{"id":229765,"date":"2014-07-14T13:55:03","date_gmt":"2014-07-14T09:55:03","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=229765"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=229765","title":{"rendered":"<span class=\"post_title\">\u0411\u0430\u0437\u043e\u0432\u0430\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 Juniper \u0441\u0435\u0440\u0438\u0438 SRX<\/span>"},"content":{"rendered":"<div class=\"content html_format\"> \t\t\t\u0417\u0434\u0435\u0441\u044c \u0443\u0436\u0435 \u0435\u0441\u0442\u044c \u043d\u0435\u0441\u043e\u043a\u043b\u044c\u043a\u043e \u0441\u0442\u0430\u0442\u0435\u0439 \u043f\u0440\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 Juniper SRX (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, <a href=\"http:\/\/habrahabr.ru\/company\/billing\/blog\/227317\/\">\u0440\u0430\u0437<\/a>, <a href=\"http:\/\/habrahabr.ru\/post\/166897\/\">\u0434\u0432\u0430<\/a>, <a href=\"http:\/\/habrahabr.ru\/post\/173031\/\">\u0442\u0440\u0438<\/a> \u0438 \u0442.\u0434.). \u0412 \u044d\u0442\u043e\u0439 \u044f \u043f\u043e\u0441\u0442\u0430\u0440\u0430\u044e\u0441\u044c \u043a\u043e\u043d\u0441\u043e\u043b\u0438\u0434\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u043b\u0435\u0437\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e, \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0432 \u0435\u0435 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u043f\u0440\u0438\u044f\u0442\u043d\u044b\u043c\u0438 \u043c\u0435\u043b\u043e\u0447\u0430\u043c\u0438.<\/p>\n<p>  \u0412\u0441\u0435\u0445 \u0437\u0430\u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043e\u0432\u0430\u0432\u0448\u0438\u0445\u0441\u044f \u043f\u0440\u043e\u0448\u0443 \u043f\u043e\u0434 \u043a\u0430\u0442.<br \/>  <a name=\"habracut\"><\/a><br \/>  \u0412 \u043c\u043e\u0438 \u0440\u0443\u043a\u0438 \u043f\u043e\u043f\u0430\u043b \u043d\u043e\u0432\u0435\u043d\u044c\u043a\u0438\u0439 Juniper SRX240B \u0438 \u0432\u0441\u0435 \u043d\u0438\u0436\u0435\u0441\u043a\u0430\u0437\u0430\u043d\u043d\u043e\u0435 \u0431\u0443\u0434\u0435\u0442 \u043e\u0442\u043d\u043e\u0441\u0438\u0442\u044c\u0441\u044f \u043a \u043d\u0435\u043c\u0443. \u0410 \u0442.\u043a. JunOS \u043f\u043e\u0437\u0438\u0446\u0438\u043e\u043d\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0435\u0434\u0438\u043d\u0430\u044f \u041e\u0421 \u0434\u043b\u044f \u0432\u0441\u0435\u0439 \u0441\u0435\u0440\u0438\u0438 (\u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c), \u0442\u043e\u2026 \u0441\u0430\u043c\u0438 \u0434\u0435\u043b\u0430\u0439\u0442\u0435 \u0432\u044b\u0432\u043e\u0434\u044b. \u0422\u0430\u043a\u0436\u0435 \u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e JunOS 12.1X46-D20.5 (\u0441\u0430\u043c\u0430\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f, \u043d\u0430 \u043c\u043e\u043c\u0435\u043d\u0442 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043e\u0441\u0442\u0430):  <\/p>\n<pre><code class=\"bash\">cartman@gw-jsrx240# run show version  Hostname: gw-jsrx240 Model: srx240b JUNOS Software Release [12.1X46-D20.5] <\/code><\/pre>\n<p>  \u0414\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u043f\u043e\u0441\u0442\u0430\u0432\u0438\u043c \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u043a\u0440\u0443\u0433 \u0437\u0430\u0434\u0430\u0447, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u0443\u0434\u0435\u043c \u0440\u0435\u0448\u0430\u0442\u044c:  <\/p>\n<ul>\n<li>Source NAT<\/li>\n<li>DHCP Server<\/li>\n<li>DNS Server<\/li>\n<li>SSH Hardening<\/li>\n<li>IDP, Security Features<\/li>\n<\/ul>\n<p>  \u041f\u043e\u0435\u0445\u0430\u043b\u0438\u2026<\/p>\n<h4>Source NAT<\/h4>\n<p>  \u0414\u043b\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 source NAT \u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b:<\/p>\n<pre><code class=\"bash\">cartman@gw-jsrx240# show security nat | display set  set security nat source rule-set trust-to-untrust from zone trust set security nat source rule-set trust-to-untrust to zone untrust set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0\/0 