ایران سرفراز- نرم افزار وپروژهای دانشجویی


نرم افزار وپروژهای دانشجویی

امنیت سرور لینوکس ٣

<!-- /* Font Definitions */ @font-face {font-family:Helvetica; panose-1:2 11 5 4 2 2 2 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:Courier; panose-1:2 7 4 9 2 2 5 2 4 4; mso-font-charset:0; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:fixed; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Tms Rmn"; panose-1:2 2 6 3 4 5 5 2 3 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:Helv; panose-1:2 11 6 4 2 2 2 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"New York"; panose-1:2 4 5 3 6 5 6 2 3 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:System; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:Wingdings; panose-1:5 0 0 0 0 0 0 0 0 0; mso-font-charset:2; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:0 268435456 0 0 -2147483648 0;} @font-face {font-family:"MS Mincho"; panose-1:2 2 6 9 4 2 5 8 3 4; mso-font-alt:"MS 明朝"; mso-font-charset:128; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:fixed; mso-font-signature:1 134676480 16 0 131072 0;} @font-face {font-family:Batang; panose-1:2 3 6 0 0 1 1 1 1 1; mso-font-alt:바탕; mso-font-charset:129; mso-generic-font-family:auto; mso-font-format:other; mso-font-pitch:fixed; mso-font-signature:1 151388160 16 0 524288 0;} @font-face {font-family:SimSun; panose-1:2 1 6 0 3 1 1 1 1 1; mso-font-alt:宋体; mso-font-charset:134; mso-generic-font-family:auto; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:1 135135232 16 0 262144 0;} @font-face {font-family:PMingLiU; panose-1:2 1 6 1 0 1 1 1 1 1; mso-font-alt:新細明體; mso-font-charset:136; mso-generic-font-family:auto; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:1 134742016 16 0 1048576 0;} @font-face {font-family:"MS Gothic"; panose-1:2 11 6 9 7 2 5 8 2 4; mso-font-alt:"MS ゴシック"; mso-font-charset:128; mso-generic-font-family:modern; mso-font-pitch:fixed; mso-font-signature:1 134676480 16 0 131072 0;} @font-face {font-family:Dotum; panose-1:2 11 6 0 0 1 1 1 1 1; mso-font-alt:돋움; mso-font-charset:129; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:fixed; mso-font-signature:1 151388160 16 0 524288 0;} @font-face {font-family:SimHei; panose-1:2 1 6 0 3 1 1 1 1 1; mso-font-alt:黑体; mso-font-charset:134; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:fixed; mso-font-signature:1 135135232 16 0 262144 0;} @font-face {font-family:MingLiU; panose-1:2 1 6 9 0 1 1 1 1 1; mso-font-alt:細明體; mso-font-charset:136; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:fixed; mso-font-signature:1 134742016 16 0 1048576 0;} @font-face {font-family:Mincho; panose-1:2 2 6 9 4 3 5 8 3 5; mso-font-alt:明朝; mso-font-charset:128; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:fixed; mso-font-signature:1 134676480 16 0 131072 0;} @font-face {font-family:Gulim; panose-1:2 11 6 0 0 1 1 1 1 1; mso-font-alt:굴림; mso-font-charset:129; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:fixed; mso-font-signature:1 151388160 16 0 524288 0;} @font-face {font-family:Century; panose-1:2 4 6 3 5 7 5 2 3 3; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Angsana New"; panose-1:2 2 6 3 5 4 5 2 3 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:16777219 0 0 0 65537 0;} @font-face {font-family:"Cordia New"; panose-1:2 11 3 4 2 2 2 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:16777219 0 0 0 65537 0;} @font-face {font-family:Mangal; panose-1:0 0 4 0 0 0 0 0 0 0; mso-font-charset:1; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:32768 0 0 0 0 0;} @font-face {font-family:Latha; panose-1:2 0 4 0 0 0 0 0 0 0; mso-font-charset:1; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:1048576 0 0 0 0 0;} @font-face {font-family:Sylfaen; panose-1:1 10 5 2 5 3 6 3 3 3; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:67110535 0 0 0 159 0;} @font-face {font-family:Vrinda; panose-1:1 1 6 0 1 1 1 1 1 1; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:65539 0 0 0 1 0;} @font-face {font-family:Raavi; panose-1:2 0 5 0 0 0 0 0 0 0; mso-font-charset:1; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131072 0 0 0 0 0;} @font-face {font-family:Shruti; panose-1:2 0 5 0 0 0 0 0 0 0; mso-font-charset:1; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:262144 0 0 0 0 0;} @font-face {font-family:Sendnya; panose-1:0 0 4 0 0 0 0 0 0 0; mso-font-charset:1; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:0 0 0 0 0 0;} @font-face {font-family:Gautami; panose-1:2 0 5 0 0 0 0 0 0 0; mso-font-charset:1; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:2097152 0 0 0 0 0;} @font-face {font-family:Tunga; panose-1:0 0 4 0 0 0 0 0 0 0; mso-font-charset:1; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:4194304 0 0 0 0 0;} @font-face {font-family:"Estrangelo Edessa"; panose-1:3 8 6 0 0 0 0 0 0 0; mso-font-charset:1; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:-2147459008 0 128 0 0 0;} @font-face {font-family:"Arial Unicode MS"; panose-1:2 11 6 4 2 2 2 2 2 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:1627421319 -2147483648 8 0 66047 0;} @font-face {font-family:Tahoma-Bold; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:auto; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"TimesNewRoman\,Bold"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:auto; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Arial\,Italic"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:auto; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Arial\,Bold"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:auto; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Adobe Caslon Pro Bold"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:135 0 0 0 155 0;} @font-face {font-family:"Adobe Caslon Pro"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:135 0 0 0 155 0;} @font-face {font-family:"Adobe Garamond Pro Bold"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:135 0 0 0 155 0;} @font-face {font-family:"Adobe Garamond Pro"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:135 0 0 0 155 0;} @font-face {font-family:"Arno Pro"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Arno Pro Caption"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Arno Pro Display"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Arno Pro SmText"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Arno Pro Subhead"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Arno Pro Light Display"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Arno Pro Smbd"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Arno Pro Smbd Caption"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Arno Pro Smbd Display"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Arno Pro Smbd SmText"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Arno Pro Smbd Subhead"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Bell Gothic Std Black"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Bell Gothic Std Light"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Bickham Script Pro Regular"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:script; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:7 0 0 0 147 0;} @font-face {font-family:"Bickham Script Pro Semibold"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:script; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:7 0 0 0 147 0;} @font-face {font-family:"Birch Std"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Blackoak Std"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Brush Script Std"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Chaparral Pro"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:135 0 0 0 155 0;} @font-face {font-family:"Charlemagne Std"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Cooper Std Black"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Eccentric Std"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Garamond Premr Pro"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Garamond Premr Pro Smbd"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Giddyup Std"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Hobo Std"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Kozuka Gothic Pro B"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"\@Kozuka Gothic Pro B"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"Kozuka Gothic Pro EL"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"\@Kozuka Gothic Pro EL"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"Kozuka Gothic Pro H"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"\@Kozuka Gothic Pro H"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"Kozuka Gothic Pro L"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"\@Kozuka Gothic Pro L"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"Kozuka Gothic Pro M"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"\@Kozuka Gothic Pro M"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"Kozuka Gothic Pro R"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"\@Kozuka Gothic Pro R"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"Kozuka Mincho Pro B"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"\@Kozuka Mincho Pro B"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"Kozuka Mincho Pro EL"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"\@Kozuka Mincho Pro EL"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"Kozuka Mincho Pro H"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"\@Kozuka Mincho Pro H"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"Kozuka Mincho Pro L"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"\@Kozuka Mincho Pro L"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"Kozuka Mincho Pro M"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"\@Kozuka Mincho Pro M"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"Kozuka Mincho Pro R"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"\@Kozuka Mincho Pro R"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:515 134676480 16 0 131077 0;} @font-face {font-family:"Letter Gothic Std"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:fixed; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Lithos Pro Regular"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:decorative; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:135 0 0 0 155 0;} @font-face {font-family:"Mesquite Std"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Minion Pro"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Minion Pro