Unix security

This entry addrresses security on Unix-like operating systems it is mainly focused on the open source operating systems should be reasonably applicable to propriety unixes like solaris MacOSX[?] AIX HPUX[?] etc.

This entry is currently in a scratch pad form - has lots of bones but no meat - im working on it - feel free to join in.

Table of contents 1 The Basics 2 Passwords 3 users 4 Patching 5 Services 6 File system 7 General 8 Advanced 9 Service details

The Basics

Passowrds 1. Patching 2. Users and accounts 3. Services 4. File system security

Passwords

crack, john the ripper, dict attacks, nemonic techniques shadow/master.passwd DES and MD5

users

delete old accounts su, sudo, wheel on bsd, /etc/securetty, ssh only, no root logins

Patching

source rpm based deb based freebsd ports and packages meta - apt, rhn, red carpet

add gentoo, slack, net + openbsd solaris + propriety (sco? who cares)

Services

only run what is needed remove the rest (even better do this at install - only choose necessary packages)

Identify what services are running netstat -na lsof nmap

on *bsd sockstat -4

inetd xinetd

turning off unnecessary services

using chkconfig on rh using /etc/rc.conf and /usr/local/etc/rc.d on freebsd (mention /etc/rc.local)

File system

rwe set-uid set-gid sticky

General

crypto layer 7 gpg/pgp layer 4 ssl/tsl/ssh/stunnel/smime layer 3 ipsec (pptp?)

sniffers + plaintext tcpdump, ethereal

attacks monkey in the middle land ping of death xmas DoS et al.

Advanced

rootkits, kernel modules, chkrootkit exploit details, buffer overflows, local vs remote

Service details

banners smtp - spam sendmail - banners help header version etc. dns - reverse mapping dnssec