Protecting Yourself
Although you can encounter any type of programmed threat in a Unix environment, you are more likely to encounter Trojan horses and back doors. In part, this is because writing effective worms and viruses to attack Unix is rather difficult (though these pests can still spread through Unix systems and networks); also, most attackers do not intend outright damage to your system. Instead, they use Trojan horses or back doors to gain (or regain) additional access to your system. If damage is a goal, obtaining superuser access is usually a first step in the process.
Some of the features that give Unix its flexibility and power also enable attackers to craft workable Trojan horse or back door schemes.
In general, attacks come in one of the following forms:
Altering the expected behavior of the shell (command interpreter)
Abusing some form of startup mechanism
Subverting some form of automatic mechanism
Exploiting unexpected interactions
Basically, all of these plans are designed to get a privileged user or account to execute commands that would not normally be executed. For example, one Trojan horse is a program named su that, instead of making you the superuser, sends a copy of the superuser password to an account at another computer.
To protect your system effectively, you need to know how these attacks work. By understanding the methods of attack, you can then be aware of how to prevent them.
An equally important part of protecting yourself is to run a secure system ...
Get Practical UNIX and Internet Security, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.