Chapter 12. Unix Attacks

Unix has long been a favorite target for all sorts of hackers, including the malicious and the simply curious. While the old mainframes running VMS and OS/390 had sophisticated security and auditing features, few of them were exposed to the direct wrath of modern Internet threats. Modern Unix is often attacked by (and falls victim to) new exploits, near-forgotten old exploits, and vulnerabilities resulting from misconfiguration. In this chapter, we delve into the vast realm of local, remote, and denial-of-service Unix attacks.

Local Attacks

In this section, we discuss what an attacker can do if he already has some level of access to your Unix machine. This might happen on a machine with legitimate public shell access (a rare happening nowadays, unless you are at a university) or if an attacker gains the ability to run commands via some network service such as web, email, or FTP servers. It might happen through a bug, a misconfigured server, or a bad design decision on the part of the server programmers (such as a poorly designed web application or CGI script). This section presumes that the attacker already has a foothold on your system and is able to run commands more or less freely.

As we know from Chapter 11, a well-hardened Unix system should effectively resist attackers. Similarly, the system should be configured so that it is even more difficult to gain root privileges if the attacker somehow manages to penetrate the network’s defenses and obtain nonprivileged ...

Get Security Warrior now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.