set security nat source rule-set trust-to-untrust rule source-nat-rule then source-nat interface <\/code><\/pre>\n<p>  \u0418\u043b\u0438 \u0432 \u0432\u0438\u0434\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0430:<\/p>\n<pre><code class=\"bash\">cartman@gw-jsrx240# show security nat                             source {     rule-set trust-to-untrust {         from zone trust;         to zone untrust;         rule source-nat-rule {             match {                 source-address 0.0.0.0\/0;             }             then {                 source-nat {                     interface;                 }             }         }     } } <\/code><\/pre>\n<p>  \u041f\u0440\u0438 \u0442\u0430\u043a\u043e\u043c \u043a\u043e\u043d\u0444\u0438\u0433\u0435 \u0412\u0421\u0415 \u0441\u0435\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u0443\u0434\u0443\u0442 \u0441\u043a\u043e\u043d\u0444\u0438\u043d\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0445 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430\u0445 \u0440\u043e\u0443\u0442\u0435\u0440\u0430 \u0431\u0443\u0434\u0443\u0442 NAT&#8217;\u0438\u0442\u044c\u0441\u044f. \u0415\u0441\u043b\u0438 \u043d\u0443\u0436\u043d\u043e NAT&#8217;\u0438\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435, \u0442\u043e \u0432\u043c\u0435\u0441\u0442\u043e:<\/p>\n<pre><code class=\"bash\">set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 0.0.0.0\/0 <\/code><\/pre>\n<p>  \u043d\u0443\u0436\u043d\u043e \u043d\u0430\u043f\u0438\u0441\u0430\u0442\u044c (\u043f\u0440\u0438\u043c\u0435\u0440 \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d \u0434\u043b\u044f \u0441\u0435\u0442\u0438 172.16.1.0\/27):<\/p>\n<pre><code class=\"bash\">set security nat source rule-set trust-to-untrust rule source-nat-rule match source-address 172.16.1.0\/27 <\/code><\/pre>\n<h4>DHCP Server<\/h4>\n<p>  \u0422\u0435\u043f\u0435\u0440\u044c \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u043c \u043d\u0430\u0448 SRX \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 DHCP \u0441\u0435\u0440\u0432\u0435\u0440\u0430. \u041f\u0440\u0435\u0434\u043f\u043e\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u044b \u0443\u0436\u0435 \u0441\u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0438 \u043d\u0430\u043c \u043d\u0443\u0436\u043d\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c DHCP \u0441\u0435\u0440\u0432\u0435\u0440 \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 <b>vlan.0<\/b>:<\/p>\n<pre><code class=\"bash\">cartman@gw-jsrx240# show system services dhcp | display set  set system services dhcp maximum-lease-time 21600 set system services dhcp default-lease-time 21600 set system services dhcp pool 172.16.1.0\/27 address-range low 172.16.1.2 set system services dhcp pool 172.16.1.0\/27 address-range high 172.16.1.30 set system services dhcp pool 172.16.1.0\/27 router 172.16.1.1 set system services dhcp propagate-settings vlan.0 <\/code><\/pre>\n<p>  \u0418\u043b\u0438 \u0432 \u0432\u0438\u0434\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0430:<\/p>\n<pre><code class=\"bash\">cartman@gw-jsrx240# show system services dhcp      maximum-lease-time 21600; default-lease-time 21600; pool 172.16.1.0\/27 {     address-range low 172.16.1.2 high 172.16.1.30;     router {         172.16.1.1;     } } propagate-settings vlan.0; <\/code><\/pre>\n<p>  \u0412 \u0434\u0430\u043d\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043c\u044b \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u043c \u0432\u0440\u0435\u043c\u044f \u0436\u0438\u0437\u043d\u0438 lease&#8217;\u0430 \u0432 <b>6 \u0447\u0430\u0441\u043e\u0432<\/b> (6 * 60 \u043c\u0438\u043d * 60 \u0441\u0435\u043a = 21600 \u0441\u0435\u043a); default gateway \u0434\u0435\u043b\u0430\u0435\u043c <b>172.16.1.1<\/b>; \u043d\u0430\u0447\u0438\u043d\u0430\u0435\u043c \u0440\u0430\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u0430\u0434\u0440\u0435\u0441\u0430 \u0441 <b>172.16.1.2<\/b> \u0438 \u0437\u0430\u043a\u0430\u043d\u0447\u0438\u0432\u0430\u0435\u043c <b>172.16.1.30<\/b> (\u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d, \u0432 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u0445 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c DHCP \u0441\u0435\u0440\u0432\u0435\u0440).