Introduction to Unix and Security Policies Sandy Bacik Breakwater Security Associates [email_address]
Agenda <ul><li>History of UNIX </li></ul><ul><li>UNIX overview </li></ul><ul><li>Basic UNIX commands </li></ul><ul><li>Dev...
UNIX History <ul><li>1969, AT&T Bell Labs as a research project </li></ul><ul><li>1976, V6 released by Bell free to univer...
Some Current Flavors <ul><li>Sun/Solaris </li></ul><ul><li>BSD (Berkeley) </li></ul><ul><li>AIX (IBM) </li></ul><ul><li>IR...
What happens upon startup <ul><li>Set computer name </li></ul><ul><li>Set time </li></ul><ul><li>Checking disks </li></ul>...
Types of UNIX files <ul><li>Regular files </li></ul><ul><li>Directories </li></ul><ul><li>Character device files </li></ul...
man pages
/etc/passwd
/etc/passwd fields <ul><li>Login name </li></ul><ul><li>Encrypted password, if not shadowed </li></ul><ul><li>UID number <...
pwck
passwd -sa
/etc/default/passwd
/etc/shadow
/etc/group
/etc/group fields <ul><li>Group name </li></ul><ul><li>Encrypted password, not normally used </li></ul><ul><li>GID number ...
grpck
Login process <ul><li>User enters id at login prompt </li></ul><ul><li>Login requests password and validates against /etc/...
Standard directories <ul><li>/ - root directory </li></ul><ul><li>/bin or /sbin – commands needed for minimal system opera...
Standard directories <ul><li>/usr/etc – system maintenance commands </li></ul><ul><li>/var/adm – accounting files </li></u...
root <ul><li>Mount/unmount filesystems </li></ul><ul><li>Create device files </li></ul><ul><li>Set system clock </li></ul>...
Becoming root <ul><li>UID 0 </li></ul><ul><li>su command </li></ul><ul><li>sudo command with /etc/sudoers </li></ul>
Look at some file lists
Changing permissions
chmod permission encoding rwx 111 7 rw- 110 6 r-x 101 5 r-- 100 4 -wx 011 3 -w- 010 2 --x 001 1 --- 000 0 Perms Binary Octal
umask permission encoding --- 111 7 --x 110 6 -w- 101 5 -wx 100 4 r-- 011 3 r-x 010 2 rw- 001 1 rwx 000 0 Perms Binary Octal
What’s running – ps command
Finding log files <ul><li>Look in system startup scripts (/etc/rc* or /etc/init.d/*) to see if logging is turned on when d...
syslog.conf
syslog entries
messages file
Things to watch <ul><li>root can only login at the console </li></ul><ul><li>/etc/services should contain only used servic...
More things to watch <ul><li>Restrict executables, such as finger, with chmod 500 <filename> </li></ul><ul><li>Ensure “.” ...
More things <ul><li>Ensure there are no world writeable files </li></ul><ul><ul><li>find / -perm -002 -exec ls -la {} ; > ...
More things <ul><li>Limit .netrc, .rhosts,. hosts.equiv </li></ul><ul><ul><li>find / -name <filename> -exec ls -la {} ; > ...
More things <ul><li>Find files without valid group or user owners </li></ul><ul><ul><li>find / -nogroup -exec ls -ld {} ; ...
More things <ul><li>Find files with SUID and GUID permissions </li></ul><ul><ul><li>find / -type f -a -perm -4000 -exec ls...
netstat <ul><li>netstat –nasd </li></ul><ul><li>netstat –a </li></ul><ul><li>To see what is running and open on the server...
Web sites <ul><li>www.rootshell.com </li></ul><ul><li>packetstorm.securify.com </li></ul><ul><li>Vendor sites </li></ul><u...
References <ul><li>UNIX System Administration Handbook, Prentice Hall, most current edition </li></ul><ul><li>Practical Un...
Break anyone?
Security Policy Development and Implementation <ul><li>Patience </li></ul><ul><li>Patience </li></ul><ul><li>Patience </li...
What a policy contains <ul><li>Scope </li></ul><ul><li>Policy statement </li></ul><ul><li>Accountability </li></ul><ul><li...
How to write a policy <ul><li>Keep it simple </li></ul><ul><li>Use plan English </li></ul><ul><li>Keep it general – don’t ...
How to publish policies <ul><li>Electronic </li></ul><ul><li>Intranet </li></ul><ul><li>Hardcopy in a central location </l...
What about exceptions It is easier to write and control exceptions, than it is to write policies custom to situations. Wit...
Let’s look at the check list Upper management IT and middle management IT and individual departments DON’T forget user tra...
Let’s look at some policies Corporate Assets Acceptable Use Network Security
Reference Information Security Policies Made Easy, version 7, Charles Cresson Wood, www.baselinesoftware.com
Thank you
Upcoming SlideShare
Loading in...5
×

