Presentation is loading. Please wait.

Presentation is loading. Please wait.

Linux security Taeho Oh

Published byBennett Young Modified over 9 years ago

Similar presentations

Presentation on theme: "Linux security Taeho Oh"— Presentation transcript:

1 Linux security Taeho Oh http://postech.edu/~ohhara ohhara@postech.edu

2 Contents (1) Why do hackers use linux? Why is linux hacked? Default installed daemons Default installed setuid programs Setup tcpwrapper Setup ipchains Setup loghost

3 Contents (2) How to patch vulnerable programs

4 Why do hackers use linux? Similar to unix –Almost all servers are unix Easy to get –Hackers don ’ t have much money Source code is available –Easy to modify –Easy to develop a program

5 Why is linux hacked? (1) Linux is widely used –Easy to get –Easy to use –High performance –High reliability Applications source code is available –Easy to find a security vulnerability

6 Why is linux hacked? (2) Too many applications are default installed –All applications have many bugs

7 Default installed daemons (1) There are too many default installed daemons –The admin must remove unused daemons –Change /etc/rc.d files and /etc/inetd.conf file

8 Default installed daemons (2) [ ohhara@ohhara ~ ] {1} $ cd /etc/rc.d/init.d [ ohhara@ohhara /etc/rc.d/init.d ] {2} $ ls afs gated killall network rstatd syslog amd gpm kudzu nfs rusersd xfs arpwatch halt ldap nfslock rwalld xntpd atd httpd linuxconf nscd rwhod ypbind autofs inet lpd portmap sendmail passwdd bootparamd innd mars-new postgresql single ypserv crond irda mcserv pulse smb dhcpd isdn named random snmpd functions keytable netfs routed squid

9 Default installed daemons (3) [ ohhara@ohhara /etc/rc.d/init.d ] {3} $ cd /etc/rc.d [ ohhara@ohhara /etc/rc.d ] {4} $ find. -name "*httpd*" -print./init.d/httpd./rc0.d/K15httpd./rc1.d/K15httpd./rc2.d/K15httpd./rc3.d/S85httpd./rc4.d/S85httpd./rc5.d/S85httpd./rc6.d/K15httpd

10 Default installed daemons (4) [ ohhara@ohhara /etc/rc.d ] {5} $ rm –f rc3.d/S85httpd rc4.d/S85httpd rc5.d/S85httpd [ ohhara@ohhara /etc/rc.d ] {6} $ /etc/rc.d/init.d/httpd stop Shutting down http: [ OK ] [ ohhara@ohhara /etc/rc.d ] {7} $ vi /etc/inetd.conf ( comment out unused daemons with ‘#’ ) [ ohhara@ohhara /etc/rc.d ] {8} $ killall –HUP inetd [ ohhara@ohhara /etc/rc.d ] {9} $

11 Default installed setuid programs (1) There are too many default installed setuid programs –The admin must remove unused setuid programs

12 Default installed setuid programs (2) [ ohhara@ohhara ~ ] {1} $ find / -perm -4000 -exec ls - l {} \; -rws--x--x 1 root root 6340 Nov 16 10:19 /usr/X11R6/bin/Xwrapper -rwsr-xr-x 1 games games 34488 May 19 1999 /usr/X11R6/bin/xhextris (... ) -rwsr-sr-x 1 root tty 72668 Sep 26 01:07 /sbin/restore -r-sr-xr-x 1 root root 29022 Jan 4 09:40 /sbin/pwdb_chkpwd

13 Default installed setuid programs (3) [ ohhara@ohhara ~ ] {2} $ chmod a-s /sbin/restore [ ohhara@ohhara ~ ] {3} $ ls –l /sbin/restore -rwxr-xr-x 1 root tty 72668 Sep 26 01:07 /sbin/restore [ ohhara@ohhara ~ ] {4} $

14 Setup tcpwrapper (1) Allow or disallow the connection from specific IP Control the connection to the daemons in the /etc/inetd.conf Setup files are /etc/hosts.allow and /etc/hosts.deny

15 Setup tcpwrapper (2) /etc/hosts.deny /etc/hosts.allow ALL:ALL: spawn ((/usr/sbin/safe_finger -l @%h | /bin/mail root)&) in.telnetd: 141.223., 127. in.ftpd: 141.223., 127. portmap: 141.223., 127.

