Upload
ashok-k
View
235
Download
0
Embed Size (px)
Citation preview
8/14/2019 Linux Security Zuo
1/40
Linux Security
Chapter 21 (section 1-7)
ByYanjun Zuo
8/14/2019 Linux Security Zuo
2/40
Morris worm Robert Morris, a graduate student
at Connell university, released an
Internet worm in 1988This worm made use of the open
nature of mail transport agents (adebug program) to spread
Since then, computer securityentered a new stage
8/14/2019 Linux Security Zuo
3/40
Security A recent survey (by CSI/FBI in April
2001) showed 91% of organizations
have reported security breaches in thepast 12 months
95% of these reporting organizationsused security tools such as commercial
firewalls This facts at least teach us security is a
complicated issue and some
commercial security products are not
8/14/2019 Linux Security Zuo
4/40
Linux security Like other OS, Linux is not secure - Linux is optimized for convenience and
doesnt make security easy or nature - Linux security is effectively binary: all
or nothing in term of power. Facilitiessuch as setuid execution tend to give a
way in the middle - Linux is developed by a large
community of programmers and is opensource
8/14/2019 Linux Security Zuo
5/40
Linux securityThe most important security issues
to consider for a Linux system
- Packet filtering: there must be apacket filtering router or firewallbetween the Linux system and theoutside world (iptables)
- Unnecessary services (examinethe contents of /etc/inetd.conf)
8/14/2019 Linux Security Zuo
6/40
Linux security - Software patches: update software
security patches regularly and as soon
as possible - Backups: any other methods may fail
so it is important to make backups - Passwords: it is no longer secure to
send plaintext reusable passwords online. Use SSH or other authenticationsystems
8/14/2019 Linux Security Zuo
7/40
How security is
compromised Unreliable wetware: human users
and administrators may be the
weakest link in the chain ofsecurity
Software bugs: user programs,system, and networkvulnerabilities
Open doors: many software areconfigured as not-so-secure by
default
8/14/2019 Linux Security Zuo
8/40
/etc/passwd and
/etc/shadow filesThese two files are the systems
first line of defense against
intruders It is very important to regularly
check every login has a password
Pseudo-users such as daemonwho own files but never loginshould have a star (*) in theirencrypted password field
8/14/2019 Linux Security Zuo
9/40
/etc/passwd and
/etc/shadow filesThe command
perl F: -ane `print if not $F[1];` /etc/shadow
can be used to find null passwords Use the cron program to run this
command and send mail to youabout any null password
8/14/2019 Linux Security Zuo
10/40
/etc/passwd and
/etc/shadow files /etc/shadow is read only by root /etc/passwd and /etc/group should
be written only by root Passwords chosen by users should
be at least 8 character long and
should include numbers,punctuation, or changes in case
8/14/2019 Linux Security Zuo
11/40
PAM: pluggable
authentication module PAM can be used to integrate login
services with different
authentication technologies, suchas RSA, DCE, Kerberos, S/Key, andsmart card based authentication
systems [1]
8/14/2019 Linux Security Zuo
12/40
PAM: pluggable
authentication module Applications enabled to make use of
PAM can beplugged-in to new
technologies without modifying theexisting applications. This flexibilityallows administrators to do thefollowing:
Select any authentication service on the system for anapplication
Use multiple authentication mechanisms for a given service Add new authentication service modules without modifying
existing applications
Use a previously entered password for authentication withmultiple modules [2]
8/14/2019 Linux Security Zuo
13/40
PAM: pluggable
authentication module The concept of Linux-PAM: programs
that require authentication only need to
know that there is a module availablethat will perform the authentication forthem
PAM is set up so that modules can be
added,deleted, and reconfigured at anytime- it is not necessary for modules tobe linked in at the time a utility iscompiled
8/14/2019 Linux Security Zuo
14/40
PAM: pluggable
authentication module It is the purpose of the Linux-PAM
project to separate the
development of privilege grantingsoftware from the development ofsecure and appropriate
authentication schemes. This isaccomplished by providing alibrary of functions that an
application may use to requestthat a user be authenticated 3
8/14/2019 Linux Security Zuo
15/40
Format of PAM
configuration file entries Configuration file for PAM is in the
directory of /etc/pam.d
- entry of the configure file has theformat:
module-type control-flag module-patharguments
8/14/2019 Linux Security Zuo
16/40
Format of PAM
configuration file entries Module-type field: auth, account,
session, or password
Control-flag field: required,requisite, sufficient, or optional
Module-path: pathname for the
dynamically loaded module objectArgument: the argument for the
dynamically loaded module object
8/14/2019 Linux Security Zuo
17/40
An example of PAM Additions to /etc/pam.d/passwd to
enable the passwd to perform
strong password checking by usinga PAM module derived from thecrack library might look like this:
password required pam-cracklib.so retry=3password required pam_pwdb.so use_authtok
8/14/2019 Linux Security Zuo
18/40
Group logins and shared
logins Dont recommend to allow users to
share logins with family or friends Recommend to use sudo program
to control access to rootly power
8/14/2019 Linux Security Zuo
19/40
Rootly entries A common way for hackers to install a
back door once they have obtained a
root shell is to edit new root logins into/etc/passwd
The following script can be used to findany lines in the passwd file that have
null or 0 UIDs
perl F: -ane `print if not $F[2];` /etc/passwd
8/14/2019 Linux Security Zuo
20/40
Setuid programs The setuid commands distributed with
Linux are theoretically secure; but theyhave security holes
Try to minimize the number of setuidprograms
