Document

Download Report

Transcript Document

mid 1960’s

- Multics - proposed by AT&T, Honeywell, GE & MIT; funded by DARPA

1969

- Thompson & Ritchie create Unix

1978 to 84

- Bill Joy & Chuck Haley (Berkeley U.) create BSD Unix

Unix Wars I

- BSD 4.2 versus System V

Unix Wars II

- SVR4 versus OSF

ISO Standard

- POSIX

1991

- Linus Torvalds creates Linux

Mach BSD NeXTStep Free BSD OS X Linux OSF/1 SunOS Solaris System V AIX HP-UX

Authentication Admin File Systems Network-related Audit

UID

• 16-bits • ID 0 - 99 reserved • ID 0 is root

GID

• 16 or 32 bits • /etc/group stores local groups • wheel group for system administrators

/etc/passwd

• entry:

UserName

:*:

UID

:

GID

:

FullName

:

UserDir

:

UserShell

• passwords encrypted via

crypt()

• salt

Standard Users

root

- superuser account

daemon

- executes as background process - handles system events such as print spooling

lp

- print server process

guest

- generic visitor account

nobody

- default user for unprivileged access - user owns no files

mail

- system account for email processing

sshd

- for running secure shell tasks

www

- for running a web server

shell

• command line interface • Born (sh), c-shell (csh), tc-shell (tcsh)

commands

ls

-- list directory information •

cd

pwd

-- set current directory -- display current directory •

cat

-- display contents of textfile •

whoami

-- display current user •

su

man

-- log in as a different user (will be prompted for password) -- give help on command •

sudo

-- execute a single command as root (must specify password)

ufs

  original Unix File System first tree-structured directory system

ffs

   Fast File System allows longer file names (255 chars rather than 14) supports symbolic links

inodes

 separate inode (index node) per file/directory  an inode has an address (index) but no name  each inode resides on the disk  contents: • address of associated item (file/directory) • item type • item size (in bytes) • time of last inode modification • time of last modification of item (mtime) • time of last item access (atime) • reference count (number of names for this inode) • item’s UID • item’s primary GID • item’s mode bits (permissions)

directory

 ...consists of a list of pairs: name - inode index

standard directory entries

. refers to this directory’s inode .. refers to inode of the parent of this directory

shell commands

cp

-- copy (duplicate) file •

mv

-- move file from one directory to another •

mkdir

-- create new directory •

ln

-- create new link (use -s flag for symbolic link) •

rm

-- remove one name •

rmdir

chown

-- log in as a different user (will be prompted for password) -- change owner of file/directory •

chmod

umask

-- change mode (permissions) for a file -- set default mode (permissions) for this user

Example t

“sticky” bit

- rwx r-x --- t

owner group world

-

file

d

directory

c

character device (tty, printer)

b

block device (disk, CD)

l

symbolic link

s

socket

r

read

w

write

x

execute

s

set (in place of x) Mode: 1000 - sticky bit 2000 - set GID 4000 - set UID 400 - read (owner) 200 - write (owner) 100 - execute (owner)

TCP Wrappers

• a common way to secure network transmissions on some Unix versions • when tcp wrappers are turned on...

a) look in /etc/hosts.allow file for allowed firewall access b) look in /etc/hosts.deny file for denied firewall access c) if no rules apply, then access is granted • results logged to syslog • optionally sends banners to clients • can transfer access to “jail” or “faux”

host-based firewalls

• Free BSD • OS X • varies with Linux

echo

(UDP Port 7) ping command sends datagram to test connectivity

systat

(TCP Port 11) netstat command returns user names, login times, and so forth

ftp

(TCP Ports 20 & 21) file transfer protocol ftp transmits in plaintext - sftp encrypts anonymous ftp is a vulnerability

ssh

(TCP Port 2) secure shell for remote login uses symmetric encryption (ssh.config) requires that client have public key

telnet

(TCP Port 23) original remote login shell - uses plaintext

Common Log Directories

/usr/adm /var/adm /var/log

Common Log Files

account/acct - process-level accounting aculog - dial-out modems lastlog - loginlog - recent user events login attempts message - system console messages syslog - sulog - system console messages logged uses of su command

Control

/etc/syslog.conf - each line specifies selector-action pair

Tools

netstat

lists active TCP connections and/or sockets

tcpdump

observe packets on network connection

Network Authentication

NIS

- Sun

Kerberos LDAP

Network File Systems

NFS AFS SMB

smtp

(TCP Port 25) Simple Mail Transfer Protocol - Internet standard for email transfer

dns

(TCP & UDP Port 53) Domain Name System (stay tuned)

dhcp

(UDP Ports 67 & 68) Dynamic Host Configuration Protocol IP address leasing utility

finger

(TCP Port 79) retrieves user info (name, location, login, telephone, and so forth

http

(TCP Ports 80 & 443) HypterText Transfer Protocol (WWW protocol)

POP, POPS, IMAP, IMAPS

(TCP Ports 109, 110, 143, 993 & 995) Post Office Protocol -- Internet Message Access Protocol

snmp

(UDP Ports 161 & 162) Simple Network Management Protocol remote system management tool

rlogin

&

rsh

(TCP Ports 513 & 514) more insecure login shells empty /etc/hosts.equiv