Linux-security.pdf

《Linux-security.pdf》由会员上传分享，免费在线阅读，更多相关内容在学术论文-天天文库。

1、SecuringLinuxPresentedby:DarrenMobleyIntroduction●Hello,MynameisDarren●HavebeensupportinganddevelopingcPan-elforover4years.●We'llbecoveringsomestepstotaketohelpprotectserversfromcommonattacksMainTopics●Localsecuritymeasures●Protectingagainstcommonremoteattacks●Wha

2、ttodoafteranattack,cleanup●HavingandfollowingaSecurityPolicyLocalAttacks:PasswordsMakesureexistingusershavedecentpass-words–Crackyourownusers'passwordsusingJTR,crack–Preferablyrunthecrackersonadedicatedma-chine,nottheserver,duetoload–Anypasswordsthatcrackinunderaf

3、ewhoursneedtohaveshellaccessremoveduntilthepasswordcanbechanged.Thisshouldbewrit-tenintoTOS/AUPwhichis“signed”bytheclient.LocalAttacks:xinetd●Turningoffunneededdaemonsinxinetd–Check/etc/xinetd.conf–Check/etc/xinetd.d/*●Commononesarecupsd(printingdaemon)●nfs/statd(

4、unlessusingnfsmountedFS)LocalAttacks:RunningProcessesFindlocallyrunningprocesses–Oftenscriptkiddieswilllaunchbackdoorscriptsontheserverusingvulnerablephpscripts–BadclientsorhackedaccountswillbeusedtolaunchIRCbots/bouncers●`psauxww`●`lsof-n`–Trytofindprocesseshidde

5、nbyarootkit,suchasSuckIt●mpid=`sysctlkernel.pid_max

6、cut-d""-f3`;foriin`seq1$mpid`;dotest-f/proc/$i/cmdline&&(echo-n"[$i]";strings/proc/$i/cmdline;echo);doneLocalAttacks:LoginAccess●Settingloginaccessdefinitions–/etc/login.defs●ExpirepasswordsafterPASS_MAX_DAYS●Set

7、minimumpasswordlengthtoPASS_MIN_LEN●SetnumberofdaysbeforepassexpirestosendreminderwithPASS_WARN_AGE●Therearemoreoptionsthatarewelldocumentedinthedefaultfile–/etc/hosts.allowand/etc/hosts.deny●Suggesttousefirewallinsteadasitwillprotectallservices,notjusttheoneswrit

8、tentoobeytherulessetinthehosts.*filesLocalAttacks:ShelllimitsSettingresourcelimitsforshellaccounts–Setin/etc/security/limits.conf●Protectagainstforkbombsandoutofcontrolapplica-tions,scripts●Willwanttostartoutverylax,makestricteraftertest-ingwithcurrentsettings;asn

9、eedarises●Examplesettings:–@usershardnofile500–@usershardcpu30–@usershardnproc150–@userssoftnproc100–@usershardrss50000–@users-maxlogins3–nobodyhardnofi