Although a shell spawned to execute a
script doesnt necessarily read theusers shell configuration files, it can beinfluenced by the users environment,by the contents of the current directory,
or by the manner in which the script isinvoked
8/14/2019 Linux Security Zuo
21/40
Setuid program A setuid program can be run as a
pseudo user instead of root Use a low UID for the pseudo user,
put a star in the passwd field, andmake the pseudo users home
directory be /etc/null
8/14/2019 Linux Security Zuo
22/40
Setuid programs Setuid and Setgid execution on
individual filesystem can be
disabled through use of the onosuid option to mount
8/14/2019 Linux Security Zuo
23/40
Setuid programs It is useful to scan disks periodically to
look for new setuid programs
A hacker who has breached the securityof your system will sometimes create aprivate setuid shell or utility to facilityrepeat virists
The command can find and a list of allsetuid files and mail to the admin user
find ~user root perm 4000 print | mail s Setuidroot files admin
8/14/2019 Linux Security Zuo
24/40
Important file permissions /dev/kmem should only be readable by
the owner and group, never by the
world since this file allows access to thekernels own virtual address space If your /dev/kmem file is publicly
readable, a competent programmer can
then look for things like unencryptedpasswords in the kernel data structuresand buffers. Change that not allowworld readable
8/14/2019 Linux Security Zuo
25/40
Important file permissions Directories that are accessible through
anonymous FTP should not be publicly
writable Such directories create a nest for
hackers to distributed illegally copiedsoftware and other sensitive files
Setting up anonymous FTP usuallyinvolves copying a skeleton passwordfile into ~ftp/etc/passwd so that ls will
work correctly
8/14/2019 Linux Security Zuo
26/40
Important file permissions Having read or write permission on a
disk device file is essentially the same
as having read or write permission onevery file in the filesystem it represents Only root should have both read and
write permission The group owner is sometimes given
read permission to facilitate backups,but there should be no permissions for
the world
8/14/2019 Linux Security Zuo
27/40
Remote event logging Forward log information to a file, a list
of users, or another host on the network
Set up a secure host that acts as acentral logging machine and print outsecurity violations
This precaution prevents hackers fromcovering their tracks by rewriting orerasing log files
8/14/2019 Linux Security Zuo
28/40
Secure terminals Linux can be configured to restrict
root logins to specific secure
terminals It is good idea to disable root
logins on channels such as dial-up
modems Network pseudo-terminals are
often set to disable root logins
8/14/2019 Linux Security Zuo
29/40
Secure terminals The secure channels are specified as a
list of TTY devices in the configuration
file /etc/securetty It is also possible to restrict nonroot
logins to particular locations withentries in the file
/etc/security/access.conf or to particulartimes with entries with entries in the file/etc/security/time.conf
8/14/2019 Linux Security Zuo
30/40
/etc/hosts.equiv and
~/.rhosts These two files define hosts as being
administratively equivalent to one
another rshd and rlogind, the server processes
that read .rhosts and hosts.equiv, arerecommended to be disabled
The functionalities of telent, rlogin, rsh,or rcp can be replaced with high-security equivalents such as SSH
8/14/2019 Linux Security Zuo
31/40
rexecd and tftpd Rexecd is another remote command
execution daemon, which is the serverfor the rexec library routine
Requests send to rexecd include aplaintext password
Tftpd is a server for the Trivial File
Transfer Protocol It allows machines on the network to
request files from your hard disks.Hence it is a potential security hole
8/14/2019 Linux Security Zuo
32/40
fingerd finger is a Linux command that
prints a short report about a
particular user Information collected from finger is
potentially useful to hackers
It is recommended to disablefingerd in /etc/inetd.conf
8/14/2019 Linux Security Zuo
33/40
Security and NIS NIS maintains and distributes files
such as /etc/group, /etc/passwd,
and /etc/hosts NISs very nature of easy
information access makes it tasty
hacker bait A late replacement is NIS+
8/14/2019 Linux Security Zuo
34/40
Security and NFS Access to NFS volumes is granted by
/etc/exports
This is a weak form of security becausethe server trusts the clients to tell itwho they are
It is easy to make clients lie about their
identities The TCP wrappers package can help
limit the hosts that can access NFSfilesystems (through /etc/hosts.deny)
8/14/2019 Linux Security Zuo
35/40
Security and NFS File-level access control to NFS
filesystems is managed according
to UID, GID, and file permissions Once again, the NFS sever trusts
the client to tell it who is accessingfiles
It is strongly recommended to useglobally unique UIDs and theroot_squash option
8/14/2019 Linux Security Zuo
36/40
Security and NFS It is a good idea to block access toTCP and UDP ports 2049 (used by
NFS) when configuring firewallsYou should also block access to the
portmap daemon, which normally
listens on TCP and UDP ports 111
8/14/2019 Linux Security Zuo
37/40
Security and sendmail Sendmail is a massive network
system and a large part of it runs
as root Sendmail accepts arbitrary user-
supplied input and deliver it tolocal users, files, or shells
It has often been subject to theattacks
Numerous vulnerabilities have
been exposed over time
8/14/2019 Linux Security Zuo
38/40
Trojan horses Programs arent what they seem to
be It is remarkable how few Trojan
hose incidents there have been
8/14/2019 Linux Security Zuo
39/40
References(1)http://java.sun.com/security/jaas/doc/pam.htm
l
(2)http://publib16.boulder.ibm.com/pseries/en_US/aixbman/security/pam_overview.htm
(3)http://www.tldp.org/HOWTO/User-Authentication-HOWTO/x101.html
8/14/2019 Linux Security Zuo
40/40
Questions
or
Comments?