{"id":171,"date":"2024-01-27T08:24:05","date_gmt":"2024-01-26T23:24:05","guid":{"rendered":"https:\/\/shirakawa.weblike.jp\/blog-page\/?p=171"},"modified":"2026-03-22T16:45:50","modified_gmt":"2026-03-22T07:45:50","slug":"%e3%82%b5%e3%83%bc%e3%83%90%e3%83%bc%e3%81%ae%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%83%bc","status":"publish","type":"post","link":"https:\/\/shirakawa.weblike.jp\/blog-page\/2024\/01\/27\/%e3%82%b5%e3%83%bc%e3%83%90%e3%83%bc%e3%81%ae%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%83%bc\/","title":{"rendered":"\u30b5\u30fc\u30d0\u30fc\u3084\u30a2\u30d7\u30ea\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fc"},"content":{"rendered":"

2022.04
\n\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0 (XSS)
\n\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30ea\u30af\u30a8\u30b9\u30c8\u30d5\u30a9\u30fc\u30b8\u30a7\u30ea (CSRF)
\n\u30af\u30ed\u30b9\u30aa\u30ea\u30b8\u30f3\u30ea\u30bd\u30fc\u30b9\u5171\u6709 (CORS) https:\/\/developer.mozilla.org\/ja\/docs\/Web\/HTTP\/CORS<\/a> https:\/\/qiita.com\/att55\/items\/2154a8aad8bf1409db2b<\/a> https:\/\/qiita.com\/T_sa\/items\/7d5285b420698ea8ca15<\/a>
\nSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3
\n\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb
\nWeb Application Firewall (WAF)
\n\u300e\u30d7\u30ed\u306b\u306a\u308b\u305f\u3081\u306eWeb\u6280\u8853\u5165\u9580\u300f \u2015\u2015\u306a\u305c\uff0c\u3042\u306a\u305f\u306fWeb\u30b7\u30b9\u30c6\u30e0\u3092\u958b\u767a\u3067\u304d\u306a\u3044\u306e\u304b
\n(\u4e0a\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u4e8b\u306b\u3064\u3044\u3066\u3082\u3044\u304f\u3064\u304b\u66f8\u3044\u3066\u3042\u308b)
\nhttps:\/\/gihyo.jp\/book\/2010\/978-4-7741-4235-7<\/a>
\n\u30af\u30ea\u30c3\u30af\u30b8\u30e3\u30c3\u30ad\u30f3\u30b0 (2025.01\u3002FC2\u304b\u3089\u5bfe\u7b56\u901a\u77e5\u304d\u305f)
\nhttps:\/\/help.fc2.com\/web\/manual\/group4\/4561<\/a>
\nhttps:\/\/www.ipa.go.jp\/security\/vuln\/websecurity\/cl…<\/a>
\nhttp:\/\/unixservermemo.web.fc2.com\/sv\/apache-mod-he…<\/a>
\n\\
\n\u3053\u3053\u307e\u3067\u306f\u3001\u5927\u4f53\u4ee5\u4e0b\u306e\u66f8\u7c4d\u306b\u66f8\u3044\u3066\u3042\u308b\u306e\u3067\u3001\u8aad\u3093\u3067\u8a66\u3057\u3066\u307f\u308b\uff1a (2025.05)
\n\u4f53\u7cfb\u7684\u306b\u5b66\u3076 \u5b89\u5168\u306aWeb\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u4f5c\u308a\u65b9 \u7b2c2\u7248 2018.6
\nhttps:\/\/www.sbcr.jp\/product\/4797393163\/<\/a> https:\/\/wasbook.org\/<\/a><\/p>\n

\r\n\uff11\u7ae0 Web\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\u3068\u306f\r\n\uff12\u7ae0 \u5b9f\u7fd2\u74b0\u5883\u306e\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7\r\n 2.1 \u5b9f\u7fd2\u74b0\u5883\u306e\u6982\u8981\r\n  Linux\u3001nginx\u3001Apache\u3001PHP\u3001Tomcat\u3001MariaDB\u3001Postfix\r\n  (\u4eca\u56de\u306f\u4eee\u60f3\u30de\u30b7\u30f3\u3067\u306f\u306a\u304f\u3001Slack-15\u306b\u76f4\u63a5Inst\u3057\u3066\u4f7f\u304a\u3046\u3068\u601d\u3063\u305f\u304c\u3001Docker\u7248\u306e\u5b9f\u7fd2\u74b0\u5883\u304c\u3042\u308b\r\n   \u3088\u3046\u306a\u306e\u3067\u3001\u305d\u3063\u3061\u3092\u4f7f\u3063\u3066\u307f\u308b)\r\n  Docker\u306f\u3053\u3063\u3061\u3067Inst\u3057\u305f\u3002https:\/\/shirakawa.weblike.jp\/blog-page\/2022\/03\/10...<\/a>\r\n 2.4 \u4eee\u60f3\u30de\u30b7\u30f3\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3068\u52d5\u4f5c\u78ba\u8a8d (2025.06)\r\n  (\u30ed\u30fc\u30ab\u30eb\u3067\u52d5\u304b\u3057\u3066\u3044\u308bLAMP\u74b0\u5883\u306f\u3001\u5ff5\u306e\u305f\u3081\u6b62\u3081\u3066\u304a\u3044\u305f)\r\n  $ sudo sh \/etc\/rc.d\/rc.php-fpm-8.2 stop\r\n  $ sudo sh \/etc\/rc.d\/rc.postfix stop\r\n  $ sudo sh \/etc\/rc.d\/rc.mysqld stop\r\n  $ sudo sh \/etc\/rc.d\/rc.httpd stop\r\n  (Docker\u4e0a\u306e\u30de\u30b7\u30f3\u3067\u8a2d\u5b9a\u3059\u308b)\r\n  $ sudo dockerd &\r\n  $ docker run hello-world\r\n  (\u52d5\u3044\u3066\u305d\u3046\u3060\u3002\u304c\u3001docker compose up \u3092\u3084\u308b\u3068\u5de8\u5927\u306a\u9818\u57df\u3092\u3068\u308b\u306e\u3067\u3001SSD\u306e\u5f15\u8d8a\u3057\u304c\u5fc5\u8981\u306b\u3002\r\n   Docker\u306fnpm\u3084php_artisan\u4ee5\u4e0a\u306b\u901a\u4fe1\u91cf\u3082\u30cf\u30f3\u30d1\u306a\u3044\u3060\u308d\u306a\u301c\u3002\u5f15\u3063\u8d8a\u3057\u305f<\/a> \u305d\u3046\u3067\u3082\u306a\u304b\u3063\u305f\u3002\r\n   Ubuntu\u8fba\u308a\u306e\u30d9\u30fc\u30b9\u30b7\u30b9\u30c6\u30e0\u3092\u6301\u3063\u3066\u304f\u308b\u306e\u304b\u3068\u601d\u3063\u3066\u3044\u305f\u304c\u3001Slack\u30d9\u30fc\u30b9\u3067\u3082\u4e92\u63db\u6027\u3042\u308b?)\r\n  $ unzip wasbook-docker.zip\r\n  $ cd wasbook-docker\r\n  $ docker compose up -d (\u307e\u305f\u306f start\u3002--project-directory wasbook-docker \u3067dir\u6307\u5b9a)\r\n  (\u52d5\u3044\u3066\u305d\u3046\u3060)\r\n  $ docker ps (\u307e\u305f\u306f docker container ls)\r\n  (Docker\u30b3\u30de\u30f3\u30c9\u306f\u3053\u3063\u3061\u306b\u307e\u3068\u3081\u305f https:\/\/shirakawa.weblike.jp\/blog-page\/2025\/06\/08...<\/a> )<\/span>\r\n  (apache\u30b3\u30f3\u30c6\u30ca\u304c\u63d0\u4f9b\u3059\u308bPROXY(\u30d5\u30a9\u30ef\u30fc\u30c9\u30d7\u30ed\u30ad\u30b7) - \u76f4\u63a5example.jp\u306b\u63a5\u7d9a\u3057\u3066\u3044\u308b\u308f\u3051\u3067\u306f\u306a\u304f\u3001\r\n   http:\/\/127.0.0.1:13128\uff08Apache Proxy\uff09\u306b\u63a5\u7d9a\u3057\u3001\u305d\u3053\u304b\u3089Apache\u304c\u4ee3\u308f\u308a\u306b\u63a5\u7d9a\u3057\u3066\u3044\u307e\u3059(->ChatGPT) \r\n   \u306bFirefox\u304b\u3089\u63a5\u7d9a\u3057\u3066\u76ee\u6b21\u304c\u8868\u793a\u3067\u304d\u305f\u3002\u305d\u3053\u306bFoxyProxy\u306e\u8a2d\u5b9a\u65b9\u6cd5\u3082\u3042\u308b)\r\n  $ docker compose stop (\u505c\u6b62\u3002dir\u79fb\u52d5\u3057\u305f\u5834\u5408\u306f\u5143\u306edir\u306b\u623b\u3089\u306a\u3044\u3068\u30b3\u30de\u30f3\u30c9\u52b9\u304b\u306a\u3044)\r\n  $ docker compose start (\u518d\u958b)\r\n  $ docker images (DL\u307e\u305f\u306fInst\u6e08\u307f\u30a4\u30e1\u30fc\u30b8\u306e\u78ba\u8a8d)\r\n 2.5 OWASP ZAP \u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb (2025.05)\r\n  https:\/\/shirakawa.weblike.jp\/blog-page\/2025\/05\/19...