UNIX SECURITYdoc.docx
《UNIX SECURITYdoc.docx》由会员分享,可在线阅读,更多相关《UNIX SECURITYdoc.docx(22页珍藏版)》请在冰豆网上搜索。
UNIXSECURITYdoc
UNIXSECURITY
UNIXhastakentheindustrybystorminrecentyears.UNIX’spopularityisaresultofitsabilitytoprovideatruemultiprocessing,multitaskingoperatingenvironmentfortoday’sapplications.Inaddition,UNIXisascaleableoperatingsystemworkingonamainframethroughapersonalcomputer.ThisscalabilityhasandwillaccruefurtherselectionsofUNIXforfutureapplicationsintheClient/Serverenvironment.Finally,UNIXrunsextremelywellontheRISCtechnologyoftoday.ReducedInstructionSetComputing(RISC)currentlysupportssymmetricalprocessingandreducedinstructioncode.UNIXisoneofthefewoperatingsystemsthattakesadvantageofthistechnology.GivenallofthesereasonsandthatorganizationsaretryingtodownsizetotakeadvantageofthepowerofsmallercomputersandtheresultisthegrowthinUNIX.
UNIXforallit’sgoodpointsstillisanoperatingsystemthatneedssecurity.Forthatreasonthisarticleaddressestenrisksareasthatrequirereview.
WeneedtoreviewacoupleofrulesaboutUNIX.FirstUNIXiscasesensitive.Allcommandsareinlowercasewhereasfilesanddirectoriescouldbeupperorloweroracombinationofboth.Second,UNIXisahierarchicalfilesystem.Thetopdirectoryistherootdirectoryandtheslash/leansforwardwithinUNIX.Sotherootdirectoryissimplyaforward”/”.Undertherootdirectorythereareseveralsystemsubdirectories.Theseincludethefollowing:
/binThisdirectoryhasallthesystemcommandswithinUNIX
/usrThisdirectoryhasalltheuseraccountsspecificallytheirhomedirectories
/tmpThisdirectoryisusedtosortfilesandcompileprogramstemporarily
/devThisdirectoryisusedtodefineallthedevicesthatwillbeattachedtotheUNIXmachine
/etcThisdirectoryisusedtodefinemanyfilesthatrelatetosecurityandcontrol
InordertoauditorsecureUNIXthereviewerwillneedtolearnfiveUNIXcommands.Theyareasfollows:
lsThelscommandwilllistadirectoryorfileandprovidealistofsecuritypermissions
catThecatcommandwilllistthecontentsofafile
whoThewhocommandwilllistthecontentsofabinarylogfile
findThefindcommandwillsearchforusers,permissions,andfilesandlistthemoutforreview
grepThegrepcommandwillscanafilewithapatternsearch
Thiscommandsandfilesaredelineatedwithinthisarticlewhenappropriate.Nowletslookatthevariousriskcategories.
1.AdministrationRisk
WithintheUNIXenvironmenttheadministrationofthesystemconfigurationandthesecurityconfigurationareparamount.WithUNIXaknowledgeableadministratorismandatorytomaintainaneffectiveandsecuredenvironment.Thiscanbeaccomplishedtwoways.FirsteachUNIXmachineisassignedaUNIXadministrator.ThesecondwouldbetosetupaUNIXsupportgroupthatisresponsiblefortheactualoperatingconfigurationandsecurityandcontrolofeachmachine.Itshouldbeobviousthatthesecondapproachprovidesthebestbenefitstotheorganization.ThefirstapproachresultsinoneindividualwhoisresponsibleforallUNIXsystemactivityincludingconfiguration,security,changecontrol,violationreportingreviews,andqualityassurance.
Successfulimplementationofapproachnumbertwowouldallowtheorganizationtomaximizethetalentofacentralpoolwhiledecreasingthetrainingandproblemresolutioncoststhataccompanyadistributedimplementation.Inaddition,changecontrol,security,andtheotherresponsibilitiesmentionedabovecouldbeseparatedwithinthegroupandreviewedbycompetentpersonnel.Theusergroupwouldstillberesponsiblefortheapplicationlayersecuritybutalloftheoperatingsystemconfigurationparameterswouldresidewiththecentralgroup.Additionaldynamicsecuritycontrolscouldbeinstalledoneachmachinetocertifythatthesecurityandcontrolfeaturesinstalledhavenotbeenalteredonceinthefield.WiththepowerofthenetworkstodayincludingthenetworkmanagementagentssuchasSimpleNetworkManagementProtocol(SNMP)whichrunsundertheUNIXprotocolofTransmissionControlProtocol/InternetProtocol(TCP/IP)onecoulddesignaneffectivemonitoringsystemformanyUNIXinstallationsthroughouttheorganization.
Auditing,Security,andSystemAdministrationshouldworktogethertosetupthedynamiccontrolsbaseontherisksdefinedwithinthisarticle.However,auditingandsecuritystillmustperformperiodicauditsandreviewstoensurethatthespecificsystemissecurityandthatthedynamicroutinesarestilloperatingeffectively.
