{"id":191,"date":"2020-08-20T01:45:01","date_gmt":"2020-08-19T16:45:01","guid":{"rendered":"https:\/\/www.thunsuke.com\/?p=191"},"modified":"2020-10-12T11:20:34","modified_gmt":"2020-10-12T02:20:34","slug":"raspberry-pi-security-ssh-iptables-for-web","status":"publish","type":"post","link":"https:\/\/www.thun-techblog.com\/index.php\/blog\/raspberry-pi-security-ssh-iptables-for-web\/","title":{"rendered":"Raspberry Pi\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a\u3000\uff5eweb\u30b5\u30fc\u30d0\u3092\u7acb\u3066\u308b\u305f\u3081\u306b\u5fc5\u8981\u306a\u8a2d\u5b9a\uff5e"},"content":{"rendered":"\n<p>Raspberry Pi\u3067web\u30b5\u30fc\u30d0\u3092\u516c\u958b\u3059\u308b\u306b\u306f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a\u304c\u5fc5\u8981\u4e0d\u53ef\u6b20\u3067\u3059\u3002\u3082\u3057\u8a2d\u5b9a\u3057\u306a\u3051\u308c\u3070\u3059\u3050\u306b\u653b\u6483\u306b\u3055\u3089\u3055\u308c\u4e57\u3063\u53d6\u3089\u308c\u305f\u308a\u653b\u6483\u306e\u8e0f\u307f\u53f0\u306b\u3055\u308c\u3066\u3057\u307e\u3046\u3053\u3068\u3067\u3057\u3087\u3046\u3002NASA\u3067\u306f\u52dd\u624b\u306b\u8a2d\u7f6e\u3055\u308c\u305fRaspberry Pi\u3092\u8e0f\u307f\u53f0\u306b\u3055\u308c\u3066\u60c5\u5831\u3092\u76d7\u307e\u308c\u3066\u3044\u305f\u306a\u3093\u3066\u3044\u3046\u3053\u3068\u3082\u3042\u3063\u305f\u306e\u3067\u3059\u304b\u3089\u3001\u3057\u3063\u304b\u308a\u8a2d\u5b9a\u3057\u305f\u3044\u3068\u3053\u308d\u3067\u3059\u3002\u3053\u3053\u306f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u90fd\u5408\u3067\u8aac\u660e\u3057\u307e\u305b\u3093\u307f\u305f\u3044\u306a\u3053\u3068\u3092\u8a00\u3063\u3066\u3044\u308b\u65b9\u3082\u591a\u3044\u306e\u3067\u3001\u3042\u308b\u7a0b\u5ea6\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3068\u3057\u3066\u3053\u308c\u3050\u3089\u3044\u8a2d\u5b9a\u3059\u308c\u3070\u6700\u4f4e\u9650\u5927\u4e08\u592b\u3068\u3044\u3046\u3050\u3089\u3044\u306b\u306a\u308b\u3088\u3046\u306b\u8a18\u4e8b\u3092\u66f8\u3044\u3066\u3044\u304d\u307e\u3059\u3002\u3082\u3061\u308d\u3093\u30d7\u30e9\u30b9\u3067\u3054\u81ea\u8eab\u3067\u5fc5\u8981\u306a\u8a2d\u5b9a\u306b\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>\u4eca\u56de\u306f<a href=\"https:\/\/www.thun-techblog.com\/index.php\/blog\/raspberry-pi-first-setup\/\">\u4ee5\u524d\u306e\u8a18\u4e8b<\/a>\u3067\u8aac\u660e\u3057\u305f\u3088\u3046\u306a\u521d\u671f\u8a2d\u5b9a\u306f\u6e08\u307e\u305b\u3066\u3044\u308b\u3068\u3044\u3046\u524d\u63d0\u3067\u8a71\u3092\u9032\u3081\u3066\u3044\u304d\u307e\u3059\u3002\u4ee5\u524d\u306e\u8a18\u4e8b\u306f\u3053\u3061\u3089\u3067\u3059\u3002<\/p>\n\n\n\n<figure class=\"wp-block-embed-wordpress wp-block-embed is-type-wp-embed is-provider-thun\u306e\u904a\u622f\u5ba4\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"rQ6il1PIdj\"><a href=\"https:\/\/www.thun-techblog.com\/index.php\/blog\/raspberry-pi-first-setup\/\">\u4f55\u3088\u308a\u3082\u6700\u521d\u306b\uff01Raspberry Pi(3B+,4B)\u306e\u521d\u671f\u8a2d\u5b9a\u3068\u5fc5\u8981\u306a\u3082\u306e<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;\u4f55\u3088\u308a\u3082\u6700\u521d\u306b\uff01Raspberry Pi(3B+,4B)\u306e\u521d\u671f\u8a2d\u5b9a\u3068\u5fc5\u8981\u306a\u3082\u306e&#8221; &#8212; THUN\u306e\u904a\u622f\u5ba4\" src=\"https:\/\/www.thun-techblog.com\/index.php\/blog\/raspberry-pi-first-setup\/embed\/#?secret=rQ6il1PIdj\" data-secret=\"rQ6il1PIdj\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>\u3059\u3054\u304f\u521d\u5fc3\u8005\u5411\u3051\u306b\u66f8\u3044\u3066\u3044\u307e\u3059\u304c\u3001\u6642\u9593\u8a2d\u5b9a\u3084\u8a00\u8a9e\u8a2d\u5b9a\u306a\u3069\u6700\u4f4e\u9650\u306e\u3053\u3068\u306f\u3057\u3066\u3044\u307e\u3059\u3002\u6c17\u306b\u306a\u308b\u65b9\u306f\u4e00\u5fdc\u76ee\u3092\u901a\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<p>\u3055\u3066\u59cb\u3081\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n\n\n<style>\n.test { width: 320px; height: 100px; }\n@media(min-width: 500px) { .test { width: 468px; height: 60px; } }\n@media(min-width: 800px) { .test { width: 728px; height: 90px; } }\n<\/style>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-4541970754535576\"\n     crossorigin=\"anonymous\"><\/script>\n<!-- \u3044\u3064\u3082\u306e\u6b63\u65b9\u5f62\u30ec\u30b9\u30dd\u30f3\u30b7\u30d6\u30eb\u5e83\u544a -->\n<ins class=\"adsbygoogle test\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-4541970754535576\"\n     data-ad-slot=\"5487611343\"\n     data-ad-format=\"auto\"\n     data-full-width-responsive=\"true\"><\/ins>\n<script>\n     (adsbygoogle = window.adsbygoogle || []).push({});\n<\/script>\n\n\n<p class=\"has-text-align-center\">\u76ee\u6b21<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"#a\">\u30e6\u30fc\u30b6\u306e\u8ffd\u52a0\u3001\u524a\u9664<\/a><\/li><li><a href=\"#b\">SSH\u306e\u5404\u7a2e\u8a2d\u5b9a<\/a><\/li><li><a href=\"#c\">\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u306e\u8a2d\u5b9a\uff08iptables\uff09<\/a><\/li><li><a href=\"#d\">\u307e\u3068\u3081<\/a><\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"a\">\u30e6\u30fc\u30b6\u306e\u8ffd\u52a0\u3001\u524a\u9664<\/h2>\n\n\n\n<p>\u30a2\u30ab\u30a6\u30f3\u30c8\u306e\u524a\u9664\u3068\u8ffd\u52a0\u3092\u884c\u3063\u3066\u3044\u304d\u307e\u3059\u3002\u7406\u7531\u3068\u3057\u3066\u306f\u3001pi\u3068\u3044\u3046\u30e6\u30fc\u30b6\u30fc\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u4f7f\u3044\u7d9a\u3051\u308b\u3053\u3068\u3092\u8003\u3048\u3066\u307f\u308b\u3068\u308f\u304b\u308a\u307e\u3059\u3002web\u30b5\u30fc\u30d0\u304cRaspberry Pi\u3067\u904b\u7528\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u77e5\u3063\u3066\u3044\u308c\u3070\u2026\u305d\u306e\u30e6\u30fc\u30b6\u540d\u3068\u30d1\u30b9\u30ef\u30fc\u30c9\u304c\u7c21\u5358\u306b\u63a8\u6e2c\u3067\u304d\u308b\u306e\u3067\u3001SSH\u30ed\u30b0\u30a4\u30f3\u306a\u3093\u304b\u3092\u3055\u308c\u3066\u7c21\u5358\u306b\u4e57\u3063\u53d6\u3089\u308c\u3066\u3057\u307e\u3046\u304b\u3082\u3057\u308c\u306a\u3044\u304b\u3089\u3067\u3059\u306d\u3002\u306a\u306e\u3067\u30e6\u30fc\u30b6\u3092\u4f5c\u308a\u76f4\u3057pi\u3092\u6d88\u3057\u3066\u3057\u307e\u3044\u307e\u3057\u3087\u3046\u3002<\/p>\n\n\n\n<p>\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3067\u30e6\u30fc\u30b6\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002USERNAME\u306f\u597d\u304d\u306a\u540d\u524d\u306b\u8aad\u307f\u66ff\u3048\u3066\u304f\u3060\u3055\u3044\u3002\u4eca\u5f8c\u306eSSh\u30ed\u30b0\u30a4\u30f3\u3067\u5fc5\u8981\u306b\u306a\u308a\u307e\u3059\u3002\u30d1\u30b9\u30ef\u30fc\u30c9\u306a\u3069\u306e\u5165\u529b\u304c\u6c42\u3081\u3089\u308c\u308b\u3068\u601d\u3046\u306e\u3067\u6307\u793a\u901a\u308a\u306b\u8a2d\u5b9a\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plane\"><code>$ sudo adduser USERNAME\n$ sudo usermod -G sudo