Linux security Taeho Oh

Slides:



Advertisements
Similar presentations
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
Advertisements

What is hacking? Taeho Oh
Chapter 21 Security. Computer Center, CS, NCTU 2 Firewall (1)  Using ipfw 1.Add these options in kernel configuration file and recompile the kernel 2.Edit.
Netprog: daemons and inetd1 Daemons & inetd Refs: Chapter 13.
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
Linux Security 資管研究生 劉順德. Outline General Security –Account –Local –Network –Patch Services Security –Sendmail –BIND/DNS –Apache –FTP Recent Linux security.
Daemon Processes and inetd Superserver
Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.
Chapter 3 Unix Overview. Figure 3.1 Unix file system.
1 COP 4343 Unix System Administration Unit 9: printing – lpr – CUPS.
NOC TOOLS syslog AfNOG Cairo, SI-E, 2 of 5 Sunday Folayan.
Remote Disk Access with NFS
Linux System Administration LINUX SYSTEM ADMINISTRATION.
Linux+ Guide to Linux Certification, Third Edition
Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany.
Taeho Oh/PLUS 3rd CONCERT Workshop Nov Intrusion demonstration Part I Postech PLUS Taeho Oh (PLUS015)
1 Linux Networking and Security Chapter 4. 2 Configuring Client Services Configure “superservers” to handle multiple network services Set up administrative.
Hacking Linux Systems.  Text Editors  vi, ex, pico, jove, GNU emacs  Shells  chs (C Shell), sh (Bourne Shell)  File navigation  cd, ls, cp, mv,
Linux Networking #2 Dr. Michael L. Collard 1.
System Startup & Shutdown Objectives –to interpret the Unix startup and shutdown configuration files –to be able to create a customised run level Contents.
Linux Security Anthony Albrecht – Services & Accounts
Some Practical Security AfNOG 2004 Workshop Hervey Allen May 2004 Liberal borrowing from Brian Candler.
Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.
What is Linux? Linux is a free Unix- type operating system originally created by Linus Torvalds with the assistance of developers around the world.
COSC 4750 Customizing and maintenance. Installing software Redhat/Fedora (and linux in general) has a package installer, called rpm Many programs will.
A few Linux basics Network Monitoring & Management.
ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration.
Managing Ensembles Nilesh M. Bhide. System Access Models The Stand-alone System –Beowulf system unattached to any external network The Universally Accessible.
Server Hardening by Shad Rich ISQS 6342 Spring 2004.
Chapter 21 Security. Computer Center, CS, NCTU 2 FreeBSD Security Advisories 
Bugs SATAN scans for It is interesting to look at the bugs SATAN scans for. They are easily detected by the scanners and therefore do not pose a threat.
Postfix Mail Server Postfix is used frequently and handle thousands of messages. compatible with sendmail at command level. high performance program easier-
Linux Services Muhammad Amer. 2 xinetd Programs  In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon.
Proxy Server PROXY SERVER. What is a Web Proxy? Proxy Server A proxy is a host which relays web access requests from clients Used when clients do not.
 FreeBSD firewalls › ipfw -- IP firewall and traffic shaper control program  ipfw(8) › ipf (IP Filter) - alters packet filtering lists for IP packet.
CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.
CIS 192B – Lesson 3 Network Information Services.
Security. Computer Center, CS, NCTU 2 FreeBSD Security Advisories 
Linux Security. Module 13 – Linux Security ♦ Overview Linux is more prone today to security loopholes and attacks, both inside and outside the network.
1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.
Internet Services.  Basically, an Internet Service can be defined as any service that can be accessed through TCP/IP based networks, whether an internal.
1 Daemons & inetd Refs: Chapter Daemons A daemon is a process that: –runs in the background –not associated with any terminal Unix systems typically.
C. Aiftimiei, E. Ferro / January LCFGng server installation Cristina Aiftimiei, Enrico Ferro INFN-LNL.
KaaShiv InfoTech Ethical Hacking For Inplant Training / I nternship, please download th e "Inplant training registration form" fr om our website
Daemons Ying Zhang CMSC691X, Summer02. Outline  Introduction  Init and Cron  System daemons  Print daemons and NFS daemons  Time synchronization.
Chap 11 System Admin: Core Concepts. A well-maintained system… Runs quickly enough so users don’t get frustrated Has enough storage to accommodate users’
Network File System Peter DSouza. NFS  Allows machines to mount a disk partition on a remote machine as if it were a local drive  Other systems similar.
Unix System Administration Chapter 31 Daemons. Out of the Goo, the Primordial Process l Init l Always the first process to run after system boot l Always.
Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.
Getting Started with Linux
LINUX SYSTEM ADMINISTRATION
NAT、DHCP、Firewall、FTP、Proxy
COP 4343 Unix System Administration
The Linux Operating System
System Programming and administration CS 308
LINUX ADMINISTRATION
LINUX ADMINISTRATION 1
Security.
IS3440 Linux Security Unit 6 Using Layered Security for Access Control
Network Services CSCI N321 – System and Network Administration
Network Services.
COP 4343 Unix System Administration
LINUX SYSTEM ADMINISTRATION
Security.
Configuration Of A Pull Network.
Linux and TCP/IP Networking
Daemons & inetd Refs: Chapter 12.
Security.
Security.
Security.
Presentation transcript:

