?? unixsec.html
字號:
<html>
<head>
<title>unix sec</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<table width="680" border="0" cellspacing="2" cellpadding="2" align="center">
<tr>
<td width="693">
<pre>
::::::::: :::::::: ::::::::: ::::::::::
:+: :+: :+: :+: :+: :+: :+:
+:+ +:+ +:+ +:+ +:+ +:+
+#++:++#+ +#++:++#++ +#++:++#: :#::+::#
+#+ +#+ +#+ +#+ +#+ +#+
#+# #+# #+# #+# #+# #+# #+#
######### ######## ### ### ###
<a href="%20http://blacksun.box.sk" target="_blank">http://blacksun.box.sk</a>
_____________________________
______________________I <b> Topic:</b> I_____________________
\ I I /
\ HTML by: I <b>Basic Local/Remote Unix</b> I Written by: /
> I <b>Security for Unix Newbies</b> I <
/ <a href="mailto:black_mesa@gmx.de">Martin L.</a> I_____________________________I <a href="mailto:barakirs@netvision.net.il">R a v e n</a> \
/___________________________>version 1.2, 5/3/2000<________________________\</pre>
</td>
</tr>
</table>
<p><b><--! Begin copyright bullshit !--></b><br>
All copyrights are reserved. You may distribute this tutorial freely, as long
as you keep our names and Black Sun Research Facility's URL at the top of this
tutorial. I have written this tutorial for you, the readers. But I also wish
to remain the author of this guide, meaning I do not want people to change a
line or two and then claim that the whole guide is theirs. If you wish to create
an altered version of this tutorial, please contact me by Email - <a href="mailto:barakirs@netvision.net.il">barakirs@netvision.net.il</a>.<br>
<b><--! End copyright bullshit !--></b></p>
<p><b><--! Begin disclaimer !--></b><br>
Yada yada yada... you know the drill. I did not write this tutorial for people
to learn "how to hack" and crack into and possibly damage other machines.
It is solely intended to teach the reader a lesson about Unix security. Also,
I am not responsible to any damage caused by using any of the techniques explained
in this guide.<br>
<b><--! End disclaimer !--></b></p>
<p>Changes in version 1.2:<br>
Added a new appendix called 'Non-Standard Loggers'.</p>
<p>Changes in version 1.1:<br>
Added a new appendix called 'Security Checklists'.</p>
<p><b><font size="4">Introduction</font></b><br>
<br>
This guide is meant for Unix newbies who want to learn a little about basic
Unix security, and how to secure their box. Most systems come very very insecure
out-of-the-box. What is out-of-the-box (let's call it OOTB from now on), you
ask? An OOTB system is a system which was just installed. All the default configurations
are turned on, which means zero personalization (besides maybe a little personalization
made during the installation process) and quite a lot possible security problems.
Also, there are some very basic concepts that most newbie Unix users aren't
familiar with. </p>
<p>During this tutorial, I will teach you how to change default configurations,
basic packet filtering, how to secure your system's networking services (or
completely remove them or some of them, in case you don't need them, in order
to increate your computer's security), how to use, how to avoid trojans, what
are sniffers, how to maintain local security between different users in your
system (if you're not the only one using this system, whether it's locally or
remotely), some stuff about SSH, how to protect yourself against computer viruses
under the Unix system, what are security scanners and how to use them, why you
should encrypt your important data and how etc'. </p>
<p>Now, it is advised to go through Black Sun's previous tutorials (see blacksun.box.sk)
prior to reading this tutorial. They contain some basic concepts and terminology
which you need to know and you're might not familiar with. Also, you should
have some basic Unix knowledge and experience. If you don't have that kind of
knowledge yet, we advise you to go to the local computer store and buy a basic
Unix book (it shouldn't cost too much), or, if you really want to, order a specific
one from the Internet (or even better: go to blacksun.box.sk/books.html and
order a book from there. We get 15% of the money you pay... :-) This doesn't
mean that you pay more, though. We simply get 15% out of the money you pay).