USERNAME<\/code><\/pre><\/div>\n\n\n\n<p>\u3053\u308c\u3067\u3001\u3044\u3063\u305f\u3093\u518d\u8d77\u52d5\u3092\u884c\u3063\u3066pi\u30e6\u30fc\u30b6\u3092\u524a\u9664\u3057\u307e\u3059\u3002\u3082\u3057\u518d\u8d77\u52d5\u3057\u306a\u3044\u3068\u3053\u306e\u30bb\u30c3\u30b7\u30e7\u30f3\u304c\u6b8b\u3063\u3066\u3057\u307e\u3063\u3066\u524a\u9664\u304c\u3067\u304d\u306a\u3044\u306e\u3067\u518d\u8d77\u52d5\u3092\u3057\u305f\u3089\u3001\u5148\u307b\u3069\u4f5c\u6210\u3057\u305f\u30e6\u30fc\u30b6\u3067\u30ed\u30b0\u30a4\u30f3\u3057\u307e\u3057\u3087\u3046\u3002\u3067\u306f\u3044\u3063\u305f\u3093\u518d\u8d77\u52d5\u3067\u3059\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plane\"><code>$ sudo reboot<\/code><\/pre><\/div>\n\n\n\n<p>\u30ed\u30b0\u30a4\u30f3\u3057\u305f\u3089\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3067pi\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u6d88\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plane\"><code>sudo userdel pi<\/code><\/pre><\/div>\n\n\n\n<p>\u3053\u308c\u3067\u30e6\u30fc\u30b6\u306e\u8ffd\u52a0\u3068\u524a\u9664\u304c\u5b8c\u4e86\u3067\u3059\u3002\u4eca\u5f8c\u306f\u65b0\u898f\u4f5c\u6210\u3057\u305f\u30e6\u30fc\u30b6\u3067\u30ed\u30b0\u30a4\u30f3\u3057\u3066\u3044\u304f\u3053\u3068\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"b\">SSH\u306e\u5404\u7a2e\u8a2d\u5b9a<\/h2>\n\n\n\n<p>\u3053\u306e\u9805\u3067\u306fSSH\u306e\u8a2d\u5b9a\u3092\u884c\u3063\u3066\u3044\u304d\u307e\u3059\u3002\u5c11\u3057\u3067\u3082\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u30ec\u30d9\u30eb\u3092\u4e0a\u3052\u307e\u3057\u3087\u3046\u3002\u3068\u3044\u3044\u306a\u304c\u3089\u3001\u4eca\u56de\u306f\u9375\u65b9\u5f0f\u306b\u306f\u3057\u307e\u305b\u3093\u3002\u9375\u65b9\u5f0f\u306b\u3057\u305f\u3044\u65b9\u306f\u5225\u9014\u8abf\u3079\u3066\u8a2d\u5b9a\u3092\u884c\u3063\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<p>\u30dd\u30fc\u30c8\u306e\u5909\u66f4\u3092\u884c\u3044\u307e\u3059\u3002\u7406\u7531\u3068\u3057\u3066\u306f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e\u6280\u8853\u306b\u304a\u3044\u3066\u3001SSH\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u306e22\u756a\u30dd\u30fc\u30c8\u3068\u3044\u3046\u306e\u306fwell-known\u30dd\u30fc\u30c8\u3068\u547c\u3070\u308c\u4e00\u7a2e\u306e\u5171\u901a\u898f\u683c\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002\u306a\u306e\u3067\u4f55\u3082\u30dd\u30fc\u30c8\u756a\u53f7\u3092\u5909\u66f4\u3057\u306a\u3044\u306722\u756a\u30dd\u30fc\u30c8\u306b\u30a2\u30af\u30bb\u30b9\u3055\u308c\u308b\u3068\u305d\u3053\u306b\u306fSSH\u306e\u5fdc\u7b54\u304c\u3042\u308b\u306e\u3067\u305d\u3053\u3092\u72d9\u3063\u3066\u653b\u6483\u3092\u4ed5\u639b\u3051\u3089\u308c\u308b\u5834\u5408\u304c\u591a\u3044\u306e\u3067\u3059\u3002\u7279\u306b\u30d1\u30b9\u30ef\u30fc\u30c9\u65b9\u5f0f\u3060\u3068\u3001\u300c\u30d6\u30eb\u30fc\u30c8\u30d5\u30a9\u30fc\u30b9\u30a2\u30bf\u30c3\u30af\uff08\u7dcf\u5f53\u305f\u308a\u653b\u6483\uff09\u300d\u3068\u3044\u3046\u3082\u306e\u304c\u884c\u308f\u308c\u305f\u308a\u3082\u3059\u308b\u306e\u3067\u3053\u3053\u3092\u5909\u3048\u3066\u304a\u304f\u306e\u306f\u5fc5\u9808\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<p>\u3042\u3068\u306f\u3082\u3057\u3082SSH\u306b\u4e0d\u6b63\u30ed\u30b0\u30a4\u30f3\u304c\u3042\u3063\u305f\u3068\u3057\u3066\u3082\u3001\u5c11\u3057\u3067\u3082\u88ab\u5bb3\u3092\u6e1b\u3089\u3059\u305f\u3081\u306broot\u6a29\u9650\u3067\u306e\u30ed\u30b0\u30a4\u30f3\u3092\u7981\u6b62\u3059\u308b\u8a2d\u5b9a\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<p>\u3067\u306f\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plane\"><code>$ sudo nano \/etc\/ssh\/sshd_config<\/code><\/pre><\/div>\n\n\n\n<p>\u3053\u308c\u3092\u958b\u3044\u305f\u3089\u3001\u4e00\u756a\u4e0b\u306b\u4ee5\u4e0b\u306e\u6587\u3092\u8ffd\u52a0\u3057\u3066\u304f\u3060\u3055\u3044\u3002Port\u4ee5\u964d\u306e1234\u3068\u3057\u3066\u3044\u308b\u306e\u306f\u597d\u304d\u306a\u756a\u53f7\u306b\u5909\u3048\u3066\u304f\u3060\u3055\u3044\u3002well-known\u30dd\u30fc\u30c8\u306a\u3069\u306b\u88ab\u308b\u306e\u306f\u3044\u3051\u306a\u3044\u306e\u30674\u6841\u306e\u756a\u53f7\u3067\u6c7a\u3081\u308b\u3068\u3088\u3044\u3067\u3057\u3087\u3046\u3002\u30dd\u30fc\u30c8\u756a\u53f7\u306b\u3064\u3044\u3066\u8a73\u3057\u304f\u77e5\u308a\u305f\u3044\u5834\u5408\u306f\u5225\u9014\u8abf\u3079\u3066\u304f\u3060\u3055\u3044\u3002\u3053\u3053\u3067\u306f\u7701\u7565\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plane\"><code>PermitRootLogin no\nPort 1234  \/\/\u597d\u304d\u306a\u756a\u53f7\u306b\u5909\u3048\u3066\u304f\u3060\u3055\u3044<\/code><\/pre><\/div>\n\n\n\n<p>\u3053\u308c\u3092\u8ffd\u8a18\u3057\u305f\u3089SSH\u306e\u30b5\u30fc\u30d3\u30b9\u3092\u518d\u8d77\u52d5\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plane\"><code>sudo service ssh restart<\/code><\/pre><\/div>\n\n\n\n<p>\u3053\u308c\u3067\u30dd\u30fc\u30c8\u756a\u53f7\u304c\u5909\u66f4\u3055\u308c\u3066\u3001root\u30ed\u30b0\u30a4\u30f3\u304c\u3067\u304d\u306a\u304f\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"c\">\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u306e\u8a2d\u5b9a\uff08iptables\uff09<\/h2>\n\n\n\n<p>\u3053\u3053\u304c\u4e00\u756a\u96e3\u3057\u3044\u5834\u6240\u306b\u306a\u308a\u307e\u3059\u3002\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u306e\u8a2d\u5b9a\u3067\u3059\u3002\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u3092\u3054\u5b58\u3058\u3067\u306a\u3044\u65b9\u306e\u305f\u3081\u306b\u3054\u304f\u3054\u304f\u7c21\u5358\u306b\u8aac\u660e\u3059\u308b\u3068\u3001\u5fc5\u8981\u306a\u901a\u4fe1\u306f\u901a\u3057\u3066\u4e0d\u8981\u306a\u901a\u4fe1\u306f\u901a\u3055\u306a\u3044\u3068\u3044\u3046\u8a2d\u5b9a\u3092\u884c\u3044\u307e\u3059\u3002\u3053\u308c\u3092\u6587\u5b57\u30d9\u30fc\u30b9\u3067\u3084\u308b\u304b\u3089\u96e3\u3057\u304f\u611f\u3058\u308b\u308f\u3051\u3067\u3059\u3002\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u8a2d\u5b9a\u3067\u3053\u3053\u306e\u8a2d\u5b9a\u306f\u975e\u516c\u958b\u3068\u304b\u3044\u3046\u5834\u5408\u3082\u591a\u3044\u307f\u305f\u3044\u3067\u3059\u304c\u3001\u3053\u3053\u3067\u306f\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u306e\u3088\u3046\u306a\u5f62\u3067\u5fc5\u8981\u3067\u3042\u308c\u3070\u3055\u3089\u306b\u8ffd\u8a18\u3068\u3044\u3046\u30b9\u30bf\u30a4\u30eb\u3067\u3044\u304d\u307e\u3059\u3002\u3068\u308a\u3042\u3048\u305a\u30b3\u30d4\u30da\u3057\u3066\u304a\u3051\u3070\u6700\u4f4e\u9650\u306f\u5927\u4e08\u592b\u304b\u3068\u3002<\/p>\n\n\n<style>\n.test { width: 320px; height: 100px; }\n@media(min-width: 500px) { .test { width: 468px; height: 60px; } }\n@media(min-width: 800px) { .test { width: 728px; height: 90px; } }\n<\/style>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-4541970754535576\"\n     crossorigin=\"anonymous\"><\/script>\n<!-- \u3044\u3064\u3082\u306e\u6b63\u65b9\u5f62\u30ec\u30b9\u30dd\u30f3\u30b7\u30d6\u30eb\u5e83\u544a -->\n<ins class=\"adsbygoogle test\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-4541970754535576\"\n     data-ad-slot=\"5487611343\"\n     data-ad-format=\"auto\"\n     data-full-width-responsive=\"true\"><\/ins>\n<script>\n     (adsbygoogle = window.adsbygoogle || []).push({});\n<\/script>\n\n\n<p>\u3067\u306f\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plane\"><code>sudo apt-get install iptables