<\/a>\r\n  $ export JAVA_HOME=\/usr\/lib\/jvm\/java-11-openjdk-amd64\r\n  $ export LD_LIBRARY_PATH=$JAVA_HOME\/lib\/server:$LD_LIBRARY_PATH\r\n  $ export PATH=$PATH:\/usr\/lib\/jvm\/java-11-openjdk-amd64\/bin\r\n  $ cd ZAP_2.8.0; sh .\/zap.sh &\r\n 2.6 Firefox\u306e\u62e1\u5f35FoxyProxy-Standard\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb (2025.06)<\/span>\r\n  https:\/\/shirakawa.weblike.jp\/blog-page\/2025\/06\/01...<\/a>\r\n 2.7 OWASP ZAP \u3092\u4f7f\u3063\u3066\u307f\u308b\r\n  (http:\/\/example.jp\u306bFirefox\u304b\u3089\u63a5\u7d9a\u3057\u3066\u76ee\u6b21\u304c\u8868\u793a\u3067\u304d\u3001ZAP\u3067http\u901a\u4fe1\u3092\u78ba\u8a8d\u3067\u304d\u305f)\r\n 2.8 Web\u30e1\u30fc\u30eb\u306e\u78ba\u8a8d\r\n  (MailCatcher\u3068\u3044\u3046Web\u30e1\u30fc\u30e9\u30fc\u3092\u78ba\u8a8d\u3057\u305f)\r\n\uff13\u7ae0 Web\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u57fa\u790e\r\n  \uff5e HTTP\u3001\u30bb\u30c3\u30b7\u30e7\u30f3\u7ba1\u7406\u3001\u540c\u4e00\u30aa\u30ea\u30b8\u30f3\u30dd\u30ea\u30b7\u30fc\u3001CORS\r\n 3.1 HTTP\u3068\u30bb\u30c3\u30b7\u30e7\u30f3\u7ba1\u7406\r\n  https:\/\/www.php.net\/manual\/ja\/features.http-auth.php<\/a>\r\n 3.2 \u53d7\u52d5\u7684\u653b\u6483\u3068\u540c\u4e00\u30aa\u30ea\u30b8\u30f3\u30dd\u30ea\u30b7\u30fc\r\n 3.3 CORS(Cross-Origin Resource Sharing )\r\n  https:\/\/developer.mozilla.org\/ja\/docs\/Web\/API\/XMLH...<\/a>\r\n  33-004a.php\u5b9f\u884c\u6642\u306e\u30a8\u30e9\u30fc\u30e1\u30c3\u30bb\u30fc\u30b8\uff1a\u30af\u30ed\u30b9\u30aa\u30ea\u30b8\u30f3\u8981\u6c42\u3092\u30d6\u30ed\u30c3\u30af\u3057\u307e\u3057\u305f: \u540c\u4e00\u751f\u6210\u5143\u30dd\u30ea\u30b7\u30fc\r\n  \u306b\u3088\u308a\u3001http:\/\/api.example.net\/33\/33-004a.php \u306b\u3042\u308b\u30ea\u30e2\u30fc\u30c8\u30ea\u30bd\u30fc\u30b9\u306e\u8aad\u307f\u8fbc\u307f\u306f\u62d2\u5426\u3055\u308c\u307e\u3059 \r\n  (\u7406\u7531: CORS \u30d8\u30c3\u30c0\u30fc \u2018Access-Control-Allow-Origin\u2019 \u304c\u8db3\u308a\u306a\u3044)\u3002\u30b9\u30c6\u30fc\u30bf\u30b9\u30b3\u30fc\u30c9: 200\u306f\u3001\r\n  CORS\uff08Cross-Origin Resource Sharing\uff09\u30d7\u30ea\u30d5\u30e9\u30a4\u30c8\u30ea\u30af\u30a8\u30b9\u30c8\uff08OPTIONS\uff09\u306b\u306f\u9069\u5207\u306a\u30ec\u30b9\u30dd\u30f3\u30b9\u304c\r\n  \u8fd4\u3063\u3066\u304d\u3066\u3044\u308b\u304c\u3001\u672c\u756a\u306ePOST\u30ea\u30af\u30a8\u30b9\u30c8\u306b\u5bfe\u3059\u308b\u30ec\u30b9\u30dd\u30f3\u30b9\u306b**Access-Control-Allow-Origin \u30d8\u30c3\r\n  \u30c0\u30fc\u304c\u542b\u307e\u308c\u3066\u3044\u306a\u3044**\u305f\u3081\u3001\u30d6\u30e9\u30a6\u30b6\u304cCORS\u30a8\u30e9\u30fc\u3068\u3057\u3066\u30d6\u30ed\u30c3\u30af\u3057\u3066\u3044\u308b\u3053\u3068\u3092\u610f\u5473\u3057\u3066\u3044\u307e\u3059\u3002\r\n  (->ChatGPT > DeepSeek)\r\n  https:\/\/developer.mozilla.org\/ja\/docs\/Web\/HTTP\/Gui...<\/a>\r\n\uff14\u7ae0 \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u6a5f\u80fd\u5225\u306b\u898b\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d0\u30b0 (2025.07)\r\n 4.1 Web\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u6a5f\u80fd\u3068\u8106\u5f31\u6027\u306e\u5bfe\u5fdc\r\n 4.2 \u5165\u529b\u51e6\u7406\u3068\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\r\n 4.3 \u8868\u793a\u51e6\u7406\u306b\u4f34\u3046\u554f\u984c\r\n 4.4 SQL\u547c\u3073\u51fa\u3057\u306b\u4f34\u3046\u8106\u5f31\u6027 (2025.08)\r\n  SQL\u306eLIKE\u8ff0\u8a9e\u3068\u30ef\u30a4\u30eb\u30c9\u30ab\u30fc\u30c9\u306e\u4f8b https:\/\/shirakawa.weblike.jp\/blog-page\/2024\/08\/18...<\/a>\r\n 4.5 \u300c\u91cd\u8981\u306a\u51e6\u7406\u300d\u306e\u969b\u306b\u6df7\u5165\u3059\u308b\u8106\u5f31\u6027\r\n  \u7f60\u306e\u4f8b\uff1a\u30ed\u30b0\u30a4\u30f3\u3057\u305f\u3060\u3051\u3067\u6b8b\u9ad8\u6d88\u3048\u308bPayPay\u6700\u6050\u8a50\u6b3a https:\/\/www.youtube.com\/watch?v=ZMHlWzgKNeQ<\/a>\r\n  (\u305d\u3082\u305d\u3082QR\u6c7a\u6e08\u306fURL\u306e\u78ba\u8a8d\u3092\u56f0\u96e3\u306b\u3057\u3066\u3057\u307e\u3046\u306e\u3067\u4f7f\u308f\u306a\u3044\u65b9\u304c\u3088\u3044\u3001\u3068\u79c1\u306f\u601d\u3046\u3002\u307e\u305f\u30b9\u30de\u30db\u306f\r\n   UI\u304c\u8ca7\u5f31\u3067URL\u306e\u78ba\u8a8d\u304c\u56f0\u96e3\u306a\u306e\u3067\u3001\u8cb7\u3044\u7269\u306fPC\u3067\u3084\u3063\u305f\u65b9\u304c\u3088\u3044\u3068\u601d\u3046)\r\n 4.6 \u30bb\u30c3\u30b7\u30e7\u30f3\u7ba1\u7406\u306e\u4e0d\u5099\r\n  \u7f60\u306e\u4f8b\uff1aInfostealer(\u60c5\u5831\u7a83\u53d6\u578b\u30de\u30eb\u30a6\u30a7\u30a2)\u306b\u3064\u3044\u3066\u8abf\u3079\u3066\u307f\u308b \r\n  https:\/\/zenn.dev\/banboobloom\/articles\/2025040300001<\/a>\r\n  (\u30e1\u30f3\u30c9\u30af\u30b5\u30a4\u304c\u3001\u7528\u304c\u6e08\u3093\u3060\u3089logout\u3057\u5bc4\u308a\u9053\u3057\u306a\u3044\u3001\u30d6\u30e9\u30a6\u30b6\u306b\u306f\u60c5\u5831\u3092\u6301\u305f\u305b\u306a\u3044)\r\n 4.7 \u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u51e6\u7406\u306b\u307e\u3064\u308f\u308b\u8106\u5f31\u6027 (2025.09)\r\n 4.8 \u30af\u30c3\u30ad\u30fc\u51fa\u529b\u306b\u307e\u3064\u308f\u308b\u8106\u5f31\u6027\r\n 4.9 \u30e1\u30fc\u30eb\u9001\u4fe1\u306e\u554f\u984c\r\n 4.10 \u30d5\u30a1\u30a4\u30eb\u30a2\u30af\u30bb\u30b9\u306b\u307e\u3064\u308f\u308b\u554f\u984c\r\n  \u7d50\u8ad6\uff08\u5b9f\u8cea\u975e\u516c\u958b\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u308a\u305f\u3044\u5834\u5408\uff09(->ChatGPT)\r\n   \u624b\u8efd\u306b\u4f7f\u3044\u305f\u3044\u306a\u3089 \u2192 Xserver \/ ConoHa \/ \u3055\u304f\u3089\r\n\u3000  GUI \u3067\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u3067\u304d\u3001\u521d\u5fc3\u8005\u3067\u3082\u5b89\u5fc3\u3002\r\n   \u30b3\u30b9\u30c8\u91cd\u8996\u3067\u3068\u308a\u3042\u3048\u305a \u2192 Lolipop\r\n\u3000  .htaccess \u624b\u52d5\u8a2d\u5b9a\u3067\u5bfe\u5fdc\u53ef\u3002\u305f\u3060\u3057\u8a2d\u5b9a\u30df\u30b9\u306b\u6ce8\u610f\u3002\r\n   \u9ad8\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30fb\u696d\u52d9\u7528\u9014 \u2192 AWS\r\n\u3000  \u672c\u683c\u7684\u306a\u975e\u516c\u958b\u69cb\u6210\u3092\u8a2d\u8a08\u3067\u304d\u308b\u304c\u3001\u904b\u7528\u30b3\u30b9\u30c8\u304c\u9ad8\u3044\u3002\r\n 4.11 OS\u30b3\u30de\u30f3\u30c9\u547c\u3073\u51fa\u3057\u306e\u969b\u306b\u767a\u751f\u3059\u308b\u8106\u5f31\u6027 (2025.10)\r\n   \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u7a3c\u50cd\u3059\u308b\u30e6\u30fc\u30b6\u6a29\u9650\u3092\u6700\u5c0f\u306b\u3059\u308b -> \u4ee5\u964d\u306e\u300cEC\u30b5\u30a4\u30c8\u306e\u30a2\u30ab\u30a6\u30f3\u30c8(\u30aa\u30fc\u30ca\u30fc)\u306b\u3064\u3044\u3066\u300d\r\n    \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fb\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u8106\u5f31\u6027\u306a\u3069\u306b\u5bfe\u3057\u3066\u3082\u6709\u52b9\u3067\u3059\u3002\r\n 4.12 \u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u306b\u307e\u3064\u308f\u308b\u554f\u984c\r\n    .php\u4ee5\u5916\u306e\u30b5\u30fc\u30d0\u30fc\u30b9\u30af\u30ea\u30d7\u30c8 .asp .aspx .jsp .erb .py .js\r\n    https:\/\/shirakawa.weblike.jp\/blog-page\/2025\/10\/11...<\/a>\r\n    @(\u30a8\u30e9\u30fc\u5236\u5fa1\u6f14\u7b97\u5b50)\u4ee5\u5916\u306b\u3082C\u8a00\u8a9e\u306b\u306f\u306a\u3044\u6f14\u7b97\u5b50 https:\/\/shirakawa.weblike.jp\/blog-page\/2025\/10\/12...<\/a>\r\n    $ grep pdf \/etc\/httpd\/mime.types \r\n    application\/pdf\t\t\t\t\tpdf\r\n    (\u4ed6\u306f\u7701\u7565)\r\n    https:\/\/shirakawa.weblike.jp\/blog-page\/2022\/03\/15...<\/a>\r\n 4.13 \u30a4\u30f3\u30af\u30eb\u30fc\u30c9\u306b\u307e\u3064\u308f\u308b\u554f\u984c\r\n    PHP\u306e\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u30d7\u30ed\u30c8\u30b3\u30eb\/\u30e9\u30c3\u30d1\u30fc\u3001\u4ed6\u306b\u3082\u3042\u308b\u3002\r\n    https:\/\/www.php.net\/manual\/ja\/wrappers.php.php<\/a>\r\n    https:\/\/www.php.net\/manual\/ja\/wrappers.data.php<\/a>\r\n 4.14 \u69cb\u9020\u5316\u30c7\u30fc\u30bf\u306e\u8aad\u307f\u8fbc\u307f\u306b\u307e\u3064\u308f\u308b\u554f\u984c\r\n    eval()\u306f\u6587\u5b57\u5217\u3092\u30b9\u30af\u30ea\u30d7\u30c8\u3068\u3057\u3066\u5b9f\u884c\u3059\u308b\u95a2\u6570\u3001Bash\u3067\u306f\u95a2\u6570\u3067\u306f\u306a\u304f\u30b3\u30de\u30f3\u30c9\u5f62\u5f0f\r\n    $ php -r '$sum = eval(\"return 2+3;\"); echo $sum.\"\\n\";' \/\/5\r\n    $ eval \"echo Hello World\" \/\/Hello World\r\n 4.15 \u5171\u6709\u8cc7\u6e90\u3084\u30ad\u30e3\u30c3\u30b7\u30e5\u306b\u95a2\u3059\u308b\u554f\u984c (2025.11)\r\n 4.16 Web API\u5b9f\u88c5\u306b\u304a\u3051\u308b\u8106\u5f31\u6027\r\n    \u30fb\u30ea\u30d5\u30a1\u30e9\u30fc\u30dd\u30ea\u30b7\u30fc: \u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u8981\u6c42\u306b\u3064\u3044\u3066\u3001\u5236\u9650\u306e\u5f31\u3044\u30ea\u30d5\u30a1\u30e9\u30fc\u30dd\u30ea\u30b7\u30fc \u201cunsafe-url\u201d \u3092\u7121\u8996\u3057\u307e\u3059: http:\/\/api.example.net\/4g\/4g-003.php?callback=display_time 4g-003.php\r\n\u6df7\u5728\u30a2\u30af\u30c6\u30a3\u30d6\u30b3\u30f3\u30c6\u30f3\u30c4 \u201chttp:\/\/api.example.net\/4g\/4g-003.php?callback=display_time\u201d \u306e\u8aad\u307f\u8fbc\u307f\u3092\u30d6\u30ed\u30c3\u30af\u3057\u307e\u3057\u305f\u3002 4g-004.html https:\/\/developer.mozilla.org\/ja\/docs\/Web\/Security...<\/a>\r\n\u89e3\u9664\u65b9\u6cd5(->DeepSeek)\r\n\u65b9\u6cd51: \u8b66\u544a\u30a2\u30a4\u30b3\u30f3\u304b\u3089\u8a31\u53ef\r\n\u30a2\u30c9\u30ec\u30b9\u30d0\u30fc\u306e\u5de6\u5074\u306b\u8868\u793a\u3055\u308c\u3066\u3044\u308b\u76fe\u306e\u30a2\u30a4\u30b3\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3001\u300c\u4fdd\u8b77\u6a5f\u80fd\u3092\u7121\u52b9\u306b\u3059\u308b\u300d\u3092\u9078\u629e\u3001\u30da\u30fc\u30b8\u3092\u518d\u8aad\u307f\u8fbc\u307f\r\n\u65b9\u6cd52: \u8a2d\u5b9a\u304b\u3089\u5b8c\u5168\u306b\u7121\u52b9\u5316\uff08\u975e\u63a8\u5968\uff09\r\nabout:config\u3001security.mixed_content.block_active_content \u3092 false \u306b\u5909\u66f4 (\u3053\u308c\u3057\u304b\u52b9\u304b\u306a\u3044)\r\n\u5f8c\u304b\u3089\u6c17\u4ed8\u3044\u305f\u305d\u3082\u305d\u3082\u3001http:\/\/example.jp\/4h\/4h-002.html \u306e\u69d8\u306b http: \u3067\u30b9\u30ad\u30fc\u30e0\u3082\u542b\u3081\u3066\u66f8\u304b\u306a\u3044\u3068\r\n\u81ea\u52d5\u3067 https: \u306b\u3055\u308c\u3066\u3057\u307e\u3046\u3002\r\n    \u30fb4g-012.html\u306edone(func())\u306b\u3064\u3044\u3066\u3001\u524d\u6bb5\u306e4g-011.php\u304b\u3089JS\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u3092\u5f15\u6570\u3067\u53d7\u3051\u3066func()\u3092\u5b9f\u884c\u3059\u308b\u3001\r\n\u3067\u5408\u3063\u3066\u3044\u308b\u304b\uff1f (->DeepSeek\u3002\u307b\u307c\u5408\u3063\u3066\u3044\u307e\u3059\u304c\u3088\u308a\u6b63\u78ba\u306b\u8aac\u660e)\r\ndone()\u30e1\u30bd\u30c3\u30c9\u306e\u52d5\u4f5c: $.ajax() \u304c\u6210\u529f\u3057\u305f\u5834\u5408\uff08HTTP\u30b9\u30c6\u30fc\u30bf\u30b9200\u306a\u3069\uff09\u306b\u5b9f\u884c\u3055\u308c\u308b\u3002\u30b5\u30fc\u30d0\u30fc\u304b\u3089\u306e\u30ec\u30b9\u30dd\u30f3\u30b9\u30c7\u30fc\u30bf\u3092\u5f15\u6570\u3068\u3057\u3066\u53d7\u3051\u53d6\u308b\u3002\u30ec\u30b9\u30dd\u30f3\u30b9\u306e\u30c7\u30fc\u30bf\u30bf\u30a4\u30d7\u304c dataType: \"json\" \u306a\u306e\u3067\u3001PHP\u306e json_encode() \u3067\u51fa\u529b\u3055\u308c\u305fJSON\u6587\u5b57\u5217\u304c\u81ea\u52d5\u7684\u306bJavaScript\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u306b\u5909\u63db\u3055\u308c\u3066\u6e21\u3055\u308c\u308b\u3002\r\n\u88dc\u8db3: done() \u306fPromise\u5f62\u5f0f\u306e\u6210\u529f\u6642\u30b3\u30fc\u30eb\u30d0\u30c3\u30af\u3002\u5931\u6557\u6642\u306b\u306f fail() \u30e1\u30bd\u30c3\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u3002\u5e38\u306b\u5b9f\u884c\u3057\u305f\u3044\u51e6\u7406\u306f always() \u3092\u4f7f\u7528\u3059\u308b\u3002\r\n    \u30fbtrap.example.com\/4g\/4g-921.html \u3092\u5b9f\u884c\u3057\u3066\u3082\u30d6\u30e9\u30a6\u30b6\u306f4g-021.php\u306ePOST\u3067\u540c\u3058\u30af\u30c3\u30ad\u30fc\u3092\u51fa\u3055\u306a\u3044\u305f\u3081\u3001crack\u6210\u529f\u3057\u306a\u3044\u3002Origin\u3092\u898b\u3066\u3044\u308b?