1 / 27

LINUX SECURITY

LINUX SECURITY. Outline. Introduction - UNIX file permission - SUID / SGID - File attributes. Securing LINUX box - Hidden files - Tightening script files Control mounting a file system. Logging - Syslogd - Klogd - Remote logging

ayanna-russell
Download Presentation

LINUX SECURITY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LINUX SECURITY

  2. Outline • Introduction - UNIX file permission - SUID / SGID - File attributes

  3. Securing LINUX box - Hidden files - Tightening script files • Control mounting a file system

  4. Logging - Syslogd - Klogd - Remote logging - Shell logging

  5. UNIX file permissions • Each directory and file on the system has a set of permission flags which specify read, write, and execute permissions for the ‘user’, ‘group’, and ‘other’ • ‘ls’ with –l option gives info on file permission.

  6. Binary / Octal representation: File permissions can be changed using octal notation. Octal 744 = Binary 111 100 100 user group other Chmod command E.g.: Chmod 744 myfile

  7. SUID/SGID • Setuid program is a program which has its setuid bit set. • gid-2, uid-4, both-6 (octal value prepended to standard permission set) • If the owner of the setuid is root then the commands in the program are run with root privileges. • suid/sgid : Is it a threat?

  8. Locating SUID/SGID programs: • Find command: To find all files with the suid bits set: # find / -type f (-perm -4000 –o -2000 \) -ls To disable the suid bits on selected programs use chmod command. Ex: # chmod a-s /bin/mount.

  9. File Attributes: • The Linux ext2 file system supports the following file attributes. ‘A’ – Don’t update the access time ‘S’ – Synchronous updates ‘a’ – Append only ‘c’ – Compressed

  10. Contd ‘i’ – Immutable ‘d’ – No dump ‘s’ – Secure deletion ‘u’ – Undeletable chattr: Changes the file attributes. The format is +or- = [ASacdisv] # chattr +a myfile lsattr: Lists attributes for a file # lsattr myfile

  11. Hidden Files: • Hidden files can be used to hide tools and password cracking programs. • # find / -name “..*” –print # find / -name “.*” -print

  12. World Writable files • Group and World writable files and directories can be a security hole. • Look for the files and directories that should not be group or world writable. #find / -type f -perm +022 –ls #find / -type d -perm +022 –ls

  13. Unowned files: • Files with no owner. • Potential threat • Sometimes we may uninstall a program and get unowned file. • #find / -nouser –o –nogroup

  14. Tightening script files • Script files are responsible for starting and stopping all your normal processes • #chmod –R 700 etc/rc.d/init.d/* • No reason for users to be able to view or edit startup scripts

  15. Removing banner info • Edit the /etc/rc.d/rc.local file and comment the following lines - #echo “” > /etc/issue - #echo “$R” >> /etc/issue - #echo “Kernel $(uname –r) on $a $(uname –m)” >> /etc/issue - Remove the files issue.net and issue under /etc - # rm –f /etc/issue - # rm –f /etc/issue.net

  16. /etc/services file • This file contains information about port numbers on which standard services are offered. • Should be protected. # chattr +i etc/services. • Similarforother important files • /etc/passwd, /etc/shadow, /etc/group, configurations files.

  17. Control mounting a file system • In Linux all file systems (hard drives, CD-ROM’s, floppy drives etc) are mounted onto one logical tree with root being the parent directory. • The ext2 file system enforces a security model

  18. Mount: • Mount command attaches a file system to the file system hierarchy at the mount point. • The standard form of mount command • mount –t type device dir

  19. Options: defaults: Allow suid, read write, quota. nosuid: Do not set SUID/SGID access on this partition. nodev: Do not set character or special devices access on this platform. ro: Allow read only on this partition rw: Allow read-write on this partition

  20. /etc/fstab • Text file containing info about how different partitions on the hard disk are mounted in Linux directories. • Each entry has 6 fields namely Block_device l mount_point l type l options l dump l pass

  21. contd • Block-device: The partition in the HD • Mount-point: Local directory where partition is mounted. • Type: Type of partition or file system • Options: mount(8) • Dump: Whether partition should be dumped for backups • Pass: Order in which fsck checks the file system for corruption at booting time

  22. Logging: • Logging is defined as the process of recording actions that have occurred. • Important to maintain the integrity of the different log files. • Syslogd: utility program that accomplishes logging facility.

  23. contd • Syslogd reads /etc/syslog.conf file. • The file consists of two fields. - selector and - action field authpriv.*;mail.*;daemon. info /dev/lp0

  24. Klogd daemon • Intercepts and logs kernel messages • Log info may be in /proc file system or sys_syslog • Remote logging: Easy to control and added security.

  25. Shell logging • Bash shell stores up to 500 old commands in the ~/.bash_history • Password threat • Edit /etc/profile histfilesize=20 and histsize=20 Edit /etc/skel/.bash_logout rm –f $HOME/.bash_history

  26. UTMP and WTMP • UTMP is a system log file that records users currently logged in. • UTMP is a place for exploitation to cause system damage • UTMP contains accounting and access info for commands who, last , lastlog etc. • WTMP contains history for UTMP data base

  27. Questions ?

More Related