Linux security Taeho Oh

Contents (1) Why do hackers use linux? Why is linux hacked? Default installed daemons Default installed setuid programs Setup tcpwrapper Setup ipchains Setup loghost

Contents (2) How to patch vulnerable programs

Why do hackers use linux? Similar to unix –Almost all servers are unix Easy to get –Hackers don ’ t have much money Source code is available –Easy to modify –Easy to develop a program

Why is linux hacked? (1) Linux is widely used –Easy to get –Easy to use –High performance –High reliability Applications source code is available –Easy to find a security vulnerability

Why is linux hacked? (2) Too many applications are default installed –All applications have many bugs

Default installed daemons (1) There are too many default installed daemons –The admin must remove unused daemons –Change /etc/rc.d files and /etc/inetd.conf file

Default installed daemons (2) [ ~ ] {1} $ cd /etc/rc.d/init.d [ /etc/rc.d/init.d ] {2} $ ls afs gated killall network rstatd syslog amd gpm kudzu nfs rusersd xfs arpwatch halt ldap nfslock rwalld xntpd atd httpd linuxconf nscd rwhod ypbind autofs inet lpd portmap sendmail passwdd bootparamd innd mars-new postgresql single ypserv crond irda mcserv pulse smb dhcpd isdn named random snmpd functions keytable netfs routed squid

Default installed daemons (3) [ /etc/rc.d/init.d ] {3} $ cd /etc/rc.d [ /etc/rc.d ] {4} $ find. -name "*httpd*" -print./init.d/httpd./rc0.d/K15httpd./rc1.d/K15httpd./rc2.d/K15httpd./rc3.d/S85httpd./rc4.d/S85httpd./rc5.d/S85httpd./rc6.d/K15httpd

Default installed daemons (4) [ /etc/rc.d ] {5} $ rm –f rc3.d/S85httpd rc4.d/S85httpd rc5.d/S85httpd [ /etc/rc.d ] {6} $ /etc/rc.d/init.d/httpd stop Shutting down http: [ OK ] [ /etc/rc.d ] {7} $ vi /etc/inetd.conf ( comment out unused daemons with ‘#’ ) [ /etc/rc.d ] {8} $ killall –HUP inetd [ /etc/rc.d ] {9} $

Default installed setuid programs (1) There are too many default installed setuid programs –The admin must remove unused setuid programs

Default installed setuid programs (2) [ ~ ] {1} $ find / -perm exec ls - l {} \; -rws--x--x 1 root root 6340 Nov 16 10:19 /usr/X11R6/bin/Xwrapper -rwsr-xr-x 1 games games May /usr/X11R6/bin/xhextris (... ) -rwsr-sr-x 1 root tty Sep 26 01:07 /sbin/restore -r-sr-xr-x 1 root root Jan 4 09:40 /sbin/pwdb_chkpwd

Default installed setuid programs (3) [ ~ ] {2} $ chmod a-s /sbin/restore [ ~ ] {3} $ ls –l /sbin/restore -rwxr-xr-x 1 root tty Sep 26 01:07 /sbin/restore [ ~ ] {4} $

Setup tcpwrapper (1) Allow or disallow the connection from specific IP Control the connection to the daemons in the /etc/inetd.conf Setup files are /etc/hosts.allow and /etc/hosts.deny

Setup tcpwrapper (2) /etc/hosts.deny /etc/hosts.allow ALL:ALL: spawn ((/usr/sbin/safe_finger | /bin/mail root)&) in.telnetd: , 127. in.ftpd: , 127. portmap: , 127.

Setup tcpwrapper (3) For more information –ftp://ftp.porcupine.org/pub/security/index.ht ml –man 5 hosts_access

Setup ipchains (1) Filter IP packet It ’ s a good solution to setup firewall Be careful before setup ipchains –It ’ s very powerful but very complicated

Setup ipchains (2) ipchains -A input -p TCP -s '!' / j DENY -l ipchains -A input -p TCP -s / domain -j ACCEPT ipchains -A input -p TCP -d /0 :1024 -y -j DENY -l ipchains -A input -p UDP -s '!' / j DENY -l ipchains -A input -p UDP -s / domain -j ACCEPT ipchains -A input -p UDP -d /0 '!' syslog -j DENY -l ipchains -A input -p ICMP -s /0 0 -j DENY -l ipchains -A input -p ICMP -s /0 8 -j DENY -l

Setup ipchains (3) For more information – – HOWTO –man ipchains

Setup loghost (1) syslogd can send the log to the loghost To send log to the loghost –Change /etc/syslog.conf To receive log from the host –Run syslogd with ‘ -r ’ option

Setup loghost (2) /etc/syslog.conf ( client setup ) loghost setup ( server setup ) [ ~ ] {1} $ vi /etc/rc.d/init.d/syslog ( change ‘daemon syslogd -m 0’ to ‘daemon syslogd -m 0 –r’ ) [ ~ ] {2} $ /etc/rc.d/init.d/syslog restart

How to patch vulnerable programs (1) Check the linux distribution homepage –Ex) Redhat, Debian, Alzza, and so on

How to patch vulnerable programs (2) Patch vulnerable programs in the redhat linux –Download package from errata.html –rpm – U packagename.rpm

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.