\u3002(2025.12) XMLHttpRequest with withCredentials \u3067\u306f\u3001\u660e\u793a\u7684\u306aCORS\u8a2d\u5b9a\u304c\u306a\u3044\u9650\u308a\u3001\u30bf\u30fc\u30b2\u30c3\u30c8\u30c9\u30e1\u30a4\u30f3\u306e\u30af\u30c3\u30ad\u30fc\u306f\u9001\u4fe1\u3055\u308c\u307e\u305b\u3093\u3002\u3053\u308c\u304c\u30d6\u30e9\u30a6\u30b6\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u91cd\u8981\u306a\u6a5f\u80fd\u3067\u3059\u3002\u5b9f\u969b\u306b\u6210\u7acb\u3059\u308bCSRF\u653b\u6483\u624b\u6cd5\uff1a\u30d5\u30a9\u30fc\u30e0\u3092\u4f7f\u7528\u3057\u305fPOST\u9001\u4fe1\u3002(DeepSeek) JSON\u3067\u306f\u306a\u3044\u305f\u3081\u5b9f\u969b\u306f\u5931\u6557\u3059\u308b\u3002\r\nhttps:\/\/www.php.net\/manual\/ja\/function.file-get-c...<\/a>\u3001https:\/\/www.php.net\/manual\/ja\/wrappers.php.php<\/a>\r\n    \u30fb4g-022b.html $_SERVER\u306e\u4e3b\u306a\u30ad\u30fc https:\/\/shirakawa.weblike.jp\/blog-page\/2022\/03\/24...<\/a>\r\n    \u30fbhttp:\/\/trap.example.com\/4g\/4g-921b.html \u3092\u5b9f\u884c\u3057\u3066\u3082403\u30a8\u30e9\u30fc\u3002(->DeepSeek)\r\n    1.\u30d7\u30ea\u30d5\u30e9\u30a4\u30c8\u30ea\u30af\u30a8\u30b9\u30c8\u3067\u306f\u30bb\u30c3\u30b7\u30e7\u30f3\u304c\u958b\u59cb\u3055\u308c\u306a\u3044\uff1f\r\n    2.\u30d7\u30ea\u30d5\u30e9\u30a4\u30c8\u30ea\u30af\u30a8\u30b9\u30c8\u3067\u306f$_SESSION['mail']\u304c\u7a7a\uff1f\r\n    3.CORS\u30d8\u30c3\u30c0\u30fc\u304c\u306a\u3044\u306e\u3067\u30d6\u30e9\u30a6\u30b6\u304c\u30d6\u30ed\u30c3\u30af\uff1f\r\n    \u30fbJS\u306eObject\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u306f\u3001https:\/\/shirakawa.weblike.jp\/blog-page\/2022\/06\/19<\/a>\u3092\u53c2\u7167\u3002\r\n 4.17 JavaScript\u306e\u554f\u984c (2026.01)\r\n    \u30fbJS\u306eWindow\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u306f\u3001https:\/\/shirakawa.weblike.jp\/blog-page\/2022\/06\/19<\/a>\u3092\u53c2\u7167\u3002\r\n    \u30fbJS\u306elocation\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u306f\u3001https:\/\/shirakawa.weblike.jp\/blog-page\/2022\/06\/19<\/a>\u3092\u53c2\u7167\u3002\r\n\uff15\u7ae0 \u4ee3\u8868\u7684\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u6a5f\u80fd \r\n 5.1 \u8a8d\u8a3c (2026.02)\r\n 5.2 \u30a2\u30ab\u30a6\u30f3\u30c8\u7ba1\u7406\r\n 5.3 \u8a8d\u53ef\r\n 5.4 \u30ed\u30b0\u51fa\u529b\r\n\uff16\u7ae0 \u6587\u5b57\u30b3\u30fc\u30c9\u3068\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\r\n 6.1 \u6587\u5b57\u30b3\u30fc\u30c9\u3068\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u6982\u8981\r\n 6.2 \u6587\u5b57\u96c6\u5408\r\n 6.3 \u6587\u5b57\u30a8\u30f3\u30b3\u30fc\u30c7\u30a3\u30f3\u30b0\r\n 6.4 \u6587\u5b57\u30b3\u30fc\u30c9\u306b\u3088\u308b\u8106\u5f31\u6027\u306e\u767a\u751f\u8981\u56e0\u307e\u3068\u3081\r\n 6.5 \u6587\u5b57\u30b3\u30fc\u30c9\u3092\u6b63\u3057\u304f\u6271\u3046\u305f\u3081\u306b\r\n    \u30fbmb_ereg()\u3084utf8mb4\u306emb\u306f\u30de\u30eb\u30c1\u30d0\u30a4\u30c8\u306e\u3053\u3068\u3002\r\n 6.6 \u307e\u3068\u3081\r\n\uff17\u7ae0 \u8106\u5f31\u6027\u8a3a\u65ad\u5165\u9580\r\n 7.1 \u8106\u5f31\u6027\u8a3a\u65ad\u306e\u6982\u8981\r\n 7.2 \u8106\u5f31\u306a\u30b5\u30f3\u30d7\u30eb\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3 Bad Todo\r\n 7.3 \u8a3a\u65ad\u30c4\u30fc\u30eb\u306e\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3068\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\r\n   https:\/\/nmap.org\/download.html\r\n     nmap\u30b3\u30de\u30f3\u30c9\u304c\u3042\u3063\u305f\u306e\u3067\u305d\u3063\u3061\u3092\u4f7f\u3046\u3002https:\/\/shirakawa.weblike.jp\/blog-page\/2026\/03\/01...<\/a>\r\n   https:\/\/wasbook.org\/download\/ (\u672c\u66f8\u306e\u30b5\u30dd\u30fc\u30c8\u30b5\u30a4\u30c8)\r\n     OpenVAS\u306eInstall\u3002https:\/\/shirakawa.weblike.jp\/blog-page\/2026\/03\/15...<\/a>\r\n   https:\/\/sourceforge.net\/projects\/rips-scanner\/files\/\r\n 7.4 Nmap\u306b\u3088\u308b\u30dd\u30fc\u30c8\u30b9\u30ad\u30e3\u30f3\r\n     \u4f7f\u3044\u65b9\u3082\u3053\u3063\u3061\u3002https:\/\/shirakawa.weblike.jp\/blog-page\/2026\/03\/01...<\/a>\r\n 7.5 OpenVAS\u306b\u3088\u308b\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u8106\u5f31\u6027\u8a3a\u65ad\r\n     \u4f7f\u3044\u65b9\u3082\u3053\u3063\u3061\u3001\u5b9f\u65bd\u306f\u4fdd\u7559\u3002https:\/\/shirakawa.weblike.jp\/blog-page\/2026\/03\/15...<\/a>\r\n<\/pre>\n<\/p>\n
\u53c2\u8003\u60c5\u5831\uff1a
\n2022.04
\nWeb\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u4f5c\u308b\u524d\u306b\u77e5\u308b\u3079\u304d10\u306e\u8106\u5f31\u6027
\nhttps:\/\/atmarkit.itmedia.co.jp\/ait\/articles\/0706\/13…<\/a>
\nhttps:\/\/atmarkit.itmedia.co.jp\/ait\/articles\/0910\/23…<\/a>
\nhttps:\/\/www.pupha.net\/archives\/527\/<\/a>
\nhttps:\/\/www.mbsd.jp\/blog\/20161104.html<\/a>
\nhttps:\/\/persol-tech-s.co.jp\/corporate\/security\/art…<\/a>
\nhttps:\/\/de-vraag.com\/ja\/55057251<\/a>
\nSoftware Design 2022\u5e742\u6708\u53f7 \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ad\u30fcIT\u30a8\u30f3\u30b8\u30cb\u30a2\u6d41\u4f7f\u3044\u3053\u306a\u3057\u8853
\nhttps:\/\/gihyo.jp\/magazine\/SD\/archive\/2022\/202202<\/a>
\nJavaScript\u3067\u30bb\u30ad\u30e5\u30a2\u306a\u30b3\u30fc\u30c7\u30a3\u30f3\u30b0\u3092\u3059\u308b\u305f\u3081\u306b\u6c17\u3092\u3064\u3051\u308b\u3053\u3068
