Analysis of remote login and security defense methods for UNIX systems

Convert a common user to an administrator: to make a common system user a system administrator, you can use the SU command in a UNIX environment. This command is used to replace a user (Subsitituteuser). However, it was often used by some hackers to convert it into a ROOT identity. Therefore, this command is also used as a superuser (SUQERUSER ). S

Convert a common user to an administrator:

To make a common system user a system administrator, you can use SU in a UNIX environment.Command. This command is used to replace a user (Subsititute USER). However, it was often used by some hackers to convert it into a ROOT identity. Therefore, this command is also used as a Super user (suqer user ).
 

The SU command parameter is the user name to be converted to. If no parameter is included, use the SU command. The system believes that the user must be converted to the ROOT identity. Therefore, a prompt message is displayed, requesting that the correct ROOT password be provided. For example, if DAVID wants to obtain the identity of BDSK, enter:

SSuBdsk

To obtain the system settings of a new user, use the hyphen (-) to indicate that the SU program is not only the user, in addition, you need to obtain the user's environment when logging on to the system.

 

Defense methods:

In UNIX systems, computer security systems are built on the authentication mechanism. If the root password is out of password, the system will be compromised, especially in the network environment, and the consequences will be even worse. Therefore, it is of practical significance to restrict user root remote logon to ensure the security of computer systems. This article introduces some methods to restrict remote root logon.

 

Method 1: Add a setting command in the/etc/default/login file:

CONSOLE =/dev/tty01

The setting takes effect immediately without requiring a reboot. Later, the user can only log on to the console (/dev/tty01) root, thus limiting root remote login. However, it also limits root login for LAN users, it brings a lot of inconvenience to the Administrator's daily maintenance work.

 

Method 2: 1. to Limit root remote login, you must first identify which users are remote users (that is, whether to perform teLnWhich users are LAN users. Use the following shell program to achieve this goal.

TY = 'tty |Cut-B 9-12'

WH ='Finger| Cut-B 32-79 |Grep"$ TY" | cut-B 29-39'

KK = 'tty | cut-B 6-9'

If ["$ KK" = "ttyp"]

Then

WH = $ WH

ELsE

WH = "local"

Fi

 

In the preceding Shell command program, WH is the Host IP address of the logon user. However, if the IP address and host name are defined in the/etc/hosts file, WH indicates the host name for user logon. Assume that the IP address of the terminal server connected to the LAN is 99.57.32.18, add a line to the/etc/hosts file:

99.57.32.18 teRmInal_server

All the terminal servers that log on to the host through the 99.57.32.18 Terminal Server. The WH value is the same, that is, the terminal server name terminal_server.

 

2. In the root. proFileFile, according to the WH value for different processing, so as to limit the root remote login.

Trap 1 2 3 9 15

If ["$ WH" = "local"-o "$ WH" = "terminal_server"]

Then

Echo "Welcome ......"

Else

Exit

Fi

 

Method 3: some computers in the LAN are allowed to log on as root for the convenience of work. For example, to achieve this, allow the root user to log on to the computer whose IP address is 99.57.32.58, in the preceding method, we need to add two points:

1. Add a line in the/etc/hosts file: 99.57.32.58 xmh.

2. In the preceding Shell section, set the following content:

If ["$ WH" = "local"-o "$ WH" = "terminal_server"]

To:

If ["$ WH" = "local"-o "$ WH" = "terminal_server"-o "$ WH" = "xmh"]

 

Method 4: After the above processing, there is still the possibility of using the su command to become a root user after a common user logs on, so as to achieve the root remote login goal. To prevent root remote logon using this method, you must restrict normal users from executing the su command:

1. Change the su command owner to root;

2. Change the su command permission to 700.

It's a little troublesome. take the liberty to ask, I use tCpWrapper disables externalTelnetIs the connection sufficient?

The other party can use FTP to log on to the system by any means. Generally, the ROOT password is cracked to obtain the ROOT permission. Or, you can escalate the permissions of a common user. Leave a path for yourself, but the SU command will not work now.