UNIX SECURITYdoc.docx

UNIX SECURITYdoc.docx

《UNIX SECURITYdoc.docx》由会员分享，可在线阅读，更多相关《UNIX SECURITYdoc.docx（22页珍藏版）》请在冰豆网上搜索。

UNIXSECURITYdoc

UNIXSECURITY

UNIXhastakentheindustrybystorminrecentyears.UNIX’spopularityisaresultofitsabilitytoprovideatruemultiprocessing,multitaskingoperatingenvironmentfortoday’sapplications.Inaddition,UNIXisascaleableoperatingsystemworkingonamainframethroughapersonalcomputer.ThisscalabilityhasandwillaccruefurtherselectionsofUNIXforfutureapplicationsintheClient/Serverenvironment.Finally,UNIXrunsextremelywellontheRISCtechnologyoftoday.ReducedInstructionSetComputing（RISC）currentlysupportssymmetricalprocessingandreducedinstructioncode.UNIXisoneofthefewoperatingsystemsthattakesadvantageofthistechnology.GivenallofthesereasonsandthatorganizationsaretryingtodownsizetotakeadvantageofthepowerofsmallercomputersandtheresultisthegrowthinUNIX.

UNIXforallit’sgoodpointsstillisanoperatingsystemthatneedssecurity.Forthatreasonthisarticleaddressestenrisksareasthatrequirereview.

WeneedtoreviewacoupleofrulesaboutUNIX.FirstUNIXiscasesensitive.Allcommandsareinlowercasewhereasfilesanddirectoriescouldbeupperorloweroracombinationofboth.Second,UNIXisahierarchicalfilesystem.Thetopdirectoryistherootdirectoryandtheslash/leansforwardwithinUNIX.Sotherootdirectoryissimplyaforward”/”.Undertherootdirectorythereareseveralsystemsubdirectories.Theseincludethefollowing:

/binThisdirectoryhasallthesystemcommandswithinUNIX

/usrThisdirectoryhasalltheuseraccountsspecificallytheirhomedirectories

/tmpThisdirectoryisusedtosortfilesandcompileprogramstemporarily

/devThisdirectoryisusedtodefineallthedevicesthatwillbeattachedtotheUNIXmachine

/etcThisdirectoryisusedtodefinemanyfilesthatrelatetosecurityandcontrol

InordertoauditorsecureUNIXthereviewerwillneedtolearnfiveUNIXcommands.Theyareasfollows:

lsThelscommandwilllistadirectoryorfileandprovidealistofsecuritypermissions

catThecatcommandwilllistthecontentsofafile

whoThewhocommandwilllistthecontentsofabinarylogfile

findThefindcommandwillsearchforusers,permissions,andfilesandlistthemoutforreview

grepThegrepcommandwillscanafilewithapatternsearch

Thiscommandsandfilesaredelineatedwithinthisarticlewhenappropriate.Nowletslookatthevariousriskcategories.

1.AdministrationRisk

WithintheUNIXenvironmenttheadministrationofthesystemconfigurationandthesecurityconfigurationareparamount.WithUNIXaknowledgeableadministratorismandatorytomaintainaneffectiveandsecuredenvironment.Thiscanbeaccomplishedtwoways.FirsteachUNIXmachineisassignedaUNIXadministrator.ThesecondwouldbetosetupaUNIXsupportgroupthatisresponsiblefortheactualoperatingconfigurationandsecurityandcontrolofeachmachine.Itshouldbeobviousthatthesecondapproachprovidesthebestbenefitstotheorganization.ThefirstapproachresultsinoneindividualwhoisresponsibleforallUNIXsystemactivityincludingconfiguration,security,changecontrol,violationreportingreviews,andqualityassurance.

Successfulimplementationofapproachnumbertwowouldallowtheorganizationtomaximizethetalentofacentralpoolwhiledecreasingthetrainingandproblemresolutioncoststhataccompanyadistributedimplementation.Inaddition,changecontrol,security,andtheotherresponsibilitiesmentionedabovecouldbeseparatedwithinthegroupandreviewedbycompetentpersonnel.Theusergroupwouldstillberesponsiblefortheapplicationlayersecuritybutalloftheoperatingsystemconfigurationparameterswouldresidewiththecentralgroup.Additionaldynamicsecuritycontrolscouldbeinstalledoneachmachinetocertifythatthesecurityandcontrolfeaturesinstalledhavenotbeenalteredonceinthefield.WiththepowerofthenetworkstodayincludingthenetworkmanagementagentssuchasSimpleNetworkManagementProtocol（SNMP）whichrunsundertheUNIXprotocolofTransmissionControlProtocol/InternetProtocol（TCP/IP）onecoulddesignaneffectivemonitoringsystemformanyUNIXinstallationsthroughouttheorganization.

Auditing,Security,andSystemAdministrationshouldworktogethertosetupthedynamiccontrolsbaseontherisksdefinedwithinthisarticle.However,auditingandsecuritystillmustperformperiodicauditsandreviewstoensurethatthespecificsystemissecurityandthatthedynamicroutinesarestilloperatingeffectively.

