book

Practical UNIX and Internet Security, 3rd Edition

by Simson Garfinkel, Gene Spafford, Alan Schwartz

February 2003

Intermediate to advanced

986 pages

35h 34m

English

O'Reilly Media, Inc.

Read now

Unlock full access

What This Book IsWhat This Book Is NotThird-Party Security Tools
Versions Covered in This Book“Secure” Versions of Unix
Third EditionSecond EditionFirst Edition

Multics: The Unix PrototypeThe Birth of UnixUnix escapes AT&TUnix goes commercialThe Unix Wars: Why Berkeley 4.2 over System VUnix Wars 2: SVR4 versus OSF/1Free UnixFSF and GNUMinixXinuLinuxNetBSD, FreeBSD, and OpenBSDBusinesses adopt UnixSecond-Generation Commercial Unix SystemsWhat the Future Holds
ExpectationsSoftware QualityAdd-on Functionality Breeds ProblemsThe Failed P1003.1e/2c Unix Security Standard
Types of SecurityTrust
Steps in Risk AssessmentIdentifying assetsIdentifying threatsReview Your Risks
The Cost of LossThe Probability of a LossThe Cost of PreventionAdding Up the NumbersBest PracticesConvincing Management
The Role of PolicyStandardsGuidelinesSome Key Ideas in Developing a Workable PolicyAssign an ownerBe positiveRemember that employees are people tooConcentrate on educationHave authority commensurate with responsibilityBe sure you know your security perimeterPick a basic philosophyDefend in depthRisk Management Means Common Sense
Formulating Your Plan of ActionChoosing a VendorGet a referral and insist on referencesBeware of soup-to-nutsInsist on breadth of backgroundPeople“Reformed” hackersMonitoring ServicesFinal Words on Outsourcing
Keeping SecretsResponsible Disclosure
Unix UsernamesAuthenticating UsersAuthenticating with PasswordsEntering your passwordChanging your passwordVerifying your new passwordChanging another user’s password
Bad Passwords: Open DoorsSmoking JoesGood Passwords: Locked DoorsPassword Synchronization: Using the Same Password on Many MachinesWriting Down Passwords
The /etc/passwd FileThe Unix Encrypted Password SystemThe traditional crypt ( ) algorithmUnix saltcrypt16( ), DES Extended, and Modular Crypt FormatThe shadow password and master password filesOne-Time PasswordsPublic Key Authentication
Using Network Authorization SystemsViewing Accounts in the Network DatabaseNIS and NIS+Kerboros DCENetInfoRADIUSLDAP
The /etc/passwd FileUser Identifiers (UIDs)Groups and Group Identifiers (GIDs)The /etc/group file
What the Superuser Can DoWhat the Superuser Can’t DoAny Username Can Be a SuperuserThe Problem with the Superuser
Real and Effective UIDs with the su CommandSaved IDsOther IDsBecoming the SuperuserUse su with CautionUsing su to Run Commands from ScriptsRestricting suThe su LogThe sulog under SolarisThe sulog under Berkeley UnixThe sulog under Red Hat LinuxFinal cautionsudo: A More Restrictive su
Secure Terminals: Limiting Where the Superuser Can Log InBSD Kernel Security LevelsLinux Capabilities
UFS and the Fast File SystemFile contentsInodesDirectories and linksThe Virtual Filesystem InterfaceCurrent Directory and Paths
Exploring with the ls CommandFile TimesFile PermissionsA file permissions exampleDirectory Permissions
Setting a File’s PermissionsCalculating octal file permissionsUsing octal file permissionsAccess Control Lists
The umask CommandCommon umask Values
Sticky BitsSGID and Sticky Bits on DirectoriesSGID Bit on Files (System V-Derived Unix Only): Mandatory Record LockingProblems with SUIDSUID ScriptsAn example of a SUID attack: IFS and the /usr/lib/preserve holeFinding All of the SUID and SGID FilesThe Solaris ncheck commandTurning Off SUID and SGID in Mounted Filesystems
Unauthorized Device Files
chown: Changing a File’s OwnerOld and new chown behaviorUse chown with cautionchgrp: Changing a File’s Group
Roots of CryptographyCryptography as a Dual-Use TechnologyA Cryptographic ExampleCryptographic Algorithms and Functions
Cryptographic Strength of Symmetric AlgorithmsKey Length with Symmetric Key AlgorithmsCommon Symmetric Key AlgorithmsAttacks on Symmetric Encryption AlgorithmsKey search (brute force) attacksCryptanalysisSystems-based attacks