\nhttps:\/\/developer.cybozu.io\/hc\/ja\/articles\/201850320<\/a>
\n\u5b89\u5168\u306a\u30a6\u30a7\u30d6\u30b5\u30a4\u30c8\u306e\u4f5c\u308a\u65b9 – IPA
\nhttps:\/\/www.ipa.go.jp\/security\/vuln\/websecurity\/about.html<\/a>
\n\u305f\u307e\u305f\u307e\u898b\u3064\u3051\u305f\uff1a 2022.12,2022.12,2025.06
\nLinux Foundation\u3001\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3092\u5b89\u5168\u306b\u4f7f\u7528\u30fb\u958b\u767a\u3059\u308b\u65b9\u6cd5\u3092\u7121\u6599\u3067\u5b66\u3079\u308b\u30aa\u30f3\u30e9\u30a4\u30f3\u30b3\u30fc\u30b9\u3092\u767a\u8868
\nhttps:\/\/codezine.jp\/article\/detail\/16972<\/a>
\n\u7d44\u8fbc\u307f Linux \u5411\u3051\u30bb\u30fc\u30d5\u30ea\u30b9\u30c8\u578b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30bd\u30d5\u30c8 EMEliminator – \u30b5\u30a4\u30d0\u30fc\u30c8\u30e9\u30b9\u30c8\u793e
\nhttps:\/\/www.cybertrust.co.jp\/iot\/emeliminator.html…<\/a>
\nEC-CUBE Penetration Testing with OWASP ZAP
\nhttps:\/\/doc4.ec-cube.net\/penetration-testing<\/a>
\nWeb\u30a2\u30d7\u30ea\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u3010OWASP Top 10\u3092\u5b9f\u88c5\u3067\u9632\u3050\u3011
\nhttps:\/\/www.youtube.com\/watch?v=GxiprV8kMHY<\/a><\/p>\n
\/*************************************************************************************\/
\n2024.09
\nEC\u30b5\u30a4\u30c8\u306e\u30a2\u30ab\u30a6\u30f3\u30c8(\u30aa\u30fc\u30ca\u30fc)\u306b\u3064\u3044\u3066\uff1a
\nEC\u30b5\u30a4\u30c8\u3092PHP\u3067\u7d44\u3080\u3068\u3057\u3066\u3001DocumentRoot\u3092\u4f8b\u3048\u3070\u3001\/www\/myshop \u3068\u3057\u305f\u5834\u5408\u3001myshop\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30ebid\u306froot\u306b\u3059\u3079\u304d\u304b\uff1f\u4e00\u822c\u30a2\u30ab\u30a6\u30f3\u30c8\u3067\u3082\u3088\u3044\u304b\uff1f (->ChatGPT)
\n\u3069\u3061\u3089\u306e\u56de\u7b54\u304c\u304a\u597d\u307f\u3067\u3059\u304b\uff1f
\n\u304a\u5ba2\u69d8\u306e\u9078\u629e\u306f ChatGPT \u306e\u6539\u5584\u306b\u5f79\u7acb\u3066\u3089\u308c\u307e\u3059\u3002<\/p>\n
\u56de\u7b54\uff11\uff1a
\nDocumentRoot \u914d\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u306e\u6240\u6709\u8005\u3084\u30b0\u30eb\u30fc\u30d7\u306b\u95a2\u3057\u3066\u3001\u4e00\u822c\u7684\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u89b3\u70b9\u304b\u3089\u306f\u3001root \u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u6240\u6709\u8005\u306b\u306a\u308b\u3079\u304d\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002\u3080\u3057\u308d\u3001\u6b21\u306e\u3088\u3046\u306a\u8a2d\u5b9a\u304c\u63a8\u5968\u3055\u308c\u307e\u3059\u3002
\n1.\u30d5\u30a1\u30a4\u30eb\u6240\u6709\u8005: DocumentRoot \u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u306f\u3001Apache \u3084\u30a6\u30a7\u30d6\u30b5\u30fc\u30d0\u30fc\u304c\u5b9f\u884c\u3055\u308c\u3066\u3044\u308b\u30e6\u30fc\u30b6\u30fc\uff08\u305f\u3068\u3048\u3070\u3001www-data \u3084 apache\uff09\u307e\u305f\u306f\u3001PHP \u306e\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u30e1\u30f3\u30c6\u30ca\u30f3\u30b9\u3059\u308b\u958b\u767a\u8005\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u6240\u6709\u8005\u3067\u3042\u308b\u3079\u304d\u3067\u3059\u3002\u3053\u308c\u306f\u3001root \u3067\u6240\u6709\u3059\u308b\u3068\u3001\u8aa4\u3063\u3066\u30d5\u30a1\u30a4\u30eb\u3092\u64cd\u4f5c\u3059\u308b\u30ea\u30b9\u30af\u3092\u6e1b\u3089\u3059\u305f\u3081\u3067\u3059\u3002
\n2.\u30d5\u30a1\u30a4\u30eb\u306e\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3: \u30d5\u30a1\u30a4\u30eb\u306e\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u3082\u9069\u5207\u306b\u8a2d\u5b9a\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002PHP \u30d5\u30a1\u30a4\u30eb\u306b\u95a2\u3057\u3066\u306f\u3001\u8aad\u307f\u8fbc\u307f\u6a29\u9650\u3060\u3051\u304c\u5fc5\u8981\u306a\u5834\u5408\u304c\u591a\u304f\u3001\u4e00\u822c\u7684\u306b\u306f\u6b21\u306e\u3088\u3046\u306a\u8a2d\u5b9a\u304c\u5b89\u5168\u3067\u3059\u3002
\n\u30fb\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\uff1a755
\n\u30fb\u30d5\u30a1\u30a4\u30eb\uff1a644
\n\u7406\u7531:
\n\u30fbroot \u3067\u6240\u6709\u3059\u308b\u5834\u5408\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u30ea\u30b9\u30af\u304c\u5897\u52a0\u3057\u307e\u3059\u3002\u4f8b\u3048\u3070\u3001\u4e07\u304c\u4e00\u3001\u30b5\u30fc\u30d0\u30fc\u306b\u8106\u5f31\u6027\u304c\u3042\u3063\u305f\u5834\u5408\u3001\u653b\u6483\u8005\u304c root \u6a29\u9650\u3092\u53d6\u5f97\u3057\u3084\u3059\u304f\u306a\u308a\u307e\u3059\u3002
\n\u30fb\u4e00\u822c\u30e6\u30fc\u30b6\u30fc\u304c\u30d5\u30a1\u30a4\u30eb\u306e\u6240\u6709\u8005\u3067\u3042\u308c\u3070\u3001\u30a6\u30a7\u30d6\u30b5\u30fc\u30d0\u30fc\u304c\u904e\u5270\u306a\u6a29\u9650\u3092\u6301\u305f\u305a\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u3088\u308a\u5b89\u5168\u3067\u3059\u3002
\n\u305d\u306e\u305f\u3081\u3001\u4e00\u822c\u30a2\u30ab\u30a6\u30f3\u30c8\u3084\u30a6\u30a7\u30d6\u30b5\u30fc\u30d0\u30fc\u7528\u306e\u5c02\u7528\u30e6\u30fc\u30b6\u30fc\u304c\u30d5\u30a1\u30a4\u30eb\u306e\u6240\u6709\u8005\u3067\u3042\u308b\u3053\u3068\u304c\u63a8\u5968\u3055\u308c\u307e\u3059\u3002<\/p>\n
\u56de\u7b54\uff12\uff1a
\nEC\u30b5\u30a4\u30c8\u3092PHP\u3067\u69cb\u7bc9\u3059\u308b\u969b\u306e\u30d5\u30a1\u30a4\u30eb\u304a\u3088\u3073\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u6240\u6709\u6a29\uff08\u30d5\u30a1\u30a4\u30ebID\uff09\u306b\u3064\u3044\u3066\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3068\u904b\u7528\u306e\u89b3\u70b9\u304b\u3089\u9069\u5207\u306a\u8a2d\u5b9a\u3092\u884c\u3046\u3053\u3068\u304c\u975e\u5e38\u306b\u91cd\u8981\u3067\u3059\u3002\u4ee5\u4e0b\u306b\u63a8\u5968\u3055\u308c\u308b\u8a2d\u5b9a\u3068\u305d\u306e\u7406\u7531\u3092\u8aac\u660e\u3057\u307e\u3059\u3002