iptables-persistent<\/code><\/pre><\/div>\n\n\n\n<p>\u6b21\u306b\u8a2d\u5b9a\u3092\u5909\u66f4\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plane\"><code>sudo nano \/etc\/iptables\/rules.v4<\/code><\/pre><\/div>\n\n\n\n<p>\u30a8\u30c7\u30a3\u30bf\u3067\u958b\u3044\u305f\u3089\u3001\u4e00\u756a\u4e0b\u306b\u5fc5\u8981\u306a\u3053\u3068\u3092\u8ffd\u8a18\u3057\u307e\u3059\u3002\u4eca\u56de\u306f\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3067\u3053\u3093\u306a\u611f\u3058\u306b\u3057\u3066\u304a\u304d\u307e\u3059\u3002SSH\u30dd\u30fc\u30c8\u756a\u53f7\u306f\u9069\u5207\u306b\u8aad\u307f\u66ff\u3048\u3066\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plane\"><code>-A INPUT -i lo -j ACCEPT\n-A INPUT ! -i lo -d 127.0.0.0\/8 -j REJECT\n-A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset\n-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\n-A OUTPUT -j ACCEPT\n-A INPUT -p tcp -m state --state NEW --dport 80 -j ACCEPT\n-A INPUT -p tcp -m state --state NEW --dport (SSH\u306e\u30dd\u30fc\u30c8\u756a\u53f7) -j ACCEPT\n-A INPUT -p tcp -m state --state NEW --dport 443 -j ACCEPT\n-A INPUT -m hashlimit --hashlimit-name badtable --hashlimit-mode srcip --hashlimit-htable-expire 120000 --hashlimit 5\/min -j LOG --log-prefix &quot;iptables denied: &quot; --log-level 7\n-A INPUT -j REJECT\n-A FORWARD -j REJECT\n<\/code><\/pre><\/div>\n\n\n\n<p>\u4e2d\u8eab\u306b\u3064\u3044\u3066\u306f\u3053\u3053\u3067\u8aac\u660e\u3057\u305f\u3089\u3084\u3084\u3053\u3057\u3044\u3053\u3068\u306b\u306a\u308b\u306e\u3067\u3001\u4f55\u304c\u3067\u304d\u308b\u304b\u3060\u3051\u3054\u304f\u7c21\u5358\u306b\u3002\u8a31\u53ef\u3057\u3066\u3044\u308b\u901a\u4fe1\u306f\u4ee5\u4e0b\u306e3\u3064\u306e\u30dd\u30fc\u30c8\u306b\u9650\u308a\u307e\u3059\uff08\u30eb\u30fc\u30d7\u30d0\u30c3\u30af\u306f\u30ab\u30a6\u30f3\u30c8\u3057\u307e\u305b\u3093\u3002\uff09<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>80<\/li><li>443<\/li><li>SSH\u306e\u30dd\u30fc\u30c8<\/li><\/ul>\n\n\n\n<p>\u4eca\u56de\u306fweb\u30b5\u30fc\u30d0\u3092\u7acb\u3066\u308b\u3068\u3044\u3046\u3053\u3068\u3067\u3001\u3053\u306e\uff13\u3064\u306b\u9650\u5b9a\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u4ee5\u5916\u306f\u57fa\u672c\u5fc5\u8981\u306a\u3044\u3053\u3068\u306f\u3054\u5b58\u3058\u304b\u3068\u601d\u3044\u307e\u3059\u3002\u3042\u3068\u306f\u3054\u81ea\u8eab\u306e\u74b0\u5883\u306b\u5408\u308f\u305b\u3066\u8a2d\u5b9a\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n\n\n\n<p>\u4ed6\u306b\u3082\u591a\u5c11\u306f\u653b\u6483\u3078\u306e\u5bfe\u7b56\u3082\u5165\u308c\u3066\u3044\u307e\u3059\u304c\u3001\u7701\u7565\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p>\u81ea\u5206\u306e\u5834\u5408\u306f\u3082\u3046\u5c11\u3057\u8a2d\u5b9a\u3057\u3066\u3044\u307e\u3059\u304c\u3001\u3053\u3053\u306b\u306f\u66f8\u304d\u307e\u305b\u3093\u3057\u7d76\u5bfe\u516c\u8868\u3057\u307e\u305b\u3093\u3002\u3067\u3059\u304c\u3001\u3053\u306e\u8a2d\u5b9a\u3067\u3082\u5341\u5206\u5b9f\u7528\u7684\u3060\u3068\u601d\u3044\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u3053\u306e\u8a2d\u5b9a\u306e\u5b89\u5168\u3092\u4fdd\u8a3c\u3059\u308b\u3082\u306e\u3067\u3082\u3042\u308a\u307e\u305b\u3093\u306e\u3067\u3001\u3042\u304f\u307e\u3067\u53c2\u8003\u306b\u3068\u3044\u3046\u3053\u3068\u3067\u5404\u81ea\u8a2d\u5b9a\u3092\u304a\u9858\u3044\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<p>\u3042\u3068\u306f\u3053\u306e\u8a2d\u5b9a\u3092\u53cd\u6620\u3059\u308b\u305f\u3081\u306b\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plane\"><code>sudo \/usr\/sbin\/iptables-apply \/etc\/iptables\/rules.v4<\/code><\/pre><\/div>\n\n\n\n<p>\u4e00\u5fdc\u3053\u3053\u306b\u66f8\u3044\u3066\u304a\u304d\u307e\u3059\u304c\u3001iptable\u306ehashlimit\u306b\u3088\u3063\u3066\u306f\u3058\u304b\u308c\u305f\u3082\u306e\u306f\u4ee5\u4e0b\u306e\u5834\u6240\u306b\u8a18\u9332\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<div class=\"hcb_wrap\"><pre class=\"prism line-numbers lang-plane\"><code>\/var\/log\/kern.log<\/code><\/pre><\/div>\n\n\n\n<p>\u307e\u3042\u3053\u3053\u3089\u8fba\u306e\u30ed\u30b0\u51fa\u529b\u306e\u8a2d\u5b9a\u3082\u6c17\u306b\u306a\u308b\u65b9\u306f\u3054\u81ea\u8eab\u3067\u8abf\u3079\u3066\u8a2d\u5b9a\u3044\u305f\u3060\u304f\u307b\u3046\u304c\u3088\u308d\u3057\u3044\u304b\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n\n\n\n<p>\u3053\u308c\u3067iptables\u306e\u8a2d\u5b9a\u306f\u7d42\u308f\u308a\u3067\u3059\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"d\">\u307e\u3068\u3081<\/h2>\n\n\n\n<p>iptables\u304c\u96e3\u95a2\u3067\u3059\u3002\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u901a\u308a\u3067\u306a\u3044\u8a2d\u5b9a\u3092\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u5834\u5408\u306f\u9811\u5f35\u3063\u3066\u8abf\u3079\u3066\u307f\u3066\u304f\u3060\u3055\u3044\u3002\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e\u77e5\u8b58\u3082\u5fc5\u8981\u306b\u306a\u308a\u307e\u3059\u3057\u3001\u3057\u3063\u304b\u308a\u7406\u89e3\u3059\u308b\u3068\u76f8\u5f53\u52c9\u5f37\u306b\u306a\u308b\u3068\u601d\u3044\u307e\u3059\u3002\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306f\u30b7\u30f3\u30d7\u30eb\u306b\u9762\u767d\u3044\u306e\u3067\u3001\u8208\u5473\u304c\u3042\u308b\u65b9\u306f\u52c9\u5f37\u3057\u3066\u3044\u3058\u3063\u3066\u307f\u308b\u3068\u697d\u3057\u3044\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n\n\n<style>\n.test { width: 320px; height: 100px; }\n@media(min-width: 500px) { .test { width: 468px; height: 60px; } }\n@media(min-width: 800px) { .test { width: 728px; height: 90px; } }\n<\/style>\n<script async src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-4541970754535576\"\n     crossorigin=\"anonymous\"><\/script>\n<!-- \u3044\u3064\u3082\u306e\u6b63\u65b9\u5f62\u30ec\u30b9\u30dd\u30f3\u30b7\u30d6\u30eb\u5e83\u544a -->\n<ins class=\"adsbygoogle test\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-4541970754535576\"\n     data-ad-slot=\"5487611343\"\n     data-ad-format=\"auto\"\n     data-full-width-responsive=\"true\"><\/ins>\n<script>\n     (adsbygoogle = window.adsbygoogle || []).push({});\n<\/script>\n\n\n<p>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u8a2d\u5b9a\u3092WordPress\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u305f\u3081\u306b\u898b\u3066\u3044\u305f\u3060\u3044\u305f\u65b9\u306f\u6b21\u306e\u8a18\u4e8b\u3078\u3069\u3046\u305e\u3002\u4ee5\u4e0b\u30ea\u30f3\u30af\u3092\u7f6e\u3044\u3066\u304a\u304d\u307e\u3059\u3002<\/p>\n\n\n\n<figure class=\"wp-block-embed-wordpress wp-block-embed is-type-wp-embed is-provider-thun\u306e\u904a\u622f\u5ba4\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"oV04EiwENf\"><a href=\"https:\/\/www.thun-techblog.com\/index.php\/blog\/wordpress-on-raspberry-pi-webserver-2020\/\">WordPress\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb \uff5eRaspberry Pi\u3067\u4f5c\u308b\u516c\u958bweb\u30b5\u30fc\u30d0\uff5e\u30102020\u5e74\u6700\u65b0\u7248\u3011<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;WordPress\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb \uff5eRaspberry