Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 LINUX SECURITY. 2 Outline Introduction Introduction - UNIX file permission - UNIX file permission - SUID / SGID - SUID / SGID - File attributes - File.

Published byHorace Lane Modified over 9 years ago

Similar presentations

Presentation on theme: "1 LINUX SECURITY. 2 Outline Introduction Introduction - UNIX file permission - UNIX file permission - SUID / SGID - SUID / SGID - File attributes - File."— Presentation transcript:

1 1 LINUX SECURITY

2 2 Outline Introduction Introduction - UNIX file permission - UNIX file permission - SUID / SGID - SUID / SGID - File attributes - File attributes

3 3 Securing LINUX box Securing LINUX box - Hidden files - Hidden files - Tightening script files - Tightening script files Control mounting a file system Control mounting a file system

4 4 Logging Logging - Syslogd - Syslogd - Klogd - Klogd - Remote logging - Remote logging - Shell logging - Shell logging

5 5 UNIX file permissions Each directory and file on the system has a set of permission flags which specify read, write, and execute permissions for the ‘user’, ‘group’, and ‘other’ Each directory and file on the system has a set of permission flags which specify read, write, and execute permissions for the ‘user’, ‘group’, and ‘other’ ‘ls’ with –l option gives info on file permission. ‘ls’ with –l option gives info on file permission.

6 6 Binary / Octal representation: Binary / Octal representation: File permissions can be changed using octal notation. Octal 744 = Binary 111 100 100 user group other user group other Chmod command E.g.: Chmod 744 myfile

7 7 SUID/SGID Setuid program is a program which has its setuid bit set. Setuid program is a program which has its setuid bit set. gid-2, uid-4, both-6 (octal value prepended to standard permission set) gid-2, uid-4, both-6 (octal value prepended to standard permission set) If the owner of the setuid is root then the commands in the program are run with root privileges. If the owner of the setuid is root then the commands in the program are run with root privileges. suid/sgid : Is it a threat? suid/sgid : Is it a threat?

8 8 Locating SUID/SGID programs: Find command: To find all files with the suid bits set: Find command: To find all files with the suid bits set: # find / -type f (-perm -4000 –o -2000 \) -ls To disable the suid bits on selected programs use chmod command. Ex: To disable the suid bits on selected programs use chmod command. Ex: # chmod a-s /bin/mount. # chmod a-s /bin/mount.

9 9 File Attributes: The Linux ext2 file system supports the following file attributes. The Linux ext2 file system supports the following file attributes. ‘A’ – Don’t update the access time ‘S’ – Synchronous updates ‘a’ – Append only ‘c’ – Compressed

10 10 Contd ‘i’ – Immutable ‘d’ – No dump ‘s’ – Secure deletion ‘u’ – Undeletable chattr: Changes the file attributes. The format is +or- = [ASacdisv] The format is +or- = [ASacdisv] # chattr +a myfile # chattr +a myfile lsattr: Lists attributes for a file # lsattr myfile # lsattr myfile

11 11 Hidden Files: Hidden files can be used to hide tools and password cracking programs. Hidden files can be used to hide tools and password cracking programs. # find / -name “..*” –print # find / -name “..*” –print # find / -name “.*” -print

12 12 World Writable files Group and World writable files and directories can be a security hole. Group and World writable files and directories can be a security hole. Look for the files and directories that should not be group or world writable. Look for the files and directories that should not be group or world writable. #find / -type f -perm +022 –ls #find / -type d -perm +022 –ls

13 13 Unowned files: Files with no owner. Files with no owner. Potential threat Potential threat Sometimes we may uninstall a program and get unowned file. Sometimes we may uninstall a program and get unowned file. #find / -nouser –o –nogroup #find / -nouser –o –nogroup

14 14 Tightening script files Script files are responsible for starting and stopping all your normal processes Script files are responsible for starting and stopping all your normal processes #chmod –R 700 etc/rc.d/init.d/* #chmod –R 700 etc/rc.d/init.d/* No reason for users to be able to view or edit startup scripts No reason for users to be able to view or edit startup scripts

15 15 Removing banner info Edit the /etc/rc.d/rc.local file and comment the following lines Edit the /etc/rc.d/rc.local file and comment the following lines - # echo “” > /etc/issue - #echo “$R” >> /etc/issue - #echo “Kernel $(uname –r) on $a $(uname –m)” >> /etc/issue - Remove the files issue.net and issue under /etc - # rm –f /etc/issue - # rm –f /etc/issue.net

16 16 /etc/services file This file contains information about port numbers on which standard services are offered. This file contains information about port numbers on which standard services are offered. Should be protected. Should be protected. # chattr +i etc/services. Similar for other important files Similar for other important files –/etc/passwd, /etc/shadow, /etc/group, configurations files.