<\/p>\n<p>  \u042d\u0442\u0438 \u043e\u043f\u0446\u0438\u0438 \u0431\u0443\u0434\u0443\u0442 \u0434\u0435\u0439\u0441\u0442\u0432\u043e\u0432\u0430\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043b\u044f \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 <b>vlan.0<\/b>. \u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u0435\u0433\u043e \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u043c\u0435\u043d\u0438\u0442\u044c \u043d\u0430 \u0440\u0435\u0430\u043b\u044c\u043d\u043e\u0435 \u0438\u043c\u044f \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 \u043d\u0430 <b>ge-0\/0\/1<\/b>.<\/p>\n<p>  \u0421\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0443 \u043f\u043e DHCP \u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0439 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439:<\/p>\n<pre><code class=\"bash\">cartman@gw-jsrx240# run show system services dhcp statistics  Packets dropped:     Total                      0  Messages received:     BOOTREQUEST                0     DHCPDECLINE                0     DHCPDISCOVER               0     DHCPINFORM                 0     DHCPRELEASE                0     DHCPREQUEST                0  Messages sent:     BOOTREPLY                  0     DHCPOFFER                  0     DHCPACK                    0     DHCPNAK                    0 <\/code><\/pre>\n<h4>DNS Server<\/h4>\n<p>  \u0422\u0435\u043f\u0435\u0440\u044c \u043f\u0435\u0440\u0435\u0439\u0434\u0435\u043c \u043a \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 DNS \u0441\u0435\u0440\u0432\u0435\u0440\u0430. \u041d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 \u0432\u0435\u0440\u0441\u0438\u0438 Junos OS 12.1x44D10 <a href=\"http:\/\/kb.juniper.net\/InfoCenter\/index?page=content&amp;id=KB21232\">\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f<\/a> DNS proxy, \u0434\u0430\u0432\u0430\u0439\u0442\u0435 \u0436\u0435 \u0435\u0433\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u043c:<\/p>\n<pre><code class=\"bash\">cartman@gw-jsrx240# show system services dns | display set  set system services dns forwarders 8.8.8.8 set system services dns forwarders 8.8.4.4 set system services dns dns-proxy interface vlan.0 set system services dns dns-proxy cache gw-jsrx240.HOME.local inet 172.16.1.1 <\/code><\/pre>\n<p>  \u0418\u043b\u0438 \u0432 \u0432\u0438\u0434\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0430:<\/p>\n<pre><code class=\"bash\">cartman@gw-jsrx240# show system services dns                   forwarders {     8.8.8.8;     8.8.4.4; } dns-proxy {     interface {         vlan.0;     }     cache {         gw-jsrx240.HOME.local inet 172.16.1.1;     } } <\/code><\/pre>\n<p>  \u0417\u0434\u0435\u0441\u044c \u043c\u044b \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u043b\u0438 \u0440\u0430\u0431\u043e\u0442\u0443 DNS \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043d\u0430 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 vlan.0; \u0441\u043e\u0437\u0434\u0430\u043b\u0438 A-\u0437\u0430\u043f\u0438\u0441\u044c \u0434\u043b\u044f gw-jsrx240.HOME.local (\u0441\u0430\u043c\u043e \u0441\u043e\u0431\u043e\u0439 \u0442\u0430\u043a\u0438\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043c\u043e\u0436\u043d\u043e \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e); \u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u043b\u0438 DNS forwarders \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0445 DNS \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432.