Pi\u3067\u4f5c\u308b\u516c\u958bweb\u30b5\u30fc\u30d0\uff5e\u30102020\u5e74\u6700\u65b0\u7248\u3011&#8221; &#8212; THUN\u306e\u904a\u622f\u5ba4\" src=\"https:\/\/www.thun-techblog.com\/index.php\/blog\/wordpress-on-raspberry-pi-webserver-2020\/embed\/#?secret=QbuJOr9cyE#?secret=oV04EiwENf\" data-secret=\"oV04EiwENf\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>\u3042\u3068\u306f\u96d1\u8ac7\u3067\u3059\u3002<\/p>\n\n\n\n<p>\u6700\u5148\u7aef\u6280\u8853\u306b\u95a2\u9023\u3059\u308b\u3068\u3066\u3082\u96e3\u3057\u3044\u4f59\u8ac7\u3067\u3059\u304c\u3001Google\u3068\u304c\u7814\u7a76\u3057\u3066\u3044\u308bP4\u3082\u5b9f\u7528\u5316\u3055\u308c\u305f\u3089\u9762\u767d\u305d\u3046\u3067\u3059\u306d\u3002\u7814\u7a76\u3067\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3067\u306e\u8a08\u7b97\u5668\u3068\u304b\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u306e\u5b9f\u88c5\u3092\u3084\u3063\u3066\u307f\u307e\u3057\u305f\u304c\u3001\u76f8\u5f53\u67d4\u8edf\u306b\u3067\u304d\u307e\u3059\u3057\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e\u5185\u5916\u3068\u304b\u7c21\u5358\u306b\u5224\u65ad\u3067\u304d\u308b\u306e\u304c\u975e\u5e38\u306b\u9762\u767d\u3044\u6280\u8853\u3060\u3068\u611f\u3058\u307e\u3057\u305f\u306d\u3002\u30d7\u30ed\u30b0\u30e9\u30e0\u3067\u66f8\u3051\u308b\u3057\u3001\u30c7\u30fc\u30bf\u30d7\u30ec\u30fc\u30f3\u3092\u3044\u3058\u308b\u3053\u3068\u304c\u3067\u304d\u308b\u3002\u672a\u6765\u304c\u3084\u3063\u3066\u304d\u305f\u3089\u3082\u3063\u3068\u5b89\u5168\u306b\u7c21\u5358\u306b\u30b5\u30fc\u30d0\u3092\u516c\u958b\u3067\u304d\u308b\u65e5\u304c\u3084\u3063\u3066\u304f\u308b\u306e\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u306d\u3002P4\u306b\u8208\u5473\u3042\u308b\u4eba\u306f\u8abf\u3079\u3066\u307f\u3066\u304f\u3060\u3055\u3044\u306d\u3063\u3066\u66f8\u3053\u3046\u304b\u3068\u601d\u3063\u305f\u306e\u3067\u3059\u304c\u3001\u5927\u534a\u304c\u82f1\u8a9e\u306e\u8a18\u4e8b\u306a\u306e\u3068\u3001\u4e2d\u8eab\u306e\u5b9f\u88c5\u3068\u304b\u306b\u95a2\u3057\u3066\u306f\u65e5\u672c\u8a9e\u306e\u30b5\u30a4\u30c8\u3067\u306f\u66f8\u3044\u3066\u306a\u3044\u3068\u3053\u308d\u3070\u304b\u308a\u306a\u306e\u3067\u8abf\u3079\u3066\u3082\u307b\u3068\u3093\u3069\u308f\u304b\u3089\u306a\u3044\u3068\u601d\u3044\u307e\u3059\u3002\u8ad6\u6587\u306b\u306f\u5b9f\u88c5\u65b9\u6cd5\u3068\u304b\u66f8\u3044\u3066\u308b\u306e\u3067\u8ad6\u6587\u3092\u8aad\u3080\u306e\u304c\u4e00\u756a\u3067\u3059\u306d\u3002\u3067\u3082\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3092\u30d7\u30ed\u30b0\u30e9\u30e0\u3067\u3044\u3058\u308c\u308b\u306e\u306f\u9762\u767d\u3044\u3067\u3059\u3088\u3084\u3063\u3071\u308a\u3002<\/p>\n\n\n\n<p>\u76f8\u5f53\u8131\u7dda\u3057\u3066\u3057\u307e\u3044\u307e\u3057\u305f\u304c\u3001Raspberry Pi\u672c\u4f53\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a\u306f\u4ee5\u4e0a\u3068\u306a\u308a\u307e\u3059\u3002<\/p>\n\n\n\n<p>\u6b21\u306f\u3044\u3088\u3044\u3088WordPress\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306b\u5fc5\u8981\u306a\u5404\u7a2eweb\u30b5\u30fc\u30d0\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30d7\u30ed\u30b0\u30e9\u30e0\u3068WordPress\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3067\u3059\u3002\u3042\u304f\u307e\u3067\u516c\u958b\u3059\u308b\u307e\u3067\u304c\u3053\u306e\u30d6\u30ed\u30b0\u3067\u6271\u3046\u7bc4\u56f2\u9650\u754c\u304b\u306a\u3068\u601d\u3063\u3066\u3082\u3044\u308b\u306e\u3067\u3001WordPress\u306e\u7c21\u5358\u306a\u30d7\u30e9\u30b0\u30a4\u30f3\u306e\u8aac\u660e\u306a\u3069\u306f\u3059\u308b\u304b\u3069\u3046\u304b\u60a9\u3093\u3067\u3044\u307e\u3059\u3002\u306a\u306e\u3067\u6c17\u304c\u5411\u3044\u305f\u3089\u516c\u958b\u3057\u307e\u3059\u3002WordPress\u306f\u5c02\u9580\u5916\u306a\u306e\u3067\u3001\u4ed6\u306e\u65b9\u306e\u307b\u3046\u304c\u305a\u3063\u3068\u8a73\u3057\u3044\u3067\u3057\u3087\u3046\u304b\u3089\u306d\u7b11\u3002\u6b21\u306e\u8a18\u4e8b\u2193<\/p>\n\n\n\n<figure