Upload
corey-byrd
View
213
Download
0
Embed Size (px)
Citation preview
CHAPTER 12
Hacking Linux Systems
Linux Basics Text Editors
vi, ex, pico, jove, GNU emacs Shells
chs (C Shell), sh (Bourne Shell) File navigation
cd, ls, cp, mv, mkdir, rm
Linux Basics Directories
/bin: common Linux user commands ( ls, sort, date, chmod)
/sbin: admin commands and daemon processes /etc: admin config files, passwd file, shadow
file /dev: files representing access points to devices /usr: user docs, graphical files, libraries
Networking commands arp, ifconfig, dig, netstat, nslookup, traceroute
Linux Basics
Noteworthy commands mkpassword: generate random password chage & passwd: force users to change
password useradd: create new user usermod: modify a user account groupadd: create new group
Linux Basics
Noteworthy commands pwconv: change password file to shadow file groups: get info about a user kill: stop an unwanted service w: display currently logged in users umask: set initial file permissions on new files chmod: change file permissions chkrootkit: check for installed rootkit
Reason to compile a kernel
New hardware
Bug fix
New app requires new OS
Linux Hardening Methods Secure location Strong passwords Shadow passwords:
Use PASSCONV command to move passwords to: /etc/shadow
Format: LoginName.Password.UserID.PrimaryGroupID.Comment:HomeDirectory:ShellAssigned
eg: mark:x:501:100:Mark Smith:/home/mark:bin/tcsh Also, generate random passwords with mkpasswd Also, require password changes: passwd, chage
Remove unused services
Linux Hardening Methods Preconfigure default user account and files
/etc/skel Apply bug fixes Disable remote access
Or use VPN (Linux uses 3DES) Use syslog for centralizing log files
Rsyslog, Swatch, Timbersee, IPLog Verify downloaded files are not
compromised Command: sum <file name> checks MD5 info
Monitor network traffic Ntop, MRTG, IPTraf
Linux Hardening Methods Determine if NIC is promiscuous
Ifconfig | grep PROMISC grep Promisc /var/log/messages ip link | grep PROMISC
Firewall < 2.4 Kernel: IPChains >= 2.4 Kernel: IPTables
Securely erase data wipe /dev/….
Install/configure a proxy server: Squid Protect DNS info: BIND