Main Page | See live article | Alphabetical index

Unix security

Unix security, maintaining a secure environment on Unix and Unix-like operating systems is dependant on design concepts of these operating systems, but vigilance through user and administrative techniques is important to maintain security also.

This entry is currently in a scratch pad form - has lots of bones but no meat - im working on it - feel free to join in.

Table of contents
1 Design concepts
2 User and administrative techniques
3 Passwords
4 users
5 Patching
6 Services
7 File system
8 General
9 Advanced
10 Service details

Design concepts


A core security feature in these systems is the permissions system. All files in a typical Unix-style filesystem have permissions set enabling different access to a file.

Permissions on a file are commonly seen through the ls command. For example:

-r-xr-xr-x  1 root  wheel  745720 Sep  8  2002 /bin/sh

Unix permissions permit different users access to a file. Different user groups have different permissions on a file.

User groups

Users under Unix style operating systems often belong to managed groups with specific access permissions. This enables users to be grouped by the level of access they have to this system


Most Unix style systems have an account or group which enables a user to exact complete control over the system, often known as a root account. If access to this account is gained by an unwanted user, this results in a complete breach of the system. A root account however is necessary for administrative purposes, and for the above security reasons the root account is seldom used for day to day purposes, so further vigilance is able to be taken to root account usage

User and administrative techniques

Passowrds 1. Patching 2. Users and accounts 3. Services 4. File system security


crack, john the ripper, dict attacks, nemonic techniques shadow/master.passwd crypt and MD5


delete old accounts su, sudo, wheel on bsd, /etc/securetty, ssh only, no root logins


source rpm based deb based freebsd ports and packages meta - apt, rhn, red carpet

add gentoo, slack, net + openbsd solaris + propriety (sco? who cares)


only run what is needed remove the rest (even better do this at install - only choose necessary packages)

Identify what services are running netstat -na lsof nmap

on *bsd sockstat -4

inetd xinetd

turning off unnecessary services

using chkconfig on rh using /etc/rc.conf and /usr/local/etc/rc.d on freebsd (mention /etc/rc.local)

File system

rwe set-uid set-gid sticky


crypto layer 7 gpg/pgp layer 4 ssl/tsl/ssh/stunnel/smime layer 3 ipsec (pptp?)

sniffers + plaintext tcpdump, ethereal

attacks monkey in the middle land ping of death xmas DoS et al.


rootkits, kernel modules, chkrootkit exploit details, buffer overflows, local vs remote

Service details

banners smtp - spam sendmail - banners help header version etc. dns - reverse mapping dnssec