Uses for Public Key EncryptionEncrypted messagingDigital signaturesAttacks on Public Key AlgorithmsKey search attacksAnalytic attacksKnown versus published methods
Message Digest Algorithms at WorkUses of Message Digest FunctionsHMACAttacks on Message Digest Functions
The Physical Security PlanThe Disaster Recovery PlanOther Contingencies
Protecting Against Environmental DangersFireSmokeDustEarthquakesExplosionsExtreme temperaturesBugs (biological)Electrical noiseLightningVibrationHumidityWaterEnvironmental monitoringPreventing AccidentsFood and drinkControlling Physical AccessRaised floors and dropped ceilingsEntrance through air ductsGlass wallsDefending Against VandalismVentilation holesNetwork cablesNetwork connectorsUtility connectionsDefending Against Acts of War and Terrorism
Understanding Computer TheftLaptops and Portable ComputersLocksTaggingLaptop Recovery Software and ServicesRAM TheftEncryption
EavesdroppingWiretappingEavesdropping over local area networks (Ethernet and twisted pairs)Eavesdropping on 802.11 wireless LANsEavesdropping by radio and using TEMPESTFiber optic cableKeyboard monitorsProtecting BackupsVerify your backupsProtect your backupsSanitizing Media Before DisposalSanitizing Printed MediaProtecting Local StoragePrinter buffersPrinter outputX terminalsFunction keysUnattended TerminalsBuilt-in shell autologoutScreensaversKey Switches
What We FoundFire hazardsPotential for eavesdropping and data theftEasy pickingsPhysical access to critical computersPossibilities for sabotageNothing to Lose?
Intensive InvestigationsRechecks
Initial TrainingOngoing Training and AwarenessPerformance Reviews and MonitoringAuditing AccessLeast Privilege and Separation of Duties
Serial InterfacesThe RS-232 Serial ProtocolOriginate and AnswerBaud and bps
BannersCaller-ID and Automatic Number IdentificationOne-Way Phone LinesProtecting Against EavesdroppingKinds of eavesdroppingEavesdropping countermeasuresManaging Unauthorized Modems with Telephone Scanning and Telephone FirewallsTelephone scanningTelephone firewallsLimitations of scanning and firewalls
Connecting a Modem to Your ComputerSetting Up the Unix DeviceChecking Your ModemOriginate testingAnswer testingPrivilege testingProtection of Modems and Lines
The InternetToday’s InternetWho’s on the Internet?Networking and Unix
Internet AddressesIP networksClassical network addressesCIDR addressesRoutingHostnamesFormat of the hostnameThe /etc/hosts filePackets and ProtocolsICMPTCPUDPClients and ServersName ServiceDNS under UnixOther naming services
Using Encryption to Protect IP Networks from EavesdroppingHardening Against AttacksFirewalls and Physical IsolationImproving AuthenticationAuthentication and DNSAuthentication and email¡April Fools! authentication and NetnewsAdding authentication to TCP/IP with identDecoy Systems
The /etc/services FileCalling getservbyname( )Ports cannot be trustedStarting the ServersStartup on different Unix systemsStartup examplesThe inetd Program
Access Control Lists with TCP WrappersWhat TCP Wrappers doesThe TCP Wrappers configuration languageMaking sense of your TCP Wrappers configuration filesUsing a Host-Based Packet FirewallThe ipfw host-based firewallAn ipfw example
echo and chargen (TCP and UDP Ports 7 and 19)systat (TCP Port 11)FTP: File Transfer Protocol (TCP Ports 20 and 21)Anonymous FTPFTP active modeFTP passive modeSetting up an FTP serverRestricting FTP with the standard Berkeley FTP serverSetting up anonymous FTP with the standard Unix FTP serverAllowing only FTP accessSSH: The Secure Shell (TCP Port 22)Host authentication with SSHClient authentication with SSHTelnet (TCP Port 23)SMTP: Simple Mail Transfer Protocol (TCP Port 25)Configuration filesSecurity concerns with SMTP banners and commandsSMTP relaying and bulk email (a.k.a. spam)Overflowing system mailboxesDelivery to programsOverall security of Berkeley sendmail versus other MTAsTACACS and TACACS+ (UDP Port 49)Domain Name System (DNS) (TCP and UDP Port 53)DNS zone transfersDNS nameserver