Unix security problem
UNIX system security, elaboration password, file protection, directory protection, some special features related to user programs and encryption using the Crypt command, and give some important security advice to help users protect their own household security. 1. Password security The / etc / passwd file in the UNIX system contains information about each user needs to know (the encrypted password may also be stored in the / etc / shadow file) ./ etc / passwd contains a user's login name, After encrypting password, user number, user group number, user comment, user home directory, and shell programs used by users. The user number (UID) and user group number (GID) are used for UNIX systems to uniquely identify users and group users. And the user's access rights. The encrypted password stored in / etc / passwd is used for the password input when the user logs in, which is in line with the login, otherwise the user can log in. Use the passwd command to modify their password, cannot Directly modify the password part in / etc / passwd. A good password should have at least 6 characters long, do not use personal information (such as birthday, name, reverse spelling login name, something visible in the room), ordinary English words are not good (because of the available Dictionary attacks), there are best non-letters (such as numbers, punctuation, control characters, etc.) in the password, but also to write some, not written in paper or in the computer. A good way to select a password is to connect two irrelevant words to a number or control character, and truncated 8 characters. Of course, if you can remember that 8 garbled is naturally better. Do not use the same password Using the same password in different machines, especially on different levels of users, it will cause a whole crash. Users should change the password regularly, at least 6 months to change, system administrators can force users to regularly do password modifications. To prevent The eye-catching man steals the password. When entering the password, confirm that no one is on the side. 2. The file permission file attribute determines the access rights of the file, that is, who can access or execute the file. Use ls-l can list detail File information, such as: -rwxrwxrwx1patcs44070jul2821: 12zombin includes file license, file joint number, file owner name, file related group name, file length, last access date and file name. The file license is divided into four parts: - : Represents file type. The first RWX: represents access to the owner of the file. The second RWX: represents access to the file in the same group user. The third RWX: indicates access to other users. If some license is limited The corresponding letter is changed to -. At the permission location of the license privilege, it may be other letters, s, s, t, ts, and s can appear on the owner and the same group user license mode, related to special licensing The following will be discussed, T and T may appear in other users' license mode Location, with the "paste bit" and is not related to safety. Small-write letters (X, S, T) indicate that the execution permit is allowed, negative or uppercase letters (-, s or t) means that the execution permit is not allowed. Change the license The way can use the chmod command and use the new license method and the file name as a parameter. The new license method gives 3 digits 8-based number, R is 4, W is 2, X is 1. RWXR-XR - 754. CHMOD also has other ways to modify a group of parameters, no longer say, see Unix system online manual. File permissions can be used to prevent accidentally rewriting or deleting an important file (even if it is Lord himself)!
The primary and group names of the file can be used to use Chown and ChGRP, but the original master and team members cannot be modified back. 3. Directory license In the UNIX system, the directory is also a file, and when listed with LS-L, The attribute of the directory file has a D, the directory license is similar to the file license, with the LS column directory to have a read license, add the document to the directory to have write license, enter the directory, or send the directory to the path component, have execution permits Therefore, if you use any file, you must have the file and find the corresponding license for all directory components on the path of the file. Just when you want to open a file, the license of the file begins to work, and RM, MV as long as the directory Search and write license, this should be noted without the license for files. 4.UMASK command umask Sets the user file and directory to create a default shield value. If you put this command into the .profile file, you can control the user follow-up. The access license for the file is. TheUMASK command is opposite to the chmod command, which tells the system not to give any access licenses when creating a file. 5. Set the user ID and the Group User ID License User ID License (SUID) settings And the same group user ID license (SGID) can give an executable target file (only the executable file is meaningful). When a process is executed, it is assigned to identify who the process is affiliated, actually And effective UID, actual and effective GID. Effective UID and GID are generally the same as the actual UID and GID, effective UID and GID are used for the system to determine the access license for the file. Set Suid for the executable file. The license will change the above situation. When the SUID is set, the effective UID of the process is the valid UID of the owner of the executable, rather than executing the valid UID of the user of the program, so it is created by the program. Program Owner's same access license. In this way, the owner of the program will be able to publish information to the public through the control of the user's control over a limited range. Similarly, the SGID is setting effective GID. With the Chmodu S file name and The chmodu-s file name is set and canceled. Use the ChModG S file name and the chmodg-s file name to set and cancel the SGID settings. After the file sets the SUID and SGID, the chown and chgrp command will be canceled all of these licenses. 