<\/p>\n<p>  \u0415\u0441\u043b\u0438 DNS \u0441\u0435\u0440\u0432\u0435\u0440 \u043d\u0443\u0436\u043d\u043e \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0434\u043b\u044f \u0432\u0441\u0435\u0445 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0445 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u0432, \u0442\u043e \u044d\u0442\u043e \u043c\u043e\u0436\u043d\u043e \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c (\u0435\u0441\u043b\u0438 VLAN&#8217;\u043e\u0432 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e, \u0442\u043e \u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043d\u0443\u0436\u043d\u043e \u0434\u0435\u043b\u0430\u0442\u044c \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0435):<\/p>\n<pre><code class=\"bash\">cartman@gw-jsrx240# show system name-server | display set  set system name-server 172.16.1.1 <\/code><\/pre>\n<p>  \u0418\u043b\u0438 \u0432 \u0432\u0438\u0434\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0430:<\/p>\n<pre><code class=\"bash\">cartman@gw-jsrx240# show system name-server  172.16.1.1; <\/code><\/pre>\n<p>  \u0421\u0442\u0430\u0442\u0438\u0441\u0442\u0438\u043a\u0443 \u043f\u043e DNS \u0437\u0430\u043f\u0440\u043e\u0441\u0430\u043c \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c:<\/p>\n<pre><code class=\"bash\">cartman@gw-jsrx240# run show system services dns-proxy statistics  DNS proxy statistics        :     Status                  : enabled               IPV4 Queries received   : 0                     IPV6 Queries received   : 0                     Responses sent          : 0                     Queries forwarded       : 0                     Negative responses      : 0                     Positive responses      : 0                     Retry requests          : 0                     Pending requests        : 0                     Server failures         : 0                     Interfaces              : vlan.0 <\/code><\/pre>\n<p>  \u0417\u0430\u043f\u0438\u0441\u0438 \u0432 DNS cahce \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0432\u043e\u0442 \u0442\u0430\u043a (\u0431\u0435\u0437 \u0432\u044b\u0432\u043e\u0434\u0430 \u0441\u0430\u043c\u043e\u0433\u043e \u043a\u044d\u0448\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u0442.\u043a. \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u0442\u0430\u043c \u043e\u0447\u0435\u043d\u044c \u043c\u043d\u043e\u0433\u043e):<\/p>\n<pre><code class=\"bash\">cartman@gw-jsrx240# run show system services dns-proxy cache <\/code><\/pre>\n<p>  \u041e\u0447\u0438\u0441\u0442\u0438\u0442\u044c DNS cache \u0432\u043e\u0442 \u0442\u0430\u043a:<\/p>\n<pre><code class=\"bash\">cartman@gw-jsrx240# run clear system services dns-proxy cache <\/code><\/pre>\n<h4>SSH Hardening<\/h4>\n<p>  \u0422\u0435\u043f\u0435\u0440\u044c \u043f\u043e\u043f\u0440\u043e\u0431\u0443\u0435\u043c \u043e\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u0438\u0442\u044c \u043d\u0430\u0448 SSH \u0441\u0435\u0440\u0432\u0435\u0440 (\u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u043e\u043d \u0441\u043c\u043e\u0442\u0440\u0438\u0442 \u043d\u0430\u0440\u0443\u0436\u0443) (\u0432\u043c\u0435\u0441\u0442\u043e SSH_RSA_PUBLIC_KEY \u043d\u0443\u0436\u043d\u043e \u0432\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0439 SSH RSA Public Key):<\/p>\n<pre><code class=\"bash\">cartman@gw-jsrx240# show system services ssh | display set  set system services ssh root-login deny set system services ssh protocol-version v2 set system services ssh connection-limit 5 set system services ssh rate-limit 5  cartman@gw-jsrx240# show system login | display set            set system login retry-options tries-before-disconnect 5 set system login retry-options backoff-threshold 1 set system login retry-options backoff-factor 10 set system login retry-options minimum-time 30 set system login user cartman full-name &quot;FIRST_NAME LAST_NAME&quot; set system login user cartman uid 2000 set system login user cartman class super-user set system login user cartman authentication ssh-rsa &quot;SSH_RSA_PUBLIC_KEY&quot; <\/code><\/pre>\n<p>  \u0418\u043b\u0438 \u0432 \u0432\u0438\u0434\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0430:<\/p>\n<pre><code class=\"bash\">cartman@gw-jsrx240# show system services ssh                   root-login deny; protocol-version v2; connection-limit 