Cond"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Minion Pro Med"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Minion Pro SmBd"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Myriad Pro"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Myriad Pro Cond"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Myriad Pro Light"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Nueva Std Cond"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"OCR A Std"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:fixed; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Orator Std"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:fixed; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Poplar Std"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Prestige Elite Std"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:fixed; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Rosewood Std Regular"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Stencil Std"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:modern; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Tekton Pro"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:135 0 0 0 155 0;} @font-face {font-family:"Tekton Pro Cond"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:135 0 0 0 155 0;} @font-face {font-family:"Tekton Pro Ext"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:135 0 0 0 155 0;} @font-face {font-family:"Trajan Pro"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:135 0 0 0 155 0;} @font-face {font-family:Marlett; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:2; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:0 268435456 0 0 -2147483648 0;} @font-face {font-family:"Lucida Console"; panose-1:2 11 6 9 4 5 4 2 2 4; mso-font-charset:0; mso-generic-font-family:modern; mso-font-pitch:fixed; mso-font-signature:-2147482993 6144 0 0 31 0;} @font-face {font-family:"Lucida Sans Unicode"; panose-1:2 11 6 2 3 5 4 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-2147476737 14699 0 0 63 0;} @font-face {font-family:Verdana; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:536871559 0 0 0 415 0;} @font-face {font-family:"Arial Black"; panose-1:2 11 10 4 2 1 2 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Comic Sans MS"; panose-1:3 15 7 2 3 3 2 2 2 4; mso-font-charset:0; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:Impact; panose-1:2 11 8 6 3 9 2 5 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:Georgia; panose-1:2 4 5 2 5 4 5 2 3 3; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Franklin Gothic Medium"; panose-1:2 11 6 3 2 1 2 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Palatino Linotype"; panose-1:2 4 5 2 5 5 5 3 3 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-536870009 1073741843 0 0 415 0;} @font-face {font-family:"Trebuchet MS"; panose-1:2 11 6 3 2 2 2 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:Webdings; panose-1:5 3 1 2 1 5 9 6 7 3; mso-font-charset:2; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:0 268435456 0 0 -2147483648 0;} @font-face {font-family:"MV Boli"; panose-1:2 0 5 0 3 2 0 9 0 0; mso-font-charset:1; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:0 0 256 0 0 0;} @font-face {font-family:AngsanaUPC; panose-1:2 2 6 3 5 4 5 2 3 4; mso-font-charset:222; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:16777219 0 0 0 65536 0;} @font-face {font-family:BrowalliaUPC; panose-1:2 11 6 4 2 2 2 2 2 4; mso-font-charset:222; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:16777219 0 0 0 65536 0;} @font-face {font-family:"Browallia New"; panose-1:2 11 6 4 2 2 2 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:16777219 0 0 0 65537 0;} @font-face {font-family:CordiaUPC; panose-1:2 11 3 4 2 2 2 2 2 4; mso-font-charset:222; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:16777219 0 0 0 65536 0;} @font-face {font-family:DilleniaUPC; panose-1:2 2 6 3 5 4 5 2 3 4; mso-font-charset:222; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:16777217 0 0 0 65536 0;} @font-face {font-family:EucrosiaUPC; panose-1:2 2 6 3 5 4 5 2 3 4; mso-font-charset:222; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:16777217 0 0 0 65536 0;} @font-face {font-family:FreesiaUPC; panose-1:2 11 6 4 2 2 2 2 2 4; mso-font-charset:222; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:16777217 0 0 0 65536 0;} @font-face {font-family:IrisUPC; panose-1:2 11 6 4 2 2 2 2 2 4; mso-font-charset:222; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:16777217 0 0 0 65536 0;} @font-face {font-family:JasmineUPC; panose-1:2 2 6 3 5 4 5 2 3 4; mso-font-charset:222; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:16777217 0 0 0 65536 0;} @font-face {font-family:KodchiangUPC; panose-1:2 2 6 3 5 4 5 2 3 4; mso-font-charset:222; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:16777217 0 0 0 65536 0;} @font-face {font-family:LilyUPC; panose-1:2 11 6 4 2 2 2 2 2 4; mso-font-charset:222; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:16777217 0 0 0 65536 0;} @font-face {font-family:Aharoni; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:177; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:6145 0 0 0 32 0;} @font-face {font-family:David; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:177; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:6145 0 0 0 32 0;} @font-face {font-family:"David Transparent"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:177; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:6145 0 0 0 32 0;} @font-face {font-family:FrankRuehl; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:177; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:6145 0 0 0 32 0;} @font-face {font-family:"Levenim MT"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:177; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:6145 0 0 0 32 0;} @font-face {font-family:Miriam; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:177; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:6145 0 0 0 32 0;} @font-face {font-family:"Miriam Transparent"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:177; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:6145 0 0 0 32 0;} @font-face {font-family:"Miriam Fixed"; panose-1:0 0 0 9 0 0 0 0 0 0; mso-font-charset:177; mso-generic-font-family:modern; mso-font-pitch:fixed; mso-font-signature:6145 0 0 0 32 0;} @font-face {font-family:"Fixed Miriam Transparent"; panose-1:0 0 0 9 0 0 0 0 0 0; mso-font-charset:177; mso-generic-font-family:modern; mso-font-pitch:fixed; mso-font-signature:6145 0 0 0 32 0;} @font-face {font-family:Narkisim; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:177; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:6145 0 0 0 32 0;} @font-face {font-family:Rod; panose-1:0 0 0 9 0 0 0 0 0 0; mso-font-charset:177; mso-generic-font-family:modern; mso-font-pitch:fixed; mso-font-signature:6145 0 0 0 32 0;} @font-face {font-family:"Rod Transparent"; panose-1:0 0 0 9 0 0 0 0 0 0; mso-font-charset:177; mso-generic-font-family:modern; mso-font-pitch:fixed; mso-font-signature:6145 0 0 0 32 0;} @font-face {font-family:"Traditional Arabic"; panose-1:2 1 0 0 0 0 0 0 0 0; mso-font-charset:178; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:24577 0 0 0 64 0;} @font-face {font-family:"Arabic Transparent"; panose-1:2 1 0 0 0 0 0 0 0 0; mso-font-charset:178; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:8193 0 0 0 64 0;} @font-face {font-family:Andalus; panose-1:2 1 0 0 0 0 0 0 0 0; mso-font-charset:178; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:24577 0 0 0 64 0;} @font-face {font-family:"Simplified Arabic"; panose-1:2 1 0 0 0 0 0 0 0 0; mso-font-charset:178; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:8193 0 0 0 64 0;} @font-face {font-family:"Simplified Arabic Fixed"; panose-1:2 1 0 9 0 0 0 0 0 0; mso-font-charset:178; mso-generic-font-family:modern; mso-font-pitch:fixed; mso-font-signature:8193 0 0 0 64 0;} @font-face {font-family:Kartika; panose-1:2 2 5 3 3 4 4 6 2 3; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:8388611 0 0 0 1 0;} @font-face {font-family:"\@MS Gothic"; panose-1:2 11 6 9 7 2 5 8 2 4; mso-font-charset:128; mso-generic-font-family:modern; mso-font-pitch:fixed; mso-font-signature:1 134676480 16 0 131072 0;} @font-face {font-family:FantasyMatrix; panose-1:0 0 4 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:FantasyMatrixSmall; panose-1:0 0 4 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Jokerman Alts LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"University Roman Alts LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"Smudger Alts LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"HolidayPi BT"; panose-1:5 12 1 2 1 2 9 2 2 2; mso-font-charset:2; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:0 268435456 0 0 -2147483648 0;} @font-face {font-family:"OldDreadfulNo7 BT"; panose-1:4 8 8 5 6 1 7 1 8 2; mso-font-charset:0; mso-generic-font-family:decorative; mso-font-pitch:variable; mso-font-signature:135 0 0 0 27 0;} @font-face {font-family:"MisterEarl BT"; panose-1:3 8 8 2 2 3 2 2 2 3; mso-font-charset:0; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:135 0 0 0 27 0;} @font-face {font-family:"Calligraph421 BT"; panose-1:3 6 7 2 5 4 2 2 2 4; mso-font-charset:0; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:135 0 0 0 27 0;} @font-face {font-family:"Blackletter686 BT"; panose-1:3 4 8 2 2 6 8 4 8 4; mso-font-charset:0; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:135 0 0 0 27 0;} @font-face {font-family:"Cataneo BT"; panose-1:3 2 8 2 4 5 2 6 8 4; mso-font-charset:0; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:135 0 0 0 27 0;} @font-face {font-family:"Staccato222 BT"; panose-1:3 9 7 2 3 4 7 2 4 3; mso-font-charset:0; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:135 0 0 0 27 0;} @font-face {font-family:"ParkAvenue BT"; panose-1:3 2 6 2 5 5 6 8 7 5; mso-font-charset:0; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:135 0 0 0 27 0;} @font-face {font-family:"Square721 BT"; panose-1:2 11 5 4 2 2 2 6 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:135 0 0 0 27 0;} @font-face {font-family:"Broadway BT"; panose-1:4 4 9 5 8 11 2 2 5 2; mso-font-charset:0; mso-generic-font-family:decorative; mso-font-pitch:variable; mso-font-signature:135 0 0 0 27 0;} @font-face {font-family:"Microsoft Sans Serif"; panose-1:2 11 6 4 2 2 2 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:1627421663 -2147483648 8 0 66047 0;} @font-face {font-family:"Scruff LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"Odessa LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"Highlight LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"One Stroke Script LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"Mekanik LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"Tiranti Solid LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"Pump Demi Bold LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"Quixley LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"La Bamba LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"Rage Italic LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"Ruach LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"Westwood LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"Smudger LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"Milano LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"Victorian LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"University Roman LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"Academy Engraved LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"Orange LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"John Handy LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"Jokerman LET"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:131 0 0 0 9 0;} @font-face {font-family:"Agency FB"; panose-1:2 11 5 3 2 2 2 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Arial Narrow"; panose-1:2 11 5 6 2 2 2 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Arial Rounded MT Bold"; panose-1:2 15 7 4 3 5 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Blackadder ITC"; panose-1:4 2 5 5 5 16 7 2 13 2; mso-font-charset:0; mso-generic-font-family:decorative; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Bodoni MT"; panose-1:2 7 6 3 8 6 6 2 2 3; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Bodoni MT Black"; panose-1:2 7 10 3 8 6 6 2 2 3; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Bodoni MT Condensed"; panose-1:2 7 6 6 8 6 6 2 2 3; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Book Antiqua"; panose-1:2 4 6 2 5 3 5 3 3 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Bookman Old Style"; panose-1:2 5 6 4 5 5 5 2 2 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Bradley Hand ITC"; panose-1:3 7 4 2 5 3 2 3 2 3; mso-font-charset:0; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Calisto MT"; panose-1:2 4 6 3 5 5 5 3 3 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:Castellar; panose-1:2 10 4 2 6 4 6 1 3 1; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Century Gothic"; panose-1:2 11 5 2 2 2 2 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Century Schoolbook"; panose-1:2 4 6 4 5 5 5 2 3 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Copperplate Gothic Bold"; panose-1:2 14 7 5 2 2 6 2 4 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Copperplate Gothic Light"; panose-1:2 14 5 7 2 2 6 2 4 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Curlz MT"; panose-1:4 4 4 4 5 7 2 2 2 2; mso-font-charset:0; mso-generic-font-family:decorative; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Edwardian Script ITC"; panose-1:3 3 3 2 4 7 7 13 8 4; mso-font-charset:0; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:Elephant; panose-1:2 2 9 4 9 5 5 2 3 3; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Engravers MT"; panose-1:2 9 7 7 8 5 5 2 3 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Eras Bold ITC"; panose-1:2 11 9 7 3 5 4 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Eras Demi ITC"; panose-1:2 11 8 5 3 5 4 2 8 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Eras Light ITC"; panose-1:2 11 4 2 3 5 4 2 8 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Eras Medium ITC"; panose-1:2 11 6 2 3 5 4 2 8 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Felix Titling"; panose-1:4 6 5 5 6 2 2 2 10 4; mso-font-charset:0; mso-generic-font-family:decorative; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:Forte; panose-1:3 6 9 2 4 5 2 7 2 3; mso-font-charset:0; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Franklin Gothic Book"; panose-1:2 11 5 3 2 1 2 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Franklin Gothic Demi"; panose-1:2 11 7 3 2 1 2 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Franklin Gothic Demi Cond"; panose-1:2 11 7 6 3 4 2 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Franklin Gothic Heavy"; panose-1:2 11 9 3 2 1 2 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Franklin Gothic Medium Cond"; panose-1:2 11 6 6 3 4 2 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"French Script MT"; panose-1:3 2 4 2 4 6 7 4 6 5; mso-font-charset:0; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:Garamond; panose-1:2 2 4 4 3 3 1 1 8 3; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:Gigi; panose-1:4 4 5 4 6 16 7 2 13 2; mso-font-charset:0; mso-generic-font-family:decorative; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Gill Sans MT Ext Condensed Bold"; panose-1:2 11 9 2 2 1 4 2 2 3; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:7 0 0 0 3 0;} @font-face {font-family:"Gill Sans MT"; panose-1:2 11 5 2 2 1 4 2 2 3; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:7 0 0 0 3 0;} @font-face {font-family:"Gill Sans MT Condensed"; panose-1:2 11 5 6 2 1 4 2 2 3; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:7 0 0 0 3 0;} @font-face {font-family:"Gill Sans Ultra Bold"; panose-1:2 11 10 2 2 1 4 2 2 3; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:7 0 0 0 3 0;} @font-face {font-family:"Gill Sans Ultra Bold Condensed"; panose-1:2 11 10 6 2 1 4 2 2 3; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:7 0 0 0 3 0;} @font-face {font-family:"Gloucester MT Extra Condensed"; panose-1:2 3 8 8 2 6 1 1 1 1; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Goudy Old Style"; panose-1:2 2 5 2 5 3 5 2 3 3; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Goudy Stout"; panose-1:2 2 9 4 7 3 11 2 4 1; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:Haettenschweiler; panose-1:2 11 7 6 4 9 2 6 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"Imprint MT Shadow"; panose-1:4 2 6 5 6 3 3 3 2 2; mso-font-charset:0; mso-generic-font-family:decorative; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"MS Outlook"; panose-1:5 1 1 0 1 0 0 0 0 0; mso-font-charset:2; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:0 268435456 0 0 -2147483648 0;} @font-face {font-family:"Maiandra GD"; panose-1:2 14 5 2 3 3 8 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Monotype Corsiva"; panose-1:3 1 1 1 1 2 1 1 1 1; mso-font-charset:0; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:647 0 0 0 159 0;} @font-face {font-family:"OCR A Extended"; panose-1:2 1 5 9 2 1 2 1 3 3; mso-font-charset:0; mso-generic-font-family:modern; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Palace Script MT"; panose-1:3 3 3 2 2 6 7 12 11 5; mso-font-charset:0; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:Papyrus; panose-1:3 7 5 2 6 5 2 3 2 5; mso-font-charset:0; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:Perpetua; panose-1:2 2 5 2 6 4 1 2 3 3; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Perpetua Titling MT"; panose-1:2 2 5 2 6 5 5 2 8 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:Pristina; panose-1:3 6 4 2 4 4 6 8 2 4; mso-font-charset:0; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Rage Italic"; panose-1:3 7 5 2 4 5 7 7 3 4; mso-font-charset:0; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:Rockwell; panose-1:2 6 6 3 2 2 5 2 4 3; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Rockwell Condensed"; panose-1:2 6 6 3 5 4 5 2 1 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Rockwell Extra Bold"; panose-1:2 6 9 3 4 5 5 2 4 3; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Script MT Bold"; panose-1:3 4 6 2 4 6 7 8 9 4; mso-font-charset:0; mso-generic-font-family:script; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Tw Cen MT"; panose-1:2 11 6 2 2 1 4 2 6 3; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:7 0 0 0 3 0;} @font-face {font-family:"Tw Cen MT Condensed"; panose-1:2 11 6 6 2 1 4 2 2 3; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:7 0 0 0 3 0;} @font-face {font-family:"Wingdings 2"; panose-1:5 2 1 2 1 5 7 7 7 7; mso-font-charset:2; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:0 268435456 0 0 -2147483648 0;} @font-face {font-family:"Wingdings 3"; panose-1:5 4 1 2 1 8 7 7 7 7; mso-font-charset:2; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:0 268435456 0 0 -2147483648 0;} @font-face {font-family:"Bookshelf Symbol 7"; panose-1:5 1 1 1 1 1 1 1 1 1; mso-font-charset:2; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:0 268435456 0 0 -2147483648 0;} @font-face {font-family:"Lucida Sans"; panose-1:2 11 6 2 3 5 4 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"Lucida Sans Typewriter"; panose-1:2 11 5 9 3 5 4 3 2 4; mso-font-charset:0; mso-generic-font-family:modern; mso-font-pitch:fixed; mso-font-signature:3 0 0 0 1 0;} @font-face {font-family:"MS Reference Sans Serif"; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:536871559 0 0 0 415 0;} @font-face {font-family:"MS Reference Specialty"; panose-1:5 0 5 0 0 0 0 0 0 0; mso-font-charset:2; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:0 268435456 0 0 -2147483648 0;} @font-face {font-family:"Tw Cen MT Condensed Extra Bold"; panose-1:2 11 8 3 2 2 2 2 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:7 0 0 0 3 0;} @font-face {font-family:ZWAdobeF; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:0; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:536885895 0 0 0 511 0;} @font-face {font-family:"Euro Sign"; panose-1:2 11 6 3 2 2 1 2 1 1; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:3 2 0 0 1 0;} @font-face {font-family:"Lucida Bright"; panose-1:2 4 6 3 7 5 5 2 4 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:7 0 0 0 147 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} ins {mso-style-type:export-only; text-decoration:none;} span.msoIns {mso-style-type:export-only; mso-style-name:""; text-decoration:underline; text-underline:single;} span.msoDel {mso-style-type:export-only; mso-style-name:""; text-decoration:line-through; color:aqua;} @page Section1 {size:612.0pt 792.0pt; margin:72.0pt 90.0pt 72.0pt 90.0pt; mso-header-margin:35.4pt; mso-footer-margin:35.4pt; mso-paper-source:0;} div.Section1 {page:Section1;} -->