6 When the CPMVLN and CPIO command CP copy files, if the destination file does not exist, the access to the source file will be copied, including the SUID and SGID license. The new copy of the file is copied, so the other person's file should be copied. Be careful, don't be used by other users' SUID programs. When the MV movement file, the new file access license is the same as the source file. The MV only changes the file name. As long as the user has a directory write and search license, Remove someone in this catalog The UID program does not change its access license. If the directory license setting is incorrect, the user's SUID program can be moved to a directory he can't modify and delete, and there will be security vulnerabilities. LN creates a chain for existing files, That is to establish a new name that references the same file. If the destination file already exists, the file is deleted and the new chain is deleted, or the existing destination file does not allow the user to write it, request the user to confirm whether the file is deleted, only Allows the chain in the same file system. To delete a SUID file, you must confirm the number of files, only one chain can ensure that the file is deleted. If the SUID file has multiple chains, a method is to change the store To make the way, you will also modify the access license for all chains, or the CHMOD 000 file name, not only the file's SUID and SGID license are canceled, but also cancel the full chain of the file. To find anyone who is established with his own SUID program The chain, do not immediately delete the program, the system administrator can use the nCheck command to find other chains of the program. The cpio command is used to copy the directory structure into a normal file, and then use the cpio command to convert the normal file into a directory structure. When using the -i option, the CPIO reads the file and directory name table from the standard input device and copy its contents to the standard output device. When using the -o option, the CPIO is read from the standard input device first built. , Rebuild directory structure. CPIO commands often use the following command to make a complete directory system profile: FindFromDir-Print | CPIO-O> Archive Rebes a directory structure command to: CPIO-ID <
The security conventions of Archive CPIO are as follows: (1) File file stores information of each file, including file owner, group user, final modification time, final access time, file access method. Sold according to file creation The information in the file is made. From the owner and group user of each file extracted in the file to the user who runs the CPIO-I command, not the owner and group user pointed out in the file. When running CPIO-i When the user is ROOT, the owner and group user of the established file is pointed out by the file file. When the Suid / SGID file in the file is rebuilt, keep the SUID and SGID license, if the user rebuild file is not root, Suid / SGID license is a license for the user / group pointed by the file file. (2) When the existing file is the same name as the file in the CPIO file, if the existing file is updated than files in the file, these files will not be rewritten. (3) If With the modification option U, the existing files of the same name will be rewritten. There is a very strange thing: if the rewritten file is originally built with another file, the file is rewritten after the back chain is not disconnected. In other words, the chain of the file will be held, so all the chains of the file actually point to files extracted from the file, running the CPIO unconditionally rewriting the existing file and changing the chain point. (4) CPIO files can be Full-path name or parent directory name. 7.SU and newgrp command (1) su command: You can log in to the system without having to log out and enter the system as another user. It will start a new one. Shell and set effective and actual UID and GID to another. Therefore, the root password must be kept strict. (2) Newgrp command: Similar to SU, it is used to modify the currently located. 8. File encryption CRYPT command It can be provided to the user to encrypt files, using a keyword to encode the standard input information into an unreadable mess, send it to the standard output device. Use this command again, use the same keyword to the encrypted file, recoverable Document content. In general, after the file is encrypted, the original file should be deleted, leaving only the encrypted version, and cannot forget the encrypted keyword. There are generally encrypted function in VI, and use the vi-x command to edit encryption Document. The selection rules for encrypting keywords are the same as the selection rules for the password. Since the Crypt program may be made into Trojan horse, it is not advisable to use the password as a keyword. It is best to use the pack or compress command to file before encryption. Encrypt after compression. 