5; rate-limit 5;  cartman@gw-jsrx240# show system login            retry-options {     tries-before-disconnect 5;     backoff-threshold 1;     backoff-factor 10;     minimum-time 30; } user cartman {     full-name &quot;FIRST_NAME LAST_NAME&quot;;     uid 2000;     class super-user;     authentication {         ssh-rsa &quot;SSH_RSA_PUBLIC_KEY&quot;; ## SECRET-DATA     } } <\/code><\/pre>\n<p>  \u041f\u043e\u044f\u0441\u043d\u0435\u043d\u0438\u044f:  <\/p>\n<ul>\n<li><b>root-login deny<\/b> \u2014 \u0437\u0430\u043f\u0440\u0435\u0449\u0430\u0435\u043c root&#8217;\u0443 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0442\u044c\u0441\u044f \u043f\u043e SSH<\/li>\n<li><b>protocol-version v2<\/b> \u2014 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c \u0442\u043e\u043b\u044c\u043a\u043e \u0432\u0435\u0440\u0441\u0438\u044e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 SSHv2<\/li>\n<li><b>connection-limit 5<\/b> \u2014 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0445 SSH \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439<\/li>\n<li><b>rate-limit 5<\/b> \u2014 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u043e\u0435 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e SSH \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 \u0432 \u043c\u0438\u043d\u0443\u0442\u0443<\/li>\n<li><b>tries-before-disconnect 5<\/b> \u2014 \u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0440\u0430\u0437 \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043e \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u0432\u0432\u043e\u0434\u0430 \u043f\u0430\u0440\u043e\u043b\u044f, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0441\u0435\u0441\u0441\u0438\u044f \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0437\u043e\u0440\u0432\u0430\u043d\u0430<\/li>\n<li><b>backoff-threshold 1<\/b> \u2014 \u0447\u0435\u0440\u0435\u0437 \u042d\u0422\u041e \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u0432\u0432\u043e\u0434\u0430 \u043f\u0430\u0440\u043e\u043b\u044f \u0431\u0443\u0434\u0435\u0442 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u0437\u0430\u0434\u0435\u0440\u0436\u043a\u0430<\/li>\n<li><b>backoff-factor 10<\/b> \u2014 \u043f\u043e\u0441\u043b\u0435 \u0434\u043e\u0441\u0442\u0438\u0436\u0435\u043d\u0438\u044f backoff-threshold \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0431\u0443\u0434\u0435\u0442 \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d \u043d\u0430 10 \u0441\u0435\u043a.<\/li>\n<li><b>minimum-time 30<\/b> \u2014 \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0441\u0435\u043a\u0443\u043d\u0434, \u043e\u0442\u0432\u0435\u0434\u0435\u043d\u043d\u043e\u0435 \u043d\u0430 \u0432\u0432\u043e\u0434 \u043f\u0430\u0440\u043e\u043b\u044f, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0441\u0435\u0441\u0441\u0438\u044f \u0431\u0443\u0434\u0435\u0442 \u0440\u0430\u0437\u043e\u0440\u0432\u0430\u043d\u0430<\/li>\n<\/ul>\n<p>  \u042f \u043f\u0440\u0435\u0434\u043f\u043e\u0447\u0438\u0442\u0430\u044e \u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0442\u044c root&#8217;\u0443 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0432\u0445\u043e\u0434\u0438\u0442\u044c \u043f\u043e \u043f\u0430\u0440\u043e\u043b\u044e, \u043d\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0435\u0440\u0435\u0437 console; \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e \u043a\u043b\u044e\u0447\u0430\u043c \u0441 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u043c\u0438 \u0432\u044b\u0448\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f\u043c\u0438.