Transcript Linux’ Security

Linux’ Security
Haifa Linux Club
21.10.99
Orr Dunkelman
What is a Secure System?
• Secure system is an abstract concept
• Defined as “Robust”, it depends on what
you need, how much time you are willing to
put in, and what resources are at your
disposal
P.C. vs. Server
• Close all services
• Don’t open accounts
to everyone. Only to
good and trusted
people
• Close as much
services as possible
• Make sure users have
good passwords - use
crack-lib. Demand
periodical password
changes
P.C. vs. Server (cont.)
• Don’t install what you
don’t know its origin
• Don’t install what you
don’t know its origin
• Download only from
known places
(www.linux.org, etc.)
• Download only from
known places
(www.linux.org, etc.)
• Remove Suid’s if you
are not the only user
• Remove as more
Suid’s as possible
Securing Passwords
• Crack-lib them. Ensure passwords are not
too short, and not too easy to crack
• Shadow them. Don’t put them in
/etc/passwd but in /etc/shadow (today’s
default in RH 6.1 installation)
• Connect to remote system using SSH and
SCP (FTP over SSH channel) to prevent
passwords from being sent as cleartext
S vs. R
• SSH require password
or a RSA phrase (SSH
agent)
• SCP require password
(no one will sent files
without authorization)
• Several Authentication
method are available
• RSH doesn’t require
any password
• RCP - no passwords
needed
• Work with Kreberos
solely
S vs. R
• Use Compression
• Plain Connection
• Don’t require
password at all - no
password is moved, if
one of the encryption
functions has been
broken - no one get
the password!
Authentication
• Prevents IP spoofing (claiming to be other
IP then you are)
• Sometimes the algorithm allows also setting
up a key for the rest of the session
(Kreberos for example)
• Slow a little bit the connection (in the
beginning)
• Known (and used) algorithms - Kreberos,
RSA Challenges.
Dangerous Permissions
• Suid/Sgid - Check very carefully. Especially
when the file is owned by root/wheel
• Write to all (xx2)
• Nouser/Nogroup
• .rhosts file (open R-services)
• Use “find” to find the files
Example - How to remove
Suid’s?
• First find them - find -perm 4000 /
• Then check if you need them - login,
wanted deamons (Qmail, telnet, SSH, FTP)
• Close services not needed in the
/etc/inetd.conf
• Use TCP Wrappers to the rest of the ports
(Those you usually get nuked - 139)
Monitor your Computer!
• Be the hacker yourself. Check for scripts
and exploits which might be used against
you
• Port scan your machine once in a while ensure no ports and services are open
(unless you opened them)
• Put Firewall. Hiding behind a firewall might
help in reducing hackability (though those
who pass it, are likely to hack better)
Introduction to Hacker 1
• Use port scanner on the machine you are
about to attack (nmap does great, and helps
you in finding the OS running on the
computer)
• Go to hackers web-sites, and look for the
right exploits and scripts
• Try to examine the Services code, maybe
you’ll find a backdoor
Security HOWTO
• Restrict physical approach (locks etc.)
• Consider BIOS and LILO passwords
• Lock workstation when you’re not near
(vlock/xlock)
• Try to reduce root access to one of tty
declared in /etc/securetty
• Try to use “su -” instead of login as root
Security HOWTO - Files
• When you need to allow root-like access
minimize it using sudo
• Don’t allow Suid/Sgid where non-root users
write to hard drive (mount as nosuid)
• Umask the right access permissions
• Limit resources in the machine (Nproc,
CPUtime, etc.)
• Set /var/log/wtmp /var/run/utmp
permissions to 644
Security HOWTO (cont.)
• Use chattr to set special permission (disable
deleting, creating symbolic links etc.)
• Run Integrity Checker (like Tripwire)
routinely (find changed files)
• Install PGP for users
• Install PAM (Plugable Authentication
Module)
• Secure X connections (ssh for example)
Security HOWTO (cont.)
• Backup!
• Don’t use NFS/NIS without really needing
it (and secure it when you does, those things
are really not secure)
• Look at your logs once in awhile (/vat/log/)
• Look at the system log file
Auditing
• Audit your system
• Check Network once in awhile (Denial of
Service attacks can be identified using this)
• Check who log on and from where. Check if
it make sense
Virtual Machine Concept
• Use the VM (like VMWare) to be the
machine which the rest of the world access
• Make sure the VM has privileges to change
only where it should (no access to write to
root partition, etc.)
• Check the VM is secure (!) your counting
on that the VM can’t access what it’s not
allowed
Tips and Ideas
Basic Concepts
• Use PAM (change of passwords etc. is not
at your responsibility - less vulnerability)
• Check permissions before actions
• Check overflow/underflow. Be as Robust as
you can
• If you are writing a deamon double check
everything (and quad check it again).
Basic Concepts (cont.)
• Use available security tools - PGP (mail),
SSH (telnet connections), SCP (ftp
connections), Kreberos (Authenticate),
IPSec (Network), etc.
• Enable Verbose mode - help users find
problems which might affect them and their
security
Basic Concepts (cont.)
• Check if you can hack the thing (be a
malicious user)
• Treat carefully any file, before overwrite
backup. Before delete check if the file is a
system one.
• Log all actions (in case someone use your
program to hack and cause damage, for
tracing purpose)
Links
• Hackers Search Engine - Neworder.box.sk
• Security policy - RFC 2196 ietf.org/rfc/rfc2196.txt
• Krebero FAQ www.nrl.navy.mil/CCS/people/kenh/kerberosfaq.html
• Linux Security HOWTO www.linuxhq.com/HOWTO/Security-HOWTO.html
Links (cont.)
• Security Links www.linuxhq.com/HOWTO/Security-HOWTO-11.html
• SSH FAQ - wwwfg.rz.uni-karlsruhe.de/~ig25/sshfaq/
• Homepage of PGP - www.pgpi.org/