1. Password Safety Unix system / etc / passwd file contains information about each user required to know (encrypted passwords). / Etc / passwd is included in the / etc / passwd The login name, the encrypted password, user number, user group number, user comment, user home directory, and shell program used by users. The subscriber number (UID) and user group number (GID) are uniquely identified by UNIX systems. And the access authority of the same group and the user. The encrypted password stored in the / etc / passwd is used to compare the password input when the user logs in. If the login is allowed, the user can log in. Use the passwd command to modify yourself Password, you can't directly modify the password part in / etc / passwd. A good password should have at least 6 characters long, do not take personal information (such as birthday, name, reverse spelling login name, visible in the room) Things), ordinary English words are not good (because the Dictionary attack method), there are best non-letters (such as numbers, punctuation, control characters, etc.) in the password, but also not to write on paper or computers. In the file, a good way to select the password is to connect two unrelated words to a number or control character, and truncated to 8 characters. Of course, if you can remember that 8 garbled is naturally better. Should not Using the same password in different machines, especially on different levels of users, they can cause a full crash. The user should regularly change the password, at least 6 months to change once, system administrators can force users to regularly do passwords Modify. To prevent the eye-catching person to steal your password, you should confirm that no one is on the side. 2. The file permission file attribute determines the access to the file, ie, who can access or execute the file. With ls -l You can list detailed file information, such as: -rwxrwxrwx 1 PAT CS440 70 JUL 28 21:12 Zombin includes file license, file joint number, file owner name, file related group name, file length, last access date and File name. The file license is divided into four sections: -: Represents file type. The first RWX: Represents access to the owner of the file. The second RWX: Represents access to the file in group users. The third RWX: Representation Other users' access rights. If some license is limited, the corresponding letters are changed to -. At the permission of the license privilege, it may be other letters, s, s, t, TS and S can appear in the owner and the same In the group user license mode, it is related to the special license, and will be discussed later, T and T may appear on the license mode position of other users, and "paste bit"
Also unrelated to safety. Small-write letters (X, S, T) indicate that the execution permit is allowed, negative or uppercase letters (-, s or t) indicating that the execution permit is not allowed. Change the licensing method can use the chmod command, and The new license method and the file name are parameters. The new license method gives 3 digits 8-based number, R is 4, W is 2, X is 1. If RWXR-XR - is 754. Chmod also has other ways You can modify a set of parameters directly. You don't say more. See the UNIX system online manual. File permissions can be used to prevent accidentally rewriting or deleting an important file (even the owner yourself)! Change the files The Lord and Group names can be used with chn and chgrp, but the original master and team members cannot be modified back. 3. Directory License In the UNIX system, the directory is also a file. When listed with LS -L, the property of the directory file A directory license is also similar to the file license. Use the LS column directory to have read license. If you click in the directory, you should have a write license, enter the directory, or make the directory, you need to have a license, so you want to use it. Any file must have the file and find the corresponding license for all directory components on the path of the file. When you want to open a file, the license of the file begins to work, and RM, MV is as long as you have a directory search and write license. This should be noted if you don't need a document. 4. Theumask Command Umask Sets the user file and directory to create the default shield value. If you put this command into the .profile file, you can control the user's follow-up files. Access license. TheUMASK command is opposite to the chmod command, which tells the system not to give any access licenses when creating a file. 5. Set the user ID and the Group User ID License User ID License (SUID) settings and the group users ID License (SGID) gives executable target files (only the executable files make sense) When the process is executed, it is assigned to identify who is affiliated to who, the actual and effective UID, respectively. The actual and effective GID. Effective UID and GID are generally the same as the actual UID and GID, effective UID and GID are used to determine the process for file access licenses. The SUID license sets the executable will change the above situation. When SUID is set, the effective UID of the process is the valid UID of the owner of the executable, rather than executing the valid UID of the user of the program, so the program created by the program has the same Access license. In this way, the owner of the program will be able to publish information to the public via the control of the program in a limited range. Similarly, the SGID is setting effective GID. With the CHMOD U S file name and the chmod US file name To set up and cancel SUID settings. Use CHMOD G
