqui será a 1.3.8 (ipchains-1.3.8-3.i386.rpm).
Para lidar com um pacote o kernel do Linux possui três regras principais, que o Ipchains chama de firewall chains ou
chains - não usaremos tradução para a palavra chains/chain, iremos portanto conservá-la em inglês. São elas:
IP INPUT CHAIN: quando um pacote entra ...
IP OUTPUT CHAIN: quando um pacote sai ...
IP FORWARD CHAIN: quando um pacote é roteado para
outra máquina ...
» XO]^O ^SZ¤ [_O ]O P_XNKWOX^K K MYX]^_”ÁY NO XY]]Y PSOaKVV
7YX^K]OZY^KX^YK]OQK]ZKKQOSO]]O]MRKSX]ZSXMSZKS]$_W
ZKMY^O OX^K ZY]]Y OM_]£VY NO ^KV OXNOO”Y NO YSQOW KMOS^£VY
ZKK^KVNO]^SXYWK]]OK^K`O]]KWO_PSOaKVVOWNSO”ÁYK^KVY_
[_KVNO]^SXYOM_]YO^M
+] [_K^Y YZOK”ÉO] WKS] L£]SMK] O MYW_X] XY 3ZMRKSX] ]ÁY$
KMO]MOX^KKZZOXN_WKXY`KOQKMYWKPVKQ+ObMV_SNOVO^O
_WKOQKMYWKPVKQ.%OVS]^KK]OQK]ObS]^OX^O]MYWKPVKQ
6OVSWZKPV_]RSXNS]MSWSXKNKWOX^O^YNK]K]OQK]MYWKPVKQ
0
5
Uma questão terminológica: o aluno não deve confundir ipchains com o antigo ipfwadm: o primeiro está em
distribuições com o kernel 2.2.x e o último no kernel 2.0.x; os parâmetros são essencialmente diferentes, portanto não
servem os scripts feitos para o ipfwadm.
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 17

30. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
@OTKWY]KVQ_X]MKWSXRY]MYWY3ZMRKSX]OWK”ÁY»M_SY]YXY^K[_O
^YNK Z_LVSMK”ÁY OX]SXKXNY _WK VSXQ_KQOW NO ZYQKWK”ÁY OW QOKV
MYWOMO WY]^KXNY MYWY QOK XO]^K VSXQ_KQOW _WK PK]O NY ^SZY
v2OVVY AYVNv 8Y MK]Y NK] OQK] NY PSOaKVV MYWO”KWY]
WY]^KXNY MYWY SWZONS Y ZSXQ ZKK K SX^OPKMO NO VYYZLKMU€ VY
^O´KWY]Y]OQ_SX^O$
LSFKDLQV $ LQSXW V S LFPS M '(1
/V_MSNKXNYY]ZKŸWO^Y_]KNY]$
+SXZ_^ÂKMO]MOX^KWY]_WKOQKZKKKOX^KNK
]ÂOS]YOXNOO”YNOYSQOX]NY]ZKMY^O]
ZÂYZY^YMYVY_]KNY3-7:
T./8CÂY[_OPKOWY]MYWYZKMY^OT_WZ^Y$K[_SXOQKWY]
+QYK]OObOM_^KWY]_WZSXQZKKYOXNOO”YNOVYYZLKMUSOWY]`O
K ^KNSMSYXKV WOX]KQOW NO v ZKMUO^ VY]]v + OQK [_O
O]^KLOVOMOWY]NSd[_ONO`O]OXOQK^YNY]ZKMY^O] 3-7: [_O MROQKOW
NYOXNOO”Y!YZKŸWO^Y./8C¤MRKWKNY^OMXSMKWOX^ONO
KV`Y (target).
@OTKWY] Y_^Y ObOWZVY KQYK X_WK SX^OPKMO NO ONO /W XY]]Y
MOX£SY NO]OTKWY] POMRK K] ZY^K] O NY XY]]Y RY]^ KVZRK
# ZKKLO^K# %OW]_WK$LO^KXÁYZYNO£_]K
^KS] ]O`S”Y] NK W£[_SXK KVZRK /]^K] ]ÁY K] ZY^K] ZKNÁY ZKK
OVXO^ O 0: XY ZY^YMYVY -: =OQ_XNY K V¥QSMK NK ]_S^O NO
ZY^YMYVY] -:3: XOMO]]S^KWY] KV¤W NY OXNOO”Y 3: NO _W Y_^Y
X´`OVNOK^SL_S”ÁYNOOXNOO”Y][_O¤MRKWKNYZY^KNOK
¤ OVK [_O NSOMSYXK Y] NKNY] [_O MROQKW ZOVY OXNOO”Y 3: ZKK _W
NO^OWSXKNY ]O`S”Y .O PYWK [_O ZYNO]O WKX^O _W X¦WOY NO
MYXObÉO] ]SW_V^ŸXOK] O KY WO]WY ^OWZY ]OZKKNK] +] ZY^K] ]ÁY
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 18

31. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
]OZKKNK] OW NYS] Q_ZY] NS]^SX^Y]$ NO K ]ÁY K] ZY^K]
ZS`SVOQSKNK]€ ]ÁY _]KNK] ZY NKOWYX] MYXPS£`OS] O MYW ZS`SV¤QSY]
NO YY^ +] O]^KX^O] NO K^¤ ]ÁY MRKWKNK] NO XÁY
ZS`SVOQSKNK]€ O ]ÁY _]KNK] VS`OWOX^O :Y S]]Y KY WYX^K _W
PSOaKVV ^YNK K K^OX”ÁY MYW Y] WY`SWOX^Y] NO ZY^K] XÁY
ZS`SVOQSKNK] +LKSbY O]^£ _WK VS]^K O]_WSNK MYW Y] ZSXMSZKS]
]O`S”Y]]O_]ZY^K]ZKNÁYOYZY^YMYVYMYO]ZYXNOX^O$
SERVIÇO PORTA PROTOCOLO
netstat 15 tcp
ftp 21 tcp
ssh 22 tcp/udp
telnet 23 tcp
smtp 25 tcp
whois 43 tcp
finger 79 tcp
www 80 tcp
pop-3 110 tcp/udp
https 443 tcp/udp
=OO]^S`OMYXP_]Y]YLO[_KVYX¦WOY[_OMYO]ZYXNOK^KVY_[_KV
]O`S”Y O ^KWL¤W NO]OTK _WK VS]^KQOW WKS] MYWZVO^K MYX]_V^O Y
K[_S`YvO^M]O`SMO]v ¤ OVO [_O KWKdOXK K MYO]ZYXN XMSK OX^O
Y XYWO NY ]O`S”Y OVXO^ O Y X¦WOY NK ZY^K O ^KWL¤W Y
ZY^YMYVY[_O¤_]KNY-:
9L]O`OOX^ÁYXY]]YObOWZVY$
URRW#DOSKD @ LSFKDLQV $ LQSXW V G S WFS - '(1
URRW#DOSKD @ LSFKDLQV $ LQSXW V G S WFS - '(1
-YWO]]K]OQK]XOQKWY]./8CKOX^KNKNOZKMY^O]NYOXNOO”YNO
YSQOW ]Y_MO KNNO]] v]v # ZKK Y OXNOO”Y NO
NO]^SXY vNv # XK] ZY^K] O XY ZY^YMYVY -:
9U]OWWOX]KQOX]NOOYXY]]K]OQK]PYKWKMOS^K]OX^OKQYK
6
Pode-se consultar também o RFC 177 para uma lista completa das portas.
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 19

32. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
KLS _WK ]O]]ÁY OVXO^ Y_ 0: NK W£[_SXK LO^K K ^OX^K^S`K
YL`SKWOX^O ]O£ ]OW ]_MO]]Y K ZY^K O]^£ POMRKNK ZKK O]^K
W£[_SXK + PVKQ 4 O]ZOM´PSMK _W KV`Y K[_S _]KWY] ./8C% Y] Y_^Y]
KV`Y]WKS]SWZY^KX^O]]ÁY+--/:/4/-O7+=;9]NYS]ZSWOSY]
T£WOXMSYXKWY]KX^OSYWOX^O_WKMOS^KKOX^KNKOYOTOS^KZY¤W
O]ZYXNOXNYKYOXNOO”YNOYSQOWT£YKV`Y7+=;]¥¤_]KNY[_KXNY
_]KWY] Y MRKSX PYaKN vSZMRKSX] + PYaKNv NOSbK Y ZKMY^O
ZK]]KZY¤W_]KXNYK^¤MXSMKNYWK]MKKWOX^Y
0OS^Y S]]Y `KWY] OX^K Y_^K YZ”ÁY NY 3ZMRKSX]$ `KWY] ZONS _WK
VS]^KPVKQ6NOXY]]K]OQK]$
URRW#DOSKD @ LSFKDLQV /
KDLQ LQSXW SROLF $(37

33. WDUJHW SURW RSW VRXUFH GHVWLQDWLRQ SRUWV
'(1 WFS EHWDFLSVJDRUJEU DOSKDFLSVJDRUJEU DQ ! WHOQHW
'(1 WFS EHWDFLSVJDRUJEU DOSKDFLSVJDRUJEU DQ ! IWS
KDLQ IRUZDUG SROLF $(37

34. KDLQ RXWSXW SROLF $(37

35. + ]K´NK [_O YL^OWY] NK ^OVK ¤ W_S^Y OV_MSNK^S`K O ^KWL¤W W_S^Y
MVKK .O SX´MSY NO`OWY] YL]O`K [_O OVO ]OZKK Y] ^ ] MRKSX]
ZSXMSZKS] SXZ_^ PYaKN O Y_^Z_^ O XY] WY]^K [_KS] OQK]
SWZVOWOX^KWY] ZKK OVO]% YL]O`O [_O vSXZ_^v O vPYaKNv O]^ÁY
`KdSY] ZYS] XKNK SWZVOWOX^KWY] KSXNK 9_^Y NO^KVRO K ]O
YL]O`KNY$KZO]OX”KNKObZO]]ÁYOX^OZK X^O]O]vZYVSMc+--/:v
3]^Y [_O NSdO [_O K ZYV´^SMK NOPK_V^ NO XY]]Y PSOaKVV ¤ KMOS^K
ZKMY^O]% Y [_O ¤ POS^Y ZOVK PVKQ : KY NSQS^KWY] ZY ObOWZVY$
vSZMRKSX]:SXZ_^./8CvY_KSXNK$vSZMRKSX]:Y_^Z_^/4/-v8Y
]OQ_XNY MK]Y ]O XKNK PY O]ZOMSPSMKNY Y UOXOV ZY ZKNÁY
OTOS^K£K]K´NKNO[_KV[_OZKMY^O
=OQ_OWOWMYV_XK]K]MKKM^O´]^SMK][_OO]MYVROWY]@OTKWY]$
9 KV`Y :Y^ Y 9Z^ K] =Y_MO .O]^SXK^SYX +] ZY^K] 9 ]O`S”Y
ZY^YMYVY YZӃO]
;_KV KV`Y 9 OXNOO”Y 9 OXNOO”Y +] ZY^K] 9]
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 20

36. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
_]KWY] 9 ZY^YMYVY 8OXR_WK NO YSQOW NO NO]^SXY OW TYQY ]O`S”Y]
[_O YZ”ÁY [_O PYS [_O PYS 8Y ]OX^SNY ^KN_dSNY]
O]MYVROWY] O]ZOM´PSMK ^KN_dSNY ^KN_dSNY NO ½ ZKK NO vZY^K]v
PYS ZKK _W ZKK _W ZKK ]O_
_]KNK 0;.8 0;.8 XYWO
*Fully Qualified Domain Name
@KWY]YL]O`KKQYKMYWYZYNOWY]ObMV_SK]OQK][_OMSKWY]2£
ZSWOSKWOX^O _WK ]YV_”ÁY NSQKWY] KNSMKV :YNOWY] ]SWZVO]WOX^O
KZVSMK Y ZKŸWO^Y vPV_]Rv S]^Y ¤ VSWZKWY] ^Y^KVWOX^O K] N_K]
OQK]O]^KLOVOMSNK]$
URRW#DOSKD @ LSFKDLQV )
URRW#DOSKD @ LSFKDLQV /
KDLQ LQSXW SROLF $(37

37. KDLQ IRUZDUG SROLF $(37

38. KDLQ RXWSXW SROLF $(37

39. .OZYS]NYPV_]R`SWY]KXY]]KVS]^KOOVKO]^£`KdSK
/X^O^KX^Y S]]Y XÁY ]OSK _WK ]YV_”ÁY ]O NO]OTKWY] KZY`OS^K
Y_^K]OQK]O]^KLOVOMSNK]8YXY]]YObOWZVY^OWY] N_K] OQK] +
ZSWOSKPOMRKKZY^KOVXO^OT£K]OQ_XNKPOMRKKZY^K
0::YNOWY]NO_LKKZOXK]KZSWOSKOQK$
URRW#DOSKD @ LSFKDLQV ' LQSXW
/NOZYS]ZKKXY]MO^SPSMKWY]NSQS^KWY]$
URRW#DOSKD @ LSFKDLQV /
KDLQ LQSXW SROLF $(37

40. WDUJHW SURW RSW VRXUFH GHVWLQDWLRQ SRUWV
'(1 WFS O EHWDFLSVJDRUJEU DOSKDFLSVJDRUJEU DQ ! IWS
KDLQ IRUZDUG SROLF $(37

41. KDLQ RXWSXW SROLF $(37

42. =¥XY]O]^KOX^ÁY_WKOQKKNKZY^KNO0:»SWZY^KX^OK[_SY
KV_XY ZOMOLO K PVKQ SXZ_^ ZYS] ¤ OVK [_O NOPSXO [_O [_OOWY]
OVSWSXK K OQK NY] PSOaKVV MRKSX] NO OX^KNK O XÁY NO ]K´NK
Y_^Z_^O^M
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 21

43. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
?W Y_^Y ObOWZVY /]^KLOVOMOWY] POMRK K MYXObÁY `SK -: ]OW
O]ZOMSPSMK ZY^K XOW OXNOO”Y NO YSQOW K^OX”ÁY ZKK O]]O]
NO^KVRO] / SQ_KVWOX^O XOQKWY] [_KV[_O MYXObÁY 0: NK W£[_SXK
KVZRK]OTKZKK[_KVNO]^SXYPY@OTKVOWLKXNY$KVZRK'#
OLO^K'# $
URRW#DOSKD @ LSFKDLQV $ LQSXW G S WFS - '(1
URRW#DOSKD @ LSFKDLQV $ RXWSXW V S WFS - '(1
URRW#DOSKD @ LSFKDLQV /
KDLQ LQSXW SROLF $(37

44. WDUJHW SURW RSW VRXUFH GHVWLQDWLRQ SRUWV
'(1 WFS DQZKHUH DOSKDFLSVJDRUJEU DQ ! DQ
KDLQ IRUZDUG SROLF $(37

45. KDLQ RXWSXW SROLF $(37

46. WDUJHW SURW RSW VRXUFH GHVWLQDWLRQ SRUWV
'(1 WFS DOSKDFLSVJDRUJEU DQZKHUH IWS ! DQ
;_OOWY] OX^ÁY VSLOK K] MYXObÉO] NO 0: NK W£[_SXK # )
=SWZVO]$vSZMRKSX].Y_^Z_^v
-YW O]]O MOX£SY KMSWK ]O _]KWY] _WK POKWOX^K NO `KON_K NO
ZY^K]^OOWY]_W[_KNYSX^OO]]KX^O:YNOWY]_]KYXWKZ8O^aYU
/bZVYK^SYX YYV KXN =OM_S^c =MKXXO O]MS^Y ZY 0cYNY `O]ÁY
LO^K aaaSX]OM_OYQXWKZ OVO XY] WY]^K K] ZY^K]
KLO^K] OY_ PSV^KNK] O WO]WY ]O XY]]K MYXObÁY PYS ^Y^KVWOX^O
NO_LKNK 8O]^K ^OVK OVO XY] WY]^K Y] ]YMUO^] [_O Y 3ZMRKSX]
PSV^Y_OY][_ONOSbKWY]KLO^Y]$
URRW#DOSKD @XVUORFDOELQQPDS Y DOSKDFLSVJDRUJEU
6WDUWLQJ QPDS 9 %(7$ E )RGRU IRGRU#GKSFRP ZZZLQVHFXUHRUJQPDS

47. +RVW DOSKDFLSVJDRUJEU

48. DSSHDUV WR EH XS JRRG
,QLWLDWLQJ 73 FRQQHFW

49. VFDQ DJDLQVW DOSKDFLSVJDRUJEU

50. $GGLQJ 73 SRUW VWDWH 2SHQ

51. $GGLQJ 73 SRUW VWDWH 2SHQ

52. HFRDP WRGDV DV SRUWDV LQYHVWLJDGDV

53. 7KH 73 FRQQHFW VFDQ WRRN VHFRQGV WR VFDQ SRUWV
,QWHUHVWLQJ SRUWV RQ DOSKDFLSVJDRUJEU

54. 3RUW 6WDWH 3URWRFRO 6HUYLFH
ILOWHUHG WFS WFSPX[
ILOWHUHG WFS FRPSUHVVQHW
ILOWHUHG WFS FRPSUHVVQHW
ILOWHUHG WFS XQNQRZQ
ILOWHUHG WFS UMH
ILOWHUHG WFS XQNQRZQ
ILOWHUHG WFS HFKR
ILOWHUHG WFS XQNQRZQ
ILOWHUHG WFS GLVFDUG
ILOWHUHG WFS XQNQRZQ
ILOWHUHG WFS VVWDW
ILOWHUHG WFS XQNQRZQ
ILOWHUHG WFS GDWLPH
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 22

55. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
ILOWHUHG WFS QHWVWDW
ILOWHUHG WFS XQNQRZQ
ILOWHUHG WFS TRWG
ILOWHUHG WFS PVS
ILOWHUHG WFS FKDUJHQ
ILOWHUHG WFS IWSGDWD
ILOWHUHG WFS IWS
RSHQ WFS VVK
RSHQ WFS WHOQHW
RSHQ WFS VPWS
RSHQ WFS ILQJHU
RSHQ WFS KWWS
RSHQ WFS VXQUSF
RSHQ WFS DXWK
RSHQ WFS QHWELRVVVQ
RSHQ WFS KWWSV
RSHQ WFS ORJLQ
RSHQ WFS VKHOO
RSHQ WFS SULQWHU
RSHQ WFS VTXLGKWWS
1PDS UXQ FRPSOHWHG ,3 DGGUHVV KRVW XS

56. VFDQQHG LQ VHFRQGV
+QYK [_O OX^KWY] MYW K OQK ZKK NO_LK K] MYXObÉO] -: Y
]YP^aKOXY]OVK^K$
URRW#DOSKD @XVUORFDOELQQPDS Y DOSKDFLSVJDRUJEU
6WDUWLQJ QPDS 9 %(7$ E )RGRU IRGRU#GKSFRP ZZZLQVHFXUHRUJQPDS

57. +RVW DOSKDFLSVJDRUJEU

58. DSSHDUV WR EH XS JRRG
,QLWLDWLQJ 73 FRQQHFW

59. VFDQ DJDLQVW DOSKDFLSVJDRUJEU

60. 7KH 73 FRQQHFW VFDQ WRRN VHFRQGV WR VFDQ SRUWV
,QWHUHVWLQJ SRUWV RQ DOSKDFLSVJDRUJEU

61. 3RUWV VFDQQHG EXW QRW VKRZQ EHORZ DUH LQ VWDWH ILOWHUHG

62. Õ
3RUW 6WDWH 3URWRFRO 6HUYLFH
1PDS UXQ FRPSOHWHG ,3 DGGUHVV KRVW XS

63. VFDQQHG LQ VHFRQGV
+VSXRKNOPVKQ]NY3ZMRKSX]¤LK]^KX^OWKVO£`OVOKZOXK]MYWO_]Y
OYNOL_QMYX]^KX^ONK]OQK][_OYKNWSXS]^KNYSWZVOWOX^K¤[_O
]OZYNONYWSX£VK]:OVYWOXY]K^¤YUOXOV
OVOWLKXNYKVQ_WK]PVKQ]`SWY][_OZYNOWY]_]KXYZKŸWO^Y]Y_
N ^KX^Y Y 0;.8 Y_ Y OXNOO”Y 3: ObZO]]Y X_WOSMKWOX^O 8K
O]ZOMSPSMK”ÁYNK]ZY^K]ZYNOWY]_]KYX¦WOYY_YXYWONY]O`S”Y$
^OVXO^Y_]]RY_O^M:YNOWY]SQ_KVWOX^OO]ZOMSPSMKPKSbK]
KXQ] NO ZY^K]$ vN # $v Y_ ]OTK WKXOTKWY] K[_S
^YNK] K] ZY^K] NO K^¤ SXMV_]S`O :YNOWY] O]MO`O v]
# $v Y_ v] QKWKMSZ]QKYQL ]]Rv 9 WO]WY ]O ZK]]K
MYW Y] OXNOO”Y] 3: [_O ZYNOWY] WKXOTK ZYNOWY] _]K PKSbK]
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 23

64. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
SXMV_]S`K] ZY ObOWZVY$ vZ ^MZ # $v SXMV_´WY]
MYWS]]YY]3:]NObbbK^¤#
9_^YOM_]YP_XNKWOX^KV¤YNKSX`O]ÁY;_KXNY_]KWY]KPVKQvv
/VK^OWY]OX^SNYXOQK^S`Y%[_KXNYY_]KWY]NO`OWY]VOWOX^KVWOX^O$
v^YNY b WOXY] cv +]]SW$ vZ ^MZ ] # aaav ]SQXSPSMK$
^YNK]K]ZY^K]-:WOXY]KAAA
/bOWZVY.SQS^KWY]XYMYX]YVONKW£[_SXKKVZRK$
LSFKDLQV $ LQSXW V VVK G VVK S WFS M 5(-(7
-YW S]]Y POMRKWY] ^YNK] K] ZY^K] -: WK] NOSbKWY] K ZKK Y
=OM_O=ROVVYZOK=O^OX^KWY]_WOVXO^XY]]KMYXObÁYYL`SKWOX^O
PKVRK£7K]Y]]RZYNOO]^KLOVOMO]_K]O]]ÁYOWY^K]OWZYLVOWK]
?WKVS]^KQOWXKW£[_SXKXY]WY]^K$
URRW#DOSKD @ LSFKDLQV /
KDLQ LQSXW SROLF $(37

65. WDUJHW SURW RSW VRXUFH GHVWLQDWLRQ SRUWV
'(1 WFS EHWDFLSVJDRUJEU DOSKDFLSVJDRUJEU VVK ! VVK
KDLQ IRUZDUG SROLF $(37

66. KDLQ RXWSXW SROLF '(1

67. ×
+MYXROMSNKPVKQv6vO]MVKOMO[_OYZY^YMYVY-:^OWO]^K./8C
WK] XÁY K] ZY^K] NY ]]R YL]O`O K] ]O^K] :YNOWY] _]K Y vv
XKO]ZOMSPSMK”ÁYNOOXNOO”Y]3:XY]ZY^YMYVY]ObMO^YMYWY3-7:
O XK] SX^OPKMO] NO ONO :YNO´KWY] MYXPSQ_K K OTOS”ÁY NO
ZKMY^O]NO[_KV[_OZY^YMYVYWOXY]Y?.:$vZ_NZv9_KSXNK$v+
SXZ_^ Z ^MZ N # aaa T +--/:v% O]ZOMSPSMKWY] MYW
S]]Y[_OKMOS^KWY]KOX^KNKNO[_KV[_OZKMY^O-:ZKKKZY^K
WOXY]NKW£[_SXK# [_OPSMKObMV_´NK-YX^_NY$v+SXZ_^
Z ^MZ N # aaa T +--/:v ¤ O]]OXMSKVWOX^O
NSPOOX^O +QYK KMOS^KWY] [_KV[_O MYXObÁY -: NK W£[_SXK
# WOXY]KNKZY^KAOL
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 24

68. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
+MSWK PSdOWY] WOX”ÁY K] SX^OPKMO] NO ONO XO^aYU SX^OPKMO7 9
3ZMRKSX]ZYNOQOS^YNK]K]SX^OPKMO]NY]S]^OWKZKKS]]Y_]KWY]
KPVKQvSv:YNOWY]_]KvSO^RvK]_KZSWOSKZVKMKO^ROXO^
Y_ vS ZZZv K MYXObÁY NO WYNOW `SK ZZZN ZKK XY] K^OWY] OW
ObOWZVY]WKS]_]_KS];_KXNY_WKW£[_SXKNOXY]]KONOYL^¤WKMO]]Y
KSX^OXO^`SKNSKV_ZYZKŸWO^Y¤P_XNKWOX^KV=OXNY[_OZYNOWY]
WO]WY O]ZOMSPSMK _WK SX^OPKMO [_O XÁY O]^£ K^S`K Y [_O [_K]O
]OWZO¤YMK]YNKSX^OPKMOZZZ;_KXNYMYXOM^KWY]XY]]KZY`ONYK
K SX^OPKMO ZZZ O]^£ ZO]OX^O Y SPMYXPSQ VS]^K ]_K ZO]OX”K
;_KXNY NO]PKdOWY] K MYXObÁY K SX^OPKMO NO]KZKOMO :YNO]O ^KWL¤W
_]K _W M_SXQK XK YZ”ÁY S VKX”KXNY WÁY NY ]´WLYVY vv$ O^R
NO]SQXK [_KV[_O SX^OPKMO ZY]]´`OV O^R O^R O^M + OQK
vSZMRKSX]+Y_^Z_^N# #Z_NZSO^RT./8CvKZVSMK]O
K[_KV[_OSX^OPKMOO^ROXO^NOXY]]KW£[_SXK
/bS]^O _WK POKWOX^K NO MYXPSQ_K”ÁY MRKWKNK 6SX_bMYXP /VK O]^£
ZO]OX^O OW [_K]O XK] NS]^SL_S”ÉO] NK ON 2K^ O OW V´XQ_K
ZY^_Q_O]KXY-YXOM^S`K6SX_b»_WKSX^OPKMO Q£PSMK [_O P_XMSYXK
NOX^YNYBASXNYaZKKONS^KOQOSK]P_XӃO]NY]S]^OWK]6SX_b
-YWY ^YNY OM_]Y 1?3 ZYNO §] `OdO] MYXP_XNS PKMSVSNKNO MYW
NO]MYXROMSWOX^Y =¥ NO`OWY] XY] RKLSVS^K K _]K ^KS] POKWOX^K]
ZY^KX^Y [_KXNY ^OWY] _W MYXROMSWOX^Y MYXMOS^_KV NK[_SVY [_O `KWY]
XY] YM_ZK @KWY] NK _WK £ZSNK YVRKNK XK SX^OPKMO NOX^Y NK]
P_XӃO] NY 6SX_bMYXP ZKK KV^OK K] OQK] NY PSOaKVV 8_WK
TKXOVK NY b^OW MRKWK Y ZYQKWK$ vVSX_bMYXP v 8K ^OVK [_O ]_QO
O]MYVRK v+WLSOX^O NO ONOv O NOZYS] K Q_SK vPSOaKVVv OWY]
]OQ_SX^O^OVKT£MYWYK]O[_S`KV XMSK]KZYX^KNK]$
7
Consulte a documentação sobre o tema, principalmente sobre o comando ifconfig, que configura e lista as interfaces
existentes num host.
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 25

69. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
.O]^KMKWY] Y] ^ ] LY^ÉO] [_O OZO]OX^KW Y ^SZ¤ vSXZ_^PYaKN
Y_^Z_^v NO ^YNK] K] OQK] NO PSOaKVVSXQ » K[_S [_O `YM OX^K£
MYWK]OQK]NYPSOaKVV@KWY]ONS^KY]SZMRKSX]Y_^Z_^XY^O]O
[_O M_SY]KWOX^O SXZ_^ PYS ^KN_dSNY ZY LVY[_OSY MVS[_O XY
LY^ÁYv]K´NKvOKZKOMO£O]^O[_KNYNONS£VYQY$
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 26

70. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
-VS[_O OX^ÁY XY LY^ÁY vKNSMSYXKv OOWY] Y [_KNY ]OQ_SX^O [_O
ZYNO XY] ZYZYMSYXK K ZY]]SLSVSNKNO NO W¦V^SZVK] ONS”ÉO] NY
SZMRKSX]$
8ÁY R£ NKNY] XY`Y] XO]]K ^OVK NY 6SX_bMYXP + ¦XSMK MYS]K [_O XÁY
^YMKWY] KSXNK PYS K OX^KNK ZKK K XO^WK]U W£]MKK NO ONO [_O ¤
O]ZOMSPSMKNK KY VKNY NY OXNOO”Y 3: +^OX^K ZKK Y] KV`Y] KMOS^K
OTOS^K O LVY[_OK Y ./8C KN_dSXNY Y] MKWZY] NK TKXOVK
^O´KWY]$ vSZMRKSX] + Y_^Z_^ ] # ]
# Z_NZSO^RTOTOM^v/X^ÁYWKMKWY]
Y[_KNKNSXRYvK^S`YvOKMOS^KWY]KOQK :KK NO]K^S`£VK _]KWY]
KWO]WKSX^OPKMO
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 27

71. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
9_^K YZ”ÁY ZKK QK`K K] OQK] [_O MSKWY] ]ÁY Y] ]MSZ^] NO
SXSMSKVSdK”ÁY^KNSMSYXKVWOX^OQ_KNKNY]XYNSO^¥SYMNO]^K]O
ObK_]^S`KWOX^O K] OQK] ObOM_^K]O Y NOL_Q O OX^ÁY MSKWY] _W
]MSZ^ [_O MKOQK K] OQK] NO PSOaKVV XK ZK^SNK NY 6SX_b
MYX]_V^O]OKNYM_WOX^K”ÁYObS]^OX^OZKKYZOK^KS]KV^OK”ÉO]OW
]O_ ]S]^OWK 2£ NYS] ]MSZ^] [_O KT_NKW W_S^Y Y =c]KNWSX K WYX^K
]O_PSOaKVV$YSZMRKSX]]K`OOYSZMRKSX]O]^YO9ZSWOSYQK`K
X_W K[_S`Y `SK ONSOMSYXKWOX^Y K] OQK] [_O `YM MSY_$ ZY
ObOWZVY vSZMRKSX]]K`O ( hPSOaKVV^O]^KNYv O`SNOX^OWOX^O `YM
ZYNO _]K Y XYWO [_O NO]OTK 4£ Y SZMRKSX]O]^YO O]^K_K K]
OQK] QK`KNK] ZOVY SZMRKSX]]K`O$ vSZMRKSX]O]^YO hPSOaKVV
^O]^KNYv :KK ObOM_^£VY] ¤ XOMO]]£SY Y] ZS`SV¤QSY] NO _]_£SY
YY^9_^YOM_]YW_S^Y¦^SV¤KMKZKMSNKNONY3ZMRKSX]NOKQ_ZK
`£SK] OQK] X_W MRKSX -YWY `SWY] Y ZYQKWK ^OW ^ ] MRKSX]
L£]SMY] MRKWKNY] L_SV^SX MRKSX] O]^ÁY OWL_^SNY] XY ZYQKWK ]O
K]]SWZYNOWY]^KN_dS+PVKQ_]KNK¤v8v.SQS^KWY]$
URRW#DOSKD @ LSFKDLQV 1 QDRXGS
URRW#DOSKD @ LSFKDLQV $ LQSXW L HWK M QDRXGS
URRW#DOSKD @ LSFKDLQV $ QDRXGS S XGS V M '(1
URRW#DOSKD @ LSFKDLQV $ QDRXGS S XGS V M 5(-(7 HWF

72. HWF

73. +]]SWKQ_ZKWY]]YLYXYWOvXKY_NZv_WMYXT_X^YNOOQK]:YNOWY]
MYWYSZMRKSX]]K`OMYWY`SWY]QK`£VK]OOXPSWO]^K_£VK]
/XMOKXNY @KWY] KXKVS]K _W MOX£SY MV£]]SMY OW ONO] W¤NSK]
W_S^Y ZO]OX^O XY] NSK] K^_KS] OXRK OW WOX^O _WK SX^KXO^ MYW _W
]O`SNY YPOOMOXNY `£SY] ]O`S”Y] ^´ZSMY] AOL 0: O^M
MYXOM^KNY] K _WK W£[_SXK PSOaKVV 6SX_b O O]^O ZY ]_K `Od K _W
Y^OKNY MYW _WK VSXRK NONSMKNK 9L]O`O Y] 3:] XK XY]]K
OZO]OX^K”ÁY$
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 28

74. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
ROTEADOR - 200.255.210.0 = FIREWALL - 200.255.210.1
¦
SERVIDOR Linux {[eth0] 200.255.210.2
{[eth1] 172.16.0.0
¦
INTRANET
{ 192.168.0.1, 192.168.0.2 , etc.}
@OTKWY]K]MYXPSQ_KӃO]$
No Firewall...
Desligamos os serviços desnecessários, deixando o SSH para conexão remota com
o servidor somente. E vamos proteger nossa intranet...
ipchains -A input -p tcp -s 172.16.0.0 -j DENY
ipchains -A input -p tcp -s 192.168.0.1/10 -j DENY
ipchains -A input -p tcp -s ! 200.255.210.2 ssh -j DENY
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 29

75. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
No Servidor...
Como nosso servidor irá ter serviços da Internet públicos precisamos liberá-
los...
ipchains -A input -p tcp -s 0.0.0.0/0 -d 255.210.02 www -j ACCEPT
ipchains -A input -p tcp -s 0.0.0.0/0- -d 255.210.02 ftp -j ACCEPT
Inclua aqui todos
os serviços que serão oferecidos...
ipchains -A input -p tcp -s 192.168.0.1/10 -j DENY
(Fechando nossa intranet...)
ipchains -A input -p tcp -i lo -j ACCEPT
(Abrindo interface 'lo'...)
ipchains -P forward DENY
ipchains -A forward -s 192.168.0.1/10 -d 200.255.210.2 -j MASQ
(Usando a técnica do mascaramento de IPs...)
-Ou seja: qualquer faixa de IPs...
?WKZKVK`K]YLOY^¥ZSMYNOWK]MKKWOX^YNO3:]3:WK][_OKNSXQ
+Y MYXPSQ_KWY] Y 3ZMRKSX] ZKK _]K Y KV`Y 7+=; MYW K PVKQ vT
7+=;v ZY]]SLSVS^KWY] [_O _W Y_ WKS] OXNOO”Y] 3:] PKV]Y]€ Y_
ZS`K^S`Y]ZY]]KW]O_]KNY]XKOb^KXO^8YXY]]YObOWZVY^YNY]Y]
OXNOO”Y] NO XY]]K SX^KXO^ KZKOMOW _]KXNY Y 3: NY ]O`SNY
:KK ^KX^Y XÁY ]O O][_O”K NO MYXPSQ_K Y K[_S`Y
O^M]c]MYXPSQ KNSMSYXKXNY vPYaKNISZ` ' cO]v =O `YM XÁY ONS^K
YK[_S`Y^O£[_OKMSYXKY3:PYaKNSXQWKX_KVWOX^O/bOWZVY]O
^OX^K OPO^S`K Y 3: MRKSX] PYaKN ]OW K VSXRK KMO]MSNK ^OOS Y
]OQ_SX^OOWWSXRK^OVK$
URRW#DOSKD @ LSFKDLQV $ IRUZDUG S WFS V G M $(37
:DUQLQJ RX PXVW HQDEOH ,3 IRUZDUGLQJ IRU SDFNHWV WR EH IRUZDUGHG DW DOO
8VH
HFKR ! SURFVVQHWLSYLSBIRUZDUG
Õ
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 30

76. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
URRW#DOSKD @
Basta seguir a orientação (observe a seta). Este comando irá ativar o IP forwarding. E, então, os
ZKMY^O] ZYNOÁY ZK]]K K^K`¤] NY RY]^ KVZRK ZKK Y NO]^SXY
NO]OTKNY/]^K]^¤MXSMK]^YXKW]OZYNOY]K][_KXNYO]^KLOVOMSNK]OW
MYXT_X^YMYWK]Y^K]NOONOQK^OaKc]O^M:Y¤W]ÁY^¥ZSMY][_O
PYQOWNYO]MYZYNO]^ONYM_WOX^Y
+LKSbY_WKVS]^KNK]YZӃO]NY]YP^aKO3ZMRKSX]:KK_WKVS]^KQOW
MYWZVO^K_]OYv3:-RKSX];_SMUOPOOXMOvNO=,YX]YXPOS^YOW
:Y]^=MSZ^ O [_O ZYNO ]O ^KdSNY NK Z£QSXK AOL YPSMSKV OW
R^^Z$aaaKNOVKSNOXO^K_h_]^MYZVSX_bSZMRKSX]
8VR LSFKDLQV $'@ FKDLQ UHJUDHVSHFLILFDGD RSo}HV@
LSFKDLQV 5,@ FKDLQ QžGDUHJUD UHJUDHVSHFLILFDGD RSo}HV@
LSFKDLQV ' FKDLQ QžGDUHJUD RSo}HV@
LSFKDLQV /)=1;@ FKDLQ@ RSo}HV@
LSFKDLQV 3 FKDLQ DOYR RSo}HV@
LSFKDLQV 0 / _ 6 @ RSo}HV@
LSFKDLQV K LFPS@ PRVWUD LQIRUPDomR GH DMXGD RX OLVWD ,03

77. RPDQGRV
3HUPLWHVH D IRUPD ORQJD RX FXUWD
DGG $ FKDLQ $FUHVFHQWD FKDLQ
GHOHWH ' FKDLQ ([FOXL UHJUD
GHOHWH ' FKDLQ QžGDUHJUD
H[FOXL UHJUD QžGDUHJUD SULPHLUD

78. GR FKDLQ
LQVHUW , FKDLQ QžGDUHJUD@
,QVHUH QR FKDLQ FRPR QžGDUHJUD SDGUmR SULPHLUR

79. UHSODFH 5 FKDLQ QžGDUHJUD
6XEVWLWXL UHJUD QžGDUHJUD SULPHLUD

80. QR FKDLQ
OLVW / FKDLQ@ /LVWD UHEUDV QXP FKDLQ RX WRGRV RV FKDLQV
IOXVK ) FKDLQ@ ([FOXL WRGDV UHJUDV QR FKDLQ RU WRGRV RV FKDLQV
]HUR = FKDLQ@ =HUD RV FKDLQV
FKHFN FKDLQ 7HVWD XP SDFRWH QXP FKDLQ
QHZ 1 FKDLQ ULD XP QRYR
XVHUGHILQHG FKDLQ
GHOHWHFKDLQ
; FKDLQ ([FOXL XP
XVHUGHILQHG FKDLQ
SROLF 3 FKDLQ DOYR
0XGD D SROtWLFD QXP FKDLQ SDUD WDO DOYR
PDVTXHUDGH 0 / /LVWD DV FRQH[}HV PDVFDUDGDV DWXDLV
VHW 0 6 WFS WFSILQ XGS
3}H YDORUHV GH
WLPHRXW
SDUD PDVFDUDPHQWR
2So}HV
ELGLUHFWLRQDO E LQVHUH GXDV UHJUDV XPD FRP V G LQYHUWLGR
SURWR S @ SURWR SURWRFROR SHOR Qž RU QRPH H[ CWFS
VRXUFH V @ HQGHUHoRPDVF@ @ SRUWDSRUWD@@
RULJHP HVSHFLILFDomR
VRXUFHSRUW @ SRUWDSRUWD@@
RULJHP SRUWD HVSHFLILFDomR
GHVWLQDWLRQ G @ HQGHUHoRPDVF@ @ SRUWDSRUWD@@
GHVWLQR HVSHFLILFDomR
GHVWLQDWLRQSRUW @ SRUWDSRUWD@@
GHVWLQR SRUWD HVSHFLILFDomR
LFPSWSH @ WLSR HVSHFLILFD WLSR GH ,03
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 31

81. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
LQWHUIDFH L @ QRPH@
QRPH GD LQWHUIDFH GH UHGH @ SDUD FXULQJD

82. MXPS M DOYR SRUWD@
DOYR SDUD D UHJUD SRUWD@ SDUD 5(',5(7

83. PDUN P @PDUN Qž SDUD
PDUN
QR SDFRWH FRUUHVSRQGHQWH
QXPHULF Q VDtGD QXPHULFD GH HQGHUHoRV H SRUWDV
ORJ O KDELOLWD UHJLVWUR ORJ

84. QR NHUQHO
RXWSXW R WDPDQKRPD[@ VDtGD GH SDFRWH SDUD GLVSRVLWLYR
QHWOLQN
726 W H [RU H[RU PDVFiUDV SDUD 726
YHUERVH Y PRGR
YHUERVH
H[DFW [ H[SDQGH Q~PHURV PRVWUD YDORUHV H[DWRV

85. @ IUDJPHQW I FRPELQD VRPHQWH R VHJXQGR RX PDLV IUDJPHQWRV
@ VQ FRPELQD SDFRWHV 73 VRPHQWH TXDQGR FRQILJXUD
61
@ YHUVLRQ 9 PRVWUD YHUVmR
2.6 The SINUS Firewall - a TCP/IP packet filter for Linux
@OOWY] KQYK _WK Y_^K ]YV_”ÁY NO QOOXMSKWOX^Y NO PSOaKVV OW
KWLSOX^O6SX_b8ÁYPKOWY]MYWZKK”ÉO]OX^OY3ZMRKSX]OY=38?=
9ZSWOSYT£_WZYN_^YZYX^YZKKP_XMSYXKY]OQ_XNY_WZYN_^Y
OW KWZVY NO]OX`YV`SWOX^Y :OVY WOXY] K `O]ÁY [_O PYS
NO]OX`YV`SNK ZKK Y UOXOV b NY 6SX_b 9 =38?= 0SOaKVV ]P
0SOaKVV¤_WZYTO^YNK?XS`O]SNKNONOD_S[_OMYWYMYXM_]YNK
=A3-2 NK OVOU_] :Kc]O` +1 O NK /2 D®SMR NO]OX`YV`SNY ZY
YLO^ 7_MR]OV YVKXN =MRWSN 3XPYWKӃO] ]YLO Y ZYTO^Y O
NYaXVYKNNYZYQKWKO]^ÁYOW$
http://www.ifi.unizh.ch/ikm/SINUS/firewall.html
ftp://ftp.ifi.unizh.ch/pub/security/firewall
9] NO]OX`YV`ONYO] KN`O^OW NY O]^KNY NO NO]OX`YV`SWOX^Y NY
]YP^aKO :Y^KX^Y OVO XÁY ]O _]KNY KSXNK ZKK K ]OQ_KX”K NO
ONO] MYW NKNY] M´^SMY] +N`O^OW KSXNK$ _]OY ZKK KZOXNSdKNY O
]O`YM XÁY^OWXOXR_WPSOaKVVY_XÁYMYXPSKXY[_O^OW
1
Há uma versão estável para versões de kernel mais antigos.
9]K]ZOM^Y]ZY]S^S`Y]NYZYQKWKO]^ÁYXY]O_WYNYNOK^_K”ÁY/VO
^KLKVRK MYW _W K[_S`Y NO MYXPSQ_K”ÁY
vO^MPSOaKVVNPSOaKVVMYXPv%KYMKOQKOVOV K]MYXPSQ_KӃO]
K´O]^YMKNK]2£KSXNKMYWYZKMY^O ]SPS^KQd _W ]O`SNY
Y ]YP^aKO ZKK PSOaKVV ZYZSKWOX^O NS^Y O _W MVSOX^O O]MS^Y
8
Há uma versão estável para versões de kernel mais antigos.
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 32

86. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
OW 4K`K _WK SX^OPKMO ZKK PKMSVS^K K ONS”ÁY NY PSOaKVVMYXP
MRKWKNY 0SOaKVV -YX^YV :KXOV 2£ Y_^Y]]SW K MYX^SL_S”ÁY NO
,OXONSM^ OPdO ZKK K VOS^_K] NY] VYQ] QOKNY] ZOVY =38?= ?WK
POKWOX^KLK]OKNKOW276OW=;6
-YWY XÁY R£ ZKMY^O] :7 XOW LSX£SY] +1D3: MYW =38?= ^OOWY]
[_O ZK]]K Y] ZK]]Y] NO MYWZSVK”ÁY NY ]YP^aKO 7O]WY ZY[_O R£
NO^KVRO][_OXÁYZYNOW]OXOQVSQOXMSKNY]ZOVYKV_XY
4£`SWY][_O_WPSOaKVVXY6SX_b¤SWZVOWOX^KNYOWX´`OVNOUOXOV
9 K[_S`Y v/+.7/v NY =38?= KN`O^O Y _]_£SY NK XOMO]]SNKNO NO
OMYWZSVK”ÁY NY UOXOV KWL¤W T£ WOXMSYXKWY] [_O `£SK]
NS]^SL_S”ÉO] 6SX_b T£ `OW MYW Y UOXOV ZYX^Y] ZKK PSOaKVVSXQ
:YMYX]OQ_SX^OMO^Y]NS]]YXÁY]OPKdXOMO]]£SYOMYWZSVK^YNY
Y UOXOV 8Y OX^KX^Y ZKK K MYWZSVK”ÁY NY =38?= ZOMS]KWY] NO
]YWOX^O _W K[_S`Y NK] PYX^O] NY UOXOV ?W YLTOM^ PSVO _]KNY XY
vVSXUv ZKK QOK Y ObOM_^£`OV NY ZYQKWK ]OW OVO K MYWZSVK”ÁY
PKVRK£7K]^OWY]_WKNSMKZKKO]YV`OYZYLVOWK%
-O^SPS[_O]O [_O `YM ^OW OW ]_K W£[_SXK _W KWLSOX^O NO
NO]OX`YV`SWOX^Y SX]^KVKNY QMM ROKNO] PSVO] O^M .OZYS]
SX]^KVO Y K[_S`Y [_O `OW MYW K] PYX^O] NY UOXOV$ UOXOV]Y_MO
S ZW.SQS^OY]OQ_SX^O$
URRW#DOSKD @ FG XVUOLEOLQX[DUFKLOLE
URRW#DOSKD OLE@ JFF 'BB$66(0%/BB WUDGLWLRQDO F FKHFNVXP6 Õ [atenção]
URRW#DOSKD OLE@ OV F
URRW#DOSKD OLE@ FKHFNVXP6 FKHFNVXPR
×
9L]O`O K ObS]^ XMSK NY K[_S`Y [_O NO]OTKWY]$ Y vMROMU]_WYv9
+QYK ZYNOWY] NO]MYWZKM^K Y K[_S`Y MYW K] PYX^O] NY =38?= ]_ZK
MS^KNY /]MYVRK _W NSO^¥SY K ]O_ QY]^Y =O `YM ZY]]_S Y 4.5
b O Y ZKMY^O =A381 R^^Z$aaaTK`K]_XMYW ZYNO MYWZSVK Y
9
Se você optar por recompilar o kernel, não execute o 'make clean' no fim do processo! Pois sabidamente ele apagará
todos os arquivos *.o gerados...
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 33

87. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
]P -YX^YV :KXOV =O NO]OTK ONS^O Y] ZK^R] XY NSO^¥SY
vMVSOX^7KUOPSVOSXv ZKK KT_]^K Y MKWSXRY ZKK K] MVK]]O] 4K`K
2£ _WK `O]ÁY XÁYYPSMSKV T£ MYWZSVKNK XK Z£QSXK
R^^Z$aaa]SX_]PSOaKVVYQ NY MVSOX^O NY -YX^YV :KXOV ZYNO ]O
_WK LYK YZ”ÁY ]O `YM ^S`O ZYLVOWK] MYW Y 4.5 MYW K] MVK]]O]
=A381Y_WO]WY]OXÁYNO]OTKMYWZSVKOWKWLSOX^O4K`K
/bOM_^OOX^ÁYXYNSO^¥SYKYXNO`YM SX]^KVY_K]PYX^O]$
MYXPSQ_O
WKUOevWKUOMVSOX^v]YWOX^OQOK£Y]P-YX^YV:KXOV
evWKUO]O`Ov]YWOX^OQOK£Y]O`SNY
+X^O] NY WKUO SX]^KVV `YM NO`O MSK _W XY`Y v_]_£SYv MRKWKNY
PSOaKVV KNSMSYXKXNY K ]OQ_SX^O VSXRK OW ]O_ K[_S`Y vO^MZK]]aNv
_]O_W_]OSNOQY_ZSNNO]YM_ZKNY]$
firewall:x:888:888::/dev/null:/bin/false
+Z¥] MSO _W XY`Y Q_ZY ^KWL¤W MRKWKNY PSOaKVV KNSMSYXKXNY O]^K]
VSXRK] XY ]O_ K[_S`Y vO^MQY_Zv XÁY ]O O][_O”K NO OPO^_K _W
LKMU_ZXY]K[_S`Y]KV^OKNY]$
firewall:x:888:
0OS^YS]]YKSX]^KVK”ÁYZYNO]OQ_S
WKUOSX]^KVVeZYNO]OvWKUO]O`OISX]^KVVv
9?vWKUOMVSOX^ISX]^KVVv
+ SX]^KVK”ÁY ZY ZKNÁY O ^KWL¤W ]O K MYWZSVK”ÁY ^KX]MYO_
XYWKVWOX^O ZÉO Y] ]OQ_SX^O] K[_S`Y] NY ]O`SNY XY WYWOX^Y
XY]YM_ZKOWY]MYWOVO]KZOXK]XO]^O]NSO^¥SY]$
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 34

88. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
_]VYMKV]LSX]PMKMMY_X^
_]VYMKV]LSX]PMÖYNKOWYX
`KVYQPSOaKVV { 'LOGS': arquivos de registros...
`KVYQPSOaKVV]Zc
`KVYQPSOaKVVOZY^
O^MPSOaKVVNeO]O`KNYZKKY]K[_S`Y]PSOaKVVMYXP
OPSOaKVVZK]]aN
VSLWYN_VO]WS]M]PYÖ_WWYN_VYSX]^KV£`OV
@KWY] SXSMSK Y =38?= 0SOaKVV :KK S]]Y ZOMS]KWY] NO _WK
MYXPSQ_K”ÁY ZYS] Y NSO^¥SY vO^MPSOaKVVNv O]^£ `KdSY KZ¥] Y
vWKUOSX]^KVVvPKV^KYK[_S`YPSOaKVVMYXP.OZYS][_OONS^K_WK
MYXPSQ_K”ÁYKYXY]]YQY]^YOXOMO]]SNKNO]SX]^KVKWY]YWYN_VY10MYW
vSX]WYNVSLWYN_VO]WS]M]PYv.OZYS]NKWY]ZK^SNKXYNKOWYX$
URRW#DOSKD @ LQVPRG OLEPRGXOHVPLVFVIR
URRW#DOSKD @ XVUORFDOVELQVIF VWDUW
,QLWLDOL]LQJ GDHPRQ
1R VRFNHW VHFXULW ILUHZDOOWRILUHZDOO FRPPXQLFDWLRQ GLVDEOH
*
URRW#DOSKD @
;_KXNY Y NKOWYX v]PMv N£ ZK^SNK OVO V K ]_K MYXPSQ_K”ÁY O
ObOM_^KK]OQK]NO]OTKNK]NOPSOaKVV?W K]ZOM^Y SX^OO]]KX^O NY
ZYQKWK NKOWYX ¤ [_O OVO MROMK K] SXMYX]S]^ XMSK] ZY]]´`OS]
MYX^SNK] XY PSOaKVVMYXP$ ^KX^Y NO OQK] [_KX^Y OY] NO
NSQS^K”ÁY=OS]]YKMYX^OMOOVOZ£KONO`YV`O_WZK]OOY€KY
_]_£SY -RO[_O ^KS] SXMYXQ_ XMSK] O OZS^K Y ZYMO]]Y ;_KX^Y K
10
Consulte a documentação diponível a respeito dos módulos instaláveis no Linux, ou mesmo as páginas manuais ('man
lsmod', 'man insmod', 'man rmmod').
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 35

89. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
WOX]KQOWOMYKNKXY]YMUO^]OM_S^c€XÁY]OZOYM_ZOOVKKZKOMO
[_KXNYY=38?=¤MYWZSVKNY]OWYZYQKWK/8]USZ/VOZY]]SLSVS^KK
MYXObÁY MSZ^YQKPKNK OX^O PSOaKVV] 7K] MYWY ^OWY] Y ==2 ZKK
O]]O SX^OX^Y ZYNOWY] KLS NO ^KV ]_ZY^O 2£ ^KWL¤W ]¤SY]
ZYLVOWK] NO MYWZSVK”ÁY NY /X]USZ
P^Z$P^Z^SUOOO^RdMRZ_LZKMUKQO]]USZXY6SX_b
:KKNO]VSQKY=38?=OWY`KYWYN_VYNKWOW¥SKvWWYN]PYvO
ZKOYNKOWYXMYWYMYWKXNYv_]VYMKV]LSX]PM]^YZv
;_KXNYNYNOL_QNOXY]]KMYXPSQ_K”ÁYO]^S`OZYX^YOO]^S`OWY]
]K^S]POS^Y] MYW K WYX^KQOW NK] OQK] NY PSOaKVV ZYNOWY] _]K _W
]MSZ^ZKKSXSMSKYXY]]YNKOWYXv]PMv+LKSbYO]^£_WObOWZVYNO
_W ]MSZ^ [_O _]KWY] OW XY]]K ONO ZYNO]O KNKZ^£VY §] WKS]
NS`O]K]]S^_KӃO]$
6FULSW SDUD LQLFLDU GDHPRQ GR 6,186 )LUHZDOO‹
H LQVWDODU PRGXOR
VIR
-DQHLUR GH
8VDGR QXP 6LVWHPD /LQX[ 5HG +DW NHUQHO
-=--=- -=--=--=--=--=--=--=--= --=-
HWFUFGLQLWGIXQFWLRQV ,QLFLD DTXL R VFULSW
IXQFWLRQV
FDVH LQ
VWDUW

90. JSULQWI 6WDUWLQJ V VI )LUHZDOO
LI WHVW U YDUUXQVIFSLG NLOO CFDW YDUUXQVIFSLGC
WKHQ
JSULQWI V H[LVWV V DOUHDG UXQQLQJ?Q ?
YDUUXQVIFSLG VIF
HOVH VELQLQVPRG OLEPRGXOHVPLVFVIR XVUORFDOVELQVIF VWDUW
HFKR VIF
IL
WRXFK YDUORFNVXEVVVIF
VWRS

91. JSULQWI 6WRSSLQJ V VI )LUHZDOO
XVUORFDOVELQVIF VWRS
JSULQWI 5HPRYLQJ 6,186 PRGXOH
VELQUPPRG VI
UP I YDUUXQVIFSLG
UP I YDUORFNVXEVVVIF
HFKR VIF
UHVWDUW