امنیت سرور لینوکس ٣

By: bl2k@shabgard.org Shabgard Security Teams

Linux Kernel

کامپایل کرنل و بروز رسانی آن

استفاده از آخرین نسخه کرنل که قلب تپنده لینوکس محسوب می شود باعث افزایش امنیت و جلوگیری از حمله های

نفوذگران خواهد شد که با استفاده از آسیب پذیری های کشف شده در سطح کرنل انجام می پذیرند.

مراجعه و نگارش پایدار کرنل مورد نظر و یا http://www.kernel.org برای دریافت آخرین نسخه های آن به سایت

بسته های بروز رسان نسخه های پیشین را دریافت کنید.

در صورت استفاده از آخرین نگارش کرنل ممکن است برنامه های موجود روی لینوکس به درستی کار نکنند برای رفع

این مشکل باید نسخه ای که ایراد پیدا میکند دوباره برای این نسخه از کرنل با استفاده از سورس برنامه مربوطه دوباره

کامپایل شود یا از بسته های کامپایل شده جدید استفاده شود.

قبل از شروع کار از وجود بسته های نصب شده با استفاده از دستورات زیر اطمنیان حاصل کنید:

iptables ( (فایروال سیستم عامل لینوکس

[root@tango /]# rpm -q iptables

package iptables is not installed

quota ( ( محدودآننده و مونیتورینگ

[root@tango /]# rpm -q quota

package quota is not installed

و برای نصب برنامه های فوق به صورت زیر عمل می کنیم:

ابتدا سی دی رام را بصورت زیر معرفی می کنیم(عمل مانت کردن )

[root@tango /]# mount /dev/cdrom /mnt/cdrom/

had: ATAPI 32X CD-ROM drive, 128kB Cache

mount: block device dev/cdrom is write-protected, mounting read-only

Iptables برای نصب

[root@tango /]# cd /mnt/cdrom/RedHat/RPMS/

[root@tango RPMS]# rpm -Uvh iptables-version.i386.rpm

iptables ##################################################

quota برای نصب

[root@tango /]# cd /mnt/cdrom/RedHat/RPMS/

[root@tango RPMS]# rpm -Uvh quota-version.i386.rpm

quota ##################################################

نحوه تنظیمات این دو برنامه در بخشهای بعدی مفصل توضیح داده خواهد شد.

تهیه نسخه پشتیبان از کرنل موجود بر رو فلاپی

با استفاده از دستور زیر مسیر و نگارش بوت لینوکس بدست می آوریم:

[root@tango /]# cat /etc/lilo.conf

boot=/dev/sda

map=/boot/map

install=/boot/boot.b

timeout=00

default=linux

restricted

password=mypasswd

image=/boot/vmlinuz-2.4.2- نگارش کرنل لینوکس 2

label=linux the image we booted from

initrd=/boot/initrd-2.4.2-2.img

read-only

root=/dev/sda6

-2- امنیت سرور لینوکس ٣

By: bl2k@shabgard.org Shabgard Security Teams

با استفاده از فرمان زیر یه کپی بر روی فلاپی از نسخه قدیمی تهیه می کنیم:

[root@tango /]# mkbootdisk --device /dev/fd0H1440 2.4.2-2

Insert a disk in /dev/fd0. Any information on the disk will be lost.

Press <Enter> to continue or ^C to abort:

در صورتیکه پارتشین بوت فقط خواندنی است با استفاده از خطوط زیر این مشکل را حل نمایید( بعد از انجام کار دوباره

به حالت اول تغییر داده شود)

#vi /etc/fstab

LABEL=/boot /boot ext2 defaults,ro 1 2

To read:

LABEL=/boot /boot ext2 defaults 1 2

گام بعدی

[root@tango /]# mount /boot –oremount

برای صحت از انجام دستورات بالا

[root@tango /]# cat /proc/mounts

/dev/root / ext2 rw 0 0

/proc /proc proc rw 0 0

/dev/sda1 /boot ext2 rw 0 0

/dev/sda10 /cache ext2 rw,nodev 0 0

/dev/sda9 /chroot ext2 rw 0 0

/dev/sda8 /home ext2 rw,nosuid 0 0

/dev/sda13 /tmp ext2 rw,noexec,nosuid 0 0

/dev/sda7 /usr ext2 rw 0 0

/dev/sda11 /var ext2 rw 0 0

/dev/sda12 /var/lib ext2 rw 0 0

none /dev/pts devpts rw 0 0

برای کپی سورس کرنل جدید

[root@tango /]# cp linux-version.tar.gz /usr/src/

برای ورود به شاخه سورس

[root@tango /]# cd /usr/src/

برای پاک کردن نسخه قبلی به ترتیب

[root@tango src]# rm -f linux

[root@tango src]# rm -rf linux-2.4.x/

[root@tango src]# rm -f /boot/vmlinuz-2.4.x

[root@tango src]# rm -f /boot/System.map-2.4.x

[root@tango src]# rm -rf /lib/modules/2.4.x/

در صورتی که کرنل قبلی بصورت بسته نصب شده مراحل زیر را دنبال کنید :

[root@tango src]# rpm -qa | grep kernel

kernel-2.4.2-2

kernel-headers-2.4.2-2

برای حذف بسته کرنل به فورمت زیر عمل می کنیم که با جاگذاری نتیجه بالا در دستور زیر :

[root@tango src]# rpm -e –nodeps kernel-2.4.2-2 kernel-headers-2.4.2-2

برای خارج کردن سورس از حالت فشرده به صورت زیر:

-3- امنیت سرور لینوکس ٣

By: bl2k@shabgard.org Shabgard Security Teams

[root@tango src]# tar xzpf linux-version.tar.gz

و برای حذف سورس به صورت فایل آرشیو

[root@tango src]# rm -f linux-version.tar.gz

برای دست یابی به بیشترین سازگاری کرنل جدید تغییرات زیر رو در فایلهای مربوطه به شکل زیر انجام دهید:

#vi +66 /usr/src/linux/include/linux/sem.h

پارامتر فوق

#define SEMMNI 128 /* <= IPCMNI max # of semaphore identifiers */

به شکل زیر

#define SEMMNI 512 /* <= IPCMNI max # of semaphore identifiers */

#vi +26 /usr/src/linux/kernel/printk.c

پارامتر زیر

#define LOG_BUF_LEN (16384)

به صورت

#define LOG_BUF_LEN (65536)

#vi +19 /usr/src/linux/Makefile

پارامتر فوق

HOSTCFLAGS = -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer

به شکل زیر

HOSTCFLAGS = -Wall -Wstrict-prototypes -O3 -funroll-loops -fomitframe-

Pointer

و همچنین

#vi +90 /usr/src/linux/Makefile

پارامتر زیر

CFLAGS := $(CPPFLAGS) -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer

-fno-strict-aliasing

به شکل زیر

CFLAGS := $(CPPFLAGS) -Wall -Wstrict-prototypes -O3 -funroll-loops -

fomit-frame-pointer -fno-strict-aliasing

توجه :

به شکل زیر عمل میکنیم linux-2.4.5-ow1.tar.gz برای مثال برای نصب یک وصله امنیتی

[root@tango /]# cp linux-2.4.5-ow1.tar.gz /usr/src/

[root@tango /]# cd /usr/src/

[root@tango src]# tar xzpf linux-2.4.5-ow1.tar.gz

[root@tango src]# cd linux-2.4.5-ow1/

[root@tango linux-2.4.5-ow1]# mv linux-2.4.5-ow1.diff /usr/src/

[root@tango linux-2.4.5-ow1]# cd ..

[root@tango src]# patch -p0 < linux-2.4.5-ow1.diff

[root@tango src]# rm -rf linux-2.4.5-ow1

[root@tango src]# rm -f linux-2.4.5-ow1.diff

[root@tango src]# rm -f linux-2.4.5-ow1.tar.gz

-4- امنیت سرور لینوکس ٣

By: bl2k@shabgard.org Shabgard Security Teams

پاک کردن کرنل بطور کامل

مراحل زیر را قبل از وارد شدن به مرحله تنظیم مدولهای کرنل با دستورات زیر انجام می دیهم توجه داشته باشید با این

پاک می شوند Header کار کل کرنل بطور کامل حتی فایلهای

[root@tango src]# cd /usr/include/

[root@tango include]# rm -f asm linux

[root@tango include]# ln -s /usr/src/linux/include/asm-i386 asm

[root@tango include]# ln -s /usr/src/linux/include/linux linux

[root@tango include]# cd /usr/src/linux/

[root@tango linux]# make mrproper

وارد محیط متنی تنظیمات مدولی کرنل خواهیم شد make config در ترمینال با وارد کردن دستور

[root@tango /]# cd /usr/src/linux/ ؟ مطمئن شوید که در این شاخه قرار دارید

[root@tango linux]# make config

rm -f include/asm

( cd include ; ln -sf asm-i386 asm)

/bin/sh scripts/Configure arch/i386/config.in

#

# Using defaults found in arch/i386/defconfig

#

در این قسمت انتخاب های زیر رو می توان با انتخاب کلید های مورد نظر انجام داد

[y] .برای کامپایل کرنل باز شده

[m] برای استفاده از یک مدول

[n] برای عدم انتخاب یک قسمت و یا مدول

برای آامپایل آرنل موجود است آه در ادامه از modularized kernel و monolithic kernel روشهای مختلفی مانند

استفاده خواهد شد. در این روش درایور سخت افزار همراه با کد کرنل به صورت مجتمع monolithic kernel روش

کامپایل خواهد شد.