Introduction To Unix

767

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
767
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Transcript of "Introduction To Unix"

    1. 1. Introduction to Unix and Security Policies Sandy Bacik Breakwater Security Associates [email_address]
    2. 2. Agenda <ul><li>History of UNIX </li></ul><ul><li>UNIX overview </li></ul><ul><li>Basic UNIX commands </li></ul><ul><li>Development and Implementation of Security Policies </li></ul>
    3. 3. UNIX History <ul><li>1969, AT&T Bell Labs as a research project </li></ul><ul><li>1976, V6 released by Bell free to universities </li></ul><ul><li>1977, Berkeley UNIX </li></ul><ul><li>1980, various vendors started to change the flavor </li></ul>
    4. 4. Some Current Flavors <ul><li>Sun/Solaris </li></ul><ul><li>BSD (Berkeley) </li></ul><ul><li>AIX (IBM) </li></ul><ul><li>IRIX (Silicon Graphics) </li></ul><ul><li>Ultrix (Digital) </li></ul><ul><li>UnixWare (Novell) </li></ul><ul><li>HP-UX </li></ul><ul><li>Linux </li></ul>
    5. 5. What happens upon startup <ul><li>Set computer name </li></ul><ul><li>Set time </li></ul><ul><li>Checking disks </li></ul><ul><li>Mounting systems </li></ul><ul><li>Removing things from /tmp </li></ul><ul><li>Configure network interfaces </li></ul><ul><li>Starting daemons and network services </li></ul>
    6. 6. Types of UNIX files <ul><li>Regular files </li></ul><ul><li>Directories </li></ul><ul><li>Character device files </li></ul><ul><li>Block device files </li></ul><ul><li>UNIX domain sockets </li></ul><ul><li>Named pipes </li></ul><ul><li>Hard links </li></ul><ul><li>Symbolic links </li></ul>
    7. 7. man pages
    8. 8. /etc/passwd
    9. 9. /etc/passwd fields <ul><li>Login name </li></ul><ul><li>Encrypted password, if not shadowed </li></ul><ul><li>UID number </li></ul><ul><li>Default GID </li></ul><ul><li>Comment information </li></ul><ul><li>Home directory </li></ul><ul><li>Login shell </li></ul>
    10. 10. pwck
    11. 11. passwd -sa
    12. 12. /etc/default/passwd
    13. 13. /etc/shadow
    14. 14. /etc/group
    15. 15. /etc/group fields <ul><li>Group name </li></ul><ul><li>Encrypted password, not normally used </li></ul><ul><li>GID number </li></ul><ul><li>List of members separated by a comma </li></ul>
    16. 16. grpck
    17. 17. Login process <ul><li>User enters id at login prompt </li></ul><ul><li>Login requests password and validates against /etc/passwd or /etc/shadow </li></ul><ul><li>Login prints /etc/motd </li></ul><ul><li>Login runs a shell and sets up the environment variables </li></ul><ul><li>Shell executes startup files </li></ul>
    18. 18. Standard directories <ul><li>/ - root directory </li></ul><ul><li>/bin or /sbin – commands needed for minimal system operability </li></ul><ul><li>/dev – device entries </li></ul><ul><li>/etc – critical startup and configuration files </li></ul><ul><li>/lib – libraries for C compiler </li></ul><ul><li>/usr/bin – executable files </li></ul>
    19. 19. Standard directories <ul><li>/usr/etc – system maintenance commands </li></ul><ul><li>/var/adm – accounting files </li></ul><ul><li>/var/log – log files </li></ul><ul><li>/usr/local – local software </li></ul><ul><li>usr/lib – support files for standard UNIX programs </li></ul>
    20. 20. root <ul><li>Mount/unmount filesystems </li></ul><ul><li>Create device files </li></ul><ul><li>Set system clock </li></ul><ul><li>Change ownership </li></ul><ul><li>Change hostname </li></ul><ul><li>Configure network interfaces </li></ul><ul><li>Shut down the system </li></ul>
    21. 21. Becoming root <ul><li>UID 0 </li></ul><ul><li>su command </li></ul><ul><li>sudo command with /etc/sudoers </li></ul>
    22. 22. Look at some file lists
    23. 23. Changing permissions