\n1. \u30d5\u30a1\u30a4\u30eb\u306e\u6240\u6709\u8005\u306froot\u306b\u3057\u306a\u3044
\n\u30fb\u7406\u7531: root\u30e6\u30fc\u30b6\u30fc\u306f\u30b7\u30b9\u30c6\u30e0\u5168\u4f53\u306b\u5bfe\u3059\u308b\u7ba1\u7406\u6a29\u9650\u3092\u6301\u3063\u3066\u304a\u308a\u3001Web\u30b5\u30fc\u30d0\u30fc\u304croot\u6a29\u9650\u3067\u52d5\u4f5c\u3059\u308b\u3068\u3001\u8106\u5f31\u6027\u304c\u60aa\u7528\u3055\u308c\u305f\u969b\u306b\u30b7\u30b9\u30c6\u30e0\u5168\u4f53\u304c\u5371\u967a\u306b\u3055\u3089\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u3057\u305f\u304c\u3063\u3066\u3001Web\u30b3\u30f3\u30c6\u30f3\u30c4\u306e\u6240\u6709\u8005\u3092root\u306b\u3059\u308b\u3053\u3068\u306f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u975e\u5e38\u306b\u30ea\u30b9\u30af\u304c\u9ad8\u304f\u63a8\u5968\u3055\u308c\u307e\u305b\u3093\u3002
\n2. \u5c02\u7528\u306e\u4e00\u822c\u30e6\u30fc\u30b6\u30fc\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4f7f\u7528
\n\u30fb\u63a8\u5968\u65b9\u6cd5:
\n\u30fb\u30c7\u30d7\u30ed\u30a4\u30e6\u30fc\u30b6\u30fc: \u30b5\u30a4\u30c8\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u7ba1\u7406\u3059\u308b\u305f\u3081\u306e\u5c02\u7528\u306e\u30e6\u30fc\u30b6\u30fc\uff08\u4f8b: deploy, myshopuser\u306a\u3069\uff09\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u3053\u306e\u30e6\u30fc\u30b6\u30fc\u304c\/www\/myshop\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u304a\u3088\u3073\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u6240\u6709\u8005\u3068\u306a\u308a\u307e\u3059\u3002
\n\u30fbWeb\u30b5\u30fc\u30d0\u30fc\u30e6\u30fc\u30b6\u30fc: Apache\u306a\u3069\u306eWeb\u30b5\u30fc\u30d0\u30fc\u304c\u52d5\u4f5c\u3059\u308b\u30e6\u30fc\u30b6\u30fc\uff08\u4f8b: www-data, apache, httpd\u306a\u3069\uff09\u3068\u9069\u5207\u306a\u30d5\u30a1\u30a4\u30eb\u6a29\u9650\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002
\n\u30fb\u8a2d\u5b9a\u4f8b:
\n# \u5c02\u7528\u30e6\u30fc\u30b6\u30fc\u306e\u4f5c\u6210
\n$ sudo adduser myshopuser
\n# \u30d5\u30a1\u30a4\u30eb\u306e\u6240\u6709\u6a29\u3092\u5c02\u7528\u30e6\u30fc\u30b6\u30fc\u306b\u5909\u66f4
\n$ sudo chown -R myshopuser:www-data \/www\/myshop
\n# \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u8a2d\u5b9a\uff08755\uff09
\n$ sudo find \/www\/myshop -type d -exec chmod 755 {} \\;
\n# \u30d5\u30a1\u30a4\u30eb\u306e\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u8a2d\u5b9a\uff08644\uff09
\n$ sudo find \/www\/myshop -type f -exec chmod 644 {} \\;
\n# \u5fc5\u8981\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u66f8\u304d\u8fbc\u307f\u6a29\u9650\u3092\u4ed8\u4e0e\uff08\u4f8b: uploads, cache\uff09
\n$ sudo chmod -R 775 \/www\/myshop\/uploads
\n$ sudo chmod -R 775 \/www\/myshop\/cache
\n3. \u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u306e\u8a2d\u5b9a
\n\u30fb\u30c7\u30a3\u30ec\u30af\u30c8\u30ea: 755\uff08\u6240\u6709\u8005\u304c\u8aad\u307f\u66f8\u304d\u5b9f\u884c\u3001\u30b0\u30eb\u30fc\u30d7\u3068\u305d\u306e\u4ed6\u304c\u8aad\u307f\u5b9f\u884c\uff09
\n\u30fb\u30d5\u30a1\u30a4\u30eb: 644\uff08\u6240\u6709\u8005\u304c\u8aad\u307f\u66f8\u304d\u3001\u30b0\u30eb\u30fc\u30d7\u3068\u305d\u306e\u4ed6\u304c\u8aad\u307f\u53d6\u308a\uff09
\n\u30fb\u66f8\u304d\u8fbc\u307f\u304c\u5fc5\u8981\u306a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea: 775\u307e\u305f\u306f750\uff08\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8981\u4ef6\u306b\u5fdc\u3058\u3066\u8abf\u6574\uff09
\n4. Web\u30b5\u30fc\u30d0\u30fc\u306e\u6a29\u9650\u3092\u6700\u5c0f\u9650\u306b
\n\u30fbWeb\u30b5\u30fc\u30d0\u30fc\u304c\u5fc5\u8981\u4ee5\u4e0a\u306e\u6a29\u9650\u3092\u6301\u305f\u306a\u3044\u3088\u3046\u306b\u3057\u3001\u5fc5\u8981\u306a\u30d5\u30a1\u30a4\u30eb\u3084\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u306e\u307f\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u307e\u3059\u3002
\n\u30fbPHP\u304c\u30d5\u30a1\u30a4\u30eb\u306e\u8aad\u307f\u66f8\u304d\u304c\u5fc5\u8981\u306a\u5834\u5408\u3067\u3082\u3001\u6700\u5c0f\u9650\u306e\u6a29\u9650\u3092\u4ed8\u4e0e\u3057\u307e\u3059\u3002
\n5. \u8ffd\u52a0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56
\n\u30fb\u30d5\u30a1\u30a4\u30eb\u306e\u6240\u6709\u6a29\u3092\u5206\u96e2: \u53ef\u80fd\u3067\u3042\u308c\u3070\u3001Web\u30b3\u30f3\u30c6\u30f3\u30c4\u3068\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u5b9f\u884c\u30e6\u30fc\u30b6\u30fc\u3092\u5206\u96e2\u3057\u3001\u4e0d\u8981\u306a\u30a2\u30af\u30bb\u30b9\u3092\u9632\u304e\u307e\u3059\u3002
\n\u30fb\u5b9a\u671f\u7684\u306a\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u306e\u78ba\u8a8d: \u30d5\u30a1\u30a4\u30eb\u3084\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306e\u6a29\u9650\u304c\u610f\u56f3\u3057\u306a\u3044\u5909\u66f4\u3092\u53d7\u3051\u3066\u3044\u306a\u3044\u304b\u5b9a\u671f\u7684\u306b\u30c1\u30a7\u30c3\u30af\u3057\u307e\u3059\u3002
\n\u30fb\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u5229\u7528: Apache\u306emod_security\u306a\u3069\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u6d3b\u7528\u3057\u3066\u3001\u653b\u6483\u304b\u3089\u30b5\u30a4\u30c8\u3092\u4fdd\u8b77\u3057\u307e\u3059\u3002
\n\u307e\u3068\u3081
\n\u30fb\u6240\u6709\u8005\u3092root\u306b\u3057\u306a\u3044: \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ea\u30b9\u30af\u304c\u9ad8\u3044\u305f\u3081\u907f\u3051\u308b\u3002
\n\u30fb\u5c02\u7528\u306e\u4e00\u822c\u30e6\u30fc\u30b6\u30fc\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4f7f\u7528: \u30d5\u30a1\u30a4\u30eb\u7ba1\u7406\u3068Web\u30b5\u30fc\u30d0\u30fc\u306e\u6a29\u9650\u3092\u9069\u5207\u306b\u5206\u96e2\u3059\u308b\u3002
\n\u30fb\u9069\u5207\u306a\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u3092\u8a2d\u5b9a: \u6700\u5c0f\u9650\u306e\u6a29\u9650\u3067\u904b\u7528\u3057\u3001\u4e0d\u8981\u306a\u30a2\u30af\u30bb\u30b9\u3092\u9632\u3050\u3002
