Two security issues for UNIX networks
Although many articles have been widely discussed on the security issues of UNIX networks, with the advancement of technology and the in-depth of people's understanding of security issues, it is always exposed to exposure, and is corrected. This article introduces two security issues due to insufficient technology, and gives a solution.
Shutdown users' security issues.
In recent years, many articles have introduced a so-called safest Unix shutdown user. Its main thinking is to join the / etc / shutdown command or join the / etc / haltsys command at the end of the / etc / passwd file or / etc / shadow file, or join the / etc / haltsys command instead / bin / sh command. This is even if someone knows the password of the shutdown user (or does not set the shutdown user's password), it is not possible to enter the UNIX system by shutdown users. This shutdown user has been recognized as "the safest shutdown user".
The user and other shutdown methods have improved compared to security, especially in single-alone, their security is trustworthy. But unfortunately, there is a certain security hazard in the UNIX network. This is mainly caused by the use of shutdown users itself. First, because users in the network require off users, shutdown users often do not have a password or master passwords simultaneously; on the other hand, the UNIX system must be made Shutdown users have the permissions of superuser. Thus, although it cannot be illegally invaded with the UNIX system with the DEL key interrupt or su command, it is possible to use some network remote commands to invade the UNIX system by shutdown users, even enter the SH state of the superuser root.
Proposed questions
Suppose there is a shutdown user named shutdown in computer A, its settings and permission control is set according to the "safest shutdown user" method, because system administrators, software administrators, general operators must use the user, Set a password to it. The IP address of the design computer A is 129.15.21.77.
At this time, if you want to initiate an attack from another computer (assuming to computer B), you can use the UNIX system network remote command to achieve the purpose of "the most secure shutdown user": Shutdown by computer A. First add the following code in / etc / hosts file in computer B:
129.15.21.77 Hostshut
Then enter any of the normal users in computer B, type the following command:
RCMD Hostshut-L Shutdown Vi / etc / passwd
Or RCMD Hostshut -l Shutdown Vi / etc / Shadow
Thus, the normal computer user has opened a password text including all users including the root super user in computer A in computer B. Next, as long as these passwords are changed or deleted, they can easily log in to any one of the computer A with remote commands such as Telnet, Rlogin. If you break into a malicious user at this time, the consequences of computer A will be unimaginable.
2. Solve the problem
In order to solve this security problem, you can first close some of the remote features in the inetd daemon, such as Telnet, Shell, Login, Exec, etc., the method is to use the VI to modify the /etc/inetd.conf file, add ## before the above function, Then execute the / etc / inetd command. However, this greatly weakens the network function of the UNIX system and may affect the implementation of other computer applications.
After practical, the author discovered a fairly safe shutdown method, which adopted input / output redirection, UNIX dumb technology, and UNIX timing systems to achieve secure shutdown. The specific practices are as follows:
First enter the following command in the super user, make the TTY12 terminal be a dumb end:
#Disable / dev / tty12
Since the shutdown program needs to be run in the dumb TTY12, the window of the dumb terminal works in the original mode, so you can't use the UNIX system command READ, you must write a program that can implement the input / output function in the original mode. Use the cc -lcurses command to compile the following source and generate executable Safehalt:
File: // Safe shutdown program
#Include
#Include
#Include
Main ()
{
WINDOW * WIN;
CHAR TIL [] = "Is it turned off now? Confirm, please press YES:", S1 [4], SUM [100];
Struct Termio Save, Term;
INITSCR (); RAW (); nocho ();
Keypad (stdscr, true); clear ();
IOCTL (0, Tcgeta, & Term);
Save = term;
Win = newwin (24, 80, 0);
While (S1 [0]! = 'q')
{
S1 [0] = '/ 0'; S1 [1] = '/ 0'; S1 [2] = '/ 0';
Mvwaddstr (Win, 5, 0, TIL);
WREFRESH (WIN);
READ (0, & S1 [0], 1);
IF (S1 [0] == 'Y')
{
Sprintf (SUM, "% S% S", TIL, S1);
Mvwaddstr (WIN, 5, 0, SUM);
WREFRESH (WIN);
READ (0, & S1 [1], 1);
IF (S1 [1] == 'E')
{
Sprintf (SUM, "% S% S", TIL, S1);
Mvwaddstr (WIN, 5, 0, SUM);
WREFRESH (WIN);
READ (0, & S1 [2], 1);
IF (S1 [2] == 's')
System ("/ etc / shutdown -g0 -y");
}
}
}
Keypad (stdscr, false); echo ();
Noraw (); endwin ();
}
Finally, a UNIX shell script ATSH includes the following:
At Now 1 Day
/ usr / bin / safehalt
After executing an Atsh script, the program will be automatically executed later.
