如何在CentOS上启用TCP MD5签名 [英] How do I enable TCP MD5 Signatures on CentOS
问题描述
经过少量研究,似乎已在CentOS上启用 TCP MD5签名 ,但我们的PCI安全软件已经表明我们的机器实际上没有使用它。如何配置CentOS使用TCP MD5签名?
After a small amount of research it seems that TCP MD5 Signatures are enabled on CentOS, but our PCI security software has indicated that our machines are not actually using it. How do I configure CentOS to use TCP MD5 Signatures?
编辑:
我认为这是一个全局设置,它实际上是一个每个套接字的设置。这意味着创建套接字的应用程序(在这种情况下是Sun Application Server)必须是指定此选项的应用程序。
I was thinking that this was a global setting, but it is actually a per-socket setting. This means the application that is creating the socket (in this case Sun Application Server) has to be the one to specify this option.
推荐答案
p> TCP-MD5是Linux内核的一部分;你将只有这样的能力,如果你的内核编译选项启用(你可以转储/proc/config.gz,如果是这样,grep为CONFIG_TCP_MD5SIG) - 第二部分是一个应用程序,将实际执行setsockopt )为该连接启用TCP_MD5。
TCP-MD5 is part of the Linux kernel; you will only have the capability if your kernel is compiled with the option enabled (you may be able to dump /proc/config.gz and if so, grep for CONFIG_TCP_MD5SIG) - the second part is an application that will actually perform the setsockopt() to enable TCP_MD5 for that connection.
这篇关于如何在CentOS上启用TCP MD5签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