<\/p>\n<h4>IDP, Security Features<\/h4>\n<p>  <\/p>\n<pre><code class=\"bash\">cartman@gw-jsrx240# show security screen | display set  set security screen ids-option untrust-screen icmp ping-death set security screen ids-option untrust-screen ip source-route-option set security screen ids-option untrust-screen ip tear-drop set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200 set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024 set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048 set security screen ids-option untrust-screen tcp syn-flood timeout 20 set security screen ids-option untrust-screen tcp land <\/code><\/pre>\n<p>  \u0418\u043b\u0438 \u0432 \u0432\u0438\u0434\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0430:<\/p>\n<pre><code class=\"bash\">cartman@gw-jsrx240# show security screen                   ids-option untrust-screen {     icmp {         ping-death;     }     ip {         source-route-option;         tear-drop;     }     tcp {         syn-flood {             alarm-threshold 1024;             attack-threshold 200;             source-threshold 1024;             destination-threshold 2048;             timeout 20;         }         land;     } } <\/code><\/pre>\n<h4>\u0412 \u0441\u0430\u043c\u043e\u043c \u043a\u043e\u043d\u0446\u0435&#8230;<\/h4>\n<p>  \u041d\u0435 \u0437\u0430\u0431\u044b\u0432\u0430\u0435\u043c \u0441\u0434\u0435\u043b\u0430\u0442\u044c commit, \u0438\u043d\u0430\u0447\u0435 \u043d\u0438\u043a\u0430\u043a\u0438\u0435 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u043d\u0435 \u0432\u0441\u0442\u0443\u043f\u044f\u0442 \u0432 \u0441\u0438\u043b\u0443:  <\/p>\n<pre><code class=\"bash\">cartman@gw-jsrx240# commit check  configuration check succeeds   cartman@gw-jsrx240# commit  commit complete <\/code><\/pre>\n<h4>\u0418\u0442\u043e\u0433\u043e<\/h4>\n<p>  \u0418\u0442\u043e\u0433\u043e\u0432\u044b\u0439 \u043a\u043e\u043d\u0444\u0438\u0433 \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u043d\u0438\u0436\u0435. \u041c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440 \u043e\u0431\u043b\u0430\u0434\u0430\u0435\u0442 \u0432\u0441\u0435\u043c\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u043c\u0438 \u0444\u0443\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u0437\u0430 \u0432\u043f\u043e\u043b\u043d\u0435 \u0443\u043c\u0435\u0441\u0442\u043d\u044b\u0435 \u0434\u0435\u043d\u044c\u0433\u0438.<\/p>\n<div class=\"spoiler\"><b class=\"spoiler_title\">cartman@gw-jsrx240# show<\/b><\/p>\n<div class=\"spoiler_text\">cartman@gw-jsrx240# show <br \/>  ## Last changed: 2014-07-12 20:15:48 MSK<br \/>  version 12.1X46-D20.5;<br \/>  system {<br \/>   host-name gw-jsrx240;<br \/>   domain-name HOME.local;<br \/>   domain-search HOME.local;<br \/>   time-zone Europe\/Moscow;<br \/>   authentication-order password;<br \/>   root-authentication {<br \/>   encrypted-password &quot;$1$ENCRYPTED_PASSWORD&quot;; ## SECRET-DATA<br \/>   }<br \/>   name-server {<br \/>   172.16.1.1;<br \/>   }<br \/>   name-resolution {<br \/>   no-resolve-on-input;<br \/>   }<br \/>   login {<br \/>   retry-options {<br \/>   tries-before-disconnect 5;<br \/>   backoff-threshold 1;<br \/>   backoff-factor 10;<br \/>   minimum-time 30;<br \/>   }<br \/>   user cartman {<br \/>   full-name \u00abFIRST_NAME LAST_NAME\u00bb;<br \/>   uid 2000;<br \/>   class super-user;<br \/>   authentication {<br \/>   ssh-rsa \u00abSSH_RSA_PUBLIC_KEY\u00bb; ## SECRET-DATA<br \/>   }<br \/>   }<br \/>   }<br \/>   services {<br \/>   ssh {<br \/>   root-login deny;<br \/>   protocol-version v2;<br \/>   connection-limit 5;<br \/>   rate-limit 5;<br \/>   }<br \/>   dns {<br \/>   forwarders {<br \/>   8.8.8.8;<br \/>   8.8.4.4;<br \/>   }<br \/>   dns-proxy {<br \/>   interface {<br \/>   vlan.0;<br \/>   }<br \/>   cache {<br \/>   gw-jsrx240.HOME.local inet 172.16.1.1;<br \/>   }<br \/>   }<br \/>   }<br \/>   web-management {<br \/>   https {<br \/>   port 443;<br \/>   system-generated-certificate;<br \/>   interface vlan.0;<br \/>   }<br \/>   session {<br \/>   idle-timeout 300;<br \/>   session-limit 2;<br \/>   }<br \/>   }<br \/>   dhcp {<br \/>   maximum-lease-time 21600;<br \/>   default-lease-time 21600;<br \/>   pool 172.16.1.0\/27 {<br \/>   address-range low 172.16.1.2 high 172.16.1.30;<br \/>   router {<br \/>   172.16.1.1;<br \/>   }<br \/>   }<br \/>   propagate-settings vlan.0;<br \/>   }<br \/>   }<br \/>   syslog {<br \/>   archive size 100k files 3; <br \/>   user * {<br \/>   any