This will automatically run on the TTY12 screen every day. When you enter yes, the machine will be turned off, of course, you can also set the shutdown password in the program. This method thoroughly excluded security issues caused by shutdown users.
Safety issues for automatic transmission of data
There are two ways to automatically batch data files in the UNIX system: one method is to increase the .Netrc file in the user's host directory, add the HOST name, username and password of the remote machine in the file, and then there is The user login of the .Netrc file After logging in with FTP automatically; another method is to write a batch script file with UNIX's shell to execute the script file from the discharge data. Although the above two methods can achieve the purpose of automatic batch transmission data files, there are some security hazards. Both methods use plain text files to store the HOST name, IP address, username, and password of the remote machine, so as long as simple Unix commands such as CAT, VI, MORE, etc., the main secrets of the remote machine can be used. No hereties.
To increase security, these secret information must be hidden and encrypted. The author uses C language programs to encapsulate the IP address, HOST name, username, and password of the remote machine to increase its security. When programming in the C language, be careful not to assign important information such as the IP address, HOST name, username, and password of the remote machine to the string variable. If you directly assign a value to a string variable, it is easy to use the Unix command Strings, HD, and DOS operating system common tools PCTools PCTools from the C program from the C program's binary code. Also note that an intermediate file with important information with the above-mentioned remote machine cannot be generated during program execution. If these intermediate files appear, although they can delete them before the end of the program, these intermediate files may be displayed and leaked, so it is best not to generate an intermediate file in the program. . The following short program example is a super user that sends a data file to another machine from the super user of the local machine, and the continuous automatic batch transmission of multiple files can be implemented. Although the program uses a super user to perform data transmission, it has been smart design due to programming, so it is difficult to find the security of local computers and remote computers when it is compiled into an executable code. Important information. At the same time, the program uses a pipe communication method to generate any intermediate files during the execution process, and the security is relatively high. The implementation code is as follows:
FILE: / / Safe Send Data
#Include
#Include
Main (int Argc, char * argv [])
{
INT I, U1, U2, U3, U4;
Float IP1, IP2;
CHAR PW [10] = "" ", US [5] =" ", ftpn [4] =" "
Char ftpcmd [500] = "", Runl [10] = ""
Char ftpprt [256] = ""
File * FFTP;
IF (Argc> 1)
{
US [0] = 'u'; US [1] = 's'; US [2] = 'E'; US [3] = 'R';
U1 = 'r'; u2 = 'o'; u3 = 'o'; u4 = 't';
PW [0] = '5'; PW [1] = '1'; PW [2] = '2';
PW [3] = '7'; PW [4] = '3';
PW [5] = '7'; PW [6] = '4';
FTPN [0] = 'f'; ftpn [1] = 't'; ftpn [2] = 'p';
IP1 = 106.73; IP2 = 168.13;
Printf ("/ f From this machine data: / n");
For (i = 1; i
{
Sprintf (Runl, "L% S", Argv [I]);
System (RUNL);
}
Sprintf (ftpcmd, "% s% s -n -i% .2f.%. 2f <
Sprintf (ftpcmd, "% S% S% C% C% C% C% C% S / N", FTPCMD, US, U1, U2, U3, U4, PW);
Sprintf (ftpcmd, "% SCD / USR / TMP / N", FTPCMD);
For (i = 1; i
{
Sprintf (ftpcmd, "% sput% s / n", ftpcmd, argv [i]);
Sprintf (ftpcmd, "% SLS% S / N", ftpcmd, argv [i]);
}
Sprintf (ftpcmd, "% SCMD / N", FTPCMD);
Printf ("/ N is sending ... / N");
FFTP = POPEN (FTPCMD, "R"); i = 0;
While (fgets (ftpprt, 256, fftp)! = null)
{
i ;
IF (i> 0)
Printf ("% s", ftpprt);
}
PCLOSE (FFTP);
}
}