\n\u3053\u308c\u3089\u306e\u8a2d\u5b9a\u306b\u3088\u308a\u3001EC\u30b5\u30a4\u30c8\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5f37\u5316\u3057\u3001\u904b\u7528\u4e0a\u306e\u5b89\u5168\u6027\u3092\u78ba\u4fdd\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u5177\u4f53\u7684\u306a\u30b5\u30fc\u30d0\u30fc\u74b0\u5883\u3084\u8981\u4ef6\u306b\u5fdc\u3058\u3066\u3001\u3055\u3089\u306b\u8a73\u7d30\u306a\u8a2d\u5b9a\u3084\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u3092\u691c\u8a0e\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002
\n\u53c2\u8003\u60c5\u5831:
\n\u30fbApache Official Documentation – File Permissions
\n\u30fbOWASP – Secure File Permissions
\n\u5fc5\u8981\u306b\u5fdc\u3058\u3066\u3001\u5177\u4f53\u7684\u306a\u30b5\u30fc\u30d0\u30fc\u74b0\u5883\u3084\u4f7f\u7528\u3057\u3066\u3044\u308b\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u30b5\u30fc\u30d3\u30b9\u306b\u57fa\u3065\u3044\u305f\u8a2d\u5b9a\u3092\u884c\u3063\u3066\u304f\u3060\u3055\u3044\u3002
\n\u6ce8\u610f: \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a\u306f\u30b7\u30b9\u30c6\u30e0\u5168\u4f53\u306e\u5b89\u5168\u6027\u306b\u76f4\u7d50\u3057\u307e\u3059\u306e\u3067\u3001\u4e0d\u660e\u70b9\u304c\u3042\u308b\u5834\u5408\u306f\u5c02\u9580\u5bb6\u306b\u76f8\u8ac7\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002
\n\u88dc\u8db3: \u8cea\u554f\u304c\u65e5\u672c\u8a9e\u3067\u3042\u3063\u305f\u305f\u3081\u3001\u56de\u7b54\u3082\u65e5\u672c\u8a9e\u3067\u63d0\u4f9b\u3057\u307e\u3057\u305f\u3002\u8ffd\u52a0\u306e\u8cea\u554f\u3084\u8a73\u7d30\u306a\u8aac\u660e\u304c\u5fc5\u8981\u306a\u5834\u5408\u306f\u3001\u9060\u616e\u306a\u304f\u304a\u77e5\u3089\u305b\u304f\u3060\u3055\u3044\u3002<\/p>\n
\u53c2\u8003\uff1a
\n\u30a2\u30d7\u30ea\u30bd\u30d5\u30c8\u3001\u30b7\u30b9\u30c6\u30e0\u30bd\u30d5\u30c8\u3001\u306e\u30aa\u30fc\u30ca\u30fc\u306b\u3064\u3044\u3066
\nhttps:\/\/shirakawa.weblike.jp\/blog-page\/2025\/06\/01…<\/a> (Firefox\u3067addon\u304c\u3067\u304d\u306a\u3044\u4ef6)
\nhttps:\/\/shirakawa.weblike.jp\/blog-page\/2025\/06\/03…<\/a>
\n\u500b\u4eba\u7528\u30a2\u30d7\u30ea\u306f\u4f55\u51e6\u306b\u7f6e\u304f\u304b
\nhttps:\/\/shirakawa.weblike.jp\/blog-page\/2025\/06\/02…<\/a>
\n\u30b7\u30f3\u30d7\u30eb\u3055\u306b\u306f\u4ee3\u511f\u304c\u4f34\u3046 (\u4f8b:\u30a2\u30af\u30bb\u30b9\u5236\u5fa1)
\nhttps:\/\/shirakawa.weblike.jp\/blog-page\/2026\/03\/14…<\/a><\/p>\n
\/*************************************************************************************\/
\n\u4fb5\u5165\u3055\u308c\u3066\u3044\u306a\u3044\u304b\u30c1\u30a7\u30c3\u30af\u3059\u308b\u65b9\u6cd5\u306f\uff1f
\nLinux \u30de\u30b7\u30f3\u304c \u4fb5\u5165\u3055\u308c\u305f\u304b\u3092\u30c1\u30a7\u30c3\u30af\u3059\u308b\u65b9\u6cd5\u306b\u306f\u3001\u300c\u660e\u78ba\u306a\u75d5\u8de1\uff08Indicators of Compromise\uff09\u3092\u63a2\u3059\u3053\u3068\u300d\u304c\u4e2d\u5fc3\u306b\u306a\u308a\u307e\u3059\u3002\u4ee5\u4e0b\u306b\u3001\u9806\u3092\u8ffd\u3063\u3066\u57fa\u672c\u304b\u3089\u5b9f\u8df5\u7684\u306a\u30c1\u30a7\u30c3\u30af\u65b9\u6cd5\u307e\u3067\u3054\u7d39\u4ecb\u3057\u307e\u3059\u3002 (->ChatGPT)
\n## \u2705 1.\u30ed\u30b0\u3092\u78ba\u8a8d\u3059\u308b
\n### \ud83d\udd0d \u30ed\u30b0\u30a4\u30f3\u5c65\u6b74\u3092\u78ba\u8a8d
\n$ last
\n* \u7570\u5e38\u306a\u6642\u9593\u5e2f\u306e\u30ed\u30b0\u30a4\u30f3
\n* \u4e0d\u660e\u306aIP\u30a2\u30c9\u30ec\u30b9\u304b\u3089\u306e\u30ed\u30b0\u30a4\u30f3
\n### \ud83d\udd0d \u5931\u6557\u3057\u305f\u30ed\u30b0\u30a4\u30f3\u3092\u78ba\u8a8d
\n$ grep ‘Failed password’ \/var\/log\/auth.log
\n\uff08CentOS\u7cfb\u306a\u3089 `\/var\/log\/secure`\uff09
\n* \u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u653b\u6483\u304c\u3042\u308b\u3068\u3053\u3053\u306b\u5927\u91cf\u306b\u51fa\u307e\u3059
\n## \u2705 2.\u4e0d\u5be9\u306a\u30e6\u30fc\u30b6\u30fc\u30fb\u30b0\u30eb\u30fc\u30d7\u306e\u78ba\u8a8d
\n### \ud83d\udd0d root\u6a29\u9650\u3092\u6301\u3064\u30e6\u30fc\u30b6\u30fc\u4e00\u89a7
\n$ awk -F: ‘$3 == 0 { print $1 }’ \/etc\/passwd
\n* \u901a\u5e38\u306f `root` \u3060\u3051\u306e\u306f\u305a
\n  \u2192 \u898b\u77e5\u3089\u306c\u540d\u524d\u304c\u3042\u308c\u3070\u8981\u6ce8\u610f\u3002
\n### \ud83d\udd0d \u5168\u30e6\u30fc\u30b6\u30fc\u78ba\u8a8d
\n$ cut -d: -f1 \/etc\/passwd
\n* \u898b\u899a\u3048\u306e\u306a\u3044\u30e6\u30fc\u30b6\u30fc\u304c\u306a\u3044\u304b\u78ba\u8a8d
\n## \u2705 3.SSH\u306e\u8a2d\u5b9a\u3068\u30a2\u30af\u30bb\u30b9\u5c65\u6b74
\n### \ud83d\udd0d `.ssh\/authorized_keys` \u304c\u6539\u3056\u3093\u3055\u308c\u3066\u3044\u306a\u3044\u304b
\n$ cat ~\/.ssh\/authorized_keys
\n* \u81ea\u5206\u306e\u516c\u958b\u9375\u4ee5\u5916\u304c\u3042\u308c\u3070\u30a2\u30a6\u30c8
\n## \u2705 4.cron \u306b\u30d0\u30c3\u30af\u30c9\u30a2\u304c\u4ed5\u639b\u3051\u3089\u308c\u3066\u3044\u306a\u3044\u304b
\n### \ud83d\udd0d \u81ea\u5206\u306ecron\u30b8\u30e7\u30d6
\n$ crontab -l
\n### \ud83d\udd0d \u5168\u4f53\u306ecron\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb
\n$ ls -al \/etc\/cron*
\n* \u602a\u3057\u3044\u30b9\u30af\u30ea\u30d7\u30c8\u5b9f\u884c\u306a\u3069\u304c\u4ed5\u8fbc\u307e\u308c\u3066\u3044\u306a\u3044\u304b\u78ba\u8a8d
\n## \u2705 5.\u30d7\u30ed\u30bb\u30b9\u3068\u30dd\u30fc\u30c8\u3092\u76e3\u8996\u3059\u308b
\n### \ud83d\udd0d \u4e0d\u5be9\u306a\u30d7\u30ed\u30bb\u30b9
\n$ ps aux | grep -vE ‘firefox|bash|gnome|systemd|ssh’
\n* `minerd`, `kworker`, `python3 -m http.server` \u306a\u3069\u4e0d\u5be9\u306a\u3082\u306e\u304c\u306a\u3044\u304b
\n### \ud83d\udd0d \u4f7f\u7528\u4e2d\u30dd\u30fc\u30c8\u3068\u63a5\u7d9a
\n$ sudo netstat -tulnp
\n\u307e\u305f\u306f\uff1a
\n$ sudo ss -tulnp
\n* \u81ea\u5206\u304c\u958b\u3051\u3066\u3044\u306a\u3044\u30dd\u30fc\u30c8\u304c Listen \u72b6\u614b\u306a\u3089\u8981\u6ce8\u610f