FinallyitisimportanttonotethatmostUNIXenvironmentsdonotallowfortheseparationofsystemadministrationversessecurityadministration.Thisfactallowsshouldbeaddressedbypurchasingathirdpartyproductthatdividesthefunctionoftheallencompassingsystemadministrationauthority.ThisauthoritywithintheUNIXenvironmentiscallroot.Rootisauserwhohasauserid（uid）isequalto“0”.Severalproductsareonthemarkettoprovidethisseparation.Onesuchproductis“Wizdom”fromTivoliSystem’sInc.ofAustinTexas.

2.AuthenticationRisk

AlluserswithintheUNIXenvironmentmustbeestablishedwithinthe/etcdirectoryinafilecalledpasswd.Thefullpathdefinitionwouldbe/etc/passwd.Thepasswdfilehasatleastoneentryforeachuser.

Toobtainalistingofthepasswdfileyoucanissuethefollowingcommands:

$cd/etc/passwdThiscommandpointsyoutotheUNIXpasswdfilewithintheetcdirectory

$catpasswdThiscommandlistoutthecontentsofthepasswdfile.

Eachentryinthepasswdfilelookslikethefollowing:

root:

fi3sed95ibgr6:

0:

1:

SystemAdministrator:

/:

/bin/sh

Letsbreakeachparameter,whichareseparatedbycolons,ofthisentry

root=username

password=theencryptedpasswordstringforthisaccount

0=theuid

1=thegidtheprimarygrouptowhichthisuserbelongs

SystemAdministrator=accountinformation/description

/=thedirectorywherethisuserwillbeplacedaftersigningontothesystem

/bin/sh=theprogramthatwillbeexecutedaftertheuserissignedontothesystem

FromasecuritypointofviewthisisnotasecuredversionofUNIXasthesecondparameter,theencryptedpasswordstring,isreadablebyeveryone.ThisistruewithinUNIXasthepermissionlevelsonthepasswdfilehavetobereadforeveryonesotheycansignontothesystem.Thiswouldallowausertocopyoffthepasswordfileandtrytohackitbyguessingauser’spasswordandcomparingtheirencryptedversiontotheactualencryptedversioninthepasswdfile.InordertoeliminatethisexposuretheUNIXsystemshouldbeconvertedtoaC2implementationthatremovestheencryptedpasswordstringfromtheprimarypasswdfileandplacesitinasecondaryfilealsocalledashadoworsecurityfile.Byplacingtheencryptedpasswordstringinasecondaryfile,nobodyonthesystemexceptforrootcanreadthefile.

Secondly,mostusershouldnotstartoffusingaprogramcalled/bin/sh.Thisprogramiscalledashellprogramandisreallytheuser’ssysteminterfaceprogram.ThisprogramprovidestheuserwiththecapabilitytoexecuteUNIXcommands.UNIXhashundredsofcommandswithmanyoptions.ItissaferfromasecuritystandpointtoplacetheuserrightintoanapplicationsystemsotheydonotrealizethattheyareonaUNIXsystem.Tothemitlookslikeanormalapplication.SinceUNIXisdifficulttosecureitmakesitmucheasierifmostoftheuserscannotnavigateusingUNIXcommands.

Theentryinthepasswordfilewithbothoftheseoptionforauserfrankwouldlooklike:

frank:

*:

22:

35:

localuser:

/usr/frank:

/lib/pay:

Theuserisfrank

The*indicatesthatthepasswdfilehasashadoworC2implementation

Theuidis22

Thegidis35

Thedescriptionislocaluser

Thestartupdirectoryis/usr/frank

Thestartupprogramisinthelibdirectoryandisthepayprogramthatwillstartanapplicationmenu

Therearedifferenttypesofshellprograms.Youhavetheoptiononyoursystemstousetheonebestsuitedforyourenvironment.Thetypeofshellprogramsare:

sh=Bourneshell

csh=Cshell

ksh=Kornshell

rsh=Restrictedshell

tsh=Trustedshell

AllofthesedoallowausertointerfacewithUNIXandissuecommands.

Inreviewthen,itisimportanttoensurethatallaccountshaveapassword.Thatthepasswordisstoredinashadowfilethatisreadableonlybyroot.Thatallpasswordsareconstructedwithrulesthatforcesomealphaandnumericcharactersandthatthelengthissufficient.Usersthatdonotneedtouseoperatingsystemcommandsshouldbeplaceddirectlyintoanapplicationmenutoreducetheleveloftraininganderrorsandtohelpsecuretheoverallenvironment.

3.FileLevelPermissionsRisk

UNIXtreatseverythingasafile.Thismeansthatadirectoryisafile,aterminalisafile,adiskisafile,andafileisofcourseafile.WhenafileiscreatedinUNIXaheaderfilecalledaninodeiscreated.Theinodehasmanyentriesofvaluebothfromanoperationalandsecurityaspect.Theinodeisthefileidentifier.Itcontentsareasfollows:

inodenumber

filetype

accessrights

numberofreferencestoafileorifadirectorythenumberofsubdirectories

ownerofthefile

groupthathasaccess

lengthinbytes

pointerstotheactualdatablocks

timeoflastaccess

timeoflastmodification

timeofcreation

filename

Whenyouzeroouttheinodenumberyouhaveeffectivelyremovedanypointerstothephysicaldata.

Thewaythatyoucanidentifyfiletypesisbytheleadingcharacterofthefilelisting.Afilelistingoftheinodeinformationisobtainedbyenteringthefollowingcommand:

#ls-l

Thisisthelistcommandandtheresultsofthecommandlooklikethefollowing:

-r