17 17 Control mounting a file system In Linux all file systems (hard drives, CD-ROM’s, floppy drives etc) are mounted onto one logical tree with root being the parent directory. In Linux all file systems (hard drives, CD-ROM’s, floppy drives etc) are mounted onto one logical tree with root being the parent directory. The ext2 file system enforces a security model The ext2 file system enforces a security model

18 18 Mount: Mount command attaches a file system to the file system hierarchy at the mount point. Mount command attaches a file system to the file system hierarchy at the mount point. The standard form of mount command The standard form of mount command mount –t type device dir mount –t type device dir

19 19 Options: defaults: Allow suid, read write, quota. nosuid: Do not set SUID/SGID access on this partition. this partition. nodev: Do not set character or special devices access on this platform. devices access on this platform. ro: Allow read only on this partition rw: Allow read-write on this partition

20 20 /etc/fstab Text file containing info about how different partitions on the hard disk are mounted in Linux directories. Text file containing info about how different partitions on the hard disk are mounted in Linux directories. Each entry has 6 fields namely Each entry has 6 fields namely Block_device l mount_point l type l options l dump l pass

21 21 contd Block-device: The partition in the HD Block-device: The partition in the HD Mount-point: Local directory where Mount-point: Local directory where partition is mounted. partition is mounted. Type: Type of partition or file system Type: Type of partition or file system Options: mount(8) Options: mount(8) Dump: Whether partition should be Dump: Whether partition should be dumped for backups dumped for backups Pass: Order in which fsck checks the file system for corruption at booting time Pass: Order in which fsck checks the file system for corruption at booting time

22 22 Logging: Logging is defined as the process of recording actions that have occurred. Logging is defined as the process of recording actions that have occurred. Important to maintain the integrity of the different log files. Important to maintain the integrity of the different log files. Syslogd: utility program that accomplishes logging facility. Syslogd: utility program that accomplishes logging facility.

23 23 contd Syslogd reads /etc/syslog.conf file. Syslogd reads /etc/syslog.conf file. The file consists of two fields. The file consists of two fields. - selector and - selector and - action field - action field authpriv.*;mail.*;daemon. info /dev/lp0

24 24 Klogd daemon Intercepts and logs kernel messages Intercepts and logs kernel messages Log info may be in /proc file system or sys_syslog Log info may be in /proc file system or sys_syslog Remote logging: Easy to control and added security. Remote logging: Easy to control and added security.

25 25 Shell logging Bash shell stores up to 500 old commands in the ~/.bash_history Bash shell stores up to 500 old commands in the ~/.bash_history Password threat Password threat Edit /etc/profile Edit /etc/profile histfilesize=20 and histsize=20 histfilesize=20 and histsize=20 Edit /etc/skel/.bash_logout Edit /etc/skel/.bash_logout rm –f $HOME/.bash_history rm –f $HOME/.bash_history

26 26 UTMP and WTMP UTMP is a system log file that records users currently logged in. UTMP is a system log file that records users currently logged in. UTMP is a place for exploitation to cause system damage UTMP is a place for exploitation to cause system damage UTMP contains accounting and access info for commands who, last, lastlog etc. UTMP contains accounting and access info for commands who, last, lastlog etc. WTMP contains history for UTMP data base WTMP contains history for UTMP data base

27 27 Questions ?

Download ppt "1 LINUX SECURITY. 2 Outline Introduction Introduction - UNIX file permission - UNIX file permission - SUID / SGID - SUID / SGID - File attributes - File."

Similar presentations

The UNIX File System Harry Chen Department of CSEE University of MD Baltimore County.

The UNIX File System Harry Chen Department of CSEE University of MD Baltimore County.
A Guide to Unix Using Linux Fourth Edition

A Guide to Unix Using Linux Fourth Edition
5 Basic utilities When a user logs in to the Linux operating system the directory that they will start in is their home directory. Most users will have.

5 Basic utilities When a user logs in to the Linux operating system the directory that they will start in is their home directory. Most users will have.
Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Introduction to Unix (CA263) File System

Introduction to Unix (CA263) File System
2000 Copyrights, Danielle S. Lahmani UNIX Tools G22.2245-001, Fall 2000 Danielle S. Lahmani Lecture 12.

2000 Copyrights, Danielle S. Lahmani UNIX Tools G , Fall 2000 Danielle S. Lahmani Lecture 12.
Exploring the UNIX File System and File Security

Exploring the UNIX File System and File Security
GNU/Linux Filesystem 1 st AUT GNU/Linux Festival Computer Engineering & IT Department Bahador Bakhshi.

GNU/Linux Filesystem 1 st AUT GNU/Linux Festival Computer Engineering & IT Department Bahador Bakhshi.
Lesson 22 – Introduction to Linux Systems Administration.

Lesson 22 – Introduction to Linux Systems Administration.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Linux Linux File System.

Linux Linux File System.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Laksh mi.  fdisk is an interactive utility to manipulate disk partitions.  Use fdisk –l to review the disks and partitions on the system.  Use fdisk.

Laksh mi.  fdisk is an interactive utility to manipulate disk partitions.  Use fdisk –l to review the disks and partitions on the system.  Use fdisk.
Getting Started with Linux Linux System Administration Permissions.

Getting Started with Linux Linux System Administration Permissions.
Linux Commands LINUX COMMANDS.

Linux Commands LINUX COMMANDS.
File System and Directory Structure in Linux. What is File System In a computer, a file system is the way in which files are named and where they are.

File System and Directory Structure in Linux. What is File System In a computer, a file system is the way in which files are named and where they are.
Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Guide to Operating System Security Chapter 5 File, Directory, and Shared Resource Security.

Similar presentations

Ads by Google