Transcript PowerPoint Slides

CIS 193A - Lesson 1
Welcome
to
CIS 193A
UNIX/Linux
Security Administration
CIS 193A - Lesson 1
How this
Class Works
CIS 193A - Lesson 1
Class Flowchart
•
•
•
•
Question & Answers
Practice Drills
Lecture
Homework: labs and assigned reading
Grades
1.
2.
3.
Lab assignments
Final exam
Log book
CIS 193A - Lesson 1
Resources
•
•
•
•
•
•
•
Class Web site: www.cabrillo.edu/~jgriffin
CIS 193 Forum: opus.cabrillo.edu/forum
Opus user account: with ssh access
Virtual machines: cislab.cabrillo.edu - vCenter
CCC Confer: lecture playbacks – www.cccconfer.org
Open labs: CTC and CIS Lab room 1403
Textbook and suggested readings
CIS 193A - Lesson 1
How to be successful in this class
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Start labs assignments early
Use the forum
Read labs before starting and follow each step carefully
Use the lecture slides and CCC Confer videos as references when doing labs
Use the forum to clarify expectations or confusing topics
Experiment to see how things work
Don't wait till the last minute to do labs
Read the forum before starting a lab
Get organized, read the Calendar and plan ahead
Check your progress on Grades page
Use the textbook to deepen your understanding
Use Google for command syntax
Think through labs ahead of time and make checklists as necessary
Use the forum's search box (upper right corner)
Read the lesson PowerPoint's when stuck on a lab
Post lessons learned on the forum after completing a lab
Check for Howtos for the task you are trying to accomplish
Read the forum often
Ask lots of questions on the forum
Answer lots of questions on the forum
Don't blindly follow instructions in labs, make sure you know what is happening
Experiment to better understand things
Follow all the instructions in a lab (especially the submittal part)
Use Google when troubleshooting error messages
Study groups are great for labs
Get organized, use the Calendar to plan ahead
Use the forum
Check the Grades web page to see if you need to do extra credit
Follow the instructions in labs
Keep a cheat sheet of Linux commands
Add scp and dhclient to your cheat sheet
Use the forum
Don't wait untill the last minute to start labs
CIS 193A - Lesson 1
CIS 193
Class Forum
Use Search to find
relevant posts
• Collaborate on lab
assignments
• Get clarifications
• Get help when stuck on
something
• Share Linux related
information
• Catch up when you miss a
class
CIS 193A - Lesson 1
CIS 193
Class Forum
Forum Policy:
 Account names must
be first and last name.
 Availability is 24 / 7.
 Post topics on any-thing
related to class.
 Top 5 contributors earn
extra credit.
 Avatars are allowed,
but identifying photos
are preferred.
 Visiting other forums is
permitted.
Look for the
CIS 193A forum
CIS 193A - Lesson 1
Computer
Security
CIS 193A - Lesson 1
Focus Question
What are three of the most
common vulnerabilities that
allow crackers to compromise
Linux systems?
CIS 193A - Lesson 1
What Is Security?
• The protection of value from threats.
• A computer system is secure when
everyone who is authorized has access
to the resources, and anyone who is not
authorized, doesn’t have access.
• Question: Is a computer cased in
concrete and shot to the moon, a
secure computer?
CIS 193A - Lesson 1
A Security Model
Threat
Agent
Confidentiality
Information
Assets
Threat
Integrity
Availability
Incident
Prevention
Damage
Detection
Correction* Recovery
Safeguards
* also
called Aversion or Damage Control
CIS 193A - Lesson 1
Risk  Threats * Vulnerabilities
Threats
• People
– Social Engineering
– Evesdropping
– Wiretappiing
• Software
– Malware
– Steganography
– Covert operations
• Nature
– Fire, Flood
– EM radiation
Vulnerabilities
• People
– Poor passwords
– Unattended stations
– Not following policies
• Software
– Buffer overflows
– Poor input validation
• Configuration Errors
– Poor permissions
– No passwords
– Unneeded services
CIS 193A - Lesson 1
RRisk  Threats * Vulnerabilities - Safeguards
Safeguards
• Prevention:
Strong passwords, Encryption,
Software updates, Firewalls
• Detection:
Intrusion Detection Systems,
Logging, Monitoring, Auditing
• Correction:
Killing processes, routing redirects, reconfiguration, halt
• Recovery:
Backups, Restore, DRP,
Business Recovery Plan
CIS 193A - Lesson 1
Exercises
CIS 193A - Lesson 1
Resetting Root Password
• Method 1
– Boot into single-user mode
add single as a kernel parameter on boot line
– Set the password using the passwd cmd
• Method 2
– Boot into a bash shell
add init=/bin/bash as a kernel parameter
– Remount the root file system as rw
mount –o remount,rw /dev/sda2 /
– Set the password using the passwd cmd
• Method 3
– Use an installation disk in “Rescue Mode”
CIS 193A - Lesson 1
Cracking Passwords
• Log in as cis193 and download “John the Ripper”
from Opus
$ scp guest193@opus:../depot/john-1.7.4.tar.gz .