برای مثال سیستم فوق با مشخصات سخت افزاری زیر را در نظر میگیریم:

1 Pentium-III 667 MHz (i686) processor

1 Motherboard Asus P3V4X Pro 133Mhz EIDE

1 Hard Disk Ultra ATA/66 EIDE

1 Chipset Apollo Pro133A

1 CD-ROM ATAPI IDE

1 Floppy Disk

2 Ethernet Cards 3COM 3c597 PCI 10/100

1 Mouse PS/2

در حالت پررنگ دقت کنید شما هم مراحل زیر رو دنبال می کنید n یا y به جواب هایی که با

rm -f include/asm

( cd include ; ln -sf asm-i386 asm)

/bin/sh scripts/Configure arch/i386/config.in

#

# Using defaults found in arch/i386/defconfig

#

*

* Code maturity level options

*

Prompt for development and/or incomplete code/drivers (CONFIG_EXPERIMENTAL) [N/y/?]

*

* Loadable module support

*

Enable loadable module support (CONFIG_MODULES) [Y/n/?]

Set version information on all module symbols (CONFIG_MODVERSIONS) [Y/n/?] n

Kernel module loader (CONFIG_KMOD) [Y/n/?]

*

* Processor type and features

-5- امنیت سرور لینوکس ٣

By: bl2k@shabgard.org Shabgard Security Teams

*

Processor family (386, 486, 586/K5/5x86/6x86/6x86MX, Pentium-Classic, Pentium-MMX, Pentium-

Pro/Celeron/Pentium-II, Pentium-III, Pentium-4, K6/K6-II/K6-III, Athlon/K7, Crusoe, Winchip-C6, Winchip-2,

Winchip-2A/Winchip-3) [Pentium-III] Pentium-Pro/Celeron/Pentium-II

defined CONFIG_M686

Toshiba Laptop support (CONFIG_TOSHIBA) [N/y/m/?]

/dev/cpu/microcode - Intel IA32 CPU microcode support (CONFIG_MICROCODE) [N/y/m/?]

/dev/cpu/*/msr - Model-specific register support (CONFIG_X86_MSR) [N/y/m/?]

/dev/cpu/*/cpuid - CPU information support (CONFIG_X86_CPUID) [N/y/m/?]

High Memory Support (off, 4GB, 64GB) [off]

defined CONFIG_NOHIGHMEM

Math emulation (CONFIG_MATH_EMULATION) [N/y/?] (NEW)

MTRR (Memory Type Range Register) support (CONFIG_MTRR) [N/y/?]

Symmetric multi-processing support (CONFIG_SMP) [Y/n/?] n

APIC and IO-APIC support on uniprocessors (CONFIG_X86_UP_IOAPIC) [N/y/?] (NEW) y

*

* General setup

*

Networking support (CONFIG_NET) [Y/n/?]

SGI Visual Workstation support (CONFIG_VISWS) [N/y/?]

PCI support (CONFIG_PCI) [Y/n/?]

PCI access mode (BIOS, Direct, Any) [Any]

defined CONFIG_PCI_GOANY

PCI device name database (CONFIG_PCI_NAMES) [Y/n/?] n

EISA support (CONFIG_EISA) [N/y/?]

MCA support (CONFIG_MCA) [N/y/?]

Support for hot-pluggable devices (CONFIG_HOTPLUG) [Y/n/?] n

System V IPC (CONFIG_SYSVIPC) [Y/n/?]

BSD Process Accounting (CONFIG_BSD_PROCESS_ACCT) [N/y/?]

Sysctl support (CONFIG_SYSCTL) [Y/n/?]

Kernel core (/proc/kcore) format (ELF, A.OUT) [ELF]

defined CONFIG_KCORE_ELF

Kernel support for a.out binaries (CONFIG_BINFMT_AOUT) [Y/m/n/?]

Kernel support for ELF binaries (CONFIG_BINFMT_ELF) [Y/m/n/?]

Kernel support for MISC binaries (CONFIG_BINFMT_MISC) [Y/m/n/?]

Power Management support (CONFIG_PM) [Y/n/?] n

*

* Memory Technology Devices (MTD)

*

Memory Technology Device (MTD) support (CONFIG_MTD) [N/y/m/?]

*

* Parallel port support

*

Parallel port support (CONFIG_PARPORT) [N/y/m/?]

*

* Plug and Play configuration

*

Plug and Play support (CONFIG_PNP) [Y/m/n/?] n

*

* Block devices

*

Normal PC floppy disk support (CONFIG_BLK_DEV_FD) [Y/m/n/?]

XT hard disk support (CONFIG_BLK_DEV_XD) [N/y/m/?]

Compaq SMART2 support (CONFIG_BLK_CPQ_DA) [N/y/m/?]

Compaq CISS Array support (CONFIG_BLK_CPQ_CISS_DA) [N/y/m/?]

Mylex DAC960/DAC1100 PCI RAID Controller support (CONFIG_BLK_DEV_DAC960) [N/y/m/?]

Loopback device support (CONFIG_BLK_DEV_LOOP) [N/y/m/?]

Network block device support (CONFIG_BLK_DEV_NBD) [N/y/m/?]

RAM disk support (CONFIG_BLK_DEV_RAM) [N/y/m/?]

*

* Multi-device support (RAID and LVM)

*

-6- امنیت سرور لینوکس ٣

By: bl2k@shabgard.org Shabgard Security Teams

Multiple devices driver support (RAID and LVM) (CONFIG_MD) [N/y/?]

*

* Networking options

*

Packet socket (CONFIG_PACKET) [Y/m/n/?]

Packet socket: mmapped IO (CONFIG_PACKET_MMAP) [N/y/?] y

Kernel/User netlink socket (CONFIG_NETLINK) [N/y/?] y

Routing messages (CONFIG_RTNETLINK) [N/y/?] (NEW) y

Netlink device emulation (CONFIG_NETLINK_DEV) [N/y/m/?] (NEW) y

Network packet filtering (replaces ipchains) (CONFIG_NETFILTER) [N/y/?] y

Network packet filtering debugging (CONFIG_NETFILTER_DEBUG) [N/y/?] (NEW) y

Socket Filtering (CONFIG_FILTER) [N/y/?]

Unix domain sockets (CONFIG_UNIX) [Y/m/n/?]

TCP/IP networking (CONFIG_INET) [Y/n/?]

IP: multicasting (CONFIG_IP_MULTICAST) [Y/n/?] n

IP: advanced router (CONFIG_IP_ADVANCED_ROUTER) [N/y/?] y

IP: policy routing (CONFIG_IP_MULTIPLE_TABLES) [N/y/?] (NEW) y

IP: use netfilter MARK value as routing key (CONFIG_IP_ROUTE_FWMARK) [N/y/?] (NEW) y

IP: fast network address translation (CONFIG_IP_ROUTE_NAT) [N/y/?] (NEW) y

IP: equal cost multipath (CONFIG_IP_ROUTE_MULTIPATH) [N/y/?] (NEW) y

IP: use TOS value as routing key (CONFIG_IP_ROUTE_TOS) [N/y/?] (NEW) y

IP: verbose route monitoring (CONFIG_IP_ROUTE_VERBOSE) [N/y/?] (NEW) y

IP: large routing tables (CONFIG_IP_ROUTE_LARGE_TABLES) [N/y/?] (NEW) y

IP: kernel level autoconfiguration (CONFIG_IP_PNP) [N/y/?]

IP: tunneling (CONFIG_NET_IPIP) [N/y/m/?]

IP: GRE tunnels over IP (CONFIG_NET_IPGRE) [N/y/m/?]

IP: TCP Explicit Congestion Notification support (CONFIG_INET_ECN) [N/y/?]

IP: TCP syncookie support (disabled per default) (CONFIG_SYN_COOKIES) [N/y/?] y

*

* IP: Netfilter Configuration

*

Connection tracking (required for masq/NAT) (CONFIG_IP_NF_CONNTRACK) [N/y/m/?] (NEW) m

FTP protocol support (CONFIG_IP_NF_FTP) [N/m/?] (NEW) m

IP tables support (required for filtering/masq/NAT) (CONFIG_IP_NF_IPTABLES) [N/y/m/?] (NEW) m

limit match support (CONFIG_IP_NF_MATCH_LIMIT) [N/m/?] (NEW) m

MAC address match support (CONFIG_IP_NF_MATCH_MAC) [N/m/?] (NEW) m

netfilter MARK match support (CONFIG_IP_NF_MATCH_MARK) [N/m/?] (NEW) m

Multiple port match support (CONFIG_IP_NF_MATCH_MULTIPORT) [N/m/?] (NEW) m

TOS match support (CONFIG_IP_NF_MATCH_TOS) [N/m/?] (NEW) m

tcpmss match support (CONFIG_IP_NF_MATCH_TCPMSS) [N/m/?] (NEW) m

Connection state match support (CONFIG_IP_NF_MATCH_STATE) [N/m/?] (NEW) m

Packet filtering (CONFIG_IP_NF_FILTER) [N/m/?] (NEW) m

REJECT target support (CONFIG_IP_NF_TARGET_REJECT) [N/m/?] (NEW) m

Full NAT (CONFIG_IP_NF_NAT) [N/m/?] (NEW) m

MASQUERADE target support (CONFIG_IP_NF_TARGET_MASQUERADE) [N/m/?] (NEW) m

REDIRECT target support (CONFIG_IP_NF_TARGET_REDIRECT) [N/m/?] (NEW) m

Packet mangling (CONFIG_IP_NF_MANGLE) [N/m/?] (NEW) m

TOS target support (CONFIG_IP_NF_TARGET_TOS) [N/m/?] (NEW) m

MARK target support (CONFIG_IP_NF_TARGET_MARK) [N/m/?] (NEW) m

LOG target support (CONFIG_IP_NF_TARGET_LOG) [N/m/?] (NEW) m

TCPMSS target support (CONFIG_IP_NF_TARGET_TCPMSS) [N/m/?] (NEW) m

ipchains (2.2-style) support (CONFIG_IP_NF_COMPAT_IPCHAINS) [N/y/m/?] (NEW)

ipfwadm (2.0-style) support (CONFIG_IP_NF_COMPAT_IPFWADM) [N/y/m/?] (NEW)

*

*

*

The IPX protocol (CONFIG_IPX) [N/y/m/?]

