SlideShare uma empresa Scribd logo
1 de 43
Baixar para ler offline
1
© Network Intelligence India Pvt. Ltd.
Linux Security & Auditing
2
© Network Intelligence India Pvt. Ltd.
Agenda
History of Linux
Linux Distributions
Business drivers for Linux
Linux Architecture
Physical Security
Operating System Security
Network Security
File System Security
User and Group Security
Application Security
Linux Security Tools
3
© Network Intelligence India Pvt. Ltd.
History of Linux
Linus Benedict Torvalds writes an open-source
operating system in 1991
Primary purpose is as a research project
At that time, no other open-source Unix
flavors available. All are proprietary and costly.
Linux became hugely popular among the
student and research community
Today it is a viable alternative for enterprise
applications.
4
© Network Intelligence India Pvt. Ltd.
Linux – Business Drivers
IBM sold $759 million worth of Linux servers in
2001 (Dataquest)
Total Linux server market estimated at
$4billion and growing rapidly
Oracle, Sun, HP, IBM, Novell, and other major
vendors all actively support Linux
Open-source – implies:
 Cheaper cost of acquisition
 Possibility of greater security
 More flexibility in choosing components and
configuring them
5
© Network Intelligence India Pvt. Ltd.
Linux – Distributions
The Linux kernel and associated utilities are packaged
and distributed by a number of firms:
 Red Hat
 Mandrake
 Debian
 SuSE
Changes:
 Most free distributions are no longer ‘free’
 Red Hat has stopped after Fedora
 Mandrake requires payment for security patches
 SUSE has been bought over by Novell
 Debian, Slackware still free
6
© Network Intelligence India Pvt. Ltd.
Linux Attack
Portscanner
 Identifies open ports
 Identifies running services
 Identifies Operating System
Vulnerability Scanner
 Identifies versions and vendor of services
 Determines vulnerabilities in those
Vulnerability Databases
 www.SecurityFocus.com/bid
 Feed in vendor, software and version number
 Check the vulnerabilities and see if any exploits available
Portscan Report – Superscan
Portscan Report - Nmap
7
© Network Intelligence India Pvt. Ltd.
LINUX SECURITY
8
© Network Intelligence India Pvt. Ltd.
Linux Architecture
Linux Kernel – the actual code that
interfaces between user applications and
hardware resources
Hardware controllers – used by the kernel
to interact with hardware
Operating System Services – software
other than the kernel that are considered part
of the OS: X Windows system, command shell
User Applications – software other than
kernel and services: text editors, browsers,
etc.
9
© Network Intelligence India Pvt. Ltd.
Diagrammatically (GNU-LINUX)
KERNEL – LINUX
User Applications
(GNU)
OS Services
(Apache, Sendmail, etc.)
Hardware Controllers
Hardware – CPU, HDD, Keyboard, Mouse, Monitor, RAM
10
© Network Intelligence India Pvt. Ltd.
Key points about Linux Kernel
It is separately distributed from user
applications and other software
Uses modules, which can be dynamically
loaded
For instance, support for FAT32 need not be
fixed, but can be added dynamically
Kernel can be completely recompiled and
unnecessary components can be removed –
unlike Windows
Kernel has had buffer overflow vulnerabilities
being discovered in it – very critical
11
© Network Intelligence India Pvt. Ltd.
Kernel Security
One of the most important ways to keep Linux
secure is to ensure a patched kernel
Check your kernel version
 uname –a
Third-party kernel patches for enhanced
security:
 Linux Intrusion Detection System – for ensuring
integrity of critical files
 Secure Linux Patch – prevent common buffer
overflows, and simple security measures
 International Kernel Patch – kernel-level strong
encryption to be built-in
12
© Network Intelligence India Pvt. Ltd.
Click and run Security
Bastille Linux
 Available for popular Linux flavors
 www.Bastille-linux.org
 You’ll also need Perl-Tk
 Creates a set of security measures through a GUI
 Most of the implemented changes can be undone
 Must be first run on ‘test’ systems
Demo
13
© Network Intelligence India Pvt. Ltd.
Bastille-Linux snapshot
14
© Network Intelligence India Pvt. Ltd.
Boot Security
Boot configuration is decided by LILO (Linux
Loader) or GRUB (Grand Unified Boot Loader)
Check that only one OS is configured to load
If required ensure there is an entry for
password= in lilo.conf
Also, ensure permissions are 600
Demo
15
© Network Intelligence India Pvt. Ltd.
Operating System Security
Check processes
 top –n 1 –b
 ps- aux
Check installed software
 rpm –q –a
 RPM = Red Hat Package Manager = installer packages for
software on RH systems
 Look out for unnecessary packages
 Also ensure latest versions of packages are installed –
especially those that are used by lower-privileged users:
httpd, openssh, kernel, sendmail, etc.
 rpm –q –a | grep kernel
16
© Network Intelligence India Pvt. Ltd.
Cron and At
Cron is used to schedule regular jobs.
At is used to schedule one time job in the
future
Both can be misused to install time-bombs on
the system, which may suddenly cause the
system to malfunction
Can be restricted using files /etc/cron.allow,
cron.deny, at.allow and at.deny
 DEMO
 cron.allow contains root
 cron.deny contains ALL
17
© Network Intelligence India Pvt. Ltd.
Linux Auditing
Linux auditing is done using syslogd
Configuration file is /etc/syslog.conf
Format is:
Facility.Priority Action to be taken
Facility – the application/program that is generating
the logs
Priority – Emerg, alert, crit, err, warning, notice, info,
debug, none
Action – send it to a file, send it to console, send it via
email, send it to another system (loghost)
Segregation of responsibilities – send logs to another
system, where the security administrator has control
18
© Network Intelligence India Pvt. Ltd.
Linux Auditing – important commands
Recent logins
 last
Last login time for all users (dormant users)
 lastlog
Last failed logins (requires to create /var/log/btmp
file)
 lastb
Security related events
 /var/log/secure
Tools for Log Analysis
 Swatch – real-time monitoring of logs
 Logsentry
 Logwatch
19
© Network Intelligence India Pvt. Ltd.
Tools for testing
COPS
 Computer Oracle and Password System
 Outdated
 Checks for common mis-configurations, weak
passwords, insecure permissions, etc.
TIGER
 Similar to COPS, but more comprehensive
 Also not recently updated
TARA
 Most updated and recent version of TIGER
 Runs using shell scripts or preferably Perl
20
© Network Intelligence India Pvt. Ltd.
Network Security
Services are started by /etc/rc.d scripts and
xinetd
 chkconfig --list
 chkconfig levels {numbers} {service} on|off
Xinetd services are configured by individual
files in /etc/xinetd.d/
Open network connections
 netstat –antp
 Use the –p option to see which processes are
responsible for which open ports
 Also lsof can be used
21
© Network Intelligence India Pvt. Ltd.
Network Services
Possibly not required:
 NFS and related services: autofs, nfs, nfsserver,
nfslock
 Unused networking services: routed, gated, ratvf,
snmpd, named, dhcpd, dhclient, dhrelay, nscd, smb
 Mail Services: Sendmail, postfix
 Optional network and local services: atd, ldap,
kudzu, rhnsd, ypbind, apache, quota, quotad,
myself, etc.
 Printing services: lpr, cups, lprng
22
© Network Intelligence India Pvt. Ltd.
Xinetd
Logic change from earlier inetd.conf file
Builds in controls similar to TCPWrappers and
more:
 Access_control: which hosts are allowed to connect
and at what times
 Logging: which data gets logged
 Resource utilization: limits on maximum
connections supported, CPU usage, etc.
 Others
23
© Network Intelligence India Pvt. Ltd.
Trusted Hosts
Entries in /etc/hosts.equiv and /etc/hosts.lpd
are critical
They allow users from those hosts to connect
without supplying a password!
Also, users can create .rhosts and .netrc files
in their home directories, which function
similarly. Find these as well
24
© Network Intelligence India Pvt. Ltd.
Telnet and FTP vs. SSH
Telnet and FTP are plain-text protocols
Should be replaced by SSH
Any inside user can sniff the traffic, even on
switched networks with relative ease
SSH uses encryption to provide services
equivalent to Telnet and FTP
Configuration is in /etc/sshd/sshd_config
SSH clients are available for free – putty for
Windows
25
© Network Intelligence India Pvt. Ltd.
User and Group Security
User accounts are created in /etc/passwd
Hashed passwords, password and account
lockout policies are in /etc/shadow
Password and account lockout policies can be
set during account creation, or with the chage
command:
 Minimum password age
 Maximum password age
 Expiry warning time
 Inactive time after which account is locked out
 Some future data when account will be locked out
26
© Network Intelligence India Pvt. Ltd.
Checks for these files
No dormant or generic accounts present
Accounts of separated users not present
All system (non-user) accounts have /bin/false for the
shell
All system accounts have *NP* or *LK* in their
password fields in /etc/shadow
SOP exists for verifying validity of accounts in these
files
Every account in passwd has a corresponding entry in
shadow
Only one line contains 0 in the uid field in the passwd
file
27
© Network Intelligence India Pvt. Ltd.
Password and Account Lockout
Other stronger policies require use of PAM –
Pluggable Authentication Modules
PAM Allows the following to be set
 Minimum password length
 No dictionary words
 No part of username in the password
 Number of alphanumeric and punctuation
characters to be present
PAM is configured in the /etc/pam.d folder
DEMO – change of password for user auditor
28
© Network Intelligence India Pvt. Ltd.
Password Strength Verification
Also known as Password Cracking
Use ‘Crack’ from
http://www.users.dircon.co.uk/~crypto/downl
oad/c50-faq.html
Works on almost all Unix platforms, and is
very fast
Also viable password cracker is John the
Ripper
Set these tools running for a day or two and
ferret out all weak passwords
29
© Network Intelligence India Pvt. Ltd.
Root Security
No user must login directly as ‘root’
Administrators must login with their own accounts,
and then use ‘su’ to become root.
This ensures accountability
Viable alternative is the ‘sudo’ utility, which allows:
 Listing of privileged accounts
 Actions that can be taken by these accounts
 Download from http://www.courtesan.com/sudo/intro.html
 Time out of logged in user, so he has to re-authenticate in
order to use ‘sudo’
30
© Network Intelligence India Pvt. Ltd.
File System Security
Unix Permissions are applicable to three
entities:
 Owner of the file (everything in Unix is a file)
 Group owner of file
 Everyone else
Three main permissions apply, with numeric
representations
 Read = 4
 Write = 2
 Execute = 1
31
© Network Intelligence India Pvt. Ltd.
Unix Permissions
Permissions are visible in the ls –l output:
 Example
First character identified type of file
 D = directory
 - = file
 S = socket
 L = link (shortcut)
 P = pipe
Next three identify read, write and execute
for owner, next three identify for group, and
last three for everyone else
32
© Network Intelligence India Pvt. Ltd.
Unix Permissions
These letters are added up:
For instances:
- rw- r-- r--
It’s a file
Owner can Read (4) and Write (2)
Group can Read (4)
Everyone else can Read (4)
So permissions on this file are 644
Conversely permissions, like 700 represent
-rwx --- ---
33
© Network Intelligence India Pvt. Ltd.
Other File Security Measures
Permissions of a new files are determined by the value
umask
Advanced Windows-like Access Control Lists can also
be created on Linux using the linux-acl package
Disk usage can be periodically verified with the
 df- k command
SUID and SGID files are executables that can be
executed by anyone, but they execute with privileges
of owner (usually root) or group – very critical checks!
find / -perm –4000
find / -perm –2000
34
© Network Intelligence India Pvt. Ltd.
File Integrity
File Integrity can be verified:
Size and timestamp – can be modified to fool
the auditor
MD5 hashes – secured method, but tedious
File Integrity Software:
 Must be used immediately after the installation
 Create a database of MD5 hashes of all critical files
 Monitor changes to these files and send alerts
 Tripwire – commercial, scalable, central console
 AIDE – open-source, reasonably enterprise-level
35
© Network Intelligence India Pvt. Ltd.
Application Security
Linux systems can be used as
 File Servers – Samba – Windows-compatible file
server
 Print Servers –lpd, cups, etc.
 Mail Server – Sendmail (historically insecure),
Qmail, Postfix
 VPN Server – FreeS/WAN
 Databases – PostgreSQL, MySQL (free), Oracle,
Sybase, DB2 (commercial)
 DNS Servers – BIND
 LDAP Servers
 Time Servers
36
© Network Intelligence India Pvt. Ltd.
Application Security – Web Servers
The Apache web server is an open-source,
stable, robust and scalable solution with 64%
market share
Apache is usually configured to run with lower-
privileged account ‘apache’ or ‘nobody’
Installation location is referred to as
$ServerRoot, and web site contents are
located at $DocumentRoot
Configuration file is at $ServerRoot/httpd.conf
Configuration is done with the help of
‘Directives’
37
© Network Intelligence India Pvt. Ltd.
Important Directives
Directory: access control based on source IP address
or domain name for various files and folders of the
website, using Allow and Deny keywords
Also, within this directive, various options can be set.
Recommended to set Options None
Denial of Service and Buffer Overflow attacks can be
prevented by LimitRequest* and Rlimit* directives
CGI security is most important, to ensure scripts
cannot be misused for compromising the server
Apache uses various modules for added functionality.
These must be reduced to a minimum
Banner of Apache must be changed
Apache must be run in ‘chroot’ environment
38
© Network Intelligence India Pvt. Ltd.
Linux Security Software
Linux Firewall:
 IPTables (new version of IPChains)
 Scalable
 Cost-effective
 Robust
Linux IDS
 Snort
 Scalable
 Robust
 Slight learning curve – Demo
IPCop – Bootable CD version of firewall and IDS
39
© Network Intelligence India Pvt. Ltd.
Security Testing Software
Nmap
 Most popular security tool
 Port scanner
 Detects Operating System also
 Can run in very stealth mode
 Demo
Nessus
 Vulnerability Assessment software
 Client-Server mode, server only in Unix
 Uses Plugins for tests
40
© Network Intelligence India Pvt. Ltd.
Conclusion
Linux is not secure in default configuration
Security can be added to a very high level, but must
be balanced with functionality
The correct Linux distribution must be chosen, and
minimum installation done
Patches must be diligently applied
Syslog logs must be exported and analyzed
periodically
Network Services must be kept to a minimum
User and groups must be periodically audited
File/folder access control lists must be set
File Integrity software may be used in high-security
installations
Application-specific security measures are also a must
41
© Network Intelligence India Pvt. Ltd.
References
The Unix Auditor’s Practical Handbook –
K. K. Mookhey
http://www.nii.co.in/research/papers.html
Practical Unix and Internet Security –
Simson Garfinkel and Gene Spafford
Linux Security Benchmark -
http://www.cisecurity.org/
Linux Security and Controls – ISACA & K.
K. Mookhey – to be available at ISACA
bookstore in 2nd quarter
42
© Network Intelligence India Pvt. Ltd.
About NetIntel
IT Security Consultancy Firm
Penetration Testing
Security Auditing
Security Training – Unix, Windows,
Databases, Ethical Hacking, Intrusion
Detection, etc.
BS7799 Consultancy
Application Security Audit
Business Continuity Management
Security Implementation & Design
43
© Network Intelligence India Pvt. Ltd.
THANK YOU

Mais conteúdo relacionado

Mais procurados

How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?Michael Boelen
 
File System Implementation & Linux Security
File System Implementation & Linux SecurityFile System Implementation & Linux Security
File System Implementation & Linux SecurityGeo Marian
 
Unix Security
Unix SecurityUnix Security
Unix Securityreplay21
 
Linux security introduction
Linux security introduction Linux security introduction
Linux security introduction Mohamed Gad
 
Linux Security Overview
Linux Security OverviewLinux Security Overview
Linux Security OverviewKernel TLV
 
Security, Hack1ng and Hardening on Linux - an Overview
Security, Hack1ng and Hardening on Linux - an OverviewSecurity, Hack1ng and Hardening on Linux - an Overview
Security, Hack1ng and Hardening on Linux - an OverviewKaiwan Billimoria
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking   Chapter 7 - Enumeration - Eric VanderburgEthical hacking   Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEric Vanderburg
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Ch 6: Enumeration
Ch 6: EnumerationCh 6: Enumeration
Ch 6: EnumerationSam Bowne
 
MR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinuxMR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinuxFFRI, Inc.
 
Inside Out Hacking - Bypassing Firewall
Inside Out Hacking - Bypassing FirewallInside Out Hacking - Bypassing Firewall
Inside Out Hacking - Bypassing Firewallamiable_indian
 
Nessus v6 command_line_reference
Nessus v6 command_line_referenceNessus v6 command_line_reference
Nessus v6 command_line_referenceCraig Cannon
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linuxmariuszantal
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverGregory Hanis
 
SELinux for Everyday Users
SELinux for Everyday UsersSELinux for Everyday Users
SELinux for Everyday UsersPaulWay
 
The SElinux Notebook :the foundations - Vol 1
The SElinux Notebook :the foundations - Vol 1The SElinux Notebook :the foundations - Vol 1
The SElinux Notebook :the foundations - Vol 1Eliel Prado
 

Mais procurados (20)

Essential security for linux servers
Essential security for linux serversEssential security for linux servers
Essential security for linux servers
 
How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?How Many Linux Security Layers Are Enough?
How Many Linux Security Layers Are Enough?
 
File System Implementation & Linux Security
File System Implementation & Linux SecurityFile System Implementation & Linux Security
File System Implementation & Linux Security
 
Unix Security
Unix SecurityUnix Security
Unix Security
 
Linux security introduction
Linux security introduction Linux security introduction
Linux security introduction
 
Linux Security Overview
Linux Security OverviewLinux Security Overview
Linux Security Overview
 
Linux security-fosster-09
Linux security-fosster-09Linux security-fosster-09
Linux security-fosster-09
 
Security, Hack1ng and Hardening on Linux - an Overview
Security, Hack1ng and Hardening on Linux - an OverviewSecurity, Hack1ng and Hardening on Linux - an Overview
Security, Hack1ng and Hardening on Linux - an Overview
 
SELinux Basic Usage
SELinux Basic UsageSELinux Basic Usage
SELinux Basic Usage
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking   Chapter 7 - Enumeration - Eric VanderburgEthical hacking   Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
 
Windows Security Crash Course
Windows Security Crash CourseWindows Security Crash Course
Windows Security Crash Course
 
Ch 6: Enumeration
Ch 6: EnumerationCh 6: Enumeration
Ch 6: Enumeration
 
MR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinuxMR201406 A Re-introduction to SELinux
MR201406 A Re-introduction to SELinux
 
Inside Out Hacking - Bypassing Firewall
Inside Out Hacking - Bypassing FirewallInside Out Hacking - Bypassing Firewall
Inside Out Hacking - Bypassing Firewall
 
Nessus v6 command_line_reference
Nessus v6 command_line_referenceNessus v6 command_line_reference
Nessus v6 command_line_reference
 
BackTrack5 - Linux
BackTrack5 - LinuxBackTrack5 - Linux
BackTrack5 - Linux
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live Forever
 
SELinux for Everyday Users
SELinux for Everyday UsersSELinux for Everyday Users
SELinux for Everyday Users
 
The SElinux Notebook :the foundations - Vol 1
The SElinux Notebook :the foundations - Vol 1The SElinux Notebook :the foundations - Vol 1
The SElinux Notebook :the foundations - Vol 1
 

Destaque

linux security: interact with linux
linux security: interact with linuxlinux security: interact with linux
linux security: interact with linuxAmmar WK
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsAnne Nicolas
 
Linux Security Scanning with Lynis
Linux Security Scanning with LynisLinux Security Scanning with Lynis
Linux Security Scanning with LynisMichael Boelen
 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloudDobrica Pavlinušić
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for DevelopersMichael Boelen
 
Linux Security, from Concept to Tooling
Linux Security, from Concept to ToolingLinux Security, from Concept to Tooling
Linux Security, from Concept to ToolingMichael Boelen
 
Securing Your Linux System
Securing Your Linux SystemSecuring Your Linux System
Securing Your Linux SystemNovell
 
What's New with Linux on System z
What's New with Linux on System zWhat's New with Linux on System z
What's New with Linux on System zNovell
 
WordPress Security Hardening
WordPress Security HardeningWordPress Security Hardening
WordPress Security HardeningTimothy Wood
 
Getting started with GrSecurity
Getting started with GrSecurityGetting started with GrSecurity
Getting started with GrSecurityFrancesco Pira
 
LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...
LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...
LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...The Linux Foundation
 
Hardening Linux Server Security
Hardening Linux Server SecurityHardening Linux Server Security
Hardening Linux Server SecurityIlham Kurniawan
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server HardeningMyOwn Telco
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...Vincent Giersch
 

Destaque (17)

linux security: interact with linux
linux security: interact with linuxlinux security: interact with linux
linux security: interact with linux
 
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal conceptsKernel Recipes 2013 - Linux Security Modules: different formal concepts
Kernel Recipes 2013 - Linux Security Modules: different formal concepts
 
Linux Security Myth
Linux Security MythLinux Security Myth
Linux Security Myth
 
Linux Security Scanning with Lynis
Linux Security Scanning with LynisLinux Security Scanning with Lynis
Linux Security Scanning with Lynis
 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloud
 
Linux Security for Developers
Linux Security for DevelopersLinux Security for Developers
Linux Security for Developers
 
Linux Hardening
Linux HardeningLinux Hardening
Linux Hardening
 
Linux Security, from Concept to Tooling
Linux Security, from Concept to ToolingLinux Security, from Concept to Tooling
Linux Security, from Concept to Tooling
 
Securing Your Linux System
Securing Your Linux SystemSecuring Your Linux System
Securing Your Linux System
 
What's New with Linux on System z
What's New with Linux on System zWhat's New with Linux on System z
What's New with Linux on System z
 
WordPress Security Hardening
WordPress Security HardeningWordPress Security Hardening
WordPress Security Hardening
 
Getting started with GrSecurity
Getting started with GrSecurityGetting started with GrSecurity
Getting started with GrSecurity
 
LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...
LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...
LCNA14: Security in the Cloud: Containers, KVM, and Xen - George Dunlap, Citr...
 
Hardening Linux Server Security
Hardening Linux Server SecurityHardening Linux Server Security
Hardening Linux Server Security
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server Hardening
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
 

Semelhante a Linux Security

It04 roshan basnet
It04 roshan basnetIt04 roshan basnet
It04 roshan basnetrosu555
 
Automotive Grade Linux and systemd
Automotive Grade Linux and systemdAutomotive Grade Linux and systemd
Automotive Grade Linux and systemdAlison Chaiken
 
Differences Between Operating Systems And Software And...
Differences Between Operating Systems And Software And...Differences Between Operating Systems And Software And...
Differences Between Operating Systems And Software And...Mary Gregory
 
Linux operating system ppt
Linux operating system pptLinux operating system ppt
Linux operating system pptAchyut Sinha
 
Red Hat Linux 5 Hardening Tips - National Security Agency
Red Hat Linux 5 Hardening Tips - National Security AgencyRed Hat Linux 5 Hardening Tips - National Security Agency
Red Hat Linux 5 Hardening Tips - National Security Agencysanchetanparmar
 
Software update for embedded systems
Software update for embedded systemsSoftware update for embedded systems
Software update for embedded systemsSZ Lin
 
outpass system
outpass systemoutpass system
outpass systemDhivakar K
 
Advance linux presentation_0702011
Advance linux presentation_0702011Advance linux presentation_0702011
Advance linux presentation_0702011Aravindan Arun
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System zShawn Wells
 
Linux Containers and Docker SHARE.ORG Seattle 2015
Linux Containers and Docker SHARE.ORG Seattle 2015Linux Containers and Docker SHARE.ORG Seattle 2015
Linux Containers and Docker SHARE.ORG Seattle 2015Filipe Miranda
 
Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxGiuseppe Paterno'
 
IS3440 Unit 2 Discussion
IS3440 Unit 2 DiscussionIS3440 Unit 2 Discussion
IS3440 Unit 2 DiscussionSharon Price
 
File System And Configuration File Essay
File System And Configuration File EssayFile System And Configuration File Essay
File System And Configuration File EssayKimberly Reyes
 
Linux sever building
Linux sever buildingLinux sever building
Linux sever buildingEdmond Yu
 

Semelhante a Linux Security (20)

linux
linuxlinux
linux
 
It04 roshan basnet
It04 roshan basnetIt04 roshan basnet
It04 roshan basnet
 
Ceh v5 module 18 linux hacking
Ceh v5 module 18 linux hackingCeh v5 module 18 linux hacking
Ceh v5 module 18 linux hacking
 
cibers
ciberscibers
cibers
 
Expo ciberseguridad
Expo ciberseguridadExpo ciberseguridad
Expo ciberseguridad
 
Presentation on linux
Presentation on linuxPresentation on linux
Presentation on linux
 
Automotive Grade Linux and systemd
Automotive Grade Linux and systemdAutomotive Grade Linux and systemd
Automotive Grade Linux and systemd
 
Differences Between Operating Systems And Software And...
Differences Between Operating Systems And Software And...Differences Between Operating Systems And Software And...
Differences Between Operating Systems And Software And...
 
Linux operating system ppt
Linux operating system pptLinux operating system ppt
Linux operating system ppt
 
Red Hat Linux 5 Hardening Tips - National Security Agency
Red Hat Linux 5 Hardening Tips - National Security AgencyRed Hat Linux 5 Hardening Tips - National Security Agency
Red Hat Linux 5 Hardening Tips - National Security Agency
 
Software update for embedded systems
Software update for embedded systemsSoftware update for embedded systems
Software update for embedded systems
 
outpass system
outpass systemoutpass system
outpass system
 
Advance linux presentation_0702011
Advance linux presentation_0702011Advance linux presentation_0702011
Advance linux presentation_0702011
 
Basic orientation to Linux
Basic orientation to LinuxBasic orientation to Linux
Basic orientation to Linux
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
 
Linux Containers and Docker SHARE.ORG Seattle 2015
Linux Containers and Docker SHARE.ORG Seattle 2015Linux Containers and Docker SHARE.ORG Seattle 2015
Linux Containers and Docker SHARE.ORG Seattle 2015
 
Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise Linux
 
IS3440 Unit 2 Discussion
IS3440 Unit 2 DiscussionIS3440 Unit 2 Discussion
IS3440 Unit 2 Discussion
 
File System And Configuration File Essay
File System And Configuration File EssayFile System And Configuration File Essay
File System And Configuration File Essay
 
Linux sever building
Linux sever buildingLinux sever building
Linux sever building
 

Mais de nayakslideshare (20)

Mips 64
Mips 64Mips 64
Mips 64
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Spyware
SpywareSpyware
Spyware
 
Digital Signature
Digital SignatureDigital Signature
Digital Signature
 
Gis
GisGis
Gis
 
Lcd
LcdLcd
Lcd
 
Hyper Threading Technology
Hyper Threading TechnologyHyper Threading Technology
Hyper Threading Technology
 
Intro To Hacking
Intro To HackingIntro To Hacking
Intro To Hacking
 
Quantum Teleportation
Quantum TeleportationQuantum Teleportation
Quantum Teleportation
 
Biochip 1
Biochip 1Biochip 1
Biochip 1
 
Biochip
BiochipBiochip
Biochip
 
Satellite Networks
Satellite NetworksSatellite Networks
Satellite Networks
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Cybercrime 1
Cybercrime 1Cybercrime 1
Cybercrime 1
 
Biochip 1
Biochip 1Biochip 1
Biochip 1
 
Touch Screens
Touch ScreensTouch Screens
Touch Screens
 
Dna Fingerprinting
Dna FingerprintingDna Fingerprinting
Dna Fingerprinting
 
Thinking Critically About WWW
Thinking Critically About WWWThinking Critically About WWW
Thinking Critically About WWW
 
Remote Sensing
Remote SensingRemote Sensing
Remote Sensing
 
Teleportation
TeleportationTeleportation
Teleportation
 

Último

Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 

Último (20)

Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 

Linux Security

  • 1. 1 © Network Intelligence India Pvt. Ltd. Linux Security & Auditing
  • 2. 2 © Network Intelligence India Pvt. Ltd. Agenda History of Linux Linux Distributions Business drivers for Linux Linux Architecture Physical Security Operating System Security Network Security File System Security User and Group Security Application Security Linux Security Tools
  • 3. 3 © Network Intelligence India Pvt. Ltd. History of Linux Linus Benedict Torvalds writes an open-source operating system in 1991 Primary purpose is as a research project At that time, no other open-source Unix flavors available. All are proprietary and costly. Linux became hugely popular among the student and research community Today it is a viable alternative for enterprise applications.
  • 4. 4 © Network Intelligence India Pvt. Ltd. Linux – Business Drivers IBM sold $759 million worth of Linux servers in 2001 (Dataquest) Total Linux server market estimated at $4billion and growing rapidly Oracle, Sun, HP, IBM, Novell, and other major vendors all actively support Linux Open-source – implies:  Cheaper cost of acquisition  Possibility of greater security  More flexibility in choosing components and configuring them
  • 5. 5 © Network Intelligence India Pvt. Ltd. Linux – Distributions The Linux kernel and associated utilities are packaged and distributed by a number of firms:  Red Hat  Mandrake  Debian  SuSE Changes:  Most free distributions are no longer ‘free’  Red Hat has stopped after Fedora  Mandrake requires payment for security patches  SUSE has been bought over by Novell  Debian, Slackware still free
  • 6. 6 © Network Intelligence India Pvt. Ltd. Linux Attack Portscanner  Identifies open ports  Identifies running services  Identifies Operating System Vulnerability Scanner  Identifies versions and vendor of services  Determines vulnerabilities in those Vulnerability Databases  www.SecurityFocus.com/bid  Feed in vendor, software and version number  Check the vulnerabilities and see if any exploits available Portscan Report – Superscan Portscan Report - Nmap
  • 7. 7 © Network Intelligence India Pvt. Ltd. LINUX SECURITY
  • 8. 8 © Network Intelligence India Pvt. Ltd. Linux Architecture Linux Kernel – the actual code that interfaces between user applications and hardware resources Hardware controllers – used by the kernel to interact with hardware Operating System Services – software other than the kernel that are considered part of the OS: X Windows system, command shell User Applications – software other than kernel and services: text editors, browsers, etc.
  • 9. 9 © Network Intelligence India Pvt. Ltd. Diagrammatically (GNU-LINUX) KERNEL – LINUX User Applications (GNU) OS Services (Apache, Sendmail, etc.) Hardware Controllers Hardware – CPU, HDD, Keyboard, Mouse, Monitor, RAM
  • 10. 10 © Network Intelligence India Pvt. Ltd. Key points about Linux Kernel It is separately distributed from user applications and other software Uses modules, which can be dynamically loaded For instance, support for FAT32 need not be fixed, but can be added dynamically Kernel can be completely recompiled and unnecessary components can be removed – unlike Windows Kernel has had buffer overflow vulnerabilities being discovered in it – very critical
  • 11. 11 © Network Intelligence India Pvt. Ltd. Kernel Security One of the most important ways to keep Linux secure is to ensure a patched kernel Check your kernel version  uname –a Third-party kernel patches for enhanced security:  Linux Intrusion Detection System – for ensuring integrity of critical files  Secure Linux Patch – prevent common buffer overflows, and simple security measures  International Kernel Patch – kernel-level strong encryption to be built-in
  • 12. 12 © Network Intelligence India Pvt. Ltd. Click and run Security Bastille Linux  Available for popular Linux flavors  www.Bastille-linux.org  You’ll also need Perl-Tk  Creates a set of security measures through a GUI  Most of the implemented changes can be undone  Must be first run on ‘test’ systems Demo
  • 13. 13 © Network Intelligence India Pvt. Ltd. Bastille-Linux snapshot
  • 14. 14 © Network Intelligence India Pvt. Ltd. Boot Security Boot configuration is decided by LILO (Linux Loader) or GRUB (Grand Unified Boot Loader) Check that only one OS is configured to load If required ensure there is an entry for password= in lilo.conf Also, ensure permissions are 600 Demo
  • 15. 15 © Network Intelligence India Pvt. Ltd. Operating System Security Check processes  top –n 1 –b  ps- aux Check installed software  rpm –q –a  RPM = Red Hat Package Manager = installer packages for software on RH systems  Look out for unnecessary packages  Also ensure latest versions of packages are installed – especially those that are used by lower-privileged users: httpd, openssh, kernel, sendmail, etc.  rpm –q –a | grep kernel
  • 16. 16 © Network Intelligence India Pvt. Ltd. Cron and At Cron is used to schedule regular jobs. At is used to schedule one time job in the future Both can be misused to install time-bombs on the system, which may suddenly cause the system to malfunction Can be restricted using files /etc/cron.allow, cron.deny, at.allow and at.deny  DEMO  cron.allow contains root  cron.deny contains ALL
  • 17. 17 © Network Intelligence India Pvt. Ltd. Linux Auditing Linux auditing is done using syslogd Configuration file is /etc/syslog.conf Format is: Facility.Priority Action to be taken Facility – the application/program that is generating the logs Priority – Emerg, alert, crit, err, warning, notice, info, debug, none Action – send it to a file, send it to console, send it via email, send it to another system (loghost) Segregation of responsibilities – send logs to another system, where the security administrator has control
  • 18. 18 © Network Intelligence India Pvt. Ltd. Linux Auditing – important commands Recent logins  last Last login time for all users (dormant users)  lastlog Last failed logins (requires to create /var/log/btmp file)  lastb Security related events  /var/log/secure Tools for Log Analysis  Swatch – real-time monitoring of logs  Logsentry  Logwatch
  • 19. 19 © Network Intelligence India Pvt. Ltd. Tools for testing COPS  Computer Oracle and Password System  Outdated  Checks for common mis-configurations, weak passwords, insecure permissions, etc. TIGER  Similar to COPS, but more comprehensive  Also not recently updated TARA  Most updated and recent version of TIGER  Runs using shell scripts or preferably Perl
  • 20. 20 © Network Intelligence India Pvt. Ltd. Network Security Services are started by /etc/rc.d scripts and xinetd  chkconfig --list  chkconfig levels {numbers} {service} on|off Xinetd services are configured by individual files in /etc/xinetd.d/ Open network connections  netstat –antp  Use the –p option to see which processes are responsible for which open ports  Also lsof can be used
  • 21. 21 © Network Intelligence India Pvt. Ltd. Network Services Possibly not required:  NFS and related services: autofs, nfs, nfsserver, nfslock  Unused networking services: routed, gated, ratvf, snmpd, named, dhcpd, dhclient, dhrelay, nscd, smb  Mail Services: Sendmail, postfix  Optional network and local services: atd, ldap, kudzu, rhnsd, ypbind, apache, quota, quotad, myself, etc.  Printing services: lpr, cups, lprng
  • 22. 22 © Network Intelligence India Pvt. Ltd. Xinetd Logic change from earlier inetd.conf file Builds in controls similar to TCPWrappers and more:  Access_control: which hosts are allowed to connect and at what times  Logging: which data gets logged  Resource utilization: limits on maximum connections supported, CPU usage, etc.  Others
  • 23. 23 © Network Intelligence India Pvt. Ltd. Trusted Hosts Entries in /etc/hosts.equiv and /etc/hosts.lpd are critical They allow users from those hosts to connect without supplying a password! Also, users can create .rhosts and .netrc files in their home directories, which function similarly. Find these as well
  • 24. 24 © Network Intelligence India Pvt. Ltd. Telnet and FTP vs. SSH Telnet and FTP are plain-text protocols Should be replaced by SSH Any inside user can sniff the traffic, even on switched networks with relative ease SSH uses encryption to provide services equivalent to Telnet and FTP Configuration is in /etc/sshd/sshd_config SSH clients are available for free – putty for Windows
  • 25. 25 © Network Intelligence India Pvt. Ltd. User and Group Security User accounts are created in /etc/passwd Hashed passwords, password and account lockout policies are in /etc/shadow Password and account lockout policies can be set during account creation, or with the chage command:  Minimum password age  Maximum password age  Expiry warning time  Inactive time after which account is locked out  Some future data when account will be locked out
  • 26. 26 © Network Intelligence India Pvt. Ltd. Checks for these files No dormant or generic accounts present Accounts of separated users not present All system (non-user) accounts have /bin/false for the shell All system accounts have *NP* or *LK* in their password fields in /etc/shadow SOP exists for verifying validity of accounts in these files Every account in passwd has a corresponding entry in shadow Only one line contains 0 in the uid field in the passwd file
  • 27. 27 © Network Intelligence India Pvt. Ltd. Password and Account Lockout Other stronger policies require use of PAM – Pluggable Authentication Modules PAM Allows the following to be set  Minimum password length  No dictionary words  No part of username in the password  Number of alphanumeric and punctuation characters to be present PAM is configured in the /etc/pam.d folder DEMO – change of password for user auditor
  • 28. 28 © Network Intelligence India Pvt. Ltd. Password Strength Verification Also known as Password Cracking Use ‘Crack’ from http://www.users.dircon.co.uk/~crypto/downl oad/c50-faq.html Works on almost all Unix platforms, and is very fast Also viable password cracker is John the Ripper Set these tools running for a day or two and ferret out all weak passwords
  • 29. 29 © Network Intelligence India Pvt. Ltd. Root Security No user must login directly as ‘root’ Administrators must login with their own accounts, and then use ‘su’ to become root. This ensures accountability Viable alternative is the ‘sudo’ utility, which allows:  Listing of privileged accounts  Actions that can be taken by these accounts  Download from http://www.courtesan.com/sudo/intro.html  Time out of logged in user, so he has to re-authenticate in order to use ‘sudo’
  • 30. 30 © Network Intelligence India Pvt. Ltd. File System Security Unix Permissions are applicable to three entities:  Owner of the file (everything in Unix is a file)  Group owner of file  Everyone else Three main permissions apply, with numeric representations  Read = 4  Write = 2  Execute = 1
  • 31. 31 © Network Intelligence India Pvt. Ltd. Unix Permissions Permissions are visible in the ls –l output:  Example First character identified type of file  D = directory  - = file  S = socket  L = link (shortcut)  P = pipe Next three identify read, write and execute for owner, next three identify for group, and last three for everyone else
  • 32. 32 © Network Intelligence India Pvt. Ltd. Unix Permissions These letters are added up: For instances: - rw- r-- r-- It’s a file Owner can Read (4) and Write (2) Group can Read (4) Everyone else can Read (4) So permissions on this file are 644 Conversely permissions, like 700 represent -rwx --- ---
  • 33. 33 © Network Intelligence India Pvt. Ltd. Other File Security Measures Permissions of a new files are determined by the value umask Advanced Windows-like Access Control Lists can also be created on Linux using the linux-acl package Disk usage can be periodically verified with the  df- k command SUID and SGID files are executables that can be executed by anyone, but they execute with privileges of owner (usually root) or group – very critical checks! find / -perm –4000 find / -perm –2000
  • 34. 34 © Network Intelligence India Pvt. Ltd. File Integrity File Integrity can be verified: Size and timestamp – can be modified to fool the auditor MD5 hashes – secured method, but tedious File Integrity Software:  Must be used immediately after the installation  Create a database of MD5 hashes of all critical files  Monitor changes to these files and send alerts  Tripwire – commercial, scalable, central console  AIDE – open-source, reasonably enterprise-level
  • 35. 35 © Network Intelligence India Pvt. Ltd. Application Security Linux systems can be used as  File Servers – Samba – Windows-compatible file server  Print Servers –lpd, cups, etc.  Mail Server – Sendmail (historically insecure), Qmail, Postfix  VPN Server – FreeS/WAN  Databases – PostgreSQL, MySQL (free), Oracle, Sybase, DB2 (commercial)  DNS Servers – BIND  LDAP Servers  Time Servers
  • 36. 36 © Network Intelligence India Pvt. Ltd. Application Security – Web Servers The Apache web server is an open-source, stable, robust and scalable solution with 64% market share Apache is usually configured to run with lower- privileged account ‘apache’ or ‘nobody’ Installation location is referred to as $ServerRoot, and web site contents are located at $DocumentRoot Configuration file is at $ServerRoot/httpd.conf Configuration is done with the help of ‘Directives’
  • 37. 37 © Network Intelligence India Pvt. Ltd. Important Directives Directory: access control based on source IP address or domain name for various files and folders of the website, using Allow and Deny keywords Also, within this directive, various options can be set. Recommended to set Options None Denial of Service and Buffer Overflow attacks can be prevented by LimitRequest* and Rlimit* directives CGI security is most important, to ensure scripts cannot be misused for compromising the server Apache uses various modules for added functionality. These must be reduced to a minimum Banner of Apache must be changed Apache must be run in ‘chroot’ environment
  • 38. 38 © Network Intelligence India Pvt. Ltd. Linux Security Software Linux Firewall:  IPTables (new version of IPChains)  Scalable  Cost-effective  Robust Linux IDS  Snort  Scalable  Robust  Slight learning curve – Demo IPCop – Bootable CD version of firewall and IDS
  • 39. 39 © Network Intelligence India Pvt. Ltd. Security Testing Software Nmap  Most popular security tool  Port scanner  Detects Operating System also  Can run in very stealth mode  Demo Nessus  Vulnerability Assessment software  Client-Server mode, server only in Unix  Uses Plugins for tests
  • 40. 40 © Network Intelligence India Pvt. Ltd. Conclusion Linux is not secure in default configuration Security can be added to a very high level, but must be balanced with functionality The correct Linux distribution must be chosen, and minimum installation done Patches must be diligently applied Syslog logs must be exported and analyzed periodically Network Services must be kept to a minimum User and groups must be periodically audited File/folder access control lists must be set File Integrity software may be used in high-security installations Application-specific security measures are also a must
  • 41. 41 © Network Intelligence India Pvt. Ltd. References The Unix Auditor’s Practical Handbook – K. K. Mookhey http://www.nii.co.in/research/papers.html Practical Unix and Internet Security – Simson Garfinkel and Gene Spafford Linux Security Benchmark - http://www.cisecurity.org/ Linux Security and Controls – ISACA & K. K. Mookhey – to be available at ISACA bookstore in 2nd quarter
  • 42. 42 © Network Intelligence India Pvt. Ltd. About NetIntel IT Security Consultancy Firm Penetration Testing Security Auditing Security Training – Unix, Windows, Databases, Ethical Hacking, Intrusion Detection, etc. BS7799 Consultancy Application Security Audit Business Continuity Management Security Implementation & Design
  • 43. 43 © Network Intelligence India Pvt. Ltd. THANK YOU