Don't worry about online ordering, it's completely secure as long as you order
your books from Amazon.com (they're considered the most secure E-Store on the
planet, and I order lots of books from there).</p>
<p>Oh, one last note: this tutorial is in no way a complete one (Duh! It's a BASIC
tutorial, in case you havn't read the title). I included everything I could
possibly think of (that is notable for a beginners guide in this field, of course).
With time, I will add more chapters, so make sure you have the latest version
by visiting blacksun.box.sk often or subscribing to Black Sun's mailing list
(info on how to subscribe at blacksun.box.sk also).</p>
<p>Okay, heads up! Here we go!</p>
<p><b><font size="4">Setting The Ground</font></b><br>
<br>
First of all, I assume that you are using either RedHat Linux or Mandrake Linux.
Why is that? Because most Unix newbies use either of these two distributions.
Don't worry, it's no crime to use them or something, and it's not "lame".
Each distribution has it's advantages. RedHat and Mandrake, for example, both
have simple installation and come with a lot of utilities built-in. That's okay,
although I like Slackware Linux and OpenBSD better (I'll explain why in a second).</p>
<p>Now, some of you might be asking right now "but... but I have a different
distribution! Will this stuff work for me too?". Before I answer this question
(to the impatient ones of you, I can already say "yes", but that's
not the exact answer. Read on and you'll understand), I want to explain what
is a distribution (otherwise known as a "distro" or a "flavor"
of Unix), why there are so many of them, where you could learn about all the
different distributions and how to choose the right distribution for you.</p>
<p>Unix was first distributed freely and in open-source form. If you're not familiar
with any programming language, then you're not familiar with the term "source
code". I'll explain.</p>
<p>The simplest way to show you what source code is is to send you to a webpage.
Take hackernews.com (a personal favorite) for example. Every common browser
has an option to view the page's source from within the browser, but let's pretend
you don't know how to do this or you don't even have this option within your
browser. First, wait for the whole page to load. Then, save it to your hard
drive, a diskette or whatever. Then, open the HTML page you've just saved with
any text editor (Pico, KEdit, Emacs, Notepad, UltraEdit, whatever).</p>
<p>Now what do you see? No more text and graphics and colors and layout, but plain
good instructions. These are HTML instructions. HTML stands for Hyper Text Marquee
Language, and it is the language used to create HTML pages, which can be read
by your browser and used as instructions for how to build and display the web
page.</p>
<p><br>
The same goes with programming. To create a program, you need to know some sort
fo a programming language (C, for example), and then construct the program using
commands which will later be given to a compiler (which will turn the source
code file into an executable binary file, or in other words, a program which
you can run and play around with) or an interpreter (the program runs as source
code, and gets executed by a program called an interpreter, which reads the
instructions in the source code and performs them. A popular interpreted programming
language is Perl. Interpreted programming languages usually run slower, but
have their advantages. We won't go into that now, though).</p>
<p>Okay, moving on. So now you know what source code is. As I've already explained,
Unix was initially distributed freely and in source code form. This means that
ANYONE with the right knowledge and skills can create his own version of Unix,
to meet his special needs. A different version of Unix is called a distribution,
a "distro" or a "flavor".</p>
<p>Now go to www.linuxberg.com. Pick the closest mirror site and then enter the
distributions page. It will display a list of Unix distributions, each one with
it's own characteristics, advantages and disadvantages. This is all nice, but
what happens if people start creating versions of Unix without paying attention
to compatibility issues? For example, if I would have created my own version
of Unix and called ls (the command that lists all files in the current directory
in console mode (text-based interface) or in a virtual console (a console within
a graphical window)) "list" instead? This means that if someone would
have made a program that called the ls command for some purpose, it wouldn't
work anymore (unless I create a command called ls that calls my own command
- list. But in that case, I have to make sure that list has similar rules to
ls). See the problem?</p>
<p>Also, if I go to my friend's house, which could be using a different distribution,
how could I possibly use his computer if everything is completely different?</p>
<p>This is why there are standards. Every Unix distribution has to meet these
standards so it will be compatible with other versions. This is also why most
(if not all) of the stuff I am about to teach here will work in all distributions.
