Making Linux management safer in enterprises (1)

Article Title: making Linux Enterprise Management safer (1 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Author: Zhang yaning
　　
There is no absolutely secure system in the world. Even a stable Linux system is widely considered to have shortcomings in terms of management and security. We expect the system to work at minimum risk, which requires enhanced management of system security.
　　
Next, I will elaborate on the shortcomings of Linux in two aspects, and introduce how to enhance the security management of Linux systems.
　　
Prevent hacker intrusion
　　
Before talking about the security management of hacker intrusion, I would like to briefly introduce some of the main ways and methods used by hackers to attack Linux Hosts, so that you can understand the methods and techniques of hacker attacks. In this way, we can better prevent problems before they happen, and take proper security measures.
　　
To prevent malicious intrusion, you can reduce the connection between the Intranet and external networks, or even be independent of other network systems. Although this method causes inconvenience in network usage, it is also the most effective preventive measure.
　　
Hackers generally seek the following ways to test a Linux or Unix host until it finds a target that is easy to intrude and then begins to intrude. Common attack methods are as follows:
　　
1. directly obtain the root password by eavesdropping, or obtain the password of a special User. The User may be root, and then obtain the password of any User, because it is usually easy to obtain a general user password.
　　
2. Hackers often use common words to crack passwords. An American hacker once said that as long as the word "password" is used, most computers in the United States can be opened. Other commonly used words include: account, ald, alpha, beta, computer, dead, demo, dollar, games, bod, hello, help, intro, kill, love, no, OK, okay, please, sex, secret, superuser, system, test, work, and yes.
　　
3, use the command: finger@some.cracked.host, you can know the user name on the computer. Find these users and obtain the system password file/etc/passwd through these easy-to-hack users. Then, use the password dictionary file and password guessing tool to guess the root password.
　　
4. Use the SetUID file stored in the/tmp directory or execute the SetUID program to allow the root user to execute it to generate a security vulnerability.
　　
5. Use the Security Vulnerability of the program that requires the SetUID root permission on the system to obtain the root permission, for example, pppd.
　　
6. intrusion from the. rhost host. When you perform rlogin logon, The rlogin program locks the host and account defined by. rhost, and does not need a password to log on.
　　
7. Modify the user's. login, cshrc,. profile and other Shell setting files and add some destructive programs. The user only needs to log on, for example, "if/tmp/backdoor exists run/tmp/backdoor ".
　　
8. As long as the user logs on to the system, the Backdoor program (possibly a Crack program) will be executed without knowing it. It will damage the system or provide further system information to facilitate Hacker penetration into the system.
　　
9. If the company's important hosts may have layer-by-layer protection of the network firewall, Hacker sometimes finds any host on the subnet that is easy to intrude into and then slowly sticks out to the important host. For example, if you use NIS for online connection, you can use remote commands to log on without a password. This makes it easy for hackers to get started.
　　
10. Hacker goes online through the intermediate host and finds the target to avoid being caught by Reverse lookup.
　　
11. There are several methods for Hacker to access the host. You can access the host through Telnet (Port 23), Sendmail (Port25), FTP (Port 21), or WWW (Port 80. Although a host has only one address, it may carry out multiple services at the same time, and these ports are a good way for hackers to "enter" the host.
　　
12. Hacker usually uses the RPC Service NIS (IP) and NFS to intercept information. By using simple commands (such as showmount), remote hosts can automatically report the services they provide. When the information is intercepted, even if the security software such as tcp_wrapper is installed, the Administrator will be "borrowed" from the file system on the NIS Server without knowing it, and cause/etc/passwd outflow.
　　
13. send an E-mail to the anonymous account, obtain the/etc/passwd password file from the FTP site, or directly download the passwd file in the FTP site/etc directory.
　　
14. Network eavesdropping: Use the sniffer program to monitor the network Packet and capture the initial session information of Telnet, FTP, and Rlogin. Then, the root password can be intercepted, therefore, sniffer is one of the main causes of illegal Internet Intrusion today.
　　
15. intrusion into hosts using system security vulnerabilities, such as Sendmail, Imapd, Pop3d, and DNS, and frequent detection of security vulnerabilities, this is quite easy for hosts that are hard to hack into and repair system vulnerabilities.
　　
16. If Hacker intrude into the computer, the system's Telnet program may be dropped. All the user's Telnet session accounts and passwords are recorded and sent to Hacker via E-mail for further intrusion.
　　
17. Hacker clears system records. Some powerful hackers will delete the entry time and IP address of the record, such as clearing syslog, lastlog, messages, wtmp, utmp, and Shell history file. history.
　　
18. Intruders often change inspection commands such as ifconfig and tcpdump to avoid detection.
　　
19. The system thief secretly copies/etc/passwd and then uses the dictionary file to unlock the password.
　　
20. Thieves covet root permissions through Super User programs such as su or sudo.
　　
21. Hackers often use Buffer overflow to manually intrude into the system.
　　
22. cron is a tool used by Linux to automatically execute commands, such as regular backup or deletion of expired files. Intruders often use cron To leave backdoors. In addition to regularly executing broken decoding to intrude into the system, they can also avoid risks discovered by administrators.
　　
23. use IP spoof (IP fraud) technology to intrude into Linux Hosts.
　　
The above are common hackers' tactics to attack Linux Hosts. If hackers can use the above method to easily intrude into a computer, the security of the computer is too poor, you need to download the new version of software to upgrade or use patch files to fix security vulnerabilities. It is a warning that unauthorized use of others' computer systems or theft of others' information is illegal. We hope that readers will not try this way.
　　
In addition to the above methods, many hackers can also use intrusion tools to attack Linux systems. These tools are often planted on victim servers after being infiltrated by intruders. These intrusion tools have different characteristics. Some of them are simply used to capture user names and passwords, while others are very powerful to record all network data streams. In short, hackers exploit intrusion tools to attack Linux Hosts.