class=\"wp-block-embed-wordpress wp-block-embed is-type-wp-embed is-provider-thun\u306e\u904a\u622f\u5ba4\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"oV04EiwENf\"><a href=\"https:\/\/www.thun-techblog.com\/index.php\/blog\/wordpress-on-raspberry-pi-webserver-2020\/\">WordPress\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb \uff5eRaspberry Pi\u3067\u4f5c\u308b\u516c\u958bweb\u30b5\u30fc\u30d0\uff5e\u30102020\u5e74\u6700\u65b0\u7248\u3011<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;WordPress\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb \uff5eRaspberry Pi\u3067\u4f5c\u308b\u516c\u958bweb\u30b5\u30fc\u30d0\uff5e\u30102020\u5e74\u6700\u65b0\u7248\u3011&#8221; &#8212; THUN\u306e\u904a\u622f\u5ba4\" src=\"https:\/\/www.thun-techblog.com\/index.php\/blog\/wordpress-on-raspberry-pi-webserver-2020\/embed\/#?secret=QbuJOr9cyE#?secret=oV04EiwENf\" data-secret=\"oV04EiwENf\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Raspberry Pi\u3067web\u30b5\u30fc\u30d0\u3092\u516c\u958b\u3059\u308b\u306b\u306f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a\u304c\u5fc5\u8981\u4e0d\u53ef\u6b20\u3067\u3059\u3002\u3082\u3057\u8a2d\u5b9a\u3057\u306a\u3051\u308c\u3070\u3059\u3050\u306b\u653b\u6483\u306b\u3055\u3089\u3055\u308c\u4e57\u3063\u53d6\u3089\u308c\u305f\u308a\u653b\u6483\u306e\u8e0f\u307f\u53f0\u306b\u3055\u308c\u3066\u3057\u307e\u3046\u3053\u3068\u3067\u3057\u3087\u3046\u3002NASA\u3067\u306f\u52dd\u624b\u306b\u8a2d\u7f6e\u3055\u308c\u305fRaspber&hellip; <a class=\"more-link\" href=\"https:\/\/www.thun-techblog.com\/index.php\/blog\/raspberry-pi-security-ssh-iptables-for-web\/\">\u7d9a\u304d\u3092\u8aad\u3080 <span class=\"screen-reader-text\">Raspberry Pi\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a2d\u5b9a\u3000\uff5eweb\u30b5\u30fc\u30d0\u3092\u7acb\u3066\u308b\u305f\u3081\u306b\u5fc5\u8981\u306a\u8a2d\u5b9a\uff5e<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15,16],"tags":[],"class_list":["post-191","post","type-post","status-publish","format-standard","hentry","category-linux","category-raspberry-pi","entry"],"_links":{"self":[{"href":"https:\/\/www.thun-techblog.com\/index.php\/wp-json\/wp\/v2\/posts\/191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thun-techblog.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thun-techblog.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thun-techblog.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thun-techblog.com\/index.php\/wp-json\/wp\/v2\/comments?post=191"}],"version-history":[{"count":7,"href":"https:\/\/www.thun-techblog.com\/index.php\/wp-json\/wp\/v2\/posts\/191\/revisions"}],"predecessor-version":[{"id":4366,"href":"https:\/\/www.thun-techblog.com\/index.php\/wp-json\/wp\/v2\/posts\/191\/revisions\/4366"}],"wp:attachment":[{"href":"https:\/\/www.thun-techblog.com\/index.php\/wp-json\/wp\/v2\/media?parent=191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thun-techblog.com\/index.php\/wp-json\/wp\/v2\/categories?post=191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thun-techblog.com\/index.php\/wp-json\/wp\/v2\/tags?post=191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}