1 / 30

Ubuntu 10.04

Ubuntu 10.04. Overview Ubuntu Intro Backdoor/Virus/Malware Firewall User and Group Security Local Security Policy. Ubuntu Intro. Why learn Linux/Unix? The backbone of the internet and a large amount of corporate networks are based on Linux/Unix architecture.

onella
Download Presentation

Ubuntu 10.04

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ubuntu 10.04 Overview Ubuntu Intro Backdoor/Virus/Malware Firewall User and Group Security Local Security Policy

  2. Ubuntu Intro Why learn Linux/Unix? • The backbone of the internet and a large amount of corporate networks are based on Linux/Unix architecture. • Lots of Legally free open-source software that can be altered to fit individual needs. • Use security tools only available on Linux systems. • Many open-source tools actually work better on Linux than their Windows counterparts. (Hydra, Nmap, Hping, etc.) • Cyber Patriot Competition. • Because it’s fun!!

  3. Ubuntu • Ubuntu is a very user friendly Linux distribution. It is available for free at http://www.ubuntu.com/desktop/get-ubuntu/download • Current desktop versions of Ubuntu can be installed inside a Windows OS (as if it were just a program). If installed in this way the system will have to be rebooted to change between Oss, but the Ubuntu partition can be uninstalled from the Windows Add/Remove programs utility if it is no longer needed.

  4. Ubuntu • Ubuntu can also be made into a live cd or USB drive that can be used to learn and practice with without ever installing the OS on the actual hardware. • The Ubuntu installer is easy to follow and installation is relatively quick (< hour max). • Ubuntu supports most hardware, however if there is a complication a VM may be a better option for running Ubuntu.

  5. Malware and etc. • ClamAV is an open source antivirus software typically run on email servers. • ClamAV can be configured to scan incoming and outgoing files but it lacks the runtime function as typically seen in windows. • We just want to install and scan periodically (or just right away for competition). • ClamAV is command line but the ClamTK package adds a GUI.

  6. Installing ClamAV Open Synaptic Package Manager

  7. Type “clamav” into Quick Search.Select “clamav” and “clamtk” packages with dependencies Click Apply and accept the next prompt.

  8. Run Clam Virus Scan Applications Accessories Virus Scanner

  9. ClamAV Preferences

  10. ClamAV Scan • Scan using the “Scan” tab • Full scan: Select a Directory [File System] (will take a long time probably)

  11. Ubuntu Firewalls • Uncomplicated Firewall (UFW) • Front end for IPTables (Default in Ubuntu) • Cheat Sheet CommandsIf prompted for password, use your password or root • sudoufw enable (enables) • sudoufw[allow/deny][port number] • sudoufw status • sudoufw app list (installed profile apps) • sudoufw app info [app name] (port proto) • sudoufw[allow/deny][app name]? • sudoufw logging on (enables logging)

  12. Opening Terminal Through GUI • Applications Accessories Terminal

  13. Command Examples

  14. User and Group Security Command Cheat Sheet • sudoadduser[username] (create user) • sudodeluser[username] (delete user) • sudopasswd –l [username] (lock account) • sudopasswd –u [username] (unlock account) • sudoaddgroup[groupname] (create group) • sudodelgroup[groupname] (delete group) • sudoadduser[username] [groupname] (adds user to a group)

  15. User and Group Security Cont. ls –ld /home/[username] (list permissions of user’s home file or other directory [directorypath]) Directories have directory permissions. The directory permissions restrict different actions than with files or device nodes.

  16. Permissions in Action Using the example above we have the file "/etc/hosts" which is owned by the user root and belongs to the root group. What are the permissions from the above /etc/hosts ls output?

  17. Changing Permissions (chmod) • chmod with letters • Usage: chmod {options} [filename]

  18. Changing Permissions (chmod) • chmod with numbers • Usage: chmod{options} [filename] • When using numbers and multiple options the numbers are added together. • Execute and read would be 5 (1+4=5)

  19. Chmod Usage Example

  20. Changing Ownership(chown) • chown can be used to change the file ownership and group of a file • Usage: chown {options} [owner:group] [filename]

  21. chown example Note: The use of “*” as a wildcard character. This allows multiple files to be targeted with the same command.

  22. Recursive and Wildcards If there is a problem with file ownership due to malware it may be necessary to change the ownership back. The recursive and from= options will be much more efficient when combine with a wildcard. Here’s an example: sudochown –v –R –from=roy:abusersuser:user * Notice that the command has the verbose and recursive flags on. The –from=roy:abusersuser:user * is searching for every file owned by the roy account with group permissions set to the abusers group. This command will then change the ownership to the user account and the user group. The * character is a wildcard to check all files and the –R makes it check recursively. If this command is launched from the base file system it will check every file on the drive. This is extremely powerful but extremely dangerous if the command is messed up in any way. Please make sure you understand before using recursive wildcard chown commands. It should also be noted that some directories will not allow you to launch this command with sudo. In these cases the root account would have to be unlocked and used. Make sure to re-lock the root account after.

  23. Password Policy sudochage –l [username] - shows password policy information for account specified sudochage[username] – change password policy for specified account Unfortunately, the default management for passwords is done by account in regards to expiration, resets, etc. There exist open-source alternatives for better password policy management, but this will probably not be required for the competition.

  24. Password Policy Example

  25. Password Policy Changing the required length, encryption technique, and using complexity rules are all handled in the /etc/pam.d/common-password file. The line directly above the highlighted text is the original. The highlighted has been modified to set the minimum password length to 8 (ubuntu 10.04 is 6 by default). The obscure rule toggles on some basic complexity requirements. And the “sha512” determines the encryption type. MD5 is an option but sha512 is more secure.

  26. Man Pages • Manual Pages are available for most commands and programs within the linux environment. Simply type man [command or program name] to bring up the manual pages. • These pages describe proper use and options for the command/program. • Man Pages = Saving grace for Linux Newbies. • Read them!!

  27. Man Pages for the man Command Yes, there is even a man pages for the man command.

  28. Misc. Commands • gksudo nautilus – opens gui directory browser with escalated priviledges • Ifconfig – works like ipconfig in windows • ls – works like dir, lists contents of directory(-a option to show hidden files) • rm – delete file or folder(additional flags needed for non-empty folders) • cp – copies files from one location to another • sudo – escalates priviledges • man – allows manual to be seen for specified command/application • cd – changes the directory

  29. Misc. Commands • netstat – shows network status (-a flag shows state of all sockets and routing table entries) • top – list running processes with PID# • kill – stops process based on process PID# • locate – list files in database that match a pattern (may need updatedb command) • find – search for files in a directory hierarchy

  30. References • https://help.ubuntu.com/10.04/serverguide/C/security.html

More Related