attacksDNSSECDNS best practicesBOOTP: Bootstrap Protocol, and DHCP: Dynamic Host Configuration Protocol (UDP Ports 67 and 68)TFTP: Trivial File Transfer Protocol (UDP Port 69)finger (TCP Port 79)The .plan and .project filesDisabling fingerHTTP, HTTPS: HyperText Transfer Protocol (TCP Ports 80, 443)POP, POPS: Post Office Protocol, and IMAP, IMAPS: Internet Message Access Protocol (TCP Ports 109, 110, 143, 993, 995)Sun RPC’s portmapper (UDP and TCP Ports 111)Identification Protocol (TCP Port 113)NNTP: Network News Transport Protocol (TCP Port 119)NTP: Network Time Protocol (UDP Port 123)Sudden changes in timeAn NTP exampleSNMP: Simple Network Management Protocol (UDP Ports 161 and 162)rexec (TCP Port 512)rlogin and rsh (TCP Ports 513 and 514)Trusted hosts and usersSpecifying trusted hosts with /etc/hosts.equiv and ~/.rhosts/etc/hosts.lpd fileRIP Routed: Routing Internet Protocol (UDP Port 520)The X Window System (TCP Ports 6000-6063)/etc/logindevpermX securityThe xhost facilityUsing Xauthority magic cookiesTunneling X with SSHRPC rpc.rexd (TCP Port 512)Communicating with MUDs, Internet Relay Chat (IRC), and Instant Messaging
Monitoring Your Host with netstatLimitation of netstat and lsofMonitoring Your Network with tcpdumpNetwork Scanning
Sun’s portmap/rpcbindRPC AuthenticationAUTH_NONEAUTH_UNIXAUTH_DESAUTH_KERB
Secure RPC AuthenticationProving your identityUsing Secure RPC servicesSetting the windowSetting Up Secure RPC with NISCreating passwords for usersCreating passwords for hostsMaking sure Secure RPC support is running on every workstationUsing Secure RPCLimitations of Secure RPC
NIS FundamentalsIncluding or excluding specific accountsImporting accounts without really importing accountsNIS DomainsNIS NetgroupsSetting up netgroupsUsing netgroups to limit the importing of accountsLimitations of NISSpoofing RPCSpoofing NISNIS is confused about “+”Unintended Disclosure of Site Information with NIS
What NIS+ DoesNIS+ Tables and Other ObjectsUsing NIS+Changing your passwordWhen a user’s passwords don’t matchNIS+ Limitations
Kerberos AuthenticationInitial loginUsing the ticket-granting ticketAuthentication, data integrity, and secrecyKerberos 4 versus Kerberos 5Getting KerberosUsing KerberosKerberos Limitations
LDAP: The ProtocolLDAP Integrity and ReliabilityAuthentication with LDAPnss_ldappam_ldapConfiguring Authentication with nss_ldapSetting up the LDAP serverSetting up the LDAP clients
DCESESAME
NFS HistoryFile HandlesThe MOUNT ProtocolThe NFS ProtocolHow NFS creates a reliable filesystem from a best-effort protocolHard, soft, and spongy mountsConnectionless and statelessNFS and rootNFS Version 3
Limiting Client Access: /etc/exports and /etc/dfs/dfstab/etc/exports/usr/etc/exportfsExporting NFS directories under System V: share and dfstabThe showmount Command
Limit Exported and Mounted FilesystemsThe example explainedExport Read-OnlyUse Root OwnershipRemove Group-Write Permission for Files and DirectoriesDo Not Export Server ExecutablesDo Not Export Home DirectoriesDo Not Allow Users to Log into the ServerUse fsirandSet the portmon VariableUse showmount -eUse Secure NFS
Well-Known BugsFor Real Security, Don’t Use NFS
SMB HistoryProtocolsName serviceAuthenticationFile accessConfiguring the Samba ServerSamba Server SecurityConnecting to the serverUser authenticationAuthorizationData integrity and privacySamba Client SecurityImproving Samba Security
The Lesson of the Internet WormAn Empirical Study of the Reliability of Unix UtilitiesWhat he foundWhere’s the beef?
Design PrinciplesCoding StandardsThings to AvoidBefore You Finish
Things to DoThings to Avoid
Unix Pseudorandom Functionsrand( )random( )drand48( ), lrand48( ), and mrand48( )Picking a Random SeedA Good Random Seed Generator
Package-Based SystemsSource-Based SystemsSource code and patchesCVS
Learning About PatchesUpgrading Distributed ApplicationsSensitive Upgrades