emergency;<br \/>   }<br \/>   file messages {<br \/>   any critical;<br \/>   authorization info;<br \/>   }<br \/>   file interactive-commands {<br \/>   interactive-commands error;<br \/>   }<br \/>   }<br \/>   max-configurations-on-flash 5;<br \/>   max-configuration-rollbacks 5;<br \/>   license {<br \/>   autoupdate {<br \/>   url <a href=\"https:\/\/ae1.juniper.net\/junos\/key_retrieval;\">ae1.juniper.net\/junos\/key_retrieval;<\/a><br \/>   }<br \/>   }<br \/>   ntp {<br \/>   server 0.pool.ntp.org prefer;<br \/>   server 1.pool.ntp.org;<br \/>   server 2.pool.ntp.org;<br \/>   server 3.pool.ntp.org;<br \/>   }<br \/>  }<br \/>  interfaces {<br \/>   interface-range interfaces-trust {<br \/>   member-range ge-0\/0\/1 to ge-0\/0\/15;<br \/>   unit 0 {<br \/>   family ethernet-switching {<br \/>   vlan {<br \/>   members vlan-trust;<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   ge-0\/0\/0 {<br \/>   unit 0 {<br \/>   family inet {<br \/>   dhcp;<br \/>   }<br \/>   }<br \/>   }<br \/>   ge-0\/0\/1 {<br \/>   unit 0 {<br \/>   family ethernet-switching {<br \/>   vlan {<br \/>   members vlan-trust;<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   ge-0\/0\/2 {<br \/>   unit 0 {<br \/>   family ethernet-switching {<br \/>   vlan {<br \/>   members vlan-trust;<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   ge-0\/0\/3 {<br \/>   unit 0 {<br \/>   family ethernet-switching {<br \/>   vlan {<br \/>   members vlan-trust;<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   ge-0\/0\/4 {<br \/>   unit 0 {<br \/>   family ethernet-switching {<br \/>   vlan {<br \/>   members vlan-trust;<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   ge-0\/0\/5 {<br \/>   unit 0 {<br \/>   family ethernet-switching {<br \/>   vlan {<br \/>   members vlan-trust;<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   ge-0\/0\/6 { <br \/>   unit 0 {<br \/>   family ethernet-switching {<br \/>   vlan {<br \/>   members vlan-trust;<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   ge-0\/0\/7 {<br \/>   unit 0 {<br \/>   family ethernet-switching {<br \/>   vlan {<br \/>   members vlan-trust;<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   ge-0\/0\/8 {<br \/>   unit 0 {<br \/>   family ethernet-switching {<br \/>   vlan {<br \/>   members vlan-trust;<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   ge-0\/0\/9 {<br \/>   unit 0 {<br \/>   family ethernet-switching {<br \/>   vlan {<br \/>   members vlan-trust;<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   ge-0\/0\/10 {<br \/>   unit 0 {<br \/>   family ethernet-switching {<br \/>   vlan {<br \/>   members vlan-trust;<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   ge-0\/0\/11 {<br \/>   unit 0 {<br \/>   family ethernet-switching {<br \/>   vlan {<br \/>   members vlan-trust;<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   ge-0\/0\/12 {<br \/>   unit 0 {<br \/>   family ethernet-switching {<br \/>   vlan {<br \/>   members vlan-trust;<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   ge-0\/0\/13 {<br \/>   unit 0 {<br \/>   family ethernet-switching {<br \/>   vlan {<br \/>   members vlan-trust;<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   ge-0\/0\/14 {<br \/>   unit 0 {<br \/>   family ethernet-switching {<br \/>   vlan {<br \/>   members vlan-trust;<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   ge-0\/0\/15 {<br \/>   unit 0 {<br \/>   family ethernet-switching {<br \/>   vlan {<br \/>   members vlan-trust;<br \/>   }<br \/>   }<br \/>   }<br \/>   } <br \/>   vlan {<br \/>   unit 0 {<br \/>   family inet {<br \/>   address 172.16.1.1\/27;<br \/>   }<br \/>   }<br \/>   }<br \/>  }<br \/>  protocols {<br \/>   stp;<br \/>  }<br \/>  security {<br \/>   screen {<br \/>   ids-option untrust-screen {<br \/>   icmp {<br \/>   ping-death;<br \/>   }<br \/>   ip {<br \/>   source-route-option;<br \/>   tear-drop;<br \/>   }<br \/>   tcp {<br \/>   syn-flood {<br \/>   alarm-threshold 1024;<br \/>   attack-threshold 200;<br \/>   source-threshold 1024;<br \/>   