1 / 14

mid 1960’s - Multics - proposed by AT&T, Honeywell, GE & MIT; funded by DARPA

Unix. mid 1960’s - Multics - proposed by AT&T, Honeywell, GE & MIT; funded by DARPA. 1969 - Thompson & Ritchie create Unix. 1978 to 84 - Bill Joy & Chuck Haley (Berkeley U.) create BSD Unix. Unix Wars I - BSD 4.2 versus System V. Unix Wars II - SVR4 versus OSF.

kalkin
Download Presentation

mid 1960’s - Multics - proposed by AT&T, Honeywell, GE & MIT; funded by DARPA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Unix mid 1960’s - Multics - proposed by AT&T, Honeywell, GE & MIT; funded by DARPA 1969 - Thompson & Ritchie create Unix 1978 to 84 - Bill Joy & Chuck Haley (Berkeley U.) create BSD Unix Unix Wars I - BSD 4.2 versus System V Unix Wars II - SVR4 versus OSF ISO Standard - POSIX 1991 - Linus Torvalds creates Linux

  2. Mach System V AIX HP-UX OSF/1 NeXTStep SunOS Free BSD Solaris Linux OS X Unix - Significant Versions BSD

  3. Security Overview Authentication Admin File Systems Network-related Audit

  4. • entry: UserName:*:UID:GID:FullName:UserDir:UserShell Authentication UID • 16-bits • ID 0 - 99 reserved • ID 0 is root GID • 16 or 32 bits • /etc/group stores local groups • wheel group for system administrators /etc/passwd • passwords encrypted via crypt() • salt

  5. Standard Users root sshd mail lp www guest - for running a web server - print server process - superuser account - generic visitor account - system account for email processing - for running secure shell tasks nobody daemon - default user for unprivileged access - executes as background process - user owns no files - handles system events such as print spooling

  6. Shells shell • command line interface • Born (sh), c-shell (csh), tc-shell (tcsh) commands • ls -- list directory information • cd -- set current directory • pwd -- display current directory • cat -- display contents of textfile • whoami -- display current user • su -- log in as a different user (will be prompted for password) • man -- give help on command • sudo -- execute a single command as root (must specify password)

  7. ufs File Systems  original Unix File System  first tree-structured directory system ffs  Fast File System  allows longer file names (255 chars rather than 14)  supports symbolic links inodes  separate inode (index node) per file/directory  an inode has an address (index) but no name  each inode resides on the disk  contents: • address of associated item (file/directory) • item type • item size (in bytes) • time of last inode modification • time of last modification of item (mtime) • time of last item access (atime) • reference count (number of names for this inode) • item’s UID • item’s primary GID • item’s mode bits (permissions) directory  ...consists of a list of pairs: name - inode index

  8. Files in a Shell standard directory entries . refers to this directory’s inode .. refers to inode of the parent of this directory shell commands • cp -- copy (duplicate) file • mv -- move file from one directory to another • mkdir -- create new directory • ln -- create new link (use -s flag for symbolic link) • rm -- remove one name • rmdir -- log in as a different user (will be prompted for password) • chown -- change owner of file/directory • chmod -- change mode (permissions) for a file • umask -- set default mode (permissions) for this user

  9. t “sticky” bit owner group world -file d directory c character device (tty, printer) b block device (disk, CD) l symbolic link s socket Files Permissions - rwx r-x --- t rread w write x execute s set (in place of x) Mode: 1000 - sticky bit 2000 - set GID 4000 - set UID 400 - read (owner) 200 - write (owner) 100 - execute (owner) Example

  10. Unix & CLient Firewalls TCP Wrappers • a common way to secure network transmissions on some Unix versions • when tcp wrappers are turned on... a) look in /etc/hosts.allow file for allowed firewall access b) look in /etc/hosts.deny file for denied firewall access c) if no rules apply, then access is granted • results logged to syslog • optionally sends banners to clients • can transfer access to “jail” or “faux” host-based firewalls • Free BSD • OS X • varies with Linux

  11. Unix Services echo (UDP Port 7) ping command sends datagram to test connectivity systat (TCP Port 11) netstat command returns user names, login times, and so forth ftp (TCP Ports 20 & 21) file transfer protocol ftp transmits in plaintext - sftp encrypts anonymous ftp is a vulnerability ssh (TCP Port 2) secure shell for remote login uses symmetric encryption (ssh.config) requires that client have public key telnet (TCP Port 23) original remote login shell - uses plaintext

  12. Audit Common Log Directories /usr/adm /var/adm /var/log Common Log Files account/acct -- process-level accounting aculog -- dial-out modems lastlog -- recent user events loginlog -- login attempts message -- system console messages syslog -- system console messages sulog -- logged uses of su command Control /etc/syslog.conf -- each line specifies selector-action pair

  13. Other Unix Tools Issues Tools netstat lists active TCP connections and/or sockets tcpdump observe packets on network connection Network Authentication NIS - Sun Kerberos LDAP Network File Systems NFS AFS SMB

  14. smtp (TCP Port 25) Simple Mail Transfer Protocol - Internet standard for email transfer dns (TCP & UDP Port 53) Domain Name System (stay tuned) dhcp (UDP Ports 67 & 68) Dynamic Host Configuration Protocol IP address leasing utility finger (TCP Port 79) retrieves user info (name, location, login, telephone, and so forth http (TCP Ports 80 & 443) HypterText Transfer Protocol (WWW protocol) POP, POPS, IMAP, IMAPS (TCP Ports 109, 110, 143, 993 & 995) Post Office Protocol -- Internet Message Access Protocol snmp (UDP Ports 161 & 162) Simple Network Management Protocol remote system management tool rlogin & rsh (TCP Ports 513 & 514) more insecure login shells empty /etc/hosts.equiv

More Related