The Role of BackupsWhat Should You Back Up?Types of BackupsGuarding Against Media FailureReplace tapes as neededKeep your tape drives cleanVerify the backupHow Long Should You Keep a Backup?Security for BackupsPhysical security for backupsWrite-protect your backupsData security for backupsLegal IssuesDeciding Upon a Backup StrategyIndividual WorkstationBackup planRetention scheduleSmall Network of Workstations and a ServerBackup planRetention scheduleLarge Service-Based Network with Small BudgetBackup planRetention scheduleLarge Service-Based Networks with Large BudgetBackup planRetention schedule
Which Files to Back Up?Building an Automatic Backup System
Simple Local CopiesSimple ArchivesSpecialized Backup ProgramsNetwork Backup SystemsEncrypting Your Backups
Accounts Without PasswordsDefault AccountsThe superuser accountOther accountsAccounts That Run a Single CommandOpen AccountsRestricted shellsHow to set up a restricted account with rshPotential problems with restricted shellsRestricted Filesystem with the chroot( ) JailSetting up the chroot( ) environmentLimiting network serversLimiting usersChecking new softwareGroup Accounts
Disabling an Account by Changing the Account’s PasswordChanging the Account’s Login ShellFinding Dormant Accounts
Secure TerminalsThe wheel GroupThe sudo ProgramTrusted Path and Trusted Computing BaseTrusted pathTrusted computing base
Integrating One-Time Passwords with UnixToken CardsCodebooks
Assigning Passwords to UsersConstraining PasswordsPassword GeneratorsShadow Password FilesPassword Aging and ExpirationCracking Your Own PasswordsJoetest: a simple password crackerThe dilemma of password crackersAlgorithm and Library ChangesAccount Names Revisited: Using Aliases for Increased Security
Immutable and Append-Only FilesThe chflags commandKernel security levelRead-Only Filesystems
The Achilles Heel of Integrity Management SystemsComparison CopiesLocal copiesRemote copiesrdistChecklists and MetadataSimple listingAncestor directoriesChecksums and Signatures
BSD’s mtree and Periodic Security ScansPackaging ToolsIntegrity checking with RPM under LinuxIntegrity checking with the BSD pkg_info commandTripwireBuilding TripwireRunning Tripwire
Essential Log FilesUnix syslogThe syslog messageThe syslog.conf configuration fileUsing syslog in a networked environmentIncorporating syslog into your own programsBeware false syslog log entriesRotating Logs with newsyslogSwatch: A Log File Analysis ToolRunning SwatchThe Swatch configuration filelastlog Fileutmp and wtmp FilesExamining the utmp and wtmp filesThe su command and the utmp and wtmp fileslast programPruning the wtmp fileloginlog File
Accounting with System VAccounting with BSD and Linuxmessages Log File
aculog Log Filesulog Log Filexferlog Log Fileaccess_log Log FileLogging Network ServicesOther Logs
Where to LogLogging to a printerLogging across the networkLogging everything everywhere
Per-Site LogsException and activity reportsInformational materialPer-Machine LogsException and activity reportsInformational material
Shell HistoryMailcronNetwork Setup
Rule #1: Don’t PanicRule #2: DocumentRule #3: Plan Ahead
Catching One in the ActMonitoring commandsOther tip-offsWhat to Do When You Catch SomebodyContacting the IntruderMonitoring the IntruderTracing a ConnectionHow to Contact the System Administrator of a Computer You Don’t KnowLooking up information by domainLooking up information by IP addressContacting a site’s ISPAlternative contact strategiesGetting Rid of the Intruder
Analyzing the Log FilesPreserving the EvidenceAssessing the DamageNew accountsChanges in file contentsChanges in file and directory protectionsNew SUID and SGID filesChanges in .rhosts filesChanges to .ssh/authorized_keys filesChanges to the /etc/hosts.equiv fileChanges to startup filesHidden files and directoriesUnowned filesNew network servicesNever Trust Anything Except HardcopyResuming OperationDamage Control
RootkitWarezThe follow-upfaxsurvey
Security Scanners and Other ToolsBack Doors and Trap DoorsLogic BombsTrojan HorsesTrojan horses in mobile codeTerminal-based Trojan horsesAvoiding Trojan horsesVirusesWormsBacteria and Rabbits
Shell FeaturesPATH attacksIFS attacks$HOME attacksFilename attacksStartup File Attacks.login, .profile, /etc/profile.cshrc, .kshrc, .tcshrc.emacs.exrc, .nexrc.forward, .procmailrcOther filesOther initializationsAbusing Automatic Mechanismscrontab entriesinetd.conf/etc/mail/aliases, aliases.dir, aliases.pag, and aliases.dbThe at programSystem initialization filesOther filesIssues with NFS
File ProtectionsWorld-writable user files and directoriesWritable system files and directoriesGroup-writable filesWorld-readable backup devicesShared Libraries
Process and CPU Overload ProblemsToo many processesRecovering from too many processes“No more processes”Safely halting the systemCPU overload attacksSwap Space ProblemsSwapping to filesDisk AttacksDisk-full attacksquot commandinode problemsUsing partitions to protect your usersUsing quotasReserved spaceHidden spaceTree structure attacks/tmp ProblemsSoft Process Limits: Preventing Accidental Denial of Service
Service OverloadingMessage FloodingSignal Grounding and JammingClogging (SYN Flood Attacks)Ping of Death and Other Malformed Traffic Attacks
Filing a Criminal ComplaintChoosing jurisdictionLocal jurisdictionFederal jurisdictionFederal Computer Crime LawsHazards of Criminal ProsecutionThe Responsibility to Report Crime
Access Devices and Copyrighted SoftwarePornography, Indecency, and ObscenityAmateur ActionCommunications Decency ActMandatory blockingChild pornographyCopyrighted WorksCryptographic Programs and Export Controls
Harry’s CompilerTrusting TrustWhat the Superuser Can and Cannot Do
Hardware BugsViruses on the Distribution DiskBuggy SoftwareHacker ChallengesSecurity Bugs That Never Get FixedNetwork Providers That Network Too Well
Your Employees?Your System Administrator?Your Vendor?Your Consultants?Response Personnel?
Processes and ProgramsThe ps CommandListing processes with Solaris and other Unix systems derived from System VListing processes with versions of Unix derived from BSD, including LinuxProcess PropertiesProcess identification numbers (PIDs)Process real and effective UIDsProcess priority and nicenessProcess groups and sessionsCreating Processes
Unix Signals and the kill CommandKilling Multiple Processes at the Same TimeCatching SignalsKilling Rogue or Questionable Processes
gdb: Controlling a Processgcore: Dumping Corelsof: Examining a Process/proc: Examining a Process Directlypstree: Viewing the Process Tree
Process #1: /etc/initLogging InRunning the User’s Shell
Computer Crime and LawComputer-Related RisksComputer Viruses and Programmed ThreatsCryptography BooksCryptography Papers and Other PublicationsGeneral Computer SecurityNetwork Technology and SecuritySecurity Products and Services InformationUnderstanding the Computer Security “Culture”Unix Programming and System AdministrationMiscellaneous ReferencesSecurity Periodicals
Response Teams and VendorsA Big Problem with Mailing ListsMajor Mailing ListsBugtraqCERT-advisoryComputer underground digestFirewallsFirewall-WizardsRISKSSANS Security Alert Consensus
CIACCERIASFIRSTNIST CSRCInsecure.orgNIH
chrootuidCOPS (Computer Oracle and Password System)ISS (Internet Security Scanner)KerberosnmapNessusOpenSSHOpenSSLportmapportsentrySATANSnortSwatchTCP WrappersTigertrimlogTripwirewuarchive ftpd
Association for Computing Machinery (ACM)American Society for Industrial Security (ASIS)Computer Security Institute (CSI)Electronic Frontier Foundation (EFF)Electronic Privacy Information Center (EPIC)High Technology Crimes Investigation Association (HTCIA)Information Systems Security Association (ISSA)International Information Systems Security Certification Consortium, Inc.The Internet SocietyIEEE Computer SocietyIFIP, Technical Committee 11Systems Administration and Network Security (SANS)USENIX/SAGE
National Institute of Standards and Technology (NIST)National Security Agency (NSA)
Department of Justice (DOJ)Federal Bureau of Investigation (FBI)U.S. Secret Service (USSS)Forum of Incident and Response Security Teams (FIRST)Computer Emergency Response Team Coordination Center (CERT/CC)