destination-threshold 2048;<br \/>   timeout 20;<br \/>   }<br \/>   land;<br \/>   }<br \/>   }<br \/>   }<br \/>   nat {<br \/>   source {<br \/>   rule-set trust-to-untrust {<br \/>   from zone trust;<br \/>   to zone untrust;<br \/>   rule source-nat-rule {<br \/>   match {<br \/>   source-address 0.0.0.0\/0;<br \/>   }<br \/>   then {<br \/>   source-nat {<br \/>   interface;<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   policies {<br \/>   from-zone trust to-zone untrust {<br \/>   policy trust-to-untrust {<br \/>   match {<br \/>   source-address any;<br \/>   destination-address any;<br \/>   application any;<br \/>   }<br \/>   then {<br \/>   permit;<br \/>   }<br \/>   }<br \/>   }<br \/>   from-zone trust to-zone trust {<br \/>   policy trust-to-trust {<br \/>   match {<br \/>   source-address any;<br \/>   destination-address any;<br \/>   application any;<br \/>   }<br \/>   then {<br \/>   permit;<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   zones {<br \/>   security-zone untrust {<br \/>   screen untrust-screen;<br \/>   interfaces {<br \/>   ge-0\/0\/0.0 {<br \/>   host-inbound-traffic {<br \/>   system-services {<br \/>   ping;<br \/>   ssh; <br \/>   dhcp;<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   }<br \/>   security-zone trust {<br \/>   host-inbound-traffic {<br \/>   system-services {<br \/>   all;<br \/>   }<br \/>   protocols {<br \/>   all;<br \/>   }<br \/>   }<br \/>   interfaces {<br \/>   vlan.0;<br \/>   }<br \/>   }<br \/>   }<br \/>  }<br \/>  vlans {<br \/>   vlan-trust {<br \/>   vlan-id 10;<br \/>   l3-interface vlan.0;<br \/>   }<br \/>  }  <\/div>\n<\/div>\n<p>  \u0415\u0441\u043b\u0438 \u0431\u0443\u0434\u0435\u0442 \u0432\u044b\u0434\u0430\u043d \u0438\u043d\u0432\u0430\u0439\u0442, \u043e\u043f\u0438\u0448\u0443 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 PPPoE, Dynamic VPN, Site-to-Site VPN \u0438 \u0442.\u0434. \t\t\t<\/p>\n<div class=\"clear\"><\/div>\n<\/p><\/div>\n<p> \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438 <a href=\"http:\/\/habrahabr.ru\/post\/229765\/\"> http:\/\/habrahabr.ru\/post\/229765\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"content html_format\"> \t\t\t\u0417\u0434\u0435\u0441\u044c \u0443\u0436\u0435 \u0435\u0441\u0442\u044c \u043d\u0435\u0441\u043e\u043a\u043b\u044c\u043a\u043e \u0441\u0442\u0430\u0442\u0435\u0439 \u043f\u0440\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 Juniper SRX (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, <a href=\"http:\/\/habrahabr.ru\/company\/billing\/blog\/227317\/\">\u0440\u0430\u0437<\/a>, <a href=\"http:\/\/habrahabr.ru\/post\/166897\/\">\u0434\u0432\u0430<\/a>, <a href=\"http:\/\/habrahabr.ru\/post\/173031\/\">\u0442\u0440\u0438<\/a> \u0438 \u0442.\u0434.). \u0412 \u044d\u0442\u043e\u0439 \u044f \u043f\u043e\u0441\u0442\u0430\u0440\u0430\u044e\u0441\u044c \u043a\u043e\u043d\u0441\u043e\u043b\u0438\u0434\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u043b\u0435\u0437\u043d\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e, \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0432 \u0435\u0435 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u043f\u0440\u0438\u044f\u0442\u043d\u044b\u043c\u0438 \u043c\u0435\u043b\u043e\u0447\u0430\u043c\u0438.<\/p>\n<p>  \u0412\u0441\u0435\u0445 \u0437\u0430\u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043e\u0432\u0430\u0432\u0448\u0438\u0445\u0441\u044f \u043f\u0440\u043e\u0448\u0443 \u043f\u043e\u0434 \u043a\u0430\u0442.  <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-229765","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/229765","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=229765"}],"version-history":[{"count":0,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/229765\/revisions"}],"wp:attachment":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=229765"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=229765"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=229765"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}