Continued Security of Unix System File Systems

Unix system security considerations

Processes devices into files so that unix programs are independent from devices. That is, programs do not have to understand all the features of the devices they are using, and the access devices do not have to record the length, block size, and transmission speed, network protocols and other such information, all annoying details are concerned by the device driver. To access the device, the program only needs to open the device file and use it as a common unix file.

From the security point of view, this process is very good, because I/o operations on all devices only go through a small number of channels (that is, device files ). the user cannot directly access the device. therefore, if the disk partition access permission is set correctly, the user can only access the disk through the unix file system. the file system has an internal security mechanism (File license ). unfortunately, if the disk partition device is incorrect, all users can write a program to read each file in the disk partition. The procedure is very simple: read an I node, then, read the blocks that contain the file content in the order in which the block numbers appear in the disk address table.

Therefore, apart from root, you must never make the disk partition writable to everyone. because the owner and the file access permission are stored in the I node, the owner can set the suid permission for all files as long as he has a write permission for the installed partition, no matter who the file owner is, you do not need to use the chmod () command. You can also avoid security checks created by the system.

The memory file mem, kmem, and swap file swap are also the same. these files contain user information. A "patient" program can extract user information. to avoid readable and writable disk partitions (and other devices), use the umask command to set the file to create a blocking value before creating a device file.

Generally, the terminal ports on unix systems are writable to everyone, so that users can use the write command to send information. although the write command is prone to security issues, most users think that it is very convenient to use the write command to obtain information from other users. Therefore, the system sets the terminal device access permission to be writable to all users.

The/dev directory should be 755 access permission method and owned by root.

The principle that all users except root are not allowed to read or write disk partitions is one exception, that is, some programs (usually database systems) require direct access to disk partitions, the disk partitions used to solve this problem should be dedicated to such programs (no file system is installed), and users who use such programs should be informed, file security protection will be implemented by the program rather than the unix file system.

Find command for Unix systems

The find command is used to search for the directory tree and perform some operation on all files in the directory tree. The parameter is the directory name table (which indicates the start point of the Search) and one or more options are provided, specifies the operations performed on each file.

Find.-print will list every file in the directory tree under the current working directory. find/-user bob-print will list all files that can be found in the system that belong to bob.

Find/usr/bob-perm 666-print will list all files under the/usr/bob directory with 666 access permission. if you change 666 to-666, all files (such as 666) with access permission methods including 777 will be listed ).

Find/usr/bob-type B-print will list all the special files under the/usr/bob directory (c is a special character file ).

Find/-user root-perm-4000-exec ls-l {}; is a more complex command,-exec command; allows you to run the specified command on each file. if the command contains {}, {} will replace the file name found by find. command must end.

The preceding example introduces the use of find. Each option can be used in combination to provide better functions.

Secure program for Unix systems

The system administrator should make a program to regularly check various system files in the system, including checking the device files and suid and sgid programs. In particular, check the suid and sgid programs, check the/etc/passwd and/etc/group files, find accounts that haven't logged on for a long time, and check whether important files have been modified. (The Source Process List will be published in the future)

Ncheck command for Unix systems

Used to check the file system. using only one disk partition name as the parameter will list the I node number and the corresponding file name. the same files on the I node are the chain files. note: The listed list file names are not listed in the front part of the same file name as the first field of the mount command. ncheck does not know the directory of the above part of the file system installation point. you can also use this command to search all suid and sgid programs and device files in the file system and use the-s option to complete this function.

Installation and removal of file systems for Unix systems

Unix file systems are installable, which means that each file system can be connected to any node in the entire directory tree (the root directory is always installed ). the directory for installing the file system is called the Installation Point. the/etc/mount command is used to install the file system. You can use this command to install the file system anywhere in the existing directory structure.

When installing a file system, the files and directories of the Installation Point are not accessible. Therefore, do not store the files in the installation point directory when the file system is not installed. after the file system is installed, the access permission and owner of the Installation Point will be changed to the permission and owner of the installed file root directory.

Be careful when installing the file system: the properties of the Installation Point will be changed! Pay attention to the newly created files. Unless the new file system is created by a standard file, the system standard file will set an appropriate access permission method. Otherwise, the access permission for the new file system will be 777!

Use the-r option to install the file system as a read-only file system. The drive and disk with write protection should be installed in this way.

/Etc/mount without all parameters can obtain information about the file system installed in the system. including the directory of installation points installed on the file system, the device corresponding to/dev, read-only or readable, and the installation time and date.

From the security point of view, the danger of installing the system comes from the user's possible request to the system administrator to install the user's own file system. if the user's file system is installed, scan the user's file system and search for suid/sgid programs and device files before allowing the user to access the file system. install the file system in a directory that cannot be executed by anyone except root, use the find command or secure to list suspicious files, and delete suid/sgid licenses for files not owned by users.

After the user's file system is used up, run the umount command to unload the file system, change the owner of the Installation Point directory back to root, and change the access permission to 755.

Unix System directories and files

Many files in unix systems cannot be written by users, such as/bin,/usr/bin,/usr/lbin,/etc/passwd,/usr/lib/crontab,/unix, some files and directories such as/etc/rc and/etc/inittab (most System Directories) and writable directories allow moving files, which may cause security problems. the system administrator should always check the permission and owner of system files and directories. you can create a program to check each file according to the file owner and permission rules described in the system rule file (in the/etc/permlist file. (The Source Process List will be published in the future ). Note: If the system security management is poor, or the system is newly installed, the security program is not high enough. You can run the above program on a secure system using make, copy the license rule file to the new system, and then run the above program on the new system in the setup mode to Improve the Security Program of the system. but remember, the two systems must run the same unix system version.