s File Name and CHMOD GS file name to set up and cancel SGID settings. When the file is set, the chown and chgrp command will all cancel these licenses. 6.cp mv ln and cpio command CP copy files, if the purpose file is not There is a copy of the source file, including SUID and SGID license. The new copy of the file is copied, so it should be careful when copying another person, do not be used by other users' SuID programs to destroy their file security . When the MV movement file, the newly moving file access license is the same as the original file. The MV only changes the file name. As long as the user has a directory write and search license, you can remove someone's SUID program in this directory and does not change its Access license. If the directory license setting is incorrect, the user's SUID program can be moved to a directory he can't modify and delete, and there will be security vulnerabilities. Ln creates a chain for existing files, which is established a reference to the same file. The new name. If the destination file already exists, the file is deleted and the new chain is deleted, or the existing destination file does not allow the user to write it, the user confirms whether to delete the file, only allowed in the same file system Change the chain. To delete a SUID file, you must confirm the number of links to the file. Only one chain can make sure the file is deleted. If the SUID file already has multiple chains, a method is to change its access licensing method, will Modify all chain access licenses, or the CHMOD 000 file name, not only cancel the SUID and SGID license of the file, but also cancel the full chain of the file. To find any chain with your own SUID program, do not immediately delete The program, the system administrator can use the nCheck command to find other chains of the program. The cpio command is used to copy the directory structure into a normal file, and then use the cpio command to convert the normal file to a directory structure. When using the -i option CPIO reads files and directory tables from standard input devices, and copies its contents to standard output devices. When using the -o option, the CPIO reads the first built file from the standard input device, rebuild the directory structure .cpio Commands often use the following command to make a complete directory system profile: Find fromDir -Print Cpio -o> Archive rebuilds a directory structure command according to the file file: CPIO -ID <
The security convention for Archive CPIO is as follows: (1) The file file is stored, including file owner, group user, final modification time, final access time, file access method. * Keep store according to files established Access licensing methods in the file. * All files from each file extracted from the files are set to users running the cpio -i command instead of setting the owner and group users whose files are set. * When the user running the cpio -i command is root, the owner and group user of the established file is pointed out by the file file. * When the SUID / SGID file in the file is rebuilt, keep SUID and SGID license, if rebuild files The user is not a root, suid / sgid license is a license for the user / group pointed by the file file. (2) When the existing file is the same name as the file in the CPIO file, if the existing file is updated than files in the file, these files will not be rewritten. (3) If you use the modified option U, the existing files of the same name will be rewritten. There may be a very strange thing: if the rewritten file is originally built with another file, the file is rewritten The rear chain is not disconnected, in other words, the chain of the file will remain, so all the chains of the file actually point to files extracted from the file, running the CPIO unconditionally rewriting existing files and changing the chain point. (4) CPIO A full-path name or parent directory name given in the file. 7.SU and newgrp command (1) su command: You do not have to log out of the account and log in to the system as another user. It works. A new Shell will be started and set the valid and actual UID and GID to another. Therefore, the root password must be kept strictly. (2) NewGRP command: Similar to SU, used to modify the currently located. 8 . The file encryption CRYPT command can provide the user to encrypt files, using a keyword to encode the standard input information into unreadable strings, send it to the standard output device. Use this command again, use the same keyword to encrypt after encryption File, can restore file content. In general, after file encryption, you should delete the original file, leaving only the encrypted version, and you can't forget the encrypted keyword. There are generally encrypted features in VI, with vi -x The command can edit the encrypted file. About the selection rules for encryption keywords are the same as the password selection rules. Since the Crypt program may be made into Trojan horse, it is not advisable to use the password as a keyword. It is best to use Pack before encryption Or the compress command is compressed and then encrypted. 