• Extract the compressed tarball
$ tar xzvf john-1.7.4.tar.gz
• Compile the binary
$ cd john-1.7.4/src; make linux-x86-any
• Copy the /etc/shadow file to the run directory
$ cd ../run; cp /etc/shadow .
• Run John the Ripper
$ ./john shadow
# How?
CIS 193A - Lesson 1
Testing Passwords
• From cis193’s home directory,
compile a program to test for good
passwords:
$ cc –o crack –lcrack src/crack.c
$ ./crack
CIS 193A - Lesson 1
Accounts With No
Passwords
• Check to see if any accounts have
blank passwords
# cut –f1,2 –d: /etc/shadow | grep ‘:$’
also check the password file
# cut –f1,2 –d: /etc/passwd | grep ‘:$’
CIS 193A - Lesson 1
Finding Superuser
Backdoors
• Search the password file for uid=0
$ awk –F: ‘$3 == 0 {print $1, \
“is a superuser!” }’ /etc/passwd
CIS 193A - Lesson 1
Suspicious Account Use
• Look at a user’s login history
$ last [username]
• To look at failed login attempts
$ lastb [username]
note: lastb depends on /var/run/btmp
CIS 193A - Lesson 1
Testing User’s Search
PATH
• Ensure that your search path
contains no relative directories,
including ‘.’
$ perl –e ‘print “PATH contains insecure
relative directory \”$_\”\n”
foreach grep ! m[^/], split /:/,
$ENV{“PATH”}, -1;’
Note: it may be easier just to check the PATH variable in
the .bash_profile.
CIS 193A - Lesson 1
Searching File Systems
Using the Find Command
• Find searches for inode information
-type [fdlbc] # file types: reg, dir, link …
-user username | uid
# owner of the file
-groups groupname | gid # group of the file
-perm permissions # octal number or symbol
-size n[bckMG] # size in various units
-inum n
# inode number
Each option is a boolean term in an AND expression
find / -type d –user root –size 4k
will find all directories owned by root that
are 4K in size
CIS 193A - Lesson 1
Search File Systems For
setuid/setgid Programs
• Check for insecure setuid (or
setgid) programs
# find /dir –type f –perm +ug=s
• Check for setgid directories
# find /dir –type d –perm –g=s
CIS 193A - Lesson 1
Finding Writable Files
• Find world-writable files
# find /dir –xdev –type f -perm –o=w
• Find world-writable directories
# find /dir –xdev –type d -perm –o=w
• Find world-writeable files and directories
that don’t have their sticky bit set.
# find / -xdev –perm –o=w ! \( -type d –perm –o=t \)
! –type l
CIS 193A - Lesson 1
Review
CIS 193A - Lesson 1
Answer to Focus Question
What are three of the most common
vulnerabilities that allow crackers to
compromise Linux systems?
1. Weak passwords
2. Non-updated software
3. Running unneeded services
CIS 193A - Lesson 1
Review
• Becoming root: sudo or su –
The – is very important as this
gets you root's environment
• To get command documentation:
• man command
• google.com (linux xxxxxx command)
• To try again for a network connection:
# service network restart
• To copy files to and from a remote system:
• scp filename user@hostname:path
filename could be just
• scp user@hostname:path filename
dot (.).
• scp lab [email protected]: