This entry is currently in a scratch pad form - has lots of bones but no meat - im working on it - feel free to join in.
| Table of contents |
|
2 User and administrative techniques 3 Passwords 4 users 5 Patching 6 Services 7 File system 8 General 9 Advanced 10 Service details |
Permissions on a file are commonly seen through the ls command. For example:
add gentoo, slack, net + openbsd
solaris + propriety (sco? who cares)
only run what is needed remove the rest (even better do this at install - only choose necessary packages)
Identify what services are running
netstat -na
lsof
nmap
on *bsd sockstat -4
inetd xinetd
turning off unnecessary services
using chkconfig on rh
using /etc/rc.conf and /usr/local/etc/rc.d on freebsd (mention /etc/rc.local)
sniffers + plaintext
tcpdump, ethereal
attacks
monkey in the middle
land ping of death xmas DoS et al.
Design concepts
Permissions
A core security feature in these systems is the permissions system. All files in a typical Unix-style filesystem have permissions set enabling different access to a file.-r-xr-xr-x 1 root wheel 745720 Sep 8 2002 /bin/sh
Unix permissions permit different users access to a file. Different user groups have different permissions on a file.User groups
Users under Unix style operating systems often belong to managed groups with specific access permissions. This enables users to be grouped by the level of access they have to this systemIssues
Most Unix style systems have an account or group which enables a user to exact complete control over the system, often known as a root account. If access to this account is gained by an unwanted user, this results in a complete breach of the system. A root account however is necessary for administrative purposes, and for the above security reasons the root account is seldom used for day to day purposes, so further vigilance is able to be taken to root account usageUser and administrative techniques
Passowrds
1. Patching
2. Users and accounts
3. Services
4. File system securityPasswords
crack, john the ripper, dict attacks, nemonic techniques shadow/master.passwd crypt and MD5users
delete old accounts
su, sudo, wheel on bsd, /etc/securetty, ssh only, no root loginsPatching
source
rpm based
deb based
freebsd ports and packages
meta - apt, rhn, red carpetServices
File system
rwe set-uid set-gid stickyGeneral
crypto
layer 7 gpg/pgp
layer 4 ssl/tsl/ssh/stunnel/smime
layer 3 ipsec (pptp?)Advanced
rootkits, kernel modules, chkrootkit
exploit details, buffer overflows, local vs remote