Appletalk protocol support (CONFIG_ATALK) [N/y/m/?]

DECnet Support (CONFIG_DECNET) [N/y/m/?]

802.1d Ethernet Bridging (CONFIG_BRIDGE) [N/y/m/?]

*

* QoS and/or fair queuering

-7- امنیت سرور لینوکس ٣

By: bl2k@shabgard.org Shabgard Security Teams

*

QoS and/or fair queuring (EXPERIMENTAL) (CONFIG_NET_SCHED) [N/y/?]

*

* Telephony Support

*

Linux telephony support (CONFIG_PHONE) [N/y/m/?]

*

* ATA/IDE/MFM/RLL support

*

ATA/IDE/MFM/RLL support (CONFIG_IDE) [Y/m/n/?] m

*

* IDE, ATA and ATAPI Block devices

*

Enhanced IDE/MFM/RLL disk/cdrom/tape/floppy support (CONFIG_BLK_DEV_IDE) [M/n/?]

*

* Please see Documentation/ide.txt for help/info on IDE drives

*

Use old disk-only driver on primary interface (CONFIG_BLK_DEV_HD_IDE) [N/y/?]

Include IDE/ATA-2 DISK support (CONFIG_BLK_DEV_IDEDISK) [M/n/?]

Use multi-mode by default (CONFIG_IDEDISK_MULTI_MODE) [N/y/?]

Include IDE/ATAPI CDROM support (CONFIG_BLK_DEV_IDECD) [M/n/?]

Include IDE/ATAPI TAPE support (CONFIG_BLK_DEV_IDETAPE) [N/y/m/?]

Include IDE/ATAPI FLOPPY support (CONFIG_BLK_DEV_IDEFLOPPY) [N/y/m/?]

SCSI emulation support (CONFIG_BLK_DEV_IDESCSI) [N/y/m/?]

*

* IDE chipset support/bugfixes

*

CMD640 chipset bugfix/support (CONFIG_BLK_DEV_CMD640) [Y/n/?] n

RZ1000 chipset bugfix/support (CONFIG_BLK_DEV_RZ1000) [Y/n/?] n

Generic PCI IDE chipset support (CONFIG_BLK_DEV_IDEPCI) [Y/n/?]

Sharing PCI IDE interrupts support (CONFIG_IDEPCI_SHARE_IRQ) [Y/n/?]

Generic PCI bus-master DMA support (CONFIG_BLK_DEV_IDEDMA_PCI) [N/y/?] y

Boot off-board chipsets first support (CONFIG_BLK_DEV_OFFBOARD) [N/y/?]

Use PCI DMA by default when available (CONFIG_IDEDMA_PCI_AUTO) [N/y/?] y

AEC62XX chipset support (CONFIG_BLK_DEV_AEC62XX) [N/y/?]

ALI M15x3 chipset support (CONFIG_BLK_DEV_ALI15X3) [N/y/?]

AMD Viper support (CONFIG_BLK_DEV_AMD7409) [N/y/?]

CMD64X chipset support (CONFIG_BLK_DEV_CMD64X) [N/y/?]

CY82C693 chipset support (CONFIG_BLK_DEV_CY82C693) [N/y/?]

Cyrix CS5530 MediaGX chipset support (CONFIG_BLK_DEV_CS5530) [N/y/?]

HPT34X chipset support (CONFIG_BLK_DEV_HPT34X) [N/y/?]

HPT366 chipset support (CONFIG_BLK_DEV_HPT366) [N/y/?]

Intel PIIXn chipsets support (CONFIG_BLK_DEV_PIIX) [N/y/?]

NS87415 chipset support (EXPERIMENTAL) (CONFIG_BLK_DEV_NS87415) [N/y/?]

PROMISE PDC20246/PDC20262/PDC20267 support (CONFIG_BLK_DEV_PDC202XX) [N/y/?]

ServerWorks OSB4 chipset support (CONFIG_BLK_DEV_OSB4) [N/y/?]

SiS5513 chipset support (CONFIG_BLK_DEV_SIS5513) [N/y/?]

SLC90E66 chipset support (CONFIG_BLK_DEV_SLC90E66) [N/y/?]

Tekram TRM290 chipset support (EXPERIMENTAL) (CONFIG_BLK_DEV_TRM290) [N/y/?]

VIA82CXXX chipset support (CONFIG_BLK_DEV_VIA82CXXX) [N/y/?]

Other IDE chipset support (CONFIG_IDE_CHIPSETS) [N/y/?]

IGNORE word93 Validation BITS (CONFIG_IDEDMA_IVB) [N/y/?] (NEW)

*

* SCSI support

*

SCSI support (CONFIG_SCSI) [Y/m/n/?]

*

* SCSI support type (disk, tape, CD-ROM)

*

SCSI disk support (CONFIG_BLK_DEV_SD) [Y/m/n/?]

Maximum number of SCSI disks that can be loaded as modules (CONFIG_SD_EXTRA_DEVS) [40]

SCSI tape support (CONFIG_CHR_DEV_ST) [N/y/m/?]

-8- امنیت سرور لینوکس ٣

By: bl2k@shabgard.org Shabgard Security Teams

SCSI OnStream SC-x0 tape support (CONFIG_CHR_DEV_OSST) [N/y/m/?]

SCSI CD-ROM support (CONFIG_BLK_DEV_SR) [N/y/m/?]

SCSI generic support (CONFIG_CHR_DEV_SG) [N/y/m/?]

*

* Some SCSI devices (e.g. CD jukebox) support multiple LUNs

*

Enable extra checks in new queueing code (CONFIG_SCSI_DEBUG_QUEUES) [Y/n/?] n

Probe all LUNs on each SCSI device (CONFIG_SCSI_MULTI_LUN) [Y/n/?] n

Verbose SCSI error reporting (kernel size +=12K) (CONFIG_SCSI_CONSTANTS) [Y/n/?] n

SCSI logging facility (CONFIG_SCSI_LOGGING) [N/y/?]

*

* SCSI low-level drivers

*

3ware Hardware ATA-RAID support (CONFIG_BLK_DEV_3W_XXXX_RAID) [N/y/m/?]

7000FASST SCSI support (CONFIG_SCSI_7000FASST) [N/y/m/?]

ACARD SCSI support (CONFIG_SCSI_ACARD) [N/y/m/?]

Adaptec AHA152X/2825 support (CONFIG_SCSI_AHA152X) [N/y/m/?]

Adaptec AHA1542 support (CONFIG_SCSI_AHA1542) [N/y/m/?]

Adaptec AHA1740 support (CONFIG_SCSI_AHA1740) [N/y/m/?]

Adaptec AIC7xxx support (CONFIG_SCSI_AIC7XXX) [N/y/m/?] y

Enable Tagged Command Queueing (TCQ) by default (CONFIG_AIC7XXX_TCQ_ON_BY_DEFAULT)

[N/y/?] (NEW) y

Maximum number of TCQ commands per device (CONFIG_AIC7XXX_CMDS_PER_DEVICE) [8] (NEW)

Collect statistics to report in /proc (CONFIG_AIC7XXX_PROC_STATS) [N/y/?] (NEW)

Delay in seconds after SCSI bus reset (CONFIG_AIC7XXX_RESET_DELAY) [5] (NEW)

AdvanSys SCSI support (CONFIG_SCSI_ADVANSYS) [N/y/m/?]

Always IN2000 SCSI support (CONFIG_SCSI_IN2000) [N/y/m/?]

AM53/79C974 PCI SCSI support (CONFIG_SCSI_AM53C974) [N/y/m/?]

AMI MegaRAID support (CONFIG_SCSI_MEGARAID) [N/y/m/?]

BusLogic SCSI support (CONFIG_SCSI_BUSLOGIC) [N/y/m/?]

Compaq Fibre Channel 64-bit/66Mhz HBA support (CONFIG_SCSI_CPQFCTS) [N/y/m/?]

DMX3191D SCSI support (CONFIG_SCSI_DMX3191D) [N/y/m/?]

DTC3180/3280 SCSI support (CONFIG_SCSI_DTC3280) [N/y/m/?]

EATA ISA/EISA/PCI (DPT and generic EATA/DMA-compliant boards) support (CONFIG_SCSI_EATA)

[N/y/m/?]

EATA-DMA [Obsolete] (DPT, NEC, AT&T, SNI, AST, Olivetti, Alphatronix) support

(CONFIG_SCSI_EATA_DMA) [N/y/m/?]

EATA-PIO (old DPT PM2001, PM2012A) support (CONFIG_SCSI_EATA_PIO) [N/y/m/?]

Future Domain 16xx SCSI/AHA-2920A support (CONFIG_SCSI_FUTURE_DOMAIN) [N/y/m/?]

GDT SCSI Disk Array Controller support (CONFIG_SCSI_GDTH) [N/y/m/?]

Generic NCR5380/53c400 SCSI support (CONFIG_SCSI_GENERIC_NCR5380) [N/y/m/?]

IBM ServeRAID support (CONFIG_SCSI_IPS) [N/y/m/?]

Initio 9100U(W) support (CONFIG_SCSI_INITIO) [N/y/m/?]

Initio INI-A100U2W support (CONFIG_SCSI_INIA100) [N/y/m/?]

NCR53c406a SCSI support (CONFIG_SCSI_NCR53C406A) [N/y/m/?]

NCR53c7,8xx SCSI support (CONFIG_SCSI_NCR53C7xx) [N/y/m/?]

NCR53C8XX SCSI support (CONFIG_SCSI_NCR53C8XX) [N/y/m/?]

SYM53C8XX SCSI support (CONFIG_SCSI_SYM53C8XX) [Y/m/n/?] n

PAS16 SCSI support (CONFIG_SCSI_PAS16) [N/y/m/?]

PCI2000 support (CONFIG_SCSI_PCI2000) [N/y/m/?]

PCI2220i support (CONFIG_SCSI_PCI2220I) [N/y/m/?]

PSI240i support (CONFIG_SCSI_PSI240I) [N/y/m/?]

Qlogic FAS SCSI support (CONFIG_SCSI_QLOGIC_FAS) [N/y/m/?]

Qlogic ISP SCSI support (CONFIG_SCSI_QLOGIC_ISP) [N/y/m/?]

Qlogic ISP FC SCSI support (CONFIG_SCSI_QLOGIC_FC) [N/y/m/?]

Qlogic QLA 1280 SCSI support (CONFIG_SCSI_QLOGIC_1280) [N/y/m/?]

Seagate ST-02 and Future Domain TMC-8xx SCSI support (CONFIG_SCSI_SEAGATE) [N/y/m/?]

Simple 53c710 SCSI support (Compaq, NCR machines) (CONFIG_SCSI_SIM710) [N/y/m/?]

Symbios 53c416 SCSI support (CONFIG_SCSI_SYM53C416) [N/y/m/?]

Tekram DC390(T) and Am53/79C974 SCSI support (CONFIG_SCSI_DC390T) [N/y/m/?]

Trantor T128/T128F/T228 SCSI support (CONFIG_SCSI_T128) [N/y/m/?]

UltraStor 14F/34F support (CONFIG_SCSI_U14_34F) [N/y/m/?]

-9- امنیت سرور لینوکس ٣

By: bl2k@shabgard.org Shabgard Security Teams

UltraStor SCSI support (CONFIG_SCSI_ULTRASTOR) [N/y/m/?]

*

* I2O device support

*

I2O support (CONFIG_I2O) [N/y/m/?]

*

* Network device support

*

Network device support (CONFIG_NETDEVICES) [Y/n/?]

*

* ARCnet devices

*

ARCnet support (CONFIG_ARCNET) [N/y/m/?]

Dummy net driver support (CONFIG_DUMMY) [M/n/y/?]

Bonding driver support (CONFIG_BONDING) [N/y/m/?]

EQL (serial line load balancing) support (CONFIG_EQUALIZER) [N/y/m/?]

Universal TUN/TAP device driver support (CONFIG_TUN) [N/y/m/?]

General Instruments Surfboard 1000 (CONFIG_NET_SB1000) [N/y/m/?]

*

* Ethernet (10 or 100Mbit)

*

Ethernet (10 or 100Mbit) (CONFIG_NET_ETHERNET) [Y/n/?]

3COM cards (CONFIG_NET_VENDOR_3COM) [N/y/?]

AMD LANCE and PCnet (AT1500 and NE2100) support (CONFIG_LANCE) [N/y/m/?]

Western Digital/SMC cards (CONFIG_NET_VENDOR_SMC) [N/y/?]

Racal-Interlan (Micom) NI cards (CONFIG_NET_VENDOR_RACAL) [N/y/?]

DEPCA, DE10x, DE200, DE201, DE202, DE422 support (CONFIG_DEPCA) [N/y/m/?]

HP 10/100VG PCLAN (ISA, EISA, PCI) support (CONFIG_HP100) [N/y/m/?]

Other ISA cards (CONFIG_NET_ISA) [N/y/?]

EISA, VLB, PCI and on board controllers (CONFIG_NET_PCI) [Y/n/?]

AMD PCnet32 PCI support (CONFIG_PCNET32) [N/y/m/?]

Apricot Xen-II on board Ethernet (CONFIG_APRICOT) [N/y/m/?]

CS89x0 support (CONFIG_CS89x0) [N/y/m/?]

DECchip Tulip (dc21x4x) PCI support (CONFIG_TULIP) [N/y/m/?]

Generic DECchip & DIGITAL EtherWORKS PCI/EISA (CONFIG_DE4X5) [N/y/m/?]

Digi Intl. RightSwitch SE-X support (CONFIG_DGRS) [N/y/m/?]

EtherExpressPro/100 support (CONFIG_EEPRO100) [Y/m/n/?]

National Semiconductor DP83810 series PCI Ethernet support (CONFIG_NATSEMI) [N/y/m/?]

PCI NE2000 and clones support (see help) (CONFIG_NE2K_PCI) [N/y/m/?]

RealTek RTL-8139 PCI Fast Ethernet Adapter support (CONFIG_8139TOO) [N/y/m/?]

SiS 900/7016 PCI Fast Ethernet Adapter support (CONFIG_SIS900) [N/y/m/?]

SMC EtherPower II (CONFIG_EPIC100) [N/y/m/?]

Sundance Alta support (CONFIG_SUNDANCE) [N/y/m/?]

TI ThunderLAN support (CONFIG_TLAN) [N/y/m/?]

VIA Rhine support (CONFIG_VIA_RHINE) [N/y/m/?]

Winbond W89c840 Ethernet support (CONFIG_WINBOND_840) [N/y/m/?]

Sun Happy Meal 10/100baseT PCI support (CONFIG_HAPPYMEAL) [N/y/m/?]

Pocket and portable adapters (CONFIG_NET_POCKET) [N/y/?]

*

* Ethernet (1000 Mbit)

*

Alteon AceNIC/3Com 3C985/NetGear GA620 Gigabit support (CONFIG_ACENIC) [N/y/m/?]

Packet Engines Hamachi GNIC-II support (CONFIG_HAMACHI) [N/y/m/?]

SysKonnect SK-98xx support (CONFIG_SK98LIN) [N/y/m/?]

FDDI driver support (CONFIG_FDDI) [N/y/?]

PPP (point-to-point protocol) support (CONFIG_PPP) [N/y/m/?]

SLIP (serial line) support (CONFIG_SLIP) [N/y/m/?]

*

* Wireless LAN (non-hamradio)

*

Wireless LAN (non-hamradio) (CONFIG_NET_RADIO) [N/y/?]

*

-10- امنیت سرور لینوکس ٣

By: bl2k@shabgard.org Shabgard Security Teams

* Token Ring devices

*

Token Ring driver support (CONFIG_TR) [N/y/?]

Fibre Channel driver support (CONFIG_NET_FC) [N/y/?]

*

* Wan interfaces

*

Wan interfaces support (CONFIG_WAN) [N/y/?]

*

* Amateur Radio support

*

Amateur Radio support (CONFIG_HAMRADIO) [N/y/?]

*

* IrDA (infrared) support

*

IrDA subsystem support (CONFIG_IRDA) [N/y/m/?]

*

* ISDN subsystem

*

ISDN support (CONFIG_ISDN) [N/y/m/?]

*

* Old CD-ROM drivers (not SCSI, not IDE)

*

Support non-SCSI/IDE/ATAPI CDROM drives (CONFIG_CD_NO_IDESCSI) [N/y/?]

*

* Input core support

*

Input core support (CONFIG_INPUT) [N/y/m/?]

*

* Character devices

*

Virtual terminal (CONFIG_VT) [Y/n/?]

Support for console on virtual terminal (CONFIG_VT_CONSOLE) [Y/n/?]

Standard/generic (8250/16550 and compatible UARTs) serial support (CONFIG_SERIAL) [Y/m/n/?]

Support for console on serial port (CONFIG_SERIAL_CONSOLE) [N/y/?]

Extended dumb serial driver options (CONFIG_SERIAL_EXTENDED) [N/y/?]

Non-standard serial port support (CONFIG_SERIAL_NONSTANDARD) [N/y/?]

Unix98 PTY support (CONFIG_UNIX98_PTYS) [Y/n/?]

Maximum number of Unix98 PTYs in use (0-2048) (CONFIG_UNIX98_PTY_COUNT) [256] 128

*

* I2C support

*

I2C support (CONFIG_I2C) [N/y/m/?]

*

* Mice

*

Bus Mouse Support (CONFIG_BUSMOUSE) [N/y/m/?]

Mouse Support (not serial and bus mice) (CONFIG_MOUSE) [Y/m/n/?]

PS/2 mouse (aka "auxiliary device") support (CONFIG_PSMOUSE) [Y/n/?]

C&T 82C710 mouse port support (as on TI Travelmate) (CONFIG_82C710_MOUSE) [N/y/m/?]

PC110 digitizer pad support (CONFIG_PC110_PAD) [N/y/m/?]

*

* Joysticks

*

*

* Input core support is needed for joysticks

*

QIC-02 tape support (CONFIG_QIC02_TAPE) [N/y/m/?]

*

* Watchdog Cards

*

Watchdog Timer Support (CONFIG_WATCHDOG) [N/y/?]

-11- امنیت سرور لینوکس ٣

By: bl2k@shabgard.org Shabgard Security Teams

Intel i8x0 Random Number Generator support (CONFIG_INTEL_RNG) [N/y/m/?]

/dev/nvram support (CONFIG_NVRAM) [N/y/m/?]

Enhanced Real Time Clock Support (CONFIG_RTC) [N/y/m/?]

Double Talk PC internal speech card support (CONFIG_DTLK) [N/y/m/?]

Siemens R3964 line discipline (CONFIG_R3964) [N/y/m/?]

Applicom intelligent fieldbus card support (CONFIG_APPLICOM) [N/y/m/?]

*

* Ftape, the floppy tape device driver

*

Ftape (QIC-80/Travan) support (CONFIG_FTAPE) [N/y/m/?]

/dev/agpgart (AGP Support) (CONFIG_AGP) [Y/m/n/?] n

Direct Rendering Manager (XFree86 DRI support) (CONFIG_DRM) [Y/n/?] n

*

* Multimedia devices

*

Video For Linux (CONFIG_VIDEO_DEV) [N/y/m/?]

*

* File systems

*

Quota support (CONFIG_QUOTA) [N/y/?]

Kernel automounter support (CONFIG_AUTOFS_FS) [N/y/m/?]

Kernel automounter version 4 support (also supports v3) (CONFIG_AUTOFS4_FS) [Y/m/n/?] n

DOS FAT fs support (CONFIG_FAT_FS) [N/y/m/?]

Compressed ROM file system support (CONFIG_CRAMFS) [N/y/m/?]

Simple RAM-based file system support (CONFIG_RAMFS) [N/y/m/?]

ISO 9660 CDROM file system support (CONFIG_ISO9660_FS) [Y/m/n/?] m

Microsoft Joliet CDROM extensions (CONFIG_JOLIET) [N/y/?]

Minix fs support (CONFIG_MINIX_FS) [N/y/m/?]

NTFS file system support (read only) (CONFIG_NTFS_FS) [N/y/m/?]

OS/2 HPFS file system support (CONFIG_HPFS_FS) [N/y/m/?]

/proc file system support (CONFIG_PROC_FS) [Y/n/?]

/dev/pts file system for Unix98 PTYs (CONFIG_DEVPTS_FS) [Y/n/?]

ROM file system support (CONFIG_ROMFS_FS) [N/y/m/?]

Second extended fs support (CONFIG_EXT2_FS) [Y/m/n/?]

System V and Coherent file system support (read only) (CONFIG_SYSV_FS) [N/y/m/?]

UDF file system support (read only) (CONFIG_UDF_FS) [N/y/m/?]

UFS file system support (read only) (CONFIG_UFS_FS) [N/y/m/?]

*

* Network File Systems

*

Coda file system support (advanced network fs) (CONFIG_CODA_FS) [N/y/m/?]

NFS file system support (CONFIG_NFS_FS) [Y/m/n/?] n

NFS server support (CONFIG_NFSD) [Y/m/n/?] n

SMB file system support (to mount Windows shares etc.) (CONFIG_SMB_FS) [N/y/m/?]

NCP file system support (to mount NetWare volumes) (CONFIG_NCP_FS) [N/y/m/?]

*

* Partition Types

*

Advanced partition selection (CONFIG_PARTITION_ADVANCED) [N/y/?]

*

* Console drivers

*

VGA text console (CONFIG_VGA_CONSOLE) [Y/n/?]

Video mode selection support (CONFIG_VIDEO_SELECT) [N/y/?]

*

* Sound

*

Sound card support (CONFIG_SOUND) [Y/m/n/?] n

*

(Security options will appear only if you are patched your kernel with the Openwall Project patch).

* Security options

*

-12- امنیت سرور لینوکس ٣

By: bl2k@shabgard.org Shabgard Security Teams

Non-executable user stack area (CONFIG_SECURE_STACK) [Y]

Autodetect and emulate GCC trampolines (CONFIG_SECURE_STACK_SMART) [Y]

Restricted links in /tmp (CONFIG_SECURE_LINK) [Y] n

Restricted FIFOs in /tmp (CONFIG_SECURE_FIFO) [Y]

Restricted /proc (CONFIG_SECURE_PROC) [N] y

Special handling of fd 0, 1, and 2 (CONFIG_SECURE_FD_0_1_2) [Y]

Enforce RLIMIT_NPROC on execve(2) (CONFIG_SECURE_RLIMIT_NPROC) [Y]

Destroy shared memory segments not in use (CONFIG_SECURE_SHM) [N]

*

* USB support

*

Support for USB (CONFIG_USB) [Y/m/n/?] n

*

* Kernel hacking

*

Magic SysRq key (CONFIG_MAGIC_SYSRQ) [N/y/?]

*** End of Linux kernel configuration.

*** Check the top-level Makefile for additional configuration.

*** Next, you must run 'make dep'.

حال می رسیم به کامپایل بعد از مراحل بالا به شکل زیر:

[root@tango linux]# make dep; make clean; make bzImage

حال آرنل به صورت فشرده شده آماده نصب می باشد

توجه:

بعد از اتمام مرحله فوق در روش بعدی باید استفاده از مدولهای موجود برای کرنل را فعال سازیم در صورتی که به

انتخاب

Enable loadable module support (CONFIG_MODULES)

جواب بلی داده اید. Modularized kernel در قسمت

[root@tango linux]# make modules

[root@tango linux]# make modules_install

برای نصب کرنل آماده شده مراحل زیر را دنبال می کنیم:

[root@tango /]# cd /usr/src/linux/

[root@tango linux]# cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.5

گام دوم:

[root@tango /]# cd /usr/src/linux/

[root@tango linux]# cp System.map /boot/System.map-2.4.5

گام سوم:

[root@tango linux]# cd /boot/

[root@tango /boot]# ln -fs vmlinuz-2.4.5 vmlinuz

[root@tango /boot]# ln -fs System.map-2.4.5 System.map

گام پنجم:

[root@tango /]# cd /boot/

[root@tango /boot]# rm –f module-info

[root@tango /boot]# rm –f initrd-2.4.x.img

گام ششم:

[root@tango /]# cd /usr/src/linux/

[root@tango linux]# cp -r include/asm-generic ../linux-2.4.5/include/

[root@tango linux]# cp -r include/asm-i386 ../linux-2.4.5/include/

[root@tango linux]# cp -r include/linux ../linux-2.4.5/include/

[root@tango linux]# cd ../

[root@tango src]# rm -rf /usr/src/linux

[root@tango src]# cd /usr/src/

[root@tango src]# ln -s /usr/src/linux-2.4.5 linux

-13- امنیت سرور لینوکس ٣

By: bl2k@shabgard.org Shabgard Security Teams

رو به شکل زیر تغییر می دهیم lilo و در پایان فایل

[root@tango /]# vi /etc/lilo.conf

boot=/dev/sda

map=/boot/map

install=/boot/boot.b

timeout=00 default=linux

restricted

password=somepasswd

image=/boot/vmlinuz

label=linux read-only

root=/dev/sda6

برای ثبت تغییرات:

[root@tango /]# /sbin/lilo -v

LILO version 21.4-4, copyright © 1992-1998 Wernerr Almesberger ‘lba32’ extentions

copyright © 1999,2000 John Coffman

Reading boot sector from /dev/sda had : ATAPI 32X CD-ROM

drive, 128kB Cache Merging with /boot/boot.b Mapping

message file /boot/message Boot image : /boot/vmlinuz

Added linux * /boot/boot.0800 exists – no backup copy made.

Writing boot sector.

روش دوم در بخشهای بعدی توضیح داده خواهد شد

End Part 3

By : bl2k@shabgard.org

To be continue……

   + MOHSEN GHASEMI - ۱۱:٤٢ ‎ق.ظ ; ۱۳۸٩/۳/۳٠