    24. 24. chmod permission encoding rwx 111 7 rw- 110 6 r-x 101 5 r-- 100 4 -wx 011 3 -w- 010 2 --x 001 1 --- 000 0 Perms Binary Octal
    25. 25. umask permission encoding --- 111 7 --x 110 6 -w- 101 5 -wx 100 4 r-- 011 3 r-x 010 2 rw- 001 1 rwx 000 0 Perms Binary Octal
    26. 26. What’s running – ps command
    27. 27. Finding log files <ul><li>Look in system startup scripts (/etc/rc* or /etc/init.d/*) to see if logging is turned on when daemons are running </li></ul><ul><li>Check /etc/syslog.conf to see what the log configuration is </li></ul>
    28. 28. syslog.conf
    29. 29. syslog entries
    30. 30. messages file
    31. 31. Things to watch <ul><li>root can only login at the console </li></ul><ul><li>/etc/services should contain only used services </li></ul><ul><li>/etc/inetd.conf should only contain what is needed at startup </li></ul><ul><li>Review /etc/passwd and /etc/group </li></ul><ul><li>Monitor the logs </li></ul>
    32. 32. More things to watch <ul><li>Restrict executables, such as finger, with chmod 500 <filename> </li></ul><ul><li>Ensure “.” is removed from root’s PATH statement </li></ul><ul><li>Set password defaults in /etc/default/passwd </li></ul>
    33. 33. More things <ul><li>Ensure there are no world writeable files </li></ul><ul><ul><li>find / -perm -002 -exec ls -la {} ; > worldwrite.new </li></ul></ul>
    34. 34. More things <ul><li>Limit .netrc, .rhosts,. hosts.equiv </li></ul><ul><ul><li>find / -name <filename> -exec ls -la {} ; > rhosts.find </li></ul></ul>
    35. 35. More things <ul><li>Find files without valid group or user owners </li></ul><ul><ul><li>find / -nogroup -exec ls -ld {} ; </li></ul></ul><ul><ul><li>find / -nouser -exec ls -ld {} ; > nouser </li></ul></ul>
    36. 36. More things <ul><li>Find files with SUID and GUID permissions </li></ul><ul><ul><li>find / -type f -a -perm -4000 -exec ls -la {} ; > suidfiles.new </li></ul></ul><ul><ul><li>find / -type f -a -perm -2000 -exec ls -la {} ; > guidfiles.new </li></ul></ul>
    37. 37. netstat <ul><li>netstat –nasd </li></ul><ul><li>netstat –a </li></ul><ul><li>To see what is running and open on the server. </li></ul>
    38. 38. Web sites <ul><li>www.rootshell.com </li></ul><ul><li>packetstorm.securify.com </li></ul><ul><li>Vendor sites </li></ul><ul><li>There are many others. </li></ul>
    39. 39. References <ul><li>UNIX System Administration Handbook, Prentice Hall, most current edition </li></ul><ul><li>Practical Unix and Internet Security, O’Reilly Publishing, most current edition </li></ul>
    40. 40. Break anyone?
    41. 41. Security Policy Development and Implementation <ul><li>Patience </li></ul><ul><li>Patience </li></ul><ul><li>Patience </li></ul>
    42. 42. What a policy contains <ul><li>Scope </li></ul><ul><li>Policy statement </li></ul><ul><li>Accountability </li></ul><ul><li>Consequence </li></ul><ul><li>APPROVAL AND SUPPORT from upper management </li></ul>
    43. 43. How to write a policy <ul><li>Keep it simple </li></ul><ul><li>Use plan English </li></ul><ul><li>Keep it general – don’t use specific technology </li></ul>
    44. 44. How to publish policies <ul><li>Electronic </li></ul><ul><li>Intranet </li></ul><ul><li>Hardcopy in a central location </li></ul>
    45. 45. What about exceptions It is easier to write and control exceptions, than it is to write policies custom to situations. With exceptions, the ownership is on the auditors to reconcile policy differences.
    46. 46. Let’s look at the check list Upper management IT and middle management IT and individual departments DON’T forget user training
    47. 47. Let’s look at some policies Corporate Assets Acceptable Use Network Security
    48. 48. Reference Information Security Policies Made Easy, version 7, Charles Cresson Wood, www.baselinesoftware.com
    49. 49. Thank you

    ×