SCO UNIX Network Security Management
The editor was arrested on October 13, 1998, and the two brothers who stepped on the bank network were arrested.
In September this year, they installed remote control equipment on the bank computer terminal of the network.
The fake account has steal nearly 200,000 yuan from the bank.
According to relevant information, China's computer network has received nearly 200 in the past two years.
Hacker conscious attacks. The network is attacked is not only read from the newsletter.
Foreign myths, but truthfully exist in the reality in our lives. Maintain the network of the network
The fullness has become more and more important, and this article introduces in Sco Unix
Some of the specific settings of safety management are also small in some professional books.
It has strong practical value.
Most of the financial business system is platform with UNIX or Xenix operating system to TCP / IP
For the network platform. Although UNIX security has reached C2 safety standards for the US Department of Defense,
It is a relatively safe, tight system, but is not impeccable. Computer hacker intrusion
The news of the securities network system once again sounds the alarm of financial network security management. How to add
Strong UNIX network system security management, the author takes SCO UNIX3.2.v4.2 as an example,
Point view, discuss with the majority of colleagues.
The security mentioned here mainly refers to the use of illegal intrusion, visit to this network.
Ask, thus reaching the purpose of protecting the system is reliable, normal operation, this article is only within this range
Discussions, do not consider other aspects.
First, do a good job in the management of the network is the premise of network security management
Username and password management will always be one of the most important links in system security management.
Any attack of the network is impossible to have no legal username and password (background network application
The program opens the latter exception). But most of the system administrators only pay attention to privileged users
Management, ignoring the management of ordinary users. Mainly manifested in setting up the user, the province is convenient,
To set users' permissions (ID), groups, and file permissions, for illegal
The user stees the information and the destruction system left a gap.
Financial system Unix users are end users, they only need to be in specific application systems
Work in work, complete some fixed tasks, in general, do not need to perform system commands (shells).
Taking the National Electronic Exchange of Agricultural Bank as an example, the user is named DZHD, it is in / etc / passwd
The document is described as follows:
DZHD: X: 200: 50:: / usr / dzhd: / bin / sh
Its profile content is approximately as follows:
COBSW = R N Q-10
DD_printer = "1p-s"
Path = / etc: / bin: / usr / bin: $ homen / bin: / usr / dzhd / obj:
Mail = / usr / spool / mail / logname
umask 007
Eval`test -m ANSI: ANSI -M: /? ANSI -C -S -Q`
Export Path Mail Cobsw DD_Printer
CD USR / DZHD / OBJ
Runx HDG
exit
After the user logs in, if the interrupt button "Delete" is pressed, turn off the terminal power supply.
Or simultaneously type "Ctrl" "/", then the user will enter the shell command status. For example
You can continue to create a subdirectory in your own directory and exhaust the system's i node number, or use Yes> aa
Create a large-incomplete junk file and depleting hard disk space, etc., causing the system to crash, paralyzed
If the permission setting of the file system is not strict, he can run, peek and even modify it;
You can also steal higher permissions through commands; you can also log in to other hosts ...
It is imagined that you can't prevent it. This problem is related to user settings. Therefore, try not to set the user into the above form. If we must, according to actual
Need to see if the user's SH becomes restricted, such as RSH, etc., becomes the following form:
DZHD: X: 200: 50:: / usr / dzhd / obj: / bin / rsh
Or the following form:
DzHD: X: 200: 50:: / usr / dzhd: ./ main
In the first part of Main (.porfile), the next line is as follows:
TRAP '' 0 1 2 3 5 15
So all of the above problems are avoided.
In addition, check your / etc / passwd file periodically to see if there is an unknown use.
Households and users' permissions; regularly modify user passwords, especially UUCP, BIN, etc.
The user's password is to prevent people here to open a movable skylight - a user who is free to enter and exit;
Delete all sleep users, etc..
Second, setting up your own network environment is an effective way to prevent illegal access
Common tools for online access include Telnet, FTP, RLOGIN, RCP, RCMD and other networks
Operation commands must be restricted to them. The easiest way is to modify / etc / services
The corresponding service port number. But this will make everything outside the Internet have been rejected, even if
Whether the law is not exception. This kind of anti-self-adaptive practice is not worth promoting, because this will
Make this website and the network outside the network, will also bring inconvenience to yourself. By dividing the unixt system
Analysis, we believe that there is a possibility limit (allowing) online access.
(1) Establish an ETC / FTPUSERS file (unwelcome FTP user table). Aspect
The command is ftp. The configuration is as follows:
#username
DGXT
Dzhd
...
The above is some users in this unit, and the invasive uses the above username FTP to access this website.
Will be rejected.
(2) Pay attention to keep the .Netrc file (remote registration data file). Related
The command is FTP. .NETRC contains a remote host that registers to the network with FTP as file transfer
The data. Usually residing in the user's current directory, file permissions must be 0600. Format
under:
Machine Host Name Login Host User Name Password Handle
The operation command set of the code MACDEF INIT FTP.
(3) Create an anonymous FTP. The so-called anonymous FTP means that users of other hosts can be ftp
Or Anonymous users perform data to send and receive without any password. The establishment method is as follows:
a) Create an FTP user with SysadMSH, which is represented in the Passwd file:
FTP: x: 210: 50:: / usr / ftp: / bin / sh
The path in the .profile is:
PATH = $ HOME / BIN: $ HOME / ETC
b) in / usr / ftp directory:
# Create the directory used by anonymous FTP
#mkdir bin etc dev pub shlib
# Change all directory permissions outside the PUB
#chmod 0555 bin etc dev shlib
# Change the owner of the PUB directory and the group
#Chown FTP Pub
#CHGRP FTP PUB
# Copy anonymous FTP executable
# CP / BIN / RSH / BIN / PWD / BIN / 1S BIN
# Change the required execution file permission
#CHMOD 011 bin / *
# View the situation of the required pseudo device
# 1 / dev / socksys
# 1 / dev / null
# Establish the degree of driver of the required pseudo device
# CD / USR / FTP / DEV
#mkond null c 4 2
#mkond socksys C 26 0
# Change the owner of the pseudo device driver, the same group
#Chown ftp ftp / * # chgrp ftp ftp / *
# Copy the shared file
# cp / shlib / ilbe_s shlib
Be careful not to copy / etc / passwd, / etc / proup to ETC, so that security
Have a potential threat. In addition, add your password to the FTP user, don't tell anyone.
(4) Restriction. RHOSTS user equivalence file (also called the user file). There is
Commands have rlogin, RCP, RCMD, etc.
The so-called user equivalent is that the user does not need to enter a password, that is, the same user information
Log in to another host. The user equivalent file name is .rhosts, store it under the root or
User home directory. Its form is as follows:
# Hostname username
ASH020000 ROOT
ASH020001 DGXT
...
If the user is empty, it is equivalent to all users.
(5) Limit the Hosts.Equiv host equivalent file, and call the host file. related
The command is Rlogin, RCP, RCMD, etc. The host equivalent is similar to the user equivalent, in two
The computer is valid in all areas outside the root object, the host equivalent file is Hosts.equiv,
Store under / ETC, its form is as follows:
# Hostname username
ASH020000
ASH020001
...
When using FTP to access the system remotely, UNIX systems first verify the username and password.
Check the ftpusers file after error, once it contains the username used by the login, automatically reject
Connect, thereby achieving limitations. So we only need to put this unit in addition to anonymous ftp
All users are included in the FTPUsers file, even if the entrants get the correct user information in this unit.
Unable to log in to the system. The information that needs to be released, put it under / usr / ftp / bub, let the distant pass
Acquisition of anonymous FTP. Use an anonymous FTP, no password, no security for this system
It is a threat because it cannot change the directory, and other information in this machine cannot be obtained. Make
Use .NETRC configuration, you need to pay attention to keep your confidentiality to prevent information about other related hosts.
Use users equivalence and hosting machines, users can use other passwords like others
Log in to a remote system as a valid user, remote users can log in directly without using rlogin without
You need to password, you can also use the RCP command to copy files or from the local host, or use RCMD.
Remote execution of this unit's command, etc. Therefore, the main type of visit has serious unsafe, must be strict
Grid control or in a very reliable environment. The famous "worm" found in the United States in 1998
Virus, written by a young man named Yel (Morris), on the Internet
Biography, causing the paralysis of many UNIX systems, lost billions of dollars, their important dissemination
One of the means is to use the user equivalent and host equivalent. Careful use (best not
Use) and often check the above documents, which will effectively strengthen system security.
UNIX systems do not directly provide control to Telnet. But we know, / etc / profile
It is the system default shell variable file. You must first execute it when all users are logged in. in case
We have added a few shell commands in this document:
# Set the interrupt variable
TRAP '' 0 1 2 3 4 5 15
Umask 022
# Get login terminal name
DC = "'WHO AM I | awk' [Prin $ 2] '` "
# Check if it is limited
GREP $ DE / ETC DEFAULT / AAA> DEV / NULL 2> & 1
# If limited
IF [$? = "0"]
THEN
echo "Please enter your password: / c"
Read ABC
# Get the correct password
DD = "GREP ROOT / ETC / EDFAULT / AAA | awk '[PINT $ 2]'` "
# Illegal users send a warning message to the main control
Law ["$ ABC"! = $ Dd]
THEN
Echo "illegal users!"
echo "has illegal users try to log in!"> TEV / TTY01
Logname> / dev / tty01
# # 同时 日 日 文件
Echo "illegal users try to log in! / c">> / usr / TMP / ERR
Echo $ DC>> / usr / tmp / err
Logname>> / usr / tmp / err
EXIT;
Fi;
Fi
Where / etc / default / aaa is a text file for the limited terminal name, and the root is
Password, its contents are as follows:
Root Qwerty
TTYP0
TTYP1
TTYP2
TTYP3
TTYPA
TTYPB
...
Such illegal users are the legal user name and password, and cannot be used remotely.
System administrator timed to read the diary file, pay attention to the console information, you can get illegal
The case of access, take action in a timely manner. If you implement the above process with the C language, accept your love
It is not displayed, the effect is better.
Third, strengthen the confidentiality of important information
It mainly includes a computer that Hosts table, X.25 address, route, and connection modem.
The number of communication software used, the username of the network, etc., these materials should be taken.
Some confidentiality measures to prevent random spread. If you can apply to a telecommunications department to apply for a mobile phone
The number is not published, no inquiry, etc.. Due to public or common postal exchange equipment intervention,
Information may be tampered with or leak after they passed.
Fourth, strengthen management of important network equipment
The router is a very important ring in the network security plan. Most routers are now
Some of the features of the firewall, such as disabling Telnet access, banning illegal network segments
Wait. The correct access filtering through the network router is to limit the simple and effective external access.
s method.
If you have conditional places, you can also set up a network, isolate this website and other nets.
Do not store any business data, delete the use of users who must have the normal operation of the system
Households can also enhance the security of the network.
In short, as long as we start from now, develop network security awareness, pay attention to experience
Accumulate and learn, it is entirely possible to ensure the safety of our information system, running normally.