Content preview from Practical UNIX and Internet Security, 3rd Edition

How Unix Implements Passwords

This section describes how passwords are implemented inside the Unix operating system for both locally administered and network-based systems.

The /etc/passwd File

Traditionally, Unix uses the /etc/passwd file to keep track of every user on the system. The /etc/passwd file contains the username, real name, identification information, and basic account information for each user. Each line in the file contains a database record; the record fields are separated by a colon (:).

You can use the cat command to display your system’s /etc/passwd file. Here are a few sample lines from a typical file:

root:x:0:1:System Operator:/:/bin/ksh
daemon:x:1:1::/tmp:
uucp:x:4:4::/var/spool/uucppublic:/usr/lib/uucp/uucico
rachel:x:181:100:Rachel Cohen:/u/rachel:/bin/ksh
arlin:x.:182:100:Arlin Steinberg:/u/arlin:/bin/csh

The first three accounts, root, daemon, and uucp, are system accounts, while rachel and arlin are accounts for individual users.

The individual fields of the /etc/passwd file have fairly straightforward meanings. Table 4-1 explains a sample line from the file shown above.

Table 4-1. Example /etc/passwd fields

Field	Contents
rachel	Username.
x	Holding place for the user’s “encrypted password.” Traditionally, this field actually stored the user’s encrypted password. Modern Unix systems store encrypted passwords in a separate file (the shadow password file) that can be accessed only by privileged users.
181	User’s user identification number (UID).
100 ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

UNIX and Linux System Administration Handbook, 5th Edition

Publisher Resources

ISBN: 0596003234Supplemental Content Errata Page

Practical UNIX and Internet Security, 3rd Edition

by Simson Garfinkel, Gene Spafford, Alan Schwartz

How Unix Implements Passwords

The /etc/passwd File

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

UNIX and Linux System Administration Handbook, 5th Edition

Mastering Linux Security and Hardening - Second Edition

Practical Linux System Administration

Mastering Linux Security and Hardening - Third Edition

Publisher Resources