9. Other security issues (1) User's .profile file is executed when the user's Home directory is logged in. If the file is available for others If any user of the system can modify this file, make it The requirements work. This may make other users have the same permissions as the user. (2) LS -A This command is used to list all files in the current directory, including file names. Opening files, view access to all files Licensing methods and file owners, any files that do not belong to you but exist in their own directory should be doubtful. (3) .exrc files are initialization files for editing programs. After using editing files, first look for $ home /. Exrc files and ./.exrc files, if the file is found in the $ home directory, you can control its access mode like .profile, if you run the edit program, you may run in a directory you can't control. Other people's .exrc files, perhaps the .exrc file exists, it is to harm the file security of others. To ensure the security of the edited file, it is best not to run any editor in the directory that is not available or otherwise. (4) Telecommunications Directory in the UNIX system is / usr / TMP, use them for programmers and many system commands, if you use these directory stored files, other users may Destroy these files. Use the temporary file file to define the file shield value to 007, but the most insurance method is to build your own temporary file and directory:
$ HOME / TMP, do not store important files in public provisional directories. (5) UUCP and other network uucp commands are used to transfer files from a UNIX system to another UNIX system, and files transmitted via UUCP usually stores / USR / spool / uucppublic / login directory, login is the user's login name, which is 777, and the file transmitted through the network and stored in this directory belongs to all UUCP, the file access license is 666 and 777, the user should Document encryption via UUCP and moved to your own directory as soon as possible. Other networks transfer files to the RJC directory under the user's home directory. This directory should be writable, but don't have readable, Thus, the user's RJC directory should be 733, allowing the program to establish files in it. Similarly, the transferred file should also encrypt and move to its own directory. (6) Special Log Yima in UNIX system security It is the security of the user when using the special Limum Malay, which is the security of the user when the function is completed. If the PATH is set to search for the system catalog, the special attacker A greatly reduced. (7) Treapt to the Special Logs, Into the Trojan, the mid thing is to make the user leak some information, and the difference is that it is performed by someone, waiting for the uncleary user. Such as Moving login. (Computer virus computer virus) can spread other programs to viruses, can quickly spread, especially the carelessness of system administrators, as root running an infected program. Experiment showed that one Virus can get root permissions within an hour (average less than 30 minutes). (9) To leave your logged in the terminal unless you can lock the terminal, you must log out of the account. (10) Smart terminal Since the intelligent terminal has Send And ENTER modified sequence telling the terminal to send the current line to the system, just like the user's knocking. This is a dangerous ability, others can send information to the user terminal with the WRITE command, such as the following Code Sequence: Move the light to the new row (wrap) Display "rm -r *" on the screen to give the row to the system consequences. You can imagine. Prohibiting other users from sending information is to use the MESG command, MESG N does not allow other users Send a message, MESG Y allows other users to send information. Even if it is still a problem with the change sequence, any user sends the same set of cascode sequences with the mail command, different! Rm -r * replace RM -R * .mail will be explained as a shell command to a shell command, start the shell, explain the other parts of the row, which is called Shell Call code. To avoid the mail command to send a cascode sequence Go to your own terminal, you can build a filter, run the filter before reading the mail file, processes the Mail file: MyName = "$ logname"; tr -d [01-07] [- 13-37]> $ homen / Mailbox;> / usr / mail / $ myname; Mail -f $ home / mailbox where TR writes the criteria input to the standard output. This is just a simple idea, in principle, this procedure should be one The C procedure to avoid the destruction of the file being sent, can be implemented by the lock file. (11) Disconnecting the connection with the system should leave after seeing the system to confirm the user login logout, then leave to avoid sneaking by others when the user is not logged out. (12) Cu Command This command enables the user to log in to another from a UNIX system. At this time, after logging out of the user in the remote system, it must be entered after entering "~", to disconnect the Cu and the remote system. The join. CU has two security issues: * If the unit is weak in the remote machine, it is not advocated to log in to the remote machine, so as not to affect the safe remote machine due to the unsafe of the local machine. * Due to the old version of CU, "~"