9. Other security issues (1) Users' .profile files are executed when the user's Home directory is logged in. If the file is written for others, the system is written Any user can modify this file to make it work according to your own requirements. This may make other users have The user is the same permission. (2) LS-A This command is used to list all files in the current directory, including file names. Opening files, see all file access licensing methods and file owners, anything that is not Yourself, but the files existing in their own directory should be doubtful. (3) .exrc files are initialization files for editing programs. After using editing files, first look for $ home / .exrc files and ./.exrc files, if This file is found in the $ home directory, you can control its access mode like .profile, if you run the editor in a directory you cannot control, you may run other people's .exrc files, perhaps. There is an exrc file existing to harm the file security of others. In order to ensure the security of the edited file, it is best not to run any editor in a directory that does not belong to you or others. (4) Telecommunications files and directories The temporary directory is / TMP and / USR / TMP in the UNIX system. Use them for programmers and many system commands. If you use these directory, other users may destroy these files. Use the temporary storage file Define the file shield value as 007, but the most insurance method is to build your own temporary file and directory:
$ HOME / TMP, do not store important files in public provisional directories. (5) UUCP and other network uucp commands are used to transfer files from a UNIX system to another UNIX system, and files transmitted via UUCP usually stores / USR / spool / uucppublic / login directory, login is the user's login name, which is 777, and the file transmitted through the network and stored in this directory belongs to all UUCP, the file access license is 666 and 777, the user should Document encryption via UUCP and moved to your own directory as soon as possible. Other networks transfer files to the RJC directory under the user's home directory. This directory should be writable, but don't have readable, Thus, the user's RJC directory should be 733, allowing the program to establish files in it. Similarly, the transferred file should also encrypt and move to its own directory. (6) Special Log Yima in UNIX system security , Use special Limum Malay represents and programs, this program is the security of the user when completing a certain function of the obvious intention. If the PATH is set to search for the system catalog, then the attacker of the Trojan A greatly reduced. (7) Treapt to the Special Logs, Into the Trojan, the mid thing is to make the user leak some information, and the difference is that it is performed by someone, waiting for the uncleary user. Such as Similar login. (8) Computer virus computer viruses can spread other programs to viruses, can quickly spread, especially the carelessness of the system administrator, as root running an infected program. Experiment showed A virus can get root permissions within an hour (average less than 30 minutes). (9) To leave your own logged in the terminal unless you lock the terminal, you must log out of the account. (10) Intelligent terminal due to intelligent terminal There are Send and ENTER modified sequences, telling the terminal to send the current line to the system, just like the user's knocking. This is a dangerous ability, others can send information to the user terminal with the Write command, and the following information Code Sequence: Shift Logging to New Row (Renewal) Display "RM-R *" on the screen to give the row to the system consequences. You can imagine. Prohibiting other users from sending information is to use the MESG command, MESGN does not allow others User send information, MESGY allows other users to send information. Even if it is still a problem with the exemption sequence, any user sends the same set of cascading sequences with the mail command, different! RM-R * replace RM-R * .mail will be explained as a shell command, start the shell, and explain the other parts of the line by Shell, which is called Shell Call code. To avoid the mail command to send a cascade sequence to your own terminal, you can establish A filter, in Ma IL Before the file, you can run the filter, processes the mail file: MyName = "$ logname";> / usr / mail / $ myname; Mail-f $ home / mailbox where TR will write the criteria input characters to the standard output. This is just a simple idea, in principle, this procedure should be a C program to avoid damage to the file being sent, can be implemented by the lock file. (11) Disconnecting the system of the system should be seen in the system After confirming that the user logs in and then leaves to avoid sneaking by others when the user is not logged out. (12) CU Command This command enables the user to log in to another Unix system from a UNIX system, at this time, in the remote system to log out of the user You must enter "~" to return to the car to disconnect the Cu and the remote system. There are two security issues: such as local security is weak in the remote machine, not advocating CU to log in to the remote machine, so as not to Due to the unsafe of the local machine, it affects a secure remote machine. Due to the old version of CU, "~"