92. VWRS
VWDUW
VWDWXV

93. VWDWXV VIF
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 36

94. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
XVUORFDOVELQVIF VKRZ

95. JSULQWI 8VDJH V ^VWDUW_VWRS_VWDWXV_UHVWDUW`?Q VIF
H[LW
HVDF
H[LW
@KWY]KQYKKXKVS]KKMYX]^_”ÁYNOXY]]K]OQK]NOPSOaKVV[_O
PSMKKW MYX^SNK] XY PSOaKVVMYXP 9] K_^YO] MYVYMKW XY NSO^¥SY
v]KWZVO]v[_K^YK[_S`Y]NOMYXPSQ_K”ÁY§^´^_VYNOObOWZVYZKK
[_OYKNWSXS]^KNYO]^_NOY]$
¬ CheswickBellovin.conf
¬ MediumEnterprise.conf
¬ SimpleSample.conf
¬ SmallBusiness.conf
-YX]_V^OY] NOZYS] NO NYWSXK K] ^¤MXSMK] NO PSOaKVVSXQ 9] XYWO]
NY]K[_S`Y]T£NOWYX]^KWY]O_SX^OX^Y=YWOX^OYZSWOSY^KV`Od
XÁY Y ]OTK ;_OW XÁY O]^£ PKWSVSKSdKNY MYW K LSLVSYQKPSK ]YLO
]OQ_KX”K ZYNO XÁY MYXROM VY]$ A -RO]aSMU O = 7 ,OVVY`SX
]ÁY K_^YO] NO _W MV£]]SMY ]YLO Y ^OWK MRKWKNY 0SOaKVV] KXN
3X^OXO^ =OM_S^c$ OZOVVSXQ ^RO ASVc 2KMUO 9 ZSWOSY K[_S`Y]
^OX^KKZVSMKY]ZOMOS^Y]NO]MS^Y]XO]^OVS`Y
@KWY] _]K K[_S _W PSOaKVVMYXP KV^OXK^S`Y LOW ]SWZVO] ZKK
O]^_NK K NSXŸWSMK NY =38?= 0SOaKVV /VO O]^£ XY WKX_KV NY
ZYQKWK Y KV_XY Y OXMYX^K£ OW PYWK^Y R^WV XY NSO^¥SY
vNYMR^WVSXNObR^WVv NK NS]^SL_S”ÁY 7YNSPSMKWY] KVQ_WK] ZK^O]
WK]OW]´X^O]OOVOO]^£K´@OTKWY]$
_ 6DPSOH FRQILJXUDWLRQ IRU WKH VI )LUHZDOO_
VHWXS
LQWHUQDOQHWV
PDLOBGHIDXOW URRW#ORFDOKRVW
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 37

96. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
UXOHV
EORFN WFS WR SRUW
OLQN
SRUW
VXSGXS
QRWLILFDWLRQBOHYHO
EORFN RSWLRQV ORRVHBVRXUFHBURXWH VWULFWBVRXUFHBURXWH DOO
QRWLILFDWLRQBOHYHO
GHWHFWD URWDV VHFXQGiULDV SDUD D ,QWHUQHW
EORFN ULS IURP LQVLGH QRWLILFDWLRQBOHYHO
3HUPLWH D HQWUDGD GH UHTXLVLo}HV )73 SDUD QRVVR VHUYLGRU )73
DFFHSW WFS WR SRUW QRWLILFDWLRQBOHYHO
DFFHSW WFS WR SRUW QRWLILFDWLRQBOHYHO
3HUPLWH D HQWUDGD GH UHTXLVLo}HV )73 SDUD R VHUYLGRU 7HOQHW/RJLQ
DFFHSW WFS WR SRUW QRWLILFDWLRQBOHYHO
DFFHSW WFS WR SRUW QRWLILFDWLRQBOHYHO
DFFHSW DOO IURP WR QRWLILFDWLRQBOHYHO
EORTXHLD TXDOTXHU RXWUD UHTXLVLomR 73 H VRD R DODUPH
EORFN WFS QRWLILFDWLRQBOHYHO
QRWLILFDWLRQ
OHYHO
UHJLVWUD WRGDV DV FKHJDGDV GH FRQH[mR )73 SHUPLWLGDV
PHVVDJH 5HTXLVLFDR GH FRQH[DR )73
OHYHO
UHJLVWUD WRGDV DV FKHJDGDV GH FRQH[mR 7HOQHW SHUPLWLGDV
PHVVDJH 5HTXLVLFDR GH FRQH[DR 7HOQHW
OHYHO
UHJLVWUD WRGDV DV FKHJDGDV GH FRQH[mR ::: SHUPLWLGDV
PHVVDJH 5HTXLVLFDR GH FRQH[DR :::
OHYHO
UHJLVWUD WRGDV DV FKHJDGDV GH FRQH[mR 66+ SHUPLWLGDV
PHVVDJH 5HTXLVLFDR GH 6HFXUH VKHOO
OHYHO
PHVVDJH 5HGLUHFLRQDPHQWR ,03 UHFHELGR
OHYHO
PHVVDJH +D XPD URWD VHFXQGiULD SDUD D ,QWHUQHW
OHYHO
PHVVDJH 3DFRWH ,3 FRP RSFDR BVRXUFH URXWHB GHWHFWDGD
OHW VUVRXUFHKRVW VUVRXUFHKRVW WLPHRXW
LI VUVRXUFHKRVW WKHQ
PHVVDJH 3DFRWH ,3 FRP RSFDR BVRXUFH URXWHB GHWHFWDGD
VS
HQGLI
OHYHO
PHVVDJH RQH[DR 73 LOHJDO
OHW LOOWFSVRXUFHKRVW LOOWFSVRXUFHKRVW WLPHRXW
LI LOOWFSVRXUFHKRVW WKHQ
PHVVDJH RQH[DR 73 LOHJDO
PDLO
VS
HQGLI
OHYHO
'HVOLJD ,17(5)$( (7+
H[HF LIFRQILJ HWK GRZQ
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 38

97. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
HQG
9PSOaKVVMYXPZY]]_S^ ]LVYMY]NOMYXPSQ_K”ÁY]ÁYOVO]$
¾ SETUP
¾ RULES (pode-se usar também PRIMARY_RULES)
¾ NOTIFICATION
/X^OY]LVYMY]NOMYXPSQ_K”ÁYZYNOWY]^O MYWOX^£SY] KMOS^KXNY Y
]´WLYVY
Y_K]LKK]^KNSMSYXKS]NY-
9 LVYMY =/?: ¤ LOW M_^Y K´ MYVYMKWY] K SXPYWK”ÁY ]YLO XY]]K
^YZYVYQSK NO ONO SX^OXKVXO^] ZKK ^KLKVRK MYX^K Y SZ
]ZYYPSXQVS]^KXNYK]]SWXY]]KSX^KXO^9]3:] NO`OW ]O ]OZKKNY]
ZY`´Q_VK]O^OWSXKNY]MYWv%v:YNO]OK[_S^KWL¤WO]ZOMSPSMKY
XO^WK]U$ v# WK]U v =OQ_O]O NOZYS] K
SXPYWK”ÁYNY]OXNOO”Y]_]KNY]WKSVINOPK_V^ZOVY=38?=ZKK
Y O`OX^_KV OX`SY NO OWKSV] MYVY[_O [_KX^Y] NO]OTK ]OZKKXNYY]
ZY`´Q_VK]
9 LVYMY ?6/= ¤ Y ZSXMSZKV NY K[_S`Y 8O]^K ]O”ÁY K] VSXRK]
MYWO”KW YLSQK^YSKWOX^O MYW K] ZKVK`K]$+--/: KMOS^K Y] ZKMY^O]
OX`SKNY],69-59MYO]ZYXNOX^OKY./8CNY 3ZMRKSX] KLKXNYXK Y]
ZKMY^O] ]OW WKSYO] MYX]SNOKӃO] /4/- OTOS^K QOKXNY
T_]^SPSMK^S`KO9,=/@/MYX]^_´NKZKKQOSY]VYQ]NY=38?=+
SQY XÁY KMOS^K XOW OM_]K WK] NOSbK K NOMS]ÁY ZKK K Z¥bSWK
OQK :Y PSW K OQK] ]ÁY NSOMSYXKNK] ZKK _W X´`OV NO
XY^SPSMK”ÁY€ [_O ]O OXMYX^K XY ¦V^SWY LVYMY O ^OWSXKNK] MYW _W
v%v9]MYXMOS^Y]]ÁYLK]SMKWOX^OY]WO]WY]NY3ZMRKSX]O`YM NO`O
^KdO Y] ]O_] MYXROMSWOX^Y] 9 [_O W_NK ¤ ]SX^KbO XK] VSXRK] NO
MYXPSQ_K”ÁY:YNO]OSKO]_WSVKK]]SW$
[regra] proto. IP (de) porta XX IP (para) porta XX - nível de notificação
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 39

98. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
O^SKXNY_WObOWZVYNOXY]]YK[_S`YOXMYX^KWY]$
DFFHSW WFS WR SRUW QRWLILFDWLRQBOHYHO
;_KV OQK O]^KLOVOMO]O K[_S) +MOS^KWY] ZKMY^O] -: NY 3:
# ZY`OXSOX^O] NK ZY^K O ]O OX^KW Y] ZKMY^O]
ObOM_^K]OYXY^SPSMK^SYXIVO`OVNOX¦WOY;_OO]^KLOVOMO$
OHYHO
PHVVDJH 5HTXLVLFDR GH 6HFXUH VKHOO
/X`SKZKKYK[_S`YNOOQS]^YNY=38?=OWv`KVYQPSOaKVVvK
SXPYWK”ÁY[_ORY_`O_WKO[_S]S”ÁYXKZY^K
+VQ_WK] YL]O`K”ÉO] KSXNK ]YLO Y] ZKŸWO^Y] NY K[_S`Y$ ZYNOWY]
O]^KLOVOMO _WK OQK ZKK ^YNY] Y] ZY^YMYVY] KMOS^Y] MYW K PVKQ
vKVVv^KWL¤WO]^KLOVOMOPKSbK]NOZY^K]bbbbOMYXPSQ_KK]
PKSbK] NO OXNOO”Y] _]KXNY v^Y PYWv vNY 3: ^KV ZKK Y 3:
^KVv/bOWZVY$
EORFN DOO WR SRUW
IURP
QRWLILFDWLRQBOHYHO
9_^YZKŸWO^YSWZY^KX^´]]SWY¤vSX]SNOv[_OXÁY KZKOMO OW XY]]Y
K[_S`YObOWZVY 3X]SNO ¤ XY]]K SX^KXO^ NOPSXSNK MYWY `SWY] XK
PVKQSX^OXKVXO^]/VO¤MYWLSXKNYMYWYZKŸWO^Yv^YPYWv
/OX^ÁY]OO]^KLOVO”YZYObOWZVY$
EORFN WFS IURP LQVLGH WR SRUW QRWLILFDWLRQBOHYHO
,VY[_OSY [_KV[_O ZKMY^O -: NO WSXRK SX^KXO^ ZKK Y 3:
:Y]]Y SX`O^O vSX]SNOv _]KXNY vY_^]SNOv S]^Y ¤
[_KV[_O3:PYKNOWSXRKSX^KXO^
EORFN WFS IURP RXWVLGH WR SRUW QRWLILFDWLRQBOHYHO
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 40

99. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
:YPSWYLVYMY89303-+3988O]^K]O”ÁYMKNKX´`OVNOXY^SPSMK”ÁY
]O£O]^KLOVOMSNYX_WZK£QKPY3XSMSKXNY]OMYWKZKVK`KvVO`OVv
]OQ_SNY NO _W X¦WOY SNOX^SPSMKNY O v$v :YNO]O O]ZOMSPSMK K]
K”ÉO] XOMO]]£SK] K ]OOW SWZVKX^KNK] 9 X´`OV NO XY^SPSMK”ÁY
P_XMSYXKOWX´`OVNO]MSZ^/WZ]O_NYM¥NSQYPSMKSK$
SE
determinadas circunstâncias ocorrem...
Mande uma MENSAGEM...
E CHAMA (call) o Nível 900
Ø
NÍVEL 900
Se as circunstâncias ocorrem 10 vezes
DESLIGUE A INTERFACE ETH0!
» MVKY [_O NOWY] _W ObOWZVY KNSMKV @OTKWY] Y_^Y MK]Y YNY
KMO]]YKYWO_]O`SNYOVXO^OW_WKY_WKS]RY]^]ONSOMSYXYZKK
_WX´`OVNOXY^SPSMK”ÁY$
OHYHO
PHVVDJH ´6ROLFLWDFDR GH VHVVDR 7(/1(7 QD SRUWD µ
FDOO
-YWKVSXRKvMKVVvOOX`SYZKK_WK]_LY^SXKYvVO`OVv
OWWO_PSOaKVVMYXP9XNO$
OHYHO
OHW FRQQHFWLRQVVRXUFHKRVW FRQQHFWLRQVVRXUFHKRVW WLPHRXW
LI FRQQHFWLRQVVRXUFHKRVW ! WKHQ
UHSRUW
PHVVDJH ´$OJXHP HVWD WHQWDQGR DWLYDU PDLV GH FRQH[RHV 7HOQHWµ
´%ORTXHDQGR DFHVVR SRU VHJXQGRVµ
EORFN DOO IURP VRXUFHKRVW QRWLILFDWLRQBOHYHO WLPHRXW
FDOO
HQGLI
/]MVKOMOXNY$ K ZKVK`K vVO^v [_O SXSMSK K PK]O ZYNO O]^KLOVOMO
Y_ W_NK Y `KVY NO _WK `KS£`OV 8K ]OX^OX”K
vMYXXOM^SYX]$]Y_MORY]^vYZSWOSY^OWY¤K`KS£`OVO]Y_MORY]^
^KX^Y [_KX^Y NO]^RY]^ P_XMSYXK MYWY _W [_KVSPSMKNY -YXPSQ_KWY]
[_O ]O XY]]Y ]O`SNY OMOLO WKS] NY ( MSX[_OX^K MYXObÉO] NO
_W OXNOO”Y 3: Y ]Y_MORY]^$ OX`SY WOX]KQOW KY VYQ LVY[_OSY NO
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 41

100. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
KMO]]YKYOXNOO”Y3:NOYSQOWZY]OQ_XNY]O`KWY]ZKKK]_L
Y^SXK9KV_XYZYNOMYX]_V^KYWKX_KV276[_OXY]OPOSWY]
ZKK MROMK K] SX^OO]]KX^O] YZӃO] NO ]MSZ^ [_O Y =38?= YPOOMO
=ÁY O]^K] K] YZ”ÉO] NO ]MSZ^ [_O ZYNOW ]O _]KNK] XY LVYMY
XY^SPSMK^SYXIVO`OV$
7/==+1/$
.OPSXOKWOX]KQOWK]OOX`SKNKZKKYK[_S`YNOOQS]^YO^KWL¤W
¤_]KNYXYOWKSVO]ZOMSPSMKNYXYLVYMYv]O^_Zv+]WOX]KQOX]NO`OW
]OO]MS^K]OX^OK]ZK]
=C=691$
-YVYMKYOQS]^YMYOX^O^KWL¤WXYvVYQvNY]S]^OWK
/:9$
-YZSKYOQS]^YMYOX^OZKKYK[_S`YvPSOaKVVOZY^v
7+36$
/X`SKOWKSVZKKY]OXNOO”Y]O]ZOMSPSMKNY]XKMYXPSQ_K”ÁY
=:C$
3^OW W_S^Y SX^OO]]KX^O 8K NOPSXS”ÁY NO 7_MR]OV =MRWSN K
NOMVKK”ÁY v]Zcv SXSMSK _W MY_X^O SX^OVVSQOXMO€ =O_ YLTO^S`Y ¤
ZKK ]O MVKY O]ZSYXK Y RY]^ O Y _]_£SY [_O O]^£ ObOM_^KXNY _WK
K”ÁY NK [_KV ]O NO]MYXPSK 8Y XY]]Y ObOWZVY _W _]_£SY OW _W RY]^
^OX^Y_ PKdO MYXObÉO] X_W MO^Y ZKdY NO ^OWZY OW XY]]Y ^OVXO^
]O`O:YNO´KWY]^OMYXPSQ_KNYMYWv]Zcv`OTKWY]$
LI FRQQHFWLRQVVRXUFHKRVW ! WKHQ
VS Õ
UHSRUW
3]^Y ¤ ]O RY_`O WKS] NO MYXObÉO] OX^ÁY MYWOMO Y v]Zcv 9
v]Zcv¤_WZYMO]]YNOSNOX^SPSMK”ÁYNO_WRY]^_]_£SY_]KXNYY.8=
ZKK YL^O Y XYWO NY RY]^ Y ZY^YMYVY SNOX^ `£VSNY ]YWOX^O OW
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 42

101. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
MYXObÉO] -: PSXQO O _]O] + MYVO^K NO]]K SXPYWK”ÉO] ^OXRK
OVK bS^Y Y_ XÁY `ÁY ZKK Y VYQ MYWY PYS MYXPSQ_KNY MYW Y
vOZY^v ZYNO]OSK _^SVSdK ^KWL¤W WKSV O OX`SK ZY K´ Y]
O]_V^KNY]NY]Zc
RELEVEL:
Muda o nível de notificação para a regra que causou a ação.
EXEC:
Declaração bastante poderosa. Pois pode abrir um shell local e executar um comando. Assim, na certeza de um ataque
efetivo podemos desligar a nossa interface de rede (eth0, eth1, etc.) com a seguinte declaração 'exec':
H[HF LIFRQILJ HWK GRZQ
-+66$
-RKWKY_^YX´`OVNOObOM_”ÁYOYObOM_^K
LET:
Esta declaração pode mudar o valor de uma variável. O valor de timeout (em segundos) pode ser especificado no fim da
declaração 'let'. Observe o exemplo abaixo:
DFFHSW LFPS LFPSBHFKR WR LQVLGH QRWLILFDWLRQBOHYHO
Ø
QRWLILFDWLRQ
OHYHO
OHW SLQJFRXQWVRXUFHKRVW SLQJFRXQWVRXUFHKRVW WLPHRXW
LI SLQJFRXQWVRXUFHKRVW ! WKHQ
EORFN DOO IURP VRXUFHKRVW QRWLILFDWLRQBOHYHO WLPHRXW
HQGLI
?WW£[_SXK^OX^Y__WvZSXQvZKKKVQ_WKW£[_SXKNOXY]]KSX^KXO^Y
ZY^YMYVY¤3-7:/VO¤_]KNYZKKNSKQX¥]^SMY]OMYXNS”ÉO]NOOY
X_WK ONO 7K] O]^K W£[_SXK ObOM_^Y_ Y vZSXQv `OdO] (
NOX^Y MYW Y ^OWZY W£bSWY NO ]OQ_XNY] ^SWOY_^ K MKNK
vZSXQ]v:Y^KX^YLVY[_OSK]OKMYXObÁYZY ]OQ_XNY]
IF (if ... then ... endif):
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 43

102. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
Use como num shell script: para executar um fluxo de ações, se tal ou qual condição acontece.
9 ZYQKWK ]P 0SOaKVV -YX^YV :KXOV `O]ÁY ZYNO ]O _]KNY
ZKK K ONS”ÁY NY PSOaKVVMYXP +] WO]WK] KN`O^ XMSK] POS^K] XK]
VS”ÉO] ]YLO Y 3ZMRKSX] O ]_K ONS”ÁY `SK 6SX_bMYXP `KVOW K[_S ?W
ZYQKWK1?3MYWY]P-YX^YV:KXOVZYNOKT_NKWK]¤ZOMS]Y]KLO
Y [_O O]^£ PKdOXNY MYXROMO Y] MYXMOS^Y] O Y] P_XNKWOX^Y] NO _W
PSOaKVV OW QOKV O NK ZYZY]^K NY =38?= OW ZK^SM_VK 9 ]P
-YX^YV :KXOV ¤ _W ZYQKWK POS^Y OW 4K`K XÁY Y _^SVSdKWY] XY
ASXNYa]Y_OW[_KV[_OY_^KZVK^KPYWK.OWKXOSK[_OXÁYZYNOWY]
PKdO_WKK`KVSK”ÁYNO]O_]O]_V^KNY]
9 K[_S`Y v_Xv [_O MRKWK Y ZYQKWK ¤ _W ]MSZ^ [_O KT_]^K Y
MVK]]ZK^R 4K`K ZKK ZY]]SLSVS^K K ObOM_”ÁY NY ZYQKWK 0K”K Y]
KT_]^O] ]O PYOW XOMO]]£SY] KLO _WK ]O]]ÁY B^OW O Y ObOM_^O NY
NSO^¥SYYXNOOVOPYSSX]^KVKNY$v_Xv+]P_X”ÉO]NY]P-YX^YV
]ÁY LK]SMKWOX^O K_^YObZVSMK^S`K] 9 SX^OO]]KX^O NY ]YP^aKO ¤ ]_K
MKZKMSNKNO NO K_^YMYXPSQ_K”ÁY€ Y_ ]OTK `YM WYX^K _WK
^YZYVYQSK NO ONO ONS^KRY]^ Y RY]^ PSOaKVV K ONO OW ]S O Y
KMO]]Y K 3X^OXO^ / NOZYS] ]KV`K X_W K[_S`Y O KXKVS]£VY MYW Y]
ZY]^OSYO]KT_]^O]@YM ZYNOKLSK]_KW£[_SXKPSOaKVVZOVY]P
-YX^YV S]]Y ]O ^S`O MYWZSVKNY Y ]O`SNY =38?= MYW Y ZKMY^O NK
/8]USZZYNOXNYO]^ÁY_]KYZY^YMYVY0SOaKVV^Y0SOaKVV
+] YZOK”ÉO] MYW Y =P -YX^YV MYWO”KW MYW K ONS”ÁY NK ^YZYVYQSK NO
ONO:KKS]]Y]OO]MYVROXYWOX_KYZ”ÁY/NS^^YZYVYQc€$
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 44

103. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 45

104. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
.OZYS]¤XOMO]]£SYWYX^KK^YZYVYQSKZYZSKWOX^ONS^KO]MYVROXNY
K] _XSNKNO] K ]OOW MYXPSQ_KNK] 8K ^OVK KMSWK O]^£ _W ObOWZVY NK
MYXPSQ_K”ÁY NO _WK W£[_SXK PSOaKVV :YNOWY] MYW _W RY]^ ]O`SNY
MYXPSQ_£VY MYW `£SY] ]O`S”Y] ZY]]´`OS] 0: =OM_O AAA ]O`O
==2]O`OO^MVSLOKXNYY_XÁYZKKYKMO]]YZ¦LVSMY/XMOKNK
K SNOX^SPSMK”ÁY NO XY]]K ONO ]K´WY] NY vWYNY ^YZYVYQSKv XO]]O
SX]^KX^O Y ]P -YX^YV K`KVSK ]O R£ SXMYX]S]^ XMSK] OW XY]]K
^YZYVYQSK=O^_NYO]^£YUZYNOWY]O]MYVRO Y vK_^YMYXPSQv .OZYS]
ZYNOWY] O`O MYXPYWO XY]]Y QY]^Y K] MYXPSQ_KӃO] 8K ^OVK
]OQ_SX^OO]^KWY]ONS^KXNYYLVYMYNO]O^_Zv_VO]v$
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 46

105. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
+QYK `KWY] `O Y WOMKXS]WY NO OQS]^Y NY =38?= 0SOaKVV =OW
N¦`SNK _W NY] ZYX^Y] PY^O] NY ]YP^aKO 4£ [_O K WYX^KQOW NO _W
PSOaKVV ]SQXSPSMK OW QKXNO ZK^O `SQSVŸXMSK +]]SW OQS]^K OW
K[_S`Y] ]OQ_Y] Y WY`SWOX^Y NO OX^KNK O ]K´NK NO ZKMY^O] O KV¤W
NYWKS]QK”K]§MKZKMSNKNONO]MSZ^NYZYQKWKObOM_^KK”ÉO]¤
P_XNKWOX^KVZKKYKNWSXS]^KNYNO_WKONO
4£ `SWY] [_O Y K[_S`Y NO VYQ P_XNKWOX^KV NY =38?= MRKWK]O
v`KVYQPSOaKVVv @YM NO`O SX`O]^SQ£VY ]OWZO ZYS] ^YNY Y
WY`SWOX^Y NO ZKMY^O] ¤ XOVO QK`KNY K]]SW MYWY K] YZOK”ÉO]
MYXPSQ_KNK]XYXY^SPSMK^SYXIVO`OV=OK]_KONO¤NOQKXNOZY^O
OZY^KX^YOMOLO_W^£POQYW_S^YSX^OX]Y¤KMYX]OVR£`OV_]K_WK
ZK^S”ÁY ]OZKKNK ZKK Y NSO^¥SY v`KVYQv -YW OPOS^Y ZYNOWY]
_]KYMYWKXNYv^KSVvZKKSX]ZOMSYXKYVYQQK`KNYXYK[_S`YMYW
Y KM¤]MSWY NK PVKQ P ZKK PY”K K VOS^_K NY PSW NY K[_S`Y
:YObOWZVY$
URRW#DOSKD ORFDO@ WDLO I YDUORJILUHZDOO
)HE V

106. DFFHSW 73 !WHOQHW
)HE 7HOQHW FRQQHFWLRQ UHTXHVW
)HE V

107. EORFN 73 !ZZZ
)HE ,OOHJDO 73 FRQQHFWLRQ
)HE VHQGLQJ PDLO WR URRW
)HE VWDUWHG FRXQWHU LQWHOOLJHQFH DJDLQVW KRVW
)HE V

108. EORFN 73 !DXWK
)HE ,OOHJDO 73 FRQQHFWLRQ
)HE VHQGLQJ PDLO WR URRW
)HE V

109. EORFN 73 !DXWK
)HE ,OOHJDO 73 FRQQHFWLRQ
)HE V

110. EORFN 73 !ILQJHU
)HE ,OOHJDO 73 FRQQHFWLRQ
)HE V

111. EORFN 73 !ILQJHU
)HE ,OOHJDO 73 FRQQHFWLRQ
)HE V

112. EORFN 73 !DXWK
)HE ,OOHJDO 73 FRQQHFWLRQ
)HE V

113. EORFN 73 !ILQJHU
)HE ,OOHJDO 73 FRQQHFWLRQ
6HJXH

114. OWY] K[_S _WK WY]^K NK ]O[_ XMSK NO OX^KNK] OQS]^KNK] MYW Y
W ]YNSKKRYKKKN`O^ XMSKYMYSNKOXNOO”Y]3:ZY^YMYVY]
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 47

115. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
OW [_O]^ÁY O^M 2£ N_K] OX^KNK] NO OX`SY NO WKSV ZKK Y _]_£SY
YY^ VSXRK] O # 9 MYXROMSNY VOS^Y NO WKSV] :38/ KM_]K Y
OMOLSWOX^YNKWOX]KQOW$
9 MYWKXNY ^KSV _]KNY K]]SW ]O`O MYWY _WK `S]ÁY€ SX]^KX^ŸXOK NK
^£POQYNOONOOVOOMYK£]OWZKKY]VYQ]MYX^SNY]OWPSOaKVV
K^¤[_OObOM_^O]O_Wv-YX^YV-v+PYWKWKS]ZYN_^S`K¤_]KY]
^OWSXKS] `S^_KS] ZY ObOWZVY ! O [_O ]KLSNKWOX^O ]ÁY
KVMKX”KNY] MYW v+60!vY_ _]O Y ^OWSXKV [_O NO]OTK :KK
^KX^YONS^OYK[_S`YSXS^^KLONS^OK]]OQ_SX^O]VSXRK]$
À 7:2345:respawn:/usr/bin/tail -f /var/log/firewall /dev/tty7
@YM ZYNO^KWL¤W[_OOVO€Y]O_v`KVYQWO]]KQO]vX_W^OWSXKV
`S^_KV_]OYZY^KX^Y+60` VY$
À 8:2345:respawn:/usr/bin/tail -f /var/log/messages /dev/tty8
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 48

116. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
+MYX]OVRKWY] ^KWL¤W Y _]Y NO _W ¥^SWY ]MSZ^ OW :OV O]MS^Y ZY
7SMRKOV,KLMYMUR^^Z$aaaVSX_b]_ZZY^VSXOMYWhZQZVSX_bMRKWKNY
6YQMYVYS]O VYQMYVYS]O!^KQd ¤ K `O]ÁY [_O _]KWY] /VO
^OW K MKZKMSNKNO NO Z¡ MYO] XY] K[_S`Y] NO VYQ NO WKXOSK [_O
ZYNOKMOX^_KNO^OWSXKNK]ZKVK`K]O]ZOM´PSMK]
=O`YM NO]OTK`O€Y]VYQ]QOKNY]WK]SXSMSKY]O_]S]^OWKOW
vSXS^ v Y_ WO]WY O]^S`O ]OWZO OW KWLSOX^O Q£PSMY O XÁY
NO]OTK ]KS NOVO ZYNO _]K K Y ZYQKWK bMYX]YVO ZO]OX^O XK
[_K]O ^Y^KVSNKNO NK] NS]^SL_SӃO] 6SX_b 9 bMYX]YVO WYXS^YK K]
WOX]KQOX]NYMYX]YVOXYBASXNYa@YM ZYNO_]KXY]O_vbSXS^MvY
MYWKXNY$
tail -f /var/log/firewall /dev/console
/OX^ÁY$
xconsole -exitOnFail
8O]^K^OVK`OWY]_WObOWZVYNOObOM_”ÁYXYbMYX]YVO$
9 NKOWYX NY =38?= v]PMv KMOS^K KVQ_WK] SWZY^KX^O] YZӃO] XK ]_K
VSXRKNOMYWKXNY=ÁYOVK]$
11
Portanto, para usá-lo você precisa de Perl em seu sistema (5.x)...
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 49

117. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
VWDUW FRQILJ@ ,QLFLD R GDHPRQ XVDQGR SRU SDGUmR R DUTXLYR
HWFILUHZDOOGILUHZDOO
HQWUH FRP RXWUR
DUTXLYR VH TXLVHU H[HPSOR
VIF VWDUW XVU
ORFDOWPSILUHZDOOWHVWH

118. VWRS 'HVOLJD R GDHPRQ PDV QmR GHVFDUUHJD R PRGXOR
UHFRQILJ FRQILJ@ 'HVOLJD R GDHPRQ H UHLQLFLDR FRP XP QRYR
IOXVK RX IOXVKBDOO@ DUTXLYR GH FRQILJXUDomR
CUHFRQILJ
QmR SDUDOLVD DV FRQH[}HV 73
DR PHQRV TXH VH XVH
IOXVK
RX
IOXVKBDOO
CIOXVK
GHVWUyL WRGDV DV FRQH[}HV TXH QmR
VmR SHUPLWLGDV QD QRYD FRQILJXUDomR Mi
CIOXVKBDOO
GHVWUyL WRGDV DV FRQH[}HV 73
H[LVWHQWHV
FKHFNFRQILJ FRQILJ@ KHFD R DUTXLYR GH FRQILJXUDomR
SRU HUURV GH VLQWD[H
3DGUmR HWFILUHZDOOGILUHZDOOFRQI

119. VKRZ 0RVWUD D FRQILJXUDomR XVDGD H DV FRQH[}HV 73
VKRZWFS 0RVWUD DSHQDV DV FRQH[}HV 73
NLOO LGNHFULDGR 0DWD FRQH[mR 73 HVSHFLILFDGD
NLOODOO 0DWD WRGDV DV FRQH[}HV 73
NLOOLGOH PLQXWRV 0DWD WRGDV DV FRQH[}HV 73 RFLRVDV SRU ; PLQXWRV
UHVHWXVDJH
5HVHW XVDJH FRXQWHUV
/]^K] YZ”ÉO] ]ÁY W_S^Y SWZY^KX^O] =YLO^_NY XK MYX]^_”ÁY NY
XY^SPSMK^SYXIVO`OV :YNOWY] MYX]^_S SX^OO]]KX^O] O]^K^¤QSK]
_]KXNY K NOMVKK”ÁY vObOMv OW MYXT_X^Y MYW O]^K] PVKQ] ?WK YZ”ÁY
NO`OK] SWZY^KX^O ¤ K ]K´NK ZY]]SLSVS^KNK ZY v]PM ]RYav KV¤W NO
VS]^K XY]]K MYXPSQ_K”ÁY XY O]]OXMSKV VS]^K K] MYXObÉO] K^S`K]
WY]^K] ]_K] vSNUOc]v [_O ZYNOOWY] _]K ZKK NO_LK MYXObÉO]
[_O ]O WY]^OW ZOSQY]K] /S] _WK ]K´NK NY NKOWYX YL]O`O MYW K]
SXPYWK”ÉO]]ÁYPKMSVWOX^OSNOX^SPSMKNK]$
URRW#DOSKD DGP@ XVUORFDOVIF VKRZ
$FWLYH UXOHV XVDJH FRXQWHUV ODVW UHVHW DW 6DW )HE
XUVR GH 6HJXUDQoD HP 5HGHV /LQX[ ZZZFLSVJDRUJEU FXUVRV#FLSVJDRUJEU 3iJLQD 50

120. RPLWr GH ,QFHQWLYR D 3URGXomR GR 6RIWZDUH *UDWXLWR H $OWHUQDWLYR ± ,36*$
OLQH

121. VWDWLF XVDJH WLPHV
EORFN QRWLILFDWLRQ OHYHO
SURWRFRO 73

122. WR SRUW OLQN

123. SRUW VXSGXS

124. OLQH

125. VWDWLF XVDJH WLPHV
EORFN QRWLILFDWLRQ OHYHO
DOO SURWRFROV
RSWLRQV CORRVH VRXUFH URXWH
CVWULFW VRXUFH URXWH
OLQH

126. VWDWLF XVDJH WLPHV
EORFN QRWLILFDWLRQ OHYHO
SURWRFRO 5,3
IURP
OLQH

127. VWDWLF XVDJH WLPH EWHV
DFFHSW QRWLILFDWLRQ OHYHO
SURWRFRO 73

128. CIWSBDOO
WR SRUW VVK

129. OLQH

130. VWDWLF XVDJH WLPHV
DFFHSW QRWLILFDWLRQ OHYHO
SURWRFRO 73

131. CIWSBDOO
WR SRUW IWS

132. OLQH

133. VWDWLF XVDJH WLPH EWHV
DFFHSW QRWLILFDWLRQ OHYHO
SURWRFRO 73

134. CIWSBDOO
WR SRUW WHOQHW

135. OLQH

136. VWDWLF XVDJH WLPHV
DFFHSW QRWLILFDWLRQ OHYHO
SURWRFRO 73

137. CIWSBDOO
WR SRUW ZZZ

138. OLQH