\n* `PID\/Program name` \u3092\u78ba\u8a8d
\n## \u2705 6.rootkit \u691c\u51fa\u30c4\u30fc\u30eb\u306e\u4f7f\u7528
\n### \ud83d\udee0 `rkhunter`\uff08rootkit\u691c\u51fa\uff09
\n$ sudo apt install rkhunter   # \u307e\u305f\u306f yum install rkhunter
\n$ sudo rkhunter –update
\n$ sudo rkhunter –check
\n### \ud83d\udee0 `chkrootkit`
\n$ sudo apt install chkrootkit
\n$ sudo chkrootkit
\n## \u2705 7.\u6700\u8fd1\u5909\u66f4\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u306e\u8abf\u67fb
\n### \ud83d\udd0d \u76f4\u8fd1\u3067\u5909\u66f4\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb\u3092\u78ba\u8a8d\uff08\u904e\u53bb2\u65e5\u9593\uff09
\n$ sudo find \/ -mtime -2 -type f 2>\/dev\/null
\n* `\/bin`, `\/etc`, `\/usr\/bin`, `\/usr\/local\/bin`, `\/root` \u306a\u3069\u306e\u5909\u66f4\u306f\u8981\u6ce8\u610f\u3002
\n## \u2705 8.\u30b7\u30b9\u30c6\u30e0\u306b\u4e0d\u6b63\u306a\u901a\u4fe1\u304c\u306a\u3044\u304b\u78ba\u8a8d
\n### \ud83d\udd0d \u5916\u90e8\u3068\u901a\u4fe1\u3057\u3066\u3044\u308b\u30d7\u30ed\u30bb\u30b9
\n$ sudo lsof -i -n -P
\n* \u4e0d\u660e\u306a\u30c9\u30e1\u30a4\u30f3\u3084IP\u30a2\u30c9\u30ec\u30b9\u3068\u901a\u4fe1\u3057\u3066\u3044\u308b\u30d7\u30ed\u30bb\u30b9\u304c\u306a\u3044\u304b\u78ba\u8a8d\u3002
\n## \u2705 9.\u30d5\u30a1\u30a4\u30eb\u306b\u7570\u5e38\u306aSUID\u30d3\u30c3\u30c8\u304c\u3064\u3044\u3066\u3044\u306a\u3044\u304b
\n$ find \/ -type f -perm -4000 -ls 2>\/dev\/null
\n* `SUID`\u306f\u7279\u6a29\u6607\u683c\u306b\u4f7f\u308f\u308c\u308b\u3002
\n* \u672c\u6765\u3042\u308b\u3079\u304d\u3067\u306a\u3044\u5834\u6240\u306b\u3042\u308b\u306a\u3089\u8981\u8b66\u6212\u3002
\n## \u2705 10.\u30d1\u30c3\u30b1\u30fc\u30b8\u306e\u6539\u3056\u3093\u78ba\u8a8d\uff08Debian\u7cfb\u9650\u5b9a\uff09
\n$ debsums -s
\n* \u6539\u3056\u3093\u3055\u308c\u305f\u30d0\u30a4\u30ca\u30ea\u304c\u306a\u3044\u304b\u30c1\u30a7\u30c3\u30af\u3057\u307e\u3059\u3002<\/p>\n
## \ud83d\udca1 \u7d50\u8ad6\u3068\u30a2\u30af\u30b7\u30e7\u30f3\r\n| \u72b6\u6cc1                               | \u5bfe\u5fdc                                                       |\r\n| ---------------------------------- | ---------------------------------------------------------- |\r\n| \u660e\u3089\u304b\u306b\u4e0d\u5be9\u306a\u30a2\u30ab\u30a6\u30f3\u30c8\u3084\u30d7\u30ed\u30bb\u30b9 | \u76f4\u3061\u306b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u906e\u65ad\u30fb\u30ed\u30b0\u30d0\u30c3\u30af\u30a2\u30c3\u30d7                   |\r\n| \u4e0d\u5be9\u30ed\u30b0\u30a4\u30f3\u30fb\u901a\u4fe1                 | \u30d1\u30b9\u30ef\u30fc\u30c9\u30fbSSH\u9375\u306e\u5373\u6642\u5909\u66f4\u3001\u518d\u69cb\u7bc9\u691c\u8a0e                    |\r\n| \u88ab\u5bb3\u304c\u65ad\u5b9a\u3067\u304d\u306a\u3044                 | `rkhunter`, `chkrootkit`\u3001\u30d0\u30c3\u30af\u30a2\u30c3\u30d7\uff06\u518d\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u691c\u8a0e |<\/pre>\n
## \ud83d\udee1\ufe0f \u3055\u3089\u306b\u3084\u308a\u305f\u3044\u65b9\u3078
\n* auditd\uff1a\u30d5\u30a1\u30a4\u30eb\u76e3\u8996\u3084\u30b3\u30de\u30f3\u30c9\u306e\u5c65\u6b74\u3092\u8a18\u9332
\n* OSSEC\uff1a\u30db\u30b9\u30c8\u578bIDS\uff08\u4fb5\u5165\u691c\u77e5\u30b7\u30b9\u30c6\u30e0\uff09
\n* fail2ban\uff1aSSH\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u5bfe\u7b56
\n\u5fc5\u8981\u3067\u3042\u308c\u3070\u3001\u300c\u7c21\u6613\u30c1\u30a7\u30c3\u30af\u7528\u30b9\u30af\u30ea\u30d7\u30c8\u300d\u3092\u4f5c\u6210\u3057\u3066\u304a\u6e21\u3057\u3059\u308b\u3053\u3068\u3082\u3067\u304d\u307e\u3059\u3002\u5e0c\u671b\u304c\u3042\u308c\u3070\u304a\u77e5\u3089\u305b\u304f\u3060\u3055\u3044\u3002<\/p>\n
\u53c2\u8003\uff1a
\n\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u30c1\u30a7\u30c3\u30af
\nhttps:\/\/shirakawa.weblike.jp\/blog-page\/2025\/06\/03…<\/a><\/p>\n
\/*************************************************************************************\/<\/p>\n
\n
\n\u53c2\u8003URL\uff1a
\nOpenSSL\u3001GnuPG\u3001GnuTLS
\nhttps:\/\/shirakawa.weblike.jp\/blog-page\/2022\/03\/13…<\/a>
\nApache\u306e\u8a2d\u5b9a
\nhttps:\/\/shirakawa.weblike.jp\/blog-page\/2022\/03\/15…<\/a>
\nJVN JP Vendor Status Note
\nhttps:\/\/jvn.jp\/nav\/jvn.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
2022.04 \u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0 (XSS) \u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30ea\u30af\u30a8\u30b9\u30c8\u30d5\u30a9\u30fc\u30b8\u30a7\u30ea (CSRF) \u30af\u30ed\u30b9\u30aa\u30ea\u30b8\u30f3\u30ea\u30bd\u30fc\u30b9\u5171\u6709 (CORS) https:\/\/developer.mozilla.org\/ja\/do […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-171","post","type-post","status-publish","format-standard","hentry","category-web-practice"],"_links":{"self":[{"href":"https:\/\/shirakawa.weblike.jp\/blog-page\/wp-json\/wp\/v2\/posts\/171","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/shirakawa.weblike.jp\/blog-page\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/shirakawa.weblike.jp\/blog-page\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/shirakawa.weblike.jp\/blog-page\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/shirakawa.weblike.jp\/blog-page\/wp-json\/wp\/v2\/comments?post=171"}],"version-history":[{"count":233,"href":"https:\/\/shirakawa.weblike.jp\/blog-page\/wp-json\/wp\/v2\/posts\/171\/revisions"}],"predecessor-version":[{"id":2436,"href":"https:\/\/shirakawa.weblike.jp\/blog-page\/wp-json\/wp\/v2\/posts\/171\/revisions\/2436"}],"wp:attachment":[{"href":"https:\/\/shirakawa.weblike.jp\/blog-page\/wp-json\/wp\/v2\/media?parent=171"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/shirakawa.weblike.jp\/blog-page\/wp-json\/wp\/v2\/categories?post=171"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/shirakawa.weblike.jp\/blog-page\/wp-json\/wp\/v2\/tags?post=171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}