16 Setup tcpwrapper (3) For more information –ftp://ftp.porcupine.org/pub/security/index.ht ml –man 5 hosts_access

17 Setup ipchains (1) Filter IP packet It ’ s a good solution to setup firewall Be careful before setup ipchains –It ’ s very powerful but very complicated

18 Setup ipchains (2) ipchains -A input -p TCP -s '!' 141.223.0.0/255.255.0.0 -j DENY -l ipchains -A input -p TCP -s 141.223.1.2/255.255.255.255 domain -j ACCEPT ipchains -A input -p TCP -d 0.0.0.0/0 :1024 -y -j DENY -l ipchains -A input -p UDP -s '!' 141.223.0.0/255.255.0.0 -j DENY -l ipchains -A input -p UDP -s 141.223.1.2/255.255.255.255 domain -j ACCEPT ipchains -A input -p UDP -d 0.0.0.0/0 '!' syslog -j DENY -l ipchains -A input -p ICMP -s 0.0.0.0/0 0 -j DENY -l ipchains -A input -p ICMP -s 0.0.0.0/0 8 -j DENY -l

19 Setup ipchains (3) For more information –http://www.rustcorp.com/linux/ipchains/ –http://kldp.org/Translations/IPCHAINS- HOWTO –man ipchains

20 Setup loghost (1) syslogd can send the log to the loghost To send log to the loghost –Change /etc/syslog.conf To receive log from the host –Run syslogd with ‘ -r ’ option

21 Setup loghost (2) /etc/syslog.conf ( client setup ) loghost setup ( server setup ) *.debug @141.223.xxx.xxx [ ohhara@ohhara ~ ] {1} $ vi /etc/rc.d/init.d/syslog ( change ‘daemon syslogd -m 0’ to ‘daemon syslogd -m 0 –r’ ) [ ohhara@ohhara ~ ] {2} $ /etc/rc.d/init.d/syslog restart

22 How to patch vulnerable programs (1) Check the linux distribution homepage –Ex) Redhat, Debian, Alzza, and so on

23 How to patch vulnerable programs (2) Patch vulnerable programs in the redhat linux –Download package from http://www.redhat.com/support/errata/rh- errata.html –rpm – U packagename.rpm

Download ppt "Linux security Taeho Oh"

Similar presentations

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
What is hacking? Taeho Oh

What is hacking? Taeho Oh
Chapter 21 Security. Computer Center, CS, NCTU 2 Firewall (1)  Using ipfw 1.Add these options in kernel configuration file and recompile the kernel 2.Edit.

Chapter 21 Security. Computer Center, CS, NCTU 2 Firewall (1)  Using ipfw 1.Add these options in kernel configuration file and recompile the kernel 2.Edit.
Netprog: daemons and inetd1 Daemons & inetd Refs: Chapter 13.

Netprog: daemons and inetd1 Daemons & inetd Refs: Chapter 13.
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.

Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
Linux Security 資管研究生 劉順德. Outline General Security –Account –Local –Network –Patch Services Security –Sendmail –BIND/DNS –Apache –FTP Recent Linux security.

Linux Security 資管研究生 劉順德. Outline General Security –Account –Local –Network –Patch Services Security –Sendmail –BIND/DNS –Apache –FTP Recent Linux security.
Daemon Processes and inetd Superserver

Daemon Processes and inetd Superserver
Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.

Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.
Chapter 3 Unix Overview. Figure 3.1 Unix file system.

Chapter 3 Unix Overview. Figure 3.1 Unix file system.
1 COP 4343 Unix System Administration Unit 9: printing – lpr – CUPS.

1 COP 4343 Unix System Administration Unit 9: printing – lpr – CUPS.
NOC TOOLS syslog AfNOG 2009 - Cairo, SI-E, 2 of 5 Sunday Folayan.

NOC TOOLS syslog AfNOG Cairo, SI-E, 2 of 5 Sunday Folayan.
Remote Disk Access with NFS

Remote Disk Access with NFS
Linux System Administration LINUX SYSTEM ADMINISTRATION.

Linux System Administration LINUX SYSTEM ADMINISTRATION.
Linux+ Guide to Linux Certification, Third Edition

Linux+ Guide to Linux Certification, Third Edition
Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany.

Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany.
Taeho Oh/PLUS 3rd CONCERT Workshop Nov. 1999 Intrusion demonstration Part I Postech PLUS Taeho Oh (PLUS015)

Taeho Oh/PLUS 3rd CONCERT Workshop Nov Intrusion demonstration Part I Postech PLUS Taeho Oh (PLUS015)
1 Linux Networking and Security Chapter 4. 2 Configuring Client Services Configure “superservers” to handle multiple network services Set up administrative.

1 Linux Networking and Security Chapter 4. 2 Configuring Client Services Configure “superservers” to handle multiple network services Set up administrative.
Hacking Linux Systems.  Text Editors  vi, ex, pico, jove, GNU emacs  Shells  chs (C Shell), sh (Bourne Shell)  File navigation  cd, ls, cp, mv,

Hacking Linux Systems.  Text Editors  vi, ex, pico, jove, GNU emacs  Shells  chs (C Shell), sh (Bourne Shell)  File navigation  cd, ls, cp, mv,
Linux Networking #2 Dr. Michael L. Collard 1.

Linux Networking #2 Dr. Michael L. Collard 1.
System Startup & Shutdown Objectives –to interpret the Unix startup and shutdown configuration files –to be able to create a customised run level Contents.

System Startup & Shutdown Objectives –to interpret the Unix startup and shutdown configuration files –to be able to create a customised run level Contents.

Similar presentations

Ads by Google