FinallyitisimportanttonotethatmostUNIXenvironmentsdonotallowfortheseparationofsystemadministrationversessecurityadministration.Thisfactallowsshouldbeaddressedbypurchasingathirdpartyproductthatdividesthefunctionoftheallencompassingsystemadministrationauthority.ThisauthoritywithintheUNIXenvironmentiscallroot.Rootisauserwhohasauserid(uid)isequalto“0”.Severalproductsareonthemarkettoprovidethisseparation.Onesuchproductis“Wizdom”fromTivoliSystem’sInc.ofAustinTexas.
2.AuthenticationRisk
AlluserswithintheUNIXenvironmentmustbeestablishedwithinthe/etcdirectoryinafilecalledpasswd.Thefullpathdefinitionwouldbe/etc/passwd.Thepasswdfilehasatleastoneentryforeachuser.
Toobtainalistingofthepasswdfileyoucanissuethefollowingcommands:
$cd/etc/passwdThiscommandpointsyoutotheUNIXpasswdfilewithintheetcdirectory
$catpasswdThiscommandlistoutthecontentsofthepasswdfile.
Eachentryinthepasswdfilelookslikethefollowing:
root:
fi3sed95ibgr6:
0:
1:
SystemAdministrator:
/:
/bin/sh
Letsbreakeachparameter,whichareseparatedbycolons,ofthisentry
root=username
password=theencryptedpasswordstringforthisaccount
0=theuid
1=thegidtheprimarygrouptowhichthisuserbelongs
SystemAdministrator=accountinformation/description
/=thedirectorywherethisuserwillbeplacedaftersigningontothesystem
/bin/sh=theprogramthatwillbeexecutedaftertheuserissignedontothesystem
FromasecuritypointofviewthisisnotasecuredversionofUNIXasthesecondparameter,theencryptedpasswordstring,isreadablebyeveryone.ThisistruewithinUNIXasthepermissionlevelsonthepasswdfilehavetobereadforeveryonesotheycansignontothesystem.Thiswouldallowausertocopyoffthepasswordfileandtrytohackitbyguessingauser’spasswordandcomparingtheirencryptedversiontotheactualencryptedversioninthepasswdfile.InordertoeliminatethisexposuretheUNIXsystemshouldbeconvertedtoaC2implementationthatremovestheencryptedpasswordstringfromtheprimarypasswdfileandplacesitinasecondaryfilealsocalledashadoworsecurityfile.Byplacingtheencryptedpasswordstringinasecondaryfile,nobodyonthesystemexceptforrootcanreadthefile.
Secondly,mostusershouldnotstartoffusingaprogramcalled/bin/sh.Thisprogramiscalledashellprogramandisreallytheuser’ssysteminterfaceprogram.ThisprogramprovidestheuserwiththecapabilitytoexecuteUNIXcommands.UNIXhashundredsofcommandswithmanyoptions.ItissaferfromasecuritystandpointtoplacetheuserrightintoanapplicationsystemsotheydonotrealizethattheyareonaUNIXsystem.Tothemitlookslikeanormalapplication.SinceUNIXisdifficulttosecureitmakesitmucheasierifmostoftheuserscannotnavigateusingUNIXcommands.
Theentryinthepasswordfilewithbothoftheseoptionforauserfrankwouldlooklike:
frank:
*:
22:
35:
localuser:
/usr/frank:
/lib/pay:
Theuserisfrank
The*indicatesthatthepasswdfilehasashadoworC2implementation
Theuidis22
Thegidis35
Thedescriptionislocaluser
Thestartupdirectoryis/usr/frank
Thestartupprogramisinthelibdirectoryandisthepayprogramthatwillstartanapplicationmenu
Therearedifferenttypesofshellprograms.Youhavetheoptiononyoursystemstousetheonebestsuitedforyourenvironment.Thetypeofshellprogramsare:
sh=Bourneshell
csh=Cshell
ksh=Kornshell
rsh=Restrictedshell
tsh=Trustedshell
AllofthesedoallowausertointerfacewithUNIXandissuecommands.
Inreviewthen,itisimportanttoensurethatallaccountshaveapassword.Thatthepasswordisstoredinashadowfilethatisreadableonlybyroot.Thatallpasswordsareconstructedwithrulesthatforcesomealphaandnumericcharactersandthatthelengthissufficient.Usersthatdonotneedtouseoperatingsystemcommandsshouldbeplaceddirectlyintoanapplicationmenutoreducetheleveloftraininganderrorsandtohelpsecuretheoverallenvironment.
3.FileLevelPermissionsRisk
UNIXtreatseverythingasafile.Thismeansthatadirectoryisafile,aterminalisafile,adiskisafile,andafileisofcourseafile.WhenafileiscreatedinUNIXaheaderfilecalledaninodeiscreated.Theinodehasmanyentriesofvaluebothfromanoperationalandsecurityaspect.Theinodeisthefileidentifier.Itcontentsareasfollows:
inodenumber
filetype
accessrights
numberofreferencestoafileorifadirectorythenumberofsubdirectories
ownerofthefile
groupthathasaccess
lengthinbytes
pointerstotheactualdatablocks
timeoflastaccess
timeoflastmodification
timeofcreation
filename
Whenyouzeroouttheinodenumberyouhaveeffectivelyremovedanypointerstothephysicaldata.
Thewaythatyoucanidentifyfiletypesisbytheleadingcharacterofthefilelisting.Afilelistingoftheinodeinformationisobtainedbyenteringthefollowingcommand:
#ls-l
Thisisthelistcommandandtheresultsofthecommandlooklikethefollowing:
-r