Unix security
Unix security, maintaining a secure environment on
Unix and Unix-like
operating systems is dependant on design concepts of these operating systems, but vigilance through user and administrative techniques is important to maintain security also.
This entry is currently in a scratch pad form - has lots of bones but no meat - im working on it - feel free to join in.
Permissions
A core security feature in these systems is the permissions system. All files in a typical Unix-style filesystem have permissions set enabling different access to a file.
Permissions on a file are commonly seen through the ls command. For example:
-r-xr-xr-x 1 root wheel 745720 Sep 8 2002 /bin/sh
Unix permissions permit different users access to a file. Different
user groups have different permissions on a file.
Users under Unix style operating systems often belong to managed groups with specific access permissions. This enables users to be grouped by the level of access they have to this system
Most Unix style systems have an account or group which enables a user to exact complete control over the system, often known as a root account. If access to this account is gained by an unwanted user, this results in a complete breach of the system. A root account however is necessary for administrative purposes, and for the above security reasons the root account is seldom used for day to day purposes, so further vigilance is able to be taken to root account usage
Passowrds
1. Patching
2. Users and accounts
3. Services
4. File system security
crack, john the ripper, dict attacks, nemonic techniques shadow/master.passwd crypt and MD5
delete old accounts
su, sudo, wheel on bsd, /etc/securetty, ssh only, no root logins
source
rpm based
deb based
freebsd ports and packages
meta - apt, rhn, red carpet
add gentoo, slack, net + openbsd
solaris + propriety (sco? who cares)
only run what is needed remove the rest (even better do this at install - only choose necessary packages)
Identify what services are running
netstat -na
lsof
nmap
on *bsd sockstat -4
inetd xinetd
turning off unnecessary services
using chkconfig on rh
using /etc/rc.conf and /usr/local/etc/rc.d on freebsd (mention /etc/rc.local)
rwe set-uid set-gid sticky
crypto
layer 7 gpg/pgp
layer 4 ssl/tsl/ssh/stunnel/smime
layer 3 ipsec (pptp?)
sniffers + plaintext
tcpdump, ethereal
attacks
monkey in the middle
land ping of death xmas DoS et al.
rootkits, kernel modules, chkrootkit
exploit details, buffer overflows, local vs remote
banners
smtp - spam
sendmail - banners help header version etc.
dns - reverse mapping dnssec