If you have a certain problem or question, ask in our message board (find it
at blacksun.box.sk).</p>
<p>Oh, almost forgot... in the beginning of this section, I have clearly stated
that I like Slackware Linux and OpenBSD more than RedHat Linux and Mandrake
Linux. Why is that? Simply because they have some advantages, such as even mroe
stability, security, speed and encryption, and they top all the other distributions
in these fields. Of course, they are much harder to work with (have you ever
tried to install OpenBSD?! To a person who installed Mandrake Linux, which is
the easiest to install, and is almost as easy as installing Windows 95, it would
look like hell!!).</p>
<p>Okay, let's move on to the actual security information, shall we?</p>
<p><b><font size="4">First Thing's First: Local Security</font></b><br>
<br>
First of all, let's think: why would you want to improve your computer's local
security? Well, if you're the only one using this computer, and you don't intend
to let anyone into your computer (at least not intentionally), then you<br>
should only read this chapter for pure knowledge. But if you're running a multi-users
system, you definetly should improve your local security.</p>
<p>What is local security? Well, better local security means that different users
on this computer, whether they are local users (they have local access to the
computer. They use a keyboard, a monitor and what-not that are directly connected
to the actual box, not through some sort of a local area network (LAN) or the
Internet) or remote users (users accessing your computer, whether legally or
not, using Telnet, SSH, RLogin etc' and through a local network or the Internet),
you need to increate your computer's local security.</p>
<p>Let's start with a basic lesson about file permissions.</p>
<p><b><font size="4">Unix File Permissions And The Password File</font></b><br>
<br>
First of all, you need to learn about the way the system works with different
users. Here is a mini-tutorial out of the Byte Me page at my website that will
explain what and how the Unix password file works, thus explain to you a little
more about this subject.</p>
<p><b><font size="4">Password files == world readable + how do password files
look like? </font></b><br>
<br>
First of all, a file that is world readable is a file that can be read by ANYONE
on the system, even the most inferior user. On most systems today, the password
file (usually /etc/passwd) is world readable. Does this mean ANYONE can get
the encrypted passwords and decrypt them? Definetly not! A password file consists
of several (or one) lines, when each line represents a user.</p>
<p>The password file looks like this:<br>
username:password:uid:gid:free text:home directory:shell<br>
Username - the user's username.<br>
Password - the user's password, encrypted using altered DES encryption (can
be cracked in a matter of time, though [note: we'll get to cracking the password
file later]). UID - User ID. If your UID is 0, you have root priviledges (nothing
can stop you, and you can even type "su username" (without the quotes)
to become a different user. Type exit to return to your root shell after you're
done. Btw SU stands for Switch User). If two users have the same UID, they'll
have identical permissions.<br>
GID - Group ID. The same as UID, with root being GID=0. GID let's you set ownership
patterns and access patterns for a group of users (or a single user) who have
different or identical UIDs but have the same GID. Free text - some free text
about the user. For info on how to exploit this field in order to get private
information about people, read the Info Gathering tutorial here. Home directory
- where the user's private configurations files are stored. Usually /root if
you are root, or /usr/your-username or /home/your-username if you're another
user. Shell - the program that gets executed once you log in. Usually a command
interpreter (a program that receives commands from you and executes them). </p>
<p>Now, most systems will make /etc/passwd world-readable, but don't put the passwords
in it. Instead, they will put a single character, such as *. The passwords will
be stored at the shadow file, which is not world-readable, and is usually stored
at /etc/shadow. The shadow file is identical to the /etc/passwd file, only it
has the encrypted passwords. Some shadowing programs can also improve the encryption
schemes, but that's not important to us right now.</p>
<p>The /etc/passwd has to be world readable if you want to:</p>
<ol>
<li> Find out what's the username of a certain UID. Very useful in some situations.
For example: each file has an owner. The owner can change access patterns
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -