Slides for the "Server Management" workshop session on “Security Implication - Unix (5)” (session A3) facilitated by Helen Sargan and Andrew Cormack at the IWMW 1998 event held at Newcastle University on 15-17 September 1998.
See http://www.ukoln.ac.uk/web-focus/events/workshops/webmaster-sep1998/materials/
Iwmw 1998 Server Management (5) Security Implication - Unix
1. Institutional Web Management Workshop September 1998
Information Services
Security implementation (unix)
Andrew Cormack
2. Institutional Web Management Workshop September 1998
Information Services
Disable services
• servers may be started by
– rc scripts
» comment out or rename S# to s#
– inetd.conf
» comment out or tcp wrap
– inittab
» comment out
– users (deliberate or accidental!)
» educate!
• use ps and netstat to confirm what is running
3. Institutional Web Management Workshop September 1998
Information Services
Restrict services
• TCP wrappers (for inetd)
– ensure that hosts.deny file ends ALL:ALL
• portmapper replacement
• different modes
– e.g. sendmail -q
• restrictions within server program
• proper use of user/group
• routers can isolate well-known ports
4. Institutional Web Management Workshop September 1998
Information Services
Keep up to date
• modern software
– sendmail
– web/ftp server
• apply OS & software patches
• assess security advisories
– implement advice
– or make reasoned decision not to
5. Institutional Web Management Workshop September 1998
Information Services
Sources of information
• newsgroups
– comp.security.announce
– comp.security.unix (maybe)
• mailing lists
– bugtraq@netspace.org
– most OS have at least one
• web sites
– http://www.ja.net/CERT/cert.html
– http://www.cs.purdue.edu/coast/coast.html
– http://ciac.llnl.gov/
6. Institutional Web Management Workshop September 1998
Information Services
Monitoring
• log files: syslog, messages etc.
– make sure these are usable
– e.g. by rolling over nightly
• unusual processes or logins
• files (e.g. /tmp): tripwire
• try to automate checks
WITH AUTHORITY
• check passwords, idle accounts
• satan, mscan & other portscanners
7. Institutional Web Management Workshop September 1998
Information Services
Monitoring
• log files: syslog, messages etc.
– make sure these are usable
– e.g. by rolling over nightly
• unusual processes or logins
• files (e.g. /tmp): tripwire
• try to automate checks
WITH AUTHORITY
• check passwords, idle accounts
• satan, mscan & other portscanners