SCO UNIX Network Security Management

zhaozj2021-02-11  258

SCO UNIX Network Security Management

The editor was arrested on October 13, 1998, and the two brothers who stepped on the bank network were arrested.

In September this year, they installed remote control equipment on the bank computer terminal of the network.

The fake account has steal nearly 200,000 yuan from the bank.

According to relevant information, China's computer network has received nearly 200 in the past two years.

Hacker conscious attacks. The network is attacked is not only read from the newsletter.

Foreign myths, but truthfully exist in the reality in our lives. Maintain the network of the network

The fullness has become more and more important, and this article introduces in Sco Unix

Some of the specific settings of safety management are also small in some professional books.

It has strong practical value.

Most of the financial business system is platform with UNIX or Xenix operating system to TCP / IP

For the network platform. Although UNIX security has reached C2 safety standards for the US Department of Defense,

It is a relatively safe, tight system, but is not impeccable. Computer hacker intrusion

The news of the securities network system once again sounds the alarm of financial network security management. How to add

Strong UNIX network system security management, the author takes SCO UNIX3.2.v4.2 as an example,

Point view, discuss with the majority of colleagues.

The security mentioned here mainly refers to the use of illegal intrusion, visit to this network.

Ask, thus reaching the purpose of protecting the system is reliable, normal operation, this article is only within this range

Discussions, do not consider other aspects.

First, do a good job in the management of the network is the premise of network security management

Username and password management will always be one of the most important links in system security management.

Any attack of the network is impossible to have no legal username and password (background network application

The program opens the latter exception). But most of the system administrators only pay attention to privileged users

Management, ignoring the management of ordinary users. Mainly manifested in setting up the user, the province is convenient,

To set users' permissions (ID), groups, and file permissions, for illegal

The user stees the information and the destruction system left a gap.

Financial system Unix users are end users, they only need to be in specific application systems

Work in work, complete some fixed tasks, in general, do not need to perform system commands (shells).

Taking the National Electronic Exchange of Agricultural Bank as an example, the user is named DZHD, it is in / etc / passwd

The document is described as follows:

DZHD: X: 200: 50:: / usr / dzhd: / bin / sh

Its profile content is approximately as follows:

COBSW = R N Q-10

DD_printer = "1p-s"

Path = / etc: / bin: / usr / bin: $ homen / bin: / usr / dzhd / obj:

Mail = / usr / spool / mail / logname

umask 007

Eval`test -m ANSI: ANSI -M: /? ANSI -C -S -Q`

Export Path Mail Cobsw DD_Printer

CD USR / DZHD / OBJ

Runx HDG

exit

After the user logs in, if the interrupt button "Delete" is pressed, turn off the terminal power supply.

Or simultaneously type "Ctrl" "/", then the user will enter the shell command status. For example

You can continue to create a subdirectory in your own directory and exhaust the system's i node number, or use Yes> aa

Create a large-incomplete junk file and depleting hard disk space, etc., causing the system to crash, paralyzed

If the permission setting of the file system is not strict, he can run, peek and even modify it;

You can also steal higher permissions through commands; you can also log in to other hosts ...

It is imagined that you can't prevent it. This problem is related to user settings. Therefore, try not to set the user into the above form. If we must, according to actual

Need to see if the user's SH becomes restricted, such as RSH, etc., becomes the following form:

DZHD: X: 200: 50:: / usr / dzhd / obj: / bin / rsh

Or the following form:

DzHD: X: 200: 50:: / usr / dzhd: ./ main

In the first part of Main (.porfile), the next line is as follows:

TRAP '' 0 1 2 3 5 15

So all of the above problems are avoided.

In addition, check your / etc / passwd file periodically to see if there is an unknown use.

Households and users' permissions; regularly modify user passwords, especially UUCP, BIN, etc.

The user's password is to prevent people here to open a movable skylight - a user who is free to enter and exit;

Delete all sleep users, etc..

Second, setting up your own network environment is an effective way to prevent illegal access

Common tools for online access include Telnet, FTP, RLOGIN, RCP, RCMD and other networks

Operation commands must be restricted to them. The easiest way is to modify / etc / services

The corresponding service port number. But this will make everything outside the Internet have been rejected, even if

Whether the law is not exception. This kind of anti-self-adaptive practice is not worth promoting, because this will

Make this website and the network outside the network, will also bring inconvenience to yourself. By dividing the unixt system

Analysis, we believe that there is a possibility limit (allowing) online access.

(1) Establish an ETC / FTPUSERS file (unwelcome FTP user table). Aspect

The command is ftp. The configuration is as follows:

#username

DGXT

Dzhd

...

The above is some users in this unit, and the invasive uses the above username FTP to access this website.

Will be rejected.

(2) Pay attention to keep the .Netrc file (remote registration data file). Related

The command is FTP. .NETRC contains a remote host that registers to the network with FTP as file transfer

The data. Usually residing in the user's current directory, file permissions must be 0600. Format

under:

Machine Host Name Login Host User Name Password Handle

The operation command set of the code MACDEF INIT FTP.

(3) Create an anonymous FTP. The so-called anonymous FTP means that users of other hosts can be ftp

Or Anonymous users perform data to send and receive without any password. The establishment method is as follows:

a) Create an FTP user with SysadMSH, which is represented in the Passwd file:

FTP: x: 210: 50:: / usr / ftp: / bin / sh

The path in the .profile is:

PATH = $ HOME / BIN: $ HOME / ETC

b) in / usr / ftp directory:

# Create the directory used by anonymous FTP

#mkdir bin etc dev pub shlib

# Change all directory permissions outside the PUB

#chmod 0555 bin etc dev shlib

# Change the owner of the PUB directory and the group

#Chown FTP Pub

#CHGRP FTP PUB

# Copy anonymous FTP executable

# CP / BIN / RSH / BIN / PWD / BIN / 1S BIN

# Change the required execution file permission

#CHMOD 011 bin / *

# View the situation of the required pseudo device

# 1 / dev / socksys

# 1 / dev / null

# Establish the degree of driver of the required pseudo device

# CD / USR / FTP / DEV

#mkond null c 4 2

#mkond socksys C 26 0

# Change the owner of the pseudo device driver, the same group

#Chown ftp ftp / * # chgrp ftp ftp / *

# Copy the shared file

# cp / shlib / ilbe_s shlib

Be careful not to copy / etc / passwd, / etc / proup to ETC, so that security

Have a potential threat. In addition, add your password to the FTP user, don't tell anyone.

(4) Restriction. RHOSTS user equivalence file (also called the user file). There is

Commands have rlogin, RCP, RCMD, etc.

The so-called user equivalent is that the user does not need to enter a password, that is, the same user information

Log in to another host. The user equivalent file name is .rhosts, store it under the root or

User home directory. Its form is as follows:

# Hostname username

ASH020000 ROOT

ASH020001 DGXT

...

If the user is empty, it is equivalent to all users.

(5) Limit the Hosts.Equiv host equivalent file, and call the host file. related

The command is Rlogin, RCP, RCMD, etc. The host equivalent is similar to the user equivalent, in two

The computer is valid in all areas outside the root object, the host equivalent file is Hosts.equiv,

Store under / ETC, its form is as follows:

# Hostname username

ASH020000

ASH020001

...

When using FTP to access the system remotely, UNIX systems first verify the username and password.

Check the ftpusers file after error, once it contains the username used by the login, automatically reject

Connect, thereby achieving limitations. So we only need to put this unit in addition to anonymous ftp

All users are included in the FTPUsers file, even if the entrants get the correct user information in this unit.

Unable to log in to the system. The information that needs to be released, put it under / usr / ftp / bub, let the distant pass

Acquisition of anonymous FTP. Use an anonymous FTP, no password, no security for this system

It is a threat because it cannot change the directory, and other information in this machine cannot be obtained. Make

Use .NETRC configuration, you need to pay attention to keep your confidentiality to prevent information about other related hosts.

Use users equivalence and hosting machines, users can use other passwords like others

Log in to a remote system as a valid user, remote users can log in directly without using rlogin without

You need to password, you can also use the RCP command to copy files or from the local host, or use RCMD.

Remote execution of this unit's command, etc. Therefore, the main type of visit has serious unsafe, must be strict

Grid control or in a very reliable environment. The famous "worm" found in the United States in 1998

Virus, written by a young man named Yel (Morris), on the Internet

Biography, causing the paralysis of many UNIX systems, lost billions of dollars, their important dissemination

One of the means is to use the user equivalent and host equivalent. Careful use (best not

Use) and often check the above documents, which will effectively strengthen system security.

UNIX systems do not directly provide control to Telnet. But we know, / etc / profile

It is the system default shell variable file. You must first execute it when all users are logged in. in case

We have added a few shell commands in this document:

# Set the interrupt variable

TRAP '' 0 1 2 3 4 5 15

Umask 022

# Get login terminal name

DC = "'WHO AM I | awk' [Prin $ 2] '` "

# Check if it is limited

GREP $ DE / ETC DEFAULT / AAA> DEV / NULL 2> & 1

# If limited

IF [$? = "0"]

THEN

echo "Please enter your password: / c"

Read ABC

# Get the correct password

DD = "GREP ROOT / ETC / EDFAULT / AAA | awk '[PINT $ 2]'` "

# Illegal users send a warning message to the main control

Law ["$ ABC"! = $ Dd]

THEN

Echo "illegal users!"

echo "has illegal users try to log in!"> TEV / TTY01

Logname> / dev / tty01

# # 同时 日 日 文件

Echo "illegal users try to log in! / c">> / usr / TMP / ERR

Echo $ DC>> / usr / tmp / err

Logname>> / usr / tmp / err

EXIT;

Fi;

Fi

Where / etc / default / aaa is a text file for the limited terminal name, and the root is

Password, its contents are as follows:

Root Qwerty

TTYP0

TTYP1

TTYP2

TTYP3

TTYPA

TTYPB

...

Such illegal users are the legal user name and password, and cannot be used remotely.

System administrator timed to read the diary file, pay attention to the console information, you can get illegal

The case of access, take action in a timely manner. If you implement the above process with the C language, accept your love

It is not displayed, the effect is better.

Third, strengthen the confidentiality of important information

It mainly includes a computer that Hosts table, X.25 address, route, and connection modem.

The number of communication software used, the username of the network, etc., these materials should be taken.

Some confidentiality measures to prevent random spread. If you can apply to a telecommunications department to apply for a mobile phone

The number is not published, no inquiry, etc.. Due to public or common postal exchange equipment intervention,

Information may be tampered with or leak after they passed.

Fourth, strengthen management of important network equipment

The router is a very important ring in the network security plan. Most routers are now

Some of the features of the firewall, such as disabling Telnet access, banning illegal network segments

Wait. The correct access filtering through the network router is to limit the simple and effective external access.

s method.

If you have conditional places, you can also set up a network, isolate this website and other nets.

Do not store any business data, delete the use of users who must have the normal operation of the system

Households can also enhance the security of the network.

In short, as long as we start from now, develop network security awareness, pay attention to experience

Accumulate and learn, it is entirely possible to ensure the safety of our information system, running normally.

转载请注明原